peenif
24 May 2014, 10:31
Op 21 mei jongstleden VirtualDJ Home FREE geïnstalleerd waarbij ik nauwgelet alle randsoftware zoals toolbars en een downloader heb uitgevinkt. Niettemin stel ik gisterenavond vast dat mijn zoekfunctie in verkenner niet meer functioneert. Deze morgen met Windows Fix-It gerepareerd en toch werkt die niet zoals normaal (vraagt telkens opnieuw om de verschillende partities al of niet te indexeren). Malwarebytes vond infecties, AdwCleaner registersleutels. Hieronder de nodige logjes om na te zien, is mijn systeem clean? Bij voorbaat, dank U wel.
Malwarebytes Anti-Malware
www.malwarebytes.org (http://www.malwarebytes.org)
Scan Date: 24/05/2014
Scan Time: 9:39:53
Logfile:
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ronne
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 274711
Time Elapsed: 16 min, 8 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.Tarma.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURREN TVERSION\UNINSTALL\da9ccca1-e2d7-48bf-ad82-3591b04c4354, Quarantined, [65cceb6a9fdcfe38a23cc184da268a76],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Tarma.A, C:\ProgramData\InstallMate\{12339C6D-93E2-48CE-AA25-DBC0C9D0BE9B}\Setup.exe, Quarantined, [65cceb6a9fdcfe38a23cc184da268a76],
Physical Sectors: 0
(No malicious items detected)
(end)
_________________________________________________
# AdwCleaner v3.210 - Rapport aangemaakt 24/05/2014 op 09:50:23
# Laatste Update 19/05/2014 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : ronne - RONNE-PC
# Gestart vanuit : C:\Users\ronne\Downloads\AdwCleaner.exe
# Optie : Verwijderen
***** [ Services ] *****
***** [ Bestanden / Mappen ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.D LL
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Sleutel Verwijderd : HKCU\Software\APN PIP
Sleutel Verwijderd : HKCU\Software\WEDLMNGR
Sleutel Verwijderd : HKLM\Software\PIP
***** [ Browsers ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v29.0.1 (nl)
[ Bestand : C:\Users\ronne\AppData\Roaming\Mozilla\Firefox\Pro files\ci0c2wge.default-1397710312068\prefs.js ]
*************************
AdwCleaner[R0].txt - [2107 octets] - [05/11/2013 16:47:08]
AdwCleaner[R1].txt - [890 octets] - [05/11/2013 17:00:29]
AdwCleaner[R2].txt - [1215 octets] - [04/02/2014 11:57:25]
AdwCleaner[R3].txt - [1143 octets] - [04/02/2014 20:32:25]
AdwCleaner[R4].txt - [1201 octets] - [05/02/2014 05:58:59]
AdwCleaner[R5].txt - [1997 octets] - [24/05/2014 09:48:45]
AdwCleaner[S0].txt - [2104 octets] - [05/11/2013 16:48:43]
AdwCleaner[S1].txt - [950 octets] - [05/11/2013 17:01:39]
AdwCleaner[S2].txt - [1281 octets] - [04/02/2014 11:58:43]
AdwCleaner[S3].txt - [1263 octets] - [05/02/2014 05:59:31]
AdwCleaner[S4].txt - [1840 octets] - [24/05/2014 09:50:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1900 octets] ##########
______________________________
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-24 10:18:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
Running: wmhn3oir.exe; Driver: C:\Users\ronne\AppData\Local\Temp\uglorpog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLoo kasideList + 528 fffff800035f1000 45 bytes [00, 10, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLoo kasideList + 575 fffff800035f102f 16 bytes [00, 00, 10, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Windows\system32\services.exe[936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[1064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.e xe[1276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1724] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1756] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Windows\Explorer.EXE[2000] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2060] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2180] C:\Windows\syswow64\kernel32.dll!SetUnhandledExcep tionFilter 00000000749e8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2328] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[2100] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3324] C:\Windows\syswow64\kernel32.dll!SetUnhandledExcep tionFilter 00000000749e8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3324] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3836] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5116] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f11465 2 bytes [F1, 76]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f114bb 2 bytes [F1, 76]
.text ... * 2
.text C:\Users\ronne\Downloads\wmhn3oir.exe[1636] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2564:2860] 0000000070d152c9
---- EOF - GMER 2.1 ----
_______________________________________
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by ronne at 10:27:28 on 2014-05-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3949.2417 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.e xe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.be/?gws_rd=cr&ei=7gewUqzhDdHDtAaf0IDwDw
