Jump to content

Malware .exe recieved


remcosw

Recommended Posts

I just got a virus Project2.exe from a person on skype.
Short after that, my gmail was logged in from Norway, also BTC-e aAttach.txtnd BTC-Guild (all 3 same password).

I uploaded the file for check: http://r.virscan.org/report/c268b899...e8e570561.html seems a trojan downloader.
I saw some files in system32, edited today. Those are perfc009.dat, -013, perfh009.dat ,-013, perfstringbackup.ini. There were some minutes ago some more in that folder (like bootdelete.exe).

I runned MBAM and deleted all some files. But seems no cause of this malware, because I know all those files.

The scan logs are attached.

 

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Remco at 10:27:39 on 2014-02-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.8174.3991 [GMT 1:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Persoonlijke firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ShellfireVPN\jre6\bin\java.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Remco\AppData\Local\CloudStation\bin\cloud.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Feed Notifier\notifier.exe
C:\Users\Remco\Desktop\guiminer\guiminer\guiminer.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Remco\AppData\Local\CloudStation\bin\client-win.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\ShellfireVPN\jre6\bin\java.exe
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sublime Text 2\sublime_text.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = localhost;127.0.0.1;<local>;192.168.*.*
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
uRun: [Allway Sync] "C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe" -m
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [TrackerNotificationExtensions.exe] "C:\Program Files (x86)\Copernic Tracker\TrackerNotificationExtensions.exe" /loadunread /c
uRun: [GoogleChromeAutoLaunch_06B807F4EA18B3F627189D54D9DCC4B5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Bitcoin.lnk - C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CLOUDS~1.LNK - C:\Users\Remco\AppData\Local\CloudStation\bin\cloud.exe
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FEEDNO~1.LNK - C:\Program Files (x86)\Feed Notifier\notifier.exe
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GUIMIN~1.LNK - C:\Users\Remco\Desktop\guiminer\guiminer\guiminer.exe
StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TEAMVI~1.LNK - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{7D07E1DB-D88F-41CB-8EA6-1101A9DAC047} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{9A552CF3-AAEB-402A-8908-021E61A17E60} : DHCPNameServer = 195.121.1.34 195.121.1.66
Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - 
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\
FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize)
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.privitize.hpOld0 - hxxp://www.google.nl/|http://www.gmail.com/
FF - user.js: extensions.privitize.id - 944c7aa400000000000000ff7cf998cf
FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
FF - user.js: extensions.privitize.instlDay - 15804
FF - user.js: extensions.privitize.vrsn - 1.8.16.22
FF - user.js: extensions.privitize.vrsni - 1.8.16.22
FF - user.js: extensions.privitize.vrsnTs - 1.8.16.2214:43:56
FF - user.js: extensions.privitize.prtnrId - privitize
FF - user.js: extensions.privitize.prdct - privitize
FF - user.js: extensions.privitize.aflt - orgnl
FF - user.js: extensions.privitize.smplGrp - none
FF - user.js: extensions.privitize.tlbrId - base
FF - user.js: extensions.privitize.instlRef - 
FF - user.js: extensions.privitize.dfltLng - 
FF - user.js: extensions.privitize.excTlbr - true
FF - user.js: extensions.privitize.ffxUnstlRst - false
FF - user.js: extensions.privitize.admin - false
FF - user.js: extensions.privitize.autoRvrt - false
FF - user.js: extensions.privitize.rvrt - false
FF - user.js: extensions.privitize.hmpg - true
FF - user.js: extensions.privitize.dfltSrch - true
FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js: extensions.privitize.dnsErr - true
FF - user.js: extensions.privitize.newTab - true
.
============= SERVICES / DRIVERS ===============
.
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-8-26 70296]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-1-30 32336]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-9-3 170104]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-11-4 810144]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-2-18 127752]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-8-10 72216]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-3 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-22 15129376]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-2-21 65657]
R2 ShellfireVPN2Service;ShellfireVPN2Service;"C:\Program Files (x86)\ShellfireVPN\jre6\bin\java" "-classpath" "C:\Program Files (x86)\ShellfireVPN\ShellfireVPN2.exe" "-Xrs" "-Dwrapper.service=true" "-Dwrapper.working.dir=C:\Program Files (x86)\ShellfireVPN" "-Dwrapper.config=C:\Users\Remco\AppData\Roaming\ShellfireVPN\start.conf" "-Dwrapper.additional.1x=-Xrs" "-Dwrapper.stop.conf=C:\Users\Remco\AppData\Roaming\ShellfireVPN\stop.conf" "org.rzo.yajsw.boot.WrapperServiceBooter"  --> C:\Program Files (x86)\ShellfireVPN\jre6\bin\java [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-21 5093216]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-8 2656280]
R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2012-9-18 248704]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-7 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-7 401896]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-17 39200]
R3 ts_arnusb;[CommView] Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\ts_arnusbx.sys [2013-7-3 1983176]
R3 WsAudio_Device;WsAudio_Device;C:\Windows\System32\drivers\VirtualAudio.sys [2013-4-13 31080]
S0 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\drivers\amdkmafd.sys [2013-7-5 21600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-8-14 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-8-14 9800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-12 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-7 533096]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-8-13 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-14 1255736]
S4 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2010-7-29 50624]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\sublime_text.exe="C:\Program Files\Sublime Text 2\sublime_text.exe" "%1" [userChoice]
FileExt: .js: Applications\sublime_text.exe="C:\Program Files\Sublime Text 2\sublime_text.exe" "%1" [userChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-02-18 08:21:19 -------- d-----w- C:\Program Files\HitmanPro
2014-02-18 08:09:56 -------- d-----w- C:\ProgramData\HitmanPro
2014-02-18 08:02:09 608256 ----a-w- C:\Users\Remco\AppData\Roaming\task335952159run.exe
2014-02-13 06:48:04 -------- d-----w- C:\Windows\System32\drivers\en-US
2014-02-13 06:46:37 6573056 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-13 06:46:37 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-13 05:17:03 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 05:17:03 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-13 05:15:13 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-02-13 05:14:57 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-13 05:14:57 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-13 05:14:57 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-13 05:14:57 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-09 17:21:46 -------- d-----w- C:\Users\Remco\AppData\Roaming\MaxCoin
2014-02-06 19:46:54 -------- d-----w- C:\Users\Remco\.ssh
2014-02-06 19:46:31 -------- d-----w- C:\Users\Remco\AppData\Roaming\GitHub
2014-02-06 19:46:29 -------- d-----w- C:\Users\Remco\AppData\Local\GitHub
2014-02-03 06:51:51 270336 ----a-w- C:\Windows\SysWow64\ssleay32.dll
2014-02-03 06:51:51 270336 ----a-w- C:\Windows\SysWow64\libssl32.dll
2014-02-03 06:51:51 1176576 ----a-w- C:\Windows\SysWow64\libeay32.dll
2014-02-03 06:51:50 -------- d-----w- C:\OpenSSL-Win32
2014-01-27 15:42:49 9480328 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2014-01-24 11:10:09 -------- d-----w- C:\Program Files (x86)\Sony
2014-01-24 11:10:09 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
2014-01-20 06:25:26 -------- d-----w- C:\Users\Remco\AppData\Roaming\PaRaMeter
2014-01-20 06:25:21 -------- d-----w- C:\Program Files (x86)\PaRaMeter
.
==================== Find3M  ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 13:39:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 13:39:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-27 15:36:52 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-01-27 15:36:51 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2014-01-27 15:36:51 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-19 20:33:31 1884448 ----a-w- C:\Windows\System32\nvdispco6433221.dll
2013-12-19 20:33:31 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433221.dll
2013-12-18 20:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-12 15:55:43 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2013-12-10 02:13:11 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:13:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-05 08:42:30 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-12-05 08:42:26 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-11-22 08:36:08 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 10:27:47,76 ===============
 
 
Attach.txt
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume3
Install Date: 10-8-2012 15:14:26
System Uptime: 18-2-2014 6:12:03 (4 hours ago)
.
Motherboard: MEDIONPC |  | MS-7728
Processor: Intel® Core i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 118 GiB total, 17,166 GiB free.
D: is FIXED (NTFS) - 1348 GiB total, 524,475 GiB free.
E: is FIXED (NTFS) - 49 GiB total, 26,341 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: TAP-Win32 Adapter V9
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider V9
Name: TAP-Win32 Adapter V9
PNP Device ID: ROOT\NET\0000
Service: tap0901
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0001
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0001
Service: VBoxNetAdp
.
Class GUID: 
Description: SM-buscontroller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_77281462&REV_05\3&11583659&0&FB
Manufacturer: 
Name: SM-buscontroller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_77281462&REV_05\3&11583659&0&FB
Service: 
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport-adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\7&170834A3&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport-adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\7&170834A3&0&01
Service: vwifimp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_77281462&REV_06\04000000684CE00000
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_77281462&REV_06\04000000684CE00000
Service: RTL8167
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Help Center 1.0
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader X (10.1.9) - Nederlands
Adobe Stock Photos 1.0
Allway Sync version 11.6.1
Apple Application Support
µTorrent
Audacity 2.0
Bitcoin
Bluefish 2.2.4
Bullzip PDF Printer 8.2.0.1406
CCleaner
ColorPic
D3DX10
DYMO Label v.8
DYMO LabelWriter Drivers
EaseUS Partition Master 9.2.2
ERUNT 1.1j
ESET Smart Security
Feed Notifier 2.6
FileZilla Client 3.7.4.1
FormatFactory 2.30
GeForce Experience NvStream Client Components
GemistDownloader
GF-TEC Bots Portal
GitHub
Google Chrome
Google Earth
Google Update Helper
HD Tune 2.55
HitmanPro 3.7
Intel® Management Engine Components
Java 7 Update 17 (64-bit)
Java 7 Update 51
Java Auto Updater
LAME v3.99.3 (for Windows)
LightShirt LED Programmer 3.12
LiveZilla
LogMeIn
Lubuntu
Malwarebytes Anti-Malware versie 1.75.0.1300
Metro 2033
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (Nederlands)
Microsoft .NET Framework 4.5.1 (NLD)
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared 64-bit MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Motorola Device Manager
Motorola Device Software Update
Motorola MMCP Drivers Installation 1.0.3
Motorola Mobile Drivers Installation 5.9.0
Motorola Software Update
Movie Maker
Mozilla Firefox 27.0.1 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
NirSoft Wireless Network Watcher
NSU
NVIDIA-configuratiescherm 331.65
NVIDIA 3D Vision controllerstuurprogramma 332.21
NVIDIA 3D Vision stuurprogramma 331.65
NVIDIA GeForce Experience 1.8.1
NVIDIA Grafisch stuurprogramma 331.65
NVIDIA HD Audio-stuurprogramma 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX systeemsoftware 9.13.0725
NVIDIA ShadowPlay 10.11.15
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
OpenSSL 1.0.1f Light (32-bit)
Oracle VM VirtualBox 4.2.16
PaRaMeter 1.3
PDF-Viewer
Photo Common
Photo Gallery
PL-2303 Vista Driver Installer
Plugin 7
Pocketwoordenboeken
PowerISO
proXPN 2.6.1
QuickTime
Reader for PC
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
ShellfireVPN 2.1
SHIELD Streaming
Skype™ 6.11
Speccy
Spotify
Spotnet
Steam
Sublime Text 2.0.2
Synology Assistant (remove only)
Synology Cloud Station (remove only)
TeamViewer 8
Test My Hardware 3.0
TI Connect 1.6
TI NoteFolio Creator
TL-WN822N/TL-WN821N Driver
tools-windows
TweetDeck
TwiPing
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Van Dale Grote woordenboeken Duits
Van Dale Grote woordenboeken Engels
Visual BCD
VLC media player 2.1.2
VMware Player
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
Wondershare Video Converter Free(Build 6.0.3.1)
.
==== End Of File ===========================
 
 

 

HitmanPro_20140219_1109.log

aswMBR.txt

MBAM-log-2014-02-18 (10-37-07).txt

DDS.txt

HitmanPro_20140218_1020.txt

Link to post
Share on other sites

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.

Link to post
Share on other sites

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.

Thats ok, I am sorry.

Could you please help me?

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

ComboFix 14-02-19.01 - Remco 20-02-2014  12:13:51.1.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.8174.4697 [GMT 1:00]

Gestart vanuit: d:\downloads\ComboFix.exe

AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Persoonlijke firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Feed Notifier\notifier.exe

c:\users\Remco\AppData\Roaming\poclbm

c:\users\Remco\AppData\Roaming\poclbm\poclbm.ini

c:\users\Remco\AppData\Roaming\poclbm\poclbm_scrypt.ini

c:\users\Remco\AppData\Roaming\task335952159run.exe

c:\windows\IsUn0413.exe

c:\windows\TEMP\jna8613179708442820646.dll

D:\install.exe

.

.

((((((((((((((((((((   Bestanden Gemaakt van 2014-01-20 to 2014-02-20  ))))))))))))))))))))))))))))))

.

.

2014-02-20 11:16 . 2014-02-20 11:16 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2014-02-20 11:16 . 2014-02-20 11:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-02-19 11:35 . 2014-02-20 05:36 -------- d-----w- c:\programdata\boost_interprocess

2014-02-18 17:25 . 2014-02-18 17:25 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2014-02-18 17:25 . 2014-02-08 16:18 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2014-02-18 09:17 . 2014-02-18 09:17 -------- d-----w- c:\program files (x86)\ERUNT

2014-02-18 08:21 . 2014-02-18 08:22 -------- d-----w- c:\program files\HitmanPro

2014-02-18 08:09 . 2014-02-18 08:20 -------- d-----w- c:\programdata\HitmanPro

2014-02-13 06:48 . 2014-02-13 06:48 -------- d-----w- c:\windows\system32\drivers\en-US

2014-02-13 06:46 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\SysWow64\mstscax.dll

2014-02-13 06:46 . 2013-11-26 22:49 6573056 ----a-w- c:\windows\system32\mstscax.dll

2014-02-13 05:17 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll

2014-02-13 05:17 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2014-02-13 05:15 . 2013-12-04 02:16 658432 ----a-w- c:\windows\system32\RMActivate_isv.exe

2014-02-13 05:14 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll

2014-02-13 05:14 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll

2014-02-13 05:14 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2014-02-13 05:14 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll

2014-02-09 17:21 . 2014-02-11 05:57 -------- d-----w- c:\users\Remco\AppData\Roaming\MaxCoin

2014-02-06 19:46 . 2014-02-06 19:46 -------- d-----w- c:\users\Remco\.ssh

2014-02-06 19:46 . 2014-02-06 19:48 -------- d-----w- c:\users\Remco\AppData\Roaming\GitHub

2014-02-06 19:46 . 2014-02-06 19:47 -------- d-----w- c:\users\Remco\AppData\Local\GitHub

2014-02-03 06:51 . 2014-01-06 18:38 270336 ----a-w- c:\windows\SysWow64\ssleay32.dll

2014-02-03 06:51 . 2014-01-06 18:38 270336 ----a-w- c:\windows\SysWow64\libssl32.dll

2014-02-03 06:51 . 2014-01-06 18:38 1176576 ----a-w- c:\windows\SysWow64\libeay32.dll

2014-02-03 06:51 . 2014-02-03 06:51 -------- d-----w- C:\OpenSSL-Win32

2014-01-27 15:42 . 2014-02-08 18:34 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll

2014-01-24 11:10 . 2014-01-24 11:10 -------- d-----w- c:\program files (x86)\Sony

2014-01-24 11:10 . 2014-01-24 11:10 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared

.

.

.

(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-13 05:20 . 2012-08-11 10:16 88567024 ----a-w- c:\windows\system32\MRT.exe

2014-02-08 18:34 . 2013-09-17 20:22 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll

2014-02-08 18:34 . 2012-08-14 09:31 947296 ----a-w- c:\windows\system32\nvumdshimx.dll

2014-02-08 18:34 . 2012-08-14 09:31 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2014-02-08 18:34 . 2011-09-15 11:34 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll

2014-02-08 18:34 . 2011-09-15 11:34 3090184 ----a-w- c:\windows\system32\nvapi64.dll

2014-02-08 17:42 . 2012-08-10 13:25 6712608 ----a-w- c:\windows\system32\nvcpl.dll

2014-02-08 17:42 . 2012-08-10 13:25 3498272 ----a-w- c:\windows\system32\nvsvc64.dll

2014-02-08 17:42 . 2012-08-10 13:25 923936 ----a-w- c:\windows\system32\nvvsvc.exe

2014-02-08 17:42 . 2012-08-10 13:25 63776 ----a-w- c:\windows\system32\nvshext.dll

2014-02-08 17:42 . 2012-08-10 13:25 386336 ----a-w- c:\windows\system32\nvmctray.dll

2014-02-08 17:42 . 2012-08-10 13:25 2559776 ----a-w- c:\windows\system32\nvsvcr.dll

2014-02-05 17:52 . 2012-08-14 09:31 3573739 ----a-w- c:\windows\system32\nvcoproc.bin

2014-02-05 13:39 . 2012-08-10 15:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-05 13:39 . 2012-08-10 15:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-01-27 15:36 . 2012-08-10 13:46 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2014-01-27 15:36 . 2012-08-10 13:46 35656 ----a-w- c:\windows\system32\LMIport.dll

2014-01-27 15:36 . 2012-08-10 13:46 92488 ----a-w- c:\windows\system32\LMIinit.dll

2013-12-19 20:33 . 2014-01-11 08:26 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll

2013-12-19 20:33 . 2014-01-11 08:26 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll

2013-12-18 20:09 . 2013-10-20 15:31 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-12-12 15:55 . 2012-08-10 13:46 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2013-12-10 02:13 . 2013-10-28 15:20 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll

2013-12-10 02:13 . 2013-10-28 15:20 1100248 ----a-w- c:\windows\system32\nvspcap64.dll

2013-12-05 08:42 . 2013-12-17 18:27 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys

2013-12-05 08:42 . 2013-12-17 18:27 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll

2013-12-05 08:42 . 2013-10-22 09:06 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll

2013-11-28 13:38 . 2014-01-11 08:26 31520 ----a-w- c:\windows\system32\nvhdap64.dll

2013-11-28 13:38 . 2014-01-11 08:26 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2013-11-27 01:41 . 2014-01-15 06:11 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-11-27 01:41 . 2014-01-15 06:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-11-27 01:41 . 2014-01-15 06:11 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-11-27 01:41 . 2014-01-15 06:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-11-27 01:41 . 2014-01-15 06:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-11-27 01:41 . 2014-01-15 06:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-11-27 01:41 . 2014-01-15 06:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-11-26 11:40 . 2014-01-15 06:11 376768 ----a-w- c:\windows\system32\drivers\netio.sys

2013-11-26 10:32 . 2014-01-15 06:11 3156480 ----a-w- c:\windows\system32\win32k.sys

2013-11-23 18:26 . 2013-12-12 06:32 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-11-23 17:47 . 2013-12-12 06:32 465920 ----a-w- c:\windows\system32\WMPhoto.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DymoQuickPrint"="c:\program files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2012-01-30 1865808]

"Allway Sync"="c:\program files (x86)\Allway Sync\Bin\syncappw.exe" [2011-11-10 94112]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

"GoogleChromeAutoLaunch_06B807F4EA18B3F627189D54D9DCC4B5"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2013-11-27 899400]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

c:\users\Remco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Bitcoin.lnk - c:\program files (x86)\Bitcoin\bitcoin-qt.exe -min [2011-1-30 22041600]

CloudStation.lnk - c:\users\Remco\AppData\Local\CloudStation\bin\cloud.exe [2014-1-18 3726752]

TeamViewer 8.lnk - c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe [2013-2-21 12641632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0bootdelete

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmafd.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]

R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x]

R4 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]

S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]

S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]

S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]

S2 ShellfireVPN2Service;ShellfireVPN2Service;c:\program files (x86)\ShellfireVPN\jre6\bin\java -classpath c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe;c:\program files (x86)\ShellfireVPN\jre6\bin\java -classpath c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe [x]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 ts_arnusb;[CommView] Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\ts_arnusbx.sys;c:\windows\SYSNATIVE\DRIVERS\ts_arnusbx.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-02-05 06:49 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2014-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 13:39]

.

2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 16:38]

.

2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 16:38]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01UnsuppModule]

@="{AEB16659-2125-4ADA-A4AB-45EE21E86469}"

[HKEY_CLASSES_ROOT\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}]

2014-01-18 08:02 2328576 ----a-w- c:\users\Remco\AppData\Local\CloudStation\iconoverlay_v5\IconOverlayDLLs_x64\iconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02SyncingModule]

@="{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}"

[HKEY_CLASSES_ROOT\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}]

2014-01-18 08:02 2328576 ----a-w- c:\users\Remco\AppData\Local\CloudStation\iconoverlay_v5\IconOverlayDLLs_x64\iconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03SyncedModule]

@="{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}"

[HKEY_CLASSES_ROOT\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}]

2014-01-18 08:02 2328576 ----a-w- c:\users\Remco\AppData\Local\CloudStation\iconoverlay_v5\IconOverlayDLLs_x64\iconOverlay.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-06-08 57928]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-04 2919168]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>;192.168.*.*

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254

Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - 

FF - ProfilePath - c:\users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\

FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize)


FF - user.js: extensions.privitize.hpOld0 - hxxp://www.google.nl/|http://www.gmail.com/


FF - user.js: extensions.privitize.id - 944c7aa400000000000000ff7cf998cf

FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}

FF - user.js: extensions.privitize.instlDay - 15804

FF - user.js: extensions.privitize.vrsn - 1.8.16.22

FF - user.js: extensions.privitize.vrsni - 1.8.16.22

FF - user.js: extensions.privitize.vrsnTs - 1.8.16.2214:43

FF - user.js: extensions.privitize.prtnrId - privitize

FF - user.js: extensions.privitize.prdct - privitize

FF - user.js: extensions.privitize.aflt - orgnl

FF - user.js: extensions.privitize.smplGrp - none

FF - user.js: extensions.privitize.tlbrId - base

FF - user.js: extensions.privitize.instlRef - 

FF - user.js: extensions.privitize.dfltLng - 

FF - user.js: extensions.privitize.excTlbr - true

FF - user.js: extensions.privitize.ffxUnstlRst - false

FF - user.js: extensions.privitize.admin - false

FF - user.js: extensions.privitize.autoRvrt - false

FF - user.js: extensions.privitize.rvrt - false

FF - user.js: extensions.privitize.hmpg - true


FF - user.js: extensions.privitize.dfltSrch - true

FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)


FF - user.js: extensions.privitize.dnsErr - true

FF - user.js: extensions.privitize.newTab - true


.

- - - - ORPHANS VERWIJDERD - - - -

.

Wow6432Node-HKCU-Run-TrackerNotificationExtensions.exe - c:\program files (x86)\Copernic Tracker\TrackerNotificationExtensions.exe

Wow6432Node-HKLM-Run-mumservice - c:\program files\Motorola\Software Update\mumservice.exe

Wow6432Node-HKLM-Run-EaseUS EPM tray - c:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

c:\users\Remco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk - c:\program files (x86)\Feed Notifier\notifier.exe

c:\users\Remco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\guiminer.exe - Snelkoppeling.lnk - c:\users\Remco\Desktop\guiminer\guiminer\guiminer.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-Van Dale Grote woordenboeken Duits - c:\windows\ISUN0413.EXE

AddRemove-Van Dale Grote woordenboeken Engels - c:\windows\ISUN0413.EXE

AddRemove-Wubi - c:\ubuntu\uninstall-wubi.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellfireVPN2Service]

"ImagