remcosw
2014-02-18, 10:40
I just got a virus Project2.exe from a person on skype.
Short after that, my gmail was logged in from Norway, also BTC-e and BTC-Guild (all 3 same password).
I uploaded the file for check: http://r.virscan.org/report/c268b8996e6aa2526dd35ebe8e570561.html seems a trojan downloader.
I saw some files in system32, edited today. Those are perfc009.dat, -013, perfh009.dat ,-013, perfstringbackup.ini. There were some minutes ago some more in that folder (like bootdelete.exe).
I runned MBAM and deleted all those files. But seems no cause of this malware.
The scan logs are attached.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by Remco at 10:27:39 on 2014-02-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8174.3991 [GMT 1:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Persoonlijke firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ShellfireVPN\jre6\bin\java.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Remco\AppData\Local\CloudStation\bin\cloud.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Feed Notifier\notifier.exe
C:\Users\Remco\Desktop\guiminer\guiminer\guiminer.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Remco\AppData\Local\CloudStation\bin\client-win.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\ShellfireVPN\jre6\bin\java.exe
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sublime Text 2\sublime_text.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.nl/
uProxyOverride = localhost;127.0.0.1;<local>;192.168.*.*
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
uRun: [Allway Sync] "C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe" -m
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [TrackerNotificationExtensions.exe] "C:\Program Files (x86)\Copernic Tracker\TrackerNotificationExtensions.exe" /loadunread /c
uRun: [GoogleChromeAutoLaunch_06B807F4EA18B3F627189D54D9DCC4B5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Bitcoin.lnk - C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CLOUDS~1.LNK - C:\Users\Remco\AppData\Local\CloudStation\bin\cloud.exe
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FEEDNO~1.LNK - C:\Program Files (x86)\Feed Notifier\notifier.exe
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GUIMIN~1.LNK - C:\Users\Remco\Desktop\guiminer\guiminer\guiminer.exe
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TEAMVI~1.LNK - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{7D07E1DB-D88F-41CB-8EA6-1101A9DAC047} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{9A552CF3-AAEB-402A-8908-021E61A17E60} : DHCPNameServer = 195.121.1.34 195.121.1.66
Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\
FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize)
FF - prefs.js: browser.startup.homepage - hxxps://www.coursera.org/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.privitize.hpOld0 - hxxp://www.google.nl/|http://www.gmail.com/
FF - user.js: extensions.privitize.tlbrSrchUrl - hxxp://searchou.com/?id=944c7aa400000000000000ff7cf998cf&q=
FF - user.js: extensions.privitize.id - 944c7aa400000000000000ff7cf998cf
FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
FF - user.js: extensions.privitize.instlDay - 15804
FF - user.js: extensions.privitize.vrsn - 1.8.16.22
FF - user.js: extensions.privitize.vrsni - 1.8.16.22
FF - user.js: extensions.privitize.vrsnTs - 1.8.16.2214:43:56
FF - user.js: extensions.privitize.prtnrId - privitize
FF - user.js: extensions.privitize.prdct - privitize
FF - user.js: extensions.privitize.aflt - orgnl
FF - user.js: extensions.privitize.smplGrp - none
FF - user.js: extensions.privitize.tlbrId - base
FF - user.js: extensions.privitize.instlRef -
FF - user.js: extensions.privitize.dfltLng -
FF - user.js: extensions.privitize.excTlbr - true
FF - user.js: extensions.privitize.ffxUnstlRst - false
FF - user.js: extensions.privitize.admin - false
FF - user.js: extensions.privitize.autoRvrt - false
FF - user.js: extensions.privitize.rvrt - false
FF - user.js: extensions.privitize.hmpg - true
FF - user.js: extensions.privitize.hmpgUrl - hxxp://searchou.com/?id=944c7aa400000000000000ff7cf998cf
FF - user.js: extensions.privitize.dfltSrch - true
FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js: extensions.privitize.kw_url - hxxp://searchou.com/?q={searchTerms}&id=944c7aa400000000000000ff7cf998cf
FF - user.js: extensions.privitize.dnsErr - true
FF - user.js: extensions.privitize.newTab - true
FF - user.js: extensions.privitize.newTabUrl - hxxp://searchou.com/?id=944c7aa400000000000000ff7cf998cf
.
============= SERVICES / DRIVERS ===============
.
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-8-26 70296]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-1-30 32336]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-9-3 170104]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-11-4 810144]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-2-18 127752]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-8-10 72216]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-3 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-22 15129376]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-2-21 65657]
R2 ShellfireVPN2Service;ShellfireVPN2Service;"C:\Program Files (x86)\ShellfireVPN\jre6\bin\java" "-classpath" "C:\Program Files (x86)\ShellfireVPN\ShellfireVPN2.exe" "-Xrs" "-Dwrapper.service=true" "-Dwrapper.working.dir=C:\Program Files (x86)\ShellfireVPN" "-Dwrapper.config=C:\Users\Remco\AppData\Roaming\ShellfireVPN\start.conf" "-Dwrapper.additional.1x=-Xrs" "-Dwrapper.stop.conf=C:\Users\Remco\AppData\Roaming\ShellfireVPN\stop.conf" "org.rzo.yajsw.boot.WrapperServiceBooter" --> C:\Program Files (x86)\ShellfireVPN\jre6\bin\java [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-21 5093216]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-7-8 2656280]
R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2012-9-18 248704]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-7 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-7 401896]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-17 39200]
R3 ts_arnusb;[CommView] Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\ts_arnusbx.sys [2013-7-3 1983176]
R3 WsAudio_Device;WsAudio_Device;C:\Windows\System32\drivers\VirtualAudio.sys [2013-4-13 31080]
S0 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\drivers\amdkmafd.sys [2013-7-5 21600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-8-14 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-8-14 9800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-12 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-7 533096]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-8-13 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-14 1255736]
S4 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2010-7-29 50624]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\sublime_text.exe="C:\Program Files\Sublime Text 2\sublime_text.exe" "%1" [UserChoice]
FileExt: .js: Applications\sublime_text.exe="C:\Program Files\Sublime Text 2\sublime_text.exe" "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-02-18 08:21:19 -------- d-----w- C:\Program Files\HitmanPro
2014-02-18 08:09:56 -------- d-----w- C:\ProgramData\HitmanPro
2014-02-18 08:02:09 608256 ----a-w- C:\Users\Remco\AppData\Roaming\task335952159run.exe
2014-02-13 06:48:04 -------- d-----w- C:\Windows\System32\drivers\en-US
2014-02-13 06:46:37 6573056 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-13 06:46:37 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-13 05:17:03 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 05:17:03 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-13 05:15:13 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-02-13 05:14:57 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-13 05:14:57 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-13 05:14:57 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-13 05:14:57 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-09 17:21:46 -------- d-----w- C:\Users\Remco\AppData\Roaming\MaxCoin
2014-02-06 19:46:54 -------- d-----w- C:\Users\Remco\.ssh
2014-02-06 19:46:31 -------- d-----w- C:\Users\Remco\AppData\Roaming\GitHub
2014-02-06 19:46:29 -------- d-----w- C:\Users\Remco\AppData\Local\GitHub
2014-02-03 06:51:51 270336 ----a-w- C:\Windows\SysWow64\ssleay32.dll
2014-02-03 06:51:51 270336 ----a-w- C:\Windows\SysWow64\libssl32.dll
2014-02-03 06:51:51 1176576 ----a-w- C:\Windows\SysWow64\libeay32.dll
2014-02-03 06:51:50 -------- d-----w- C:\OpenSSL-Win32
2014-01-27 15:42:49 9480328 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2014-01-24 11:10:09 -------- d-----w- C:\Program Files (x86)\Sony
2014-01-24 11:10:09 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
2014-01-20 06:25:26 -------- d-----w- C:\Users\Remco\AppData\Roaming\PaRaMeter
2014-01-20 06:25:21 -------- d-----w- C:\Program Files (x86)\PaRaMeter
.
==================== Find3M ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 13:39:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 13:39:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-27 15:36:52 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-01-27 15:36:51 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2014-01-27 15:36:51 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-19 20:33:31 1884448 ----a-w- C:\Windows\System32\nvdispco6433221.dll
2013-12-19 20:33:31 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433221.dll
2013-12-18 20:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-12 15:55:43 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2013-12-10 02:13:11 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:13:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-05 08:42:30 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-12-05 08:42:26 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-11-22 08:36:08 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 10:27:47,76 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-18 10:31:36
-----------------------------
10:31:36.316 OS Version: Windows x64 6.1.7601 Service Pack 1
10:31:36.316 Number of processors: 8 586 0x2A07
10:31:36.317 ComputerName: REMCO-PC UserName: Remco
10:31:36.593 Initialze error C0000160 - driver not loaded
10:34:15.617 AVAST engine defs: 14021800
10:34:31.707 Service scanning
10:34:48.916 Modules scanning
10:34:48.919 Disk 0 trace - called modules:
10:34:48.920
10:34:49.204 AVAST engine scan C:\Windows
10:34:50.624 AVAST engine scan C:\Windows\system32
10:37:04.659 AVAST engine scan C:\Windows\system32\drivers
10:37:10.248 AVAST engine scan C:\Users\Remco
10:39:39.315 AVAST engine scan C:\ProgramData
10:39:49.617 Scan finished successfully
10:40:10.233 The log file has been saved successfully to "D:\Downloads\aswMBR.txt"
Short after that, my gmail was logged in from Norway, also BTC-e and BTC-Guild (all 3 same password).
I uploaded the file for check: http://r.virscan.org/report/c268b8996e6aa2526dd35ebe8e570561.html seems a trojan downloader.
I saw some files in system32, edited today. Those are perfc009.dat, -013, perfh009.dat ,-013, perfstringbackup.ini. There were some minutes ago some more in that folder (like bootdelete.exe).
I runned MBAM and deleted all those files. But seems no cause of this malware.
The scan logs are attached.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by Remco at 10:27:39 on 2014-02-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8174.3991 [GMT 1:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Persoonlijke firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ShellfireVPN\jre6\bin\java.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Remco\AppData\Local\CloudStation\bin\cloud.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Feed Notifier\notifier.exe
C:\Users\Remco\Desktop\guiminer\guiminer\guiminer.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Remco\AppData\Local\CloudStation\bin\client-win.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\ShellfireVPN\jre6\bin\java.exe
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sublime Text 2\sublime_text.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.nl/
uProxyOverride = localhost;127.0.0.1;<local>;192.168.*.*
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
uRun: [Allway Sync] "C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe" -m
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [TrackerNotificationExtensions.exe] "C:\Program Files (x86)\Copernic Tracker\TrackerNotificationExtensions.exe" /loadunread /c
uRun: [GoogleChromeAutoLaunch_06B807F4EA18B3F627189D54D9DCC4B5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Bitcoin.lnk - C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CLOUDS~1.LNK - C:\Users\Remco\AppData\Local\CloudStation\bin\cloud.exe
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FEEDNO~1.LNK - C:\Program Files (x86)\Feed Notifier\notifier.exe
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GUIMIN~1.LNK - C:\Users\Remco\Desktop\guiminer\guiminer\guiminer.exe
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TEAMVI~1.LNK - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{7D07E1DB-D88F-41CB-8EA6-1101A9DAC047} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{9A552CF3-AAEB-402A-8908-021E61A17E60} : DHCPNameServer = 195.121.1.34 195.121.1.66
Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\
FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize)
FF - prefs.js: browser.startup.homepage - hxxps://www.coursera.org/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.privitize.hpOld0 - hxxp://www.google.nl/|http://www.gmail.com/
FF - user.js: extensions.privitize.tlbrSrchUrl - hxxp://searchou.com/?id=944c7aa400000000000000ff7cf998cf&q=
FF - user.js: extensions.privitize.id - 944c7aa400000000000000ff7cf998cf
FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
FF - user.js: extensions.privitize.instlDay - 15804
FF - user.js: extensions.privitize.vrsn - 1.8.16.22
FF - user.js: extensions.privitize.vrsni - 1.8.16.22
FF - user.js: extensions.privitize.vrsnTs - 1.8.16.2214:43:56
FF - user.js: extensions.privitize.prtnrId - privitize
FF - user.js: extensions.privitize.prdct - privitize
FF - user.js: extensions.privitize.aflt - orgnl
FF - user.js: extensions.privitize.smplGrp - none
FF - user.js: extensions.privitize.tlbrId - base
FF - user.js: extensions.privitize.instlRef -
FF - user.js: extensions.privitize.dfltLng -
FF - user.js: extensions.privitize.excTlbr - true
FF - user.js: extensions.privitize.ffxUnstlRst - false
FF - user.js: extensions.privitize.admin - false
FF - user.js: extensions.privitize.autoRvrt - false
FF - user.js: extensions.privitize.rvrt - false
FF - user.js: extensions.privitize.hmpg - true
FF - user.js: extensions.privitize.hmpgUrl - hxxp://searchou.com/?id=944c7aa400000000000000ff7cf998cf
FF - user.js: extensions.privitize.dfltSrch - true
FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js: extensions.privitize.kw_url - hxxp://searchou.com/?q={searchTerms}&id=944c7aa400000000000000ff7cf998cf
FF - user.js: extensions.privitize.dnsErr - true
FF - user.js: extensions.privitize.newTab - true
FF - user.js: extensions.privitize.newTabUrl - hxxp://searchou.com/?id=944c7aa400000000000000ff7cf998cf
.
============= SERVICES / DRIVERS ===============
.
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-8-26 70296]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-1-30 32336]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-9-3 170104]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-11-4 810144]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-2-18 127752]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-8-10 72216]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-3 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-22 15129376]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-2-21 65657]
R2 ShellfireVPN2Service;ShellfireVPN2Service;"C:\Program Files (x86)\ShellfireVPN\jre6\bin\java" "-classpath" "C:\Program Files (x86)\ShellfireVPN\ShellfireVPN2.exe" "-Xrs" "-Dwrapper.service=true" "-Dwrapper.working.dir=C:\Program Files (x86)\ShellfireVPN" "-Dwrapper.config=C:\Users\Remco\AppData\Roaming\ShellfireVPN\start.conf" "-Dwrapper.additional.1x=-Xrs" "-Dwrapper.stop.conf=C:\Users\Remco\AppData\Roaming\ShellfireVPN\stop.conf" "org.rzo.yajsw.boot.WrapperServiceBooter" --> C:\Program Files (x86)\ShellfireVPN\jre6\bin\java [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-21 5093216]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-7-8 2656280]
R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2012-9-18 248704]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-7 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-7 401896]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-17 39200]
R3 ts_arnusb;[CommView] Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\ts_arnusbx.sys [2013-7-3 1983176]
R3 WsAudio_Device;WsAudio_Device;C:\Windows\System32\drivers\VirtualAudio.sys [2013-4-13 31080]
S0 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\drivers\amdkmafd.sys [2013-7-5 21600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-8-14 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-8-14 9800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-12 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-7 533096]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-8-13 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-14 1255736]
S4 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2010-7-29 50624]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\sublime_text.exe="C:\Program Files\Sublime Text 2\sublime_text.exe" "%1" [UserChoice]
FileExt: .js: Applications\sublime_text.exe="C:\Program Files\Sublime Text 2\sublime_text.exe" "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-02-18 08:21:19 -------- d-----w- C:\Program Files\HitmanPro
2014-02-18 08:09:56 -------- d-----w- C:\ProgramData\HitmanPro
2014-02-18 08:02:09 608256 ----a-w- C:\Users\Remco\AppData\Roaming\task335952159run.exe
2014-02-13 06:48:04 -------- d-----w- C:\Windows\System32\drivers\en-US
2014-02-13 06:46:37 6573056 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-13 06:46:37 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-13 05:17:03 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 05:17:03 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-13 05:15:13 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-02-13 05:14:57 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-13 05:14:57 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-13 05:14:57 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-13 05:14:57 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-09 17:21:46 -------- d-----w- C:\Users\Remco\AppData\Roaming\MaxCoin
2014-02-06 19:46:54 -------- d-----w- C:\Users\Remco\.ssh
2014-02-06 19:46:31 -------- d-----w- C:\Users\Remco\AppData\Roaming\GitHub
2014-02-06 19:46:29 -------- d-----w- C:\Users\Remco\AppData\Local\GitHub
2014-02-03 06:51:51 270336 ----a-w- C:\Windows\SysWow64\ssleay32.dll
2014-02-03 06:51:51 270336 ----a-w- C:\Windows\SysWow64\libssl32.dll
2014-02-03 06:51:51 1176576 ----a-w- C:\Windows\SysWow64\libeay32.dll
2014-02-03 06:51:50 -------- d-----w- C:\OpenSSL-Win32
2014-01-27 15:42:49 9480328 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2014-01-24 11:10:09 -------- d-----w- C:\Program Files (x86)\Sony
2014-01-24 11:10:09 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
2014-01-20 06:25:26 -------- d-----w- C:\Users\Remco\AppData\Roaming\PaRaMeter
2014-01-20 06:25:21 -------- d-----w- C:\Program Files (x86)\PaRaMeter
.
==================== Find3M ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 13:39:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 13:39:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-27 15:36:52 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-01-27 15:36:51 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2014-01-27 15:36:51 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-19 20:33:31 1884448 ----a-w- C:\Windows\System32\nvdispco6433221.dll
2013-12-19 20:33:31 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433221.dll
2013-12-18 20:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-12 15:55:43 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2013-12-10 02:13:11 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:13:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-05 08:42:30 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-12-05 08:42:26 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-11-22 08:36:08 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 10:27:47,76 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-18 10:31:36
-----------------------------
10:31:36.316 OS Version: Windows x64 6.1.7601 Service Pack 1
10:31:36.316 Number of processors: 8 586 0x2A07
10:31:36.317 ComputerName: REMCO-PC UserName: Remco
10:31:36.593 Initialze error C0000160 - driver not loaded
10:34:15.617 AVAST engine defs: 14021800
10:34:31.707 Service scanning
10:34:48.916 Modules scanning
10:34:48.919 Disk 0 trace - called modules:
10:34:48.920
10:34:49.204 AVAST engine scan C:\Windows
10:34:50.624 AVAST engine scan C:\Windows\system32
10:37:04.659 AVAST engine scan C:\Windows\system32\drivers
10:37:10.248 AVAST engine scan C:\Users\Remco
10:39:39.315 AVAST engine scan C:\ProgramData
10:39:49.617 Scan finished successfully
10:40:10.233 The log file has been saved successfully to "D:\Downloads\aswMBR.txt"