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://www.google.com
uURLSearchHooks: {87775fdb-6972-41f9-ae51-8326e38cb206} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: Aimersoft Video Converter Ultimate: {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{80C2A4FB-C299-4860-880B-2D243C3EAB5B} : NameServer = 80.201.237.239 80.201.237.238
TCP: Interfaces\{886256E5-840D-4B73-9533-68F0242D534A} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\4554C454E4544584F4D4543505F445 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\4554C454E4544584F4D4543505F445 : DHCPNameServer = 195.130.130.141 195.130.131.141
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\64F4E4F52454C4741434F4D4 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\64F4E4F52454C4741434F4D4 : DHCPNameServer = 195.238.2.21 195.238.2.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C4964747C656F5359637475627D276163747 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C4964747C656F5359637475627D276163747 : DHCPNameServer = 195.130.130.130 195.130.131.130
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C696E6B6379737 : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C696E6B6379737 : DHCPNameServer = 195.130.130.130 195.130.131.130
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ronne\AppData\Roaming\Mozilla\Firefox\Pro files\ci0c2wge.default-1397710312068\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149 .dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_ 214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswndisflt.sys [2014-4-20 447888]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-4 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-4 208416]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-8-4 1263200]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.s ys [2012-5-17 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.s ys [2012-1-7 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-1-7 423240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-6 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-11 202752]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-20 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\as wMonFlt.sys [2012-1-7 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-20 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-4-20 109048]
R2 VmbService;Vodafone Mobile Broadband-service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-12-31 9216]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-28 56344]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\Sys tem32\drivers\ew_jubusenum.sys [2013-11-29 86016]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sy s [2009-11-13 67072]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.s ys [2013-12-18 85328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-9-28 285280]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-21 44032]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-6-21 117248]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2012-6-21 419840]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssflt r.sys [2011-6-21 61792]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\dr ivers\ew_jucdcacm.sys [2013-11-29 98816]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System3 2\drivers\ew_juextctrl.sys [2013-11-29 28672]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\ drivers\ew_juwwanecm.sys [2013-11-29 213504]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2011-7-1 114304]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-1 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\dr ivers\MBAMSwissArmy.sys [2014-4-6 119512]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revofl t.sys [2012-9-12 31800]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUs bFlt.sys [2011-6-23 59392]
S3 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-28 2314240]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-21 1255736]
S4 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-10-28 379520]
S4 afcdpsrv;Acronis Nonstop Backup-service ;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-9-28 3246040]
S4 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2014-05-24 07:13:08 -------- d-----w- C:\Users\ronne\AppData\Local\ElevatedDiagnostics
2014-05-21 12:59:21 -------- d-----w- C:\Program Files (x86)\VirtualDJ
2014-05-09 19:01:55 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-05-05 10:44:50 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-05 10:44:50 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-05 10:44:50 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-05 10:44:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-03 12:44:59 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-03 12:44:59 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
.
==================== Find3M ====================
.
2014-05-24 08:01:08 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-16 03:42:09 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2014-05-15 11:50:17 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-15 11:50:17 447888 ----a-w- C:\Windows\System32\drivers\aswndisflt.sys
2014-05-15 11:50:17 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-05-14 18:15:24 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 18:15:24 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-20 18:39:32 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-20 18:39:32 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-20 18:39:32 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-04-20 18:39:32 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-20 18:39:30 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-20 18:39:29 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-04 01:21:56 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-03-31 20:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-03-31 20:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-27 15:46:08 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-03-26 03:44:42 6000640 ----a-w- C:\Program Files (x86)\GUT4B43.tmp
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 10:28:57,78 ===============
Malwarebytes Anti-Malware
www.malwarebytes.org (http://www.malwarebytes.org)
Scan Date: 24/05/2014
Scan Time: 9:39:53
Logfile:
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ronne
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 274711
Time Elapsed: 16 min, 8 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.Tarma.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURREN TVERSION\UNINSTALL\da9ccca1-e2d7-48bf-ad82-3591b04c4354, Quarantined, [65cceb6a9fdcfe38a23cc184da268a76],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Tarma.A, C:\ProgramData\InstallMate\{12339C6D-93E2-48CE-AA25-DBC0C9D0BE9B}\Setup.exe, Quarantined, [65cceb6a9fdcfe38a23cc184da268a76],
Physical Sectors: 0
(No malicious items detected)
(end)
_________________________________________________
# AdwCleaner v3.210 - Rapport aangemaakt 24/05/2014 op 09:50:23
# Laatste Update 19/05/2014 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : ronne - RONNE-PC
# Gestart vanuit : C:\Users\ronne\Downloads\AdwCleaner.exe
# Optie : Verwijderen
***** [ Services ] *****
***** [ Bestanden / Mappen ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.D LL
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Sleutel Verwijderd : HKCU\Software\APN PIP
Sleutel Verwijderd : HKCU\Software\WEDLMNGR
Sleutel Verwijderd : HKLM\Software\PIP
***** [ Browsers ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v29.0.1 (nl)
[ Bestand : C:\Users\ronne\AppData\Roaming\Mozilla\Firefox\Pro files\ci0c2wge.default-1397710312068\prefs.js ]
*************************
AdwCleaner[R0].txt - [2107 octets] - [05/11/2013 16:47:08]
AdwCleaner[R1].txt - [890 octets] - [05/11/2013 17:00:29]
AdwCleaner[R2].txt - [1215 octets] - [04/02/2014 11:57:25]
AdwCleaner[R3].txt - [1143 octets] - [04/02/2014 20:32:25]
AdwCleaner[R4].txt - [1201 octets] - [05/02/2014 05:58:59]
AdwCleaner[R5].txt - [1997 octets] - [24/05/2014 09:48:45]
AdwCleaner[S0].txt - [2104 octets] - [05/11/2013 16:48:43]
AdwCleaner[S1].txt - [950 octets] - [05/11/2013 17:01:39]
AdwCleaner[S2].txt - [1281 octets] - [04/02/2014 11:58:43]
AdwCleaner[S3].txt - [1263 octets] - [05/02/2014 05:59:31]
AdwCleaner[S4].txt - [1840 octets] - [24/05/2014 09:50:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1900 octets] ##########
______________________________
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-24 10:18:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
Running: wmhn3oir.exe; Driver: C:\Users\ronne\AppData\Local\Temp\uglorpog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLoo kasideList + 528 fffff800035f1000 45 bytes [00, 10, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLoo kasideList + 575 fffff800035f102f 16 bytes [00, 00, 10, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Windows\system32\services.exe[936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[1064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.e xe[1276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1724] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1756] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Windows\Explorer.EXE[2000] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b9ef8d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2060] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2180] C:\Windows\syswow64\kernel32.dll!SetUnhandledExcep tionFilter 00000000749e8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2328] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[2100] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3324] C:\Windows\syswow64\kernel32.dll!SetUnhandledExcep tionFilter 00000000749e8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3324] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3836] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5116] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f11465 2 bytes [F1, 76]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f114bb 2 bytes [F1, 76]
.text ... * 2
.text C:\Users\ronne\Downloads\wmhn3oir.exe[1636] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074a0a2fd 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2564:2860] 0000000070d152c9
---- EOF - GMER 2.1 ----
_______________________________________
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by ronne at 10:27:28 on 2014-05-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3949.2417 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.e xe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.be/?gws_rd=cr&ei=7gewUqzhDdHDtAaf0IDwDw
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://www.google.com
uURLSearchHooks: {87775fdb-6972-41f9-ae51-8326e38cb206} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: Aimersoft Video Converter Ultimate: {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{80C2A4FB-C299-4860-880B-2D243C3EAB5B} : NameServer = 80.201.237.239 80.201.237.238
TCP: Interfaces\{886256E5-840D-4B73-9533-68F0242D534A} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\4554C454E4544584F4D4543505F445 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\4554C454E4544584F4D4543505F445 : DHCPNameServer = 195.130.130.141 195.130.131.141
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\64F4E4F52454C4741434F4D4 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\64F4E4F52454C4741434F4D4 : DHCPNameServer = 195.238.2.21 195.238.2.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C4964747C656F5359637475627D276163747 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C4964747C656F5359637475627D276163747 : DHCPNameServer = 195.130.130.130 195.130.131.130
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C696E6B6379737 : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C696E6B6379737 : DHCPNameServer = 195.130.130.130 195.130.131.130
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ronne\AppData\Roaming\Mozilla\Firefox\Pro files\ci0c2wge.default-1397710312068\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149 .dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_ 214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswndisflt.sys [2014-4-20 447888]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-4 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-4 208416]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-8-4 1263200]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.s ys [2012-5-17 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.s ys [2012-1-7 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-1-7 423240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-6 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-11 202752]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-20 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\as wMonFlt.sys [2012-1-7 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-20 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-4-20 109048]
R2 VmbService;Vodafone Mobile Broadband-service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-12-31 9216]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-28 56344]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\Sys tem32\drivers\ew_jubusenum.sys [2013-11-29 86016]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sy s [2009-11-13 67072]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.s ys [2013-12-18 85328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-9-28 285280]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-21 44032]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-6-21 117248]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2012-6-21 419840]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssflt r.sys [2011-6-21 61792]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\dr ivers\ew_jucdcacm.sys [2013-11-29 98816]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System3 2\drivers\ew_juextctrl.sys [2013-11-29 28672]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\ drivers\ew_juwwanecm.sys [2013-11-29 213504]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2011-7-1 114304]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-1 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\dr ivers\MBAMSwissArmy.sys [2014-4-6 119512]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revofl t.sys [2012-9-12 31800]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUs bFlt.sys [2011-6-23 59392]
S3 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-28 2314240]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-21 1255736]
S4 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-10-28 379520]
S4 afcdpsrv;Acronis Nonstop Backup-service ;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-9-28 3246040]
S4 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2014-05-24 07:13:08 -------- d-----w- C:\Users\ronne\AppData\Local\ElevatedDiagnostics
2014-05-21 12:59:21 -------- d-----w- C:\Program Files (x86)\VirtualDJ
2014-05-09 19:01:55 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-05-05 10:44:50 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-05 10:44:50 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-05 10:44:50 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-05 10:44:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-03 12:44:59 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-03 12:44:59 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
.
==================== Find3M ====================
.
2014-05-24 08:01:08 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-16 03:42:09 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2014-05-15 11:50:17 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-15 11:50:17 447888 ----a-w- C:\Windows\System32\drivers\aswndisflt.sys
2014-05-15 11:50:17 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-05-14 18:15:24 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 18:15:24 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-20 18:39:32 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-20 18:39:32 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-20 18:39:32 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-04-20 18:39:32 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-20 18:39:30 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-20 18:39:29 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-04 01:21:56 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-03-31 20:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-03-31 20:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-27 15:46:08 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-03-26 03:44:42 6000640 ----a-w- C:\Program Files (x86)\GUT4B43.tmp
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 10:28:57,78 ===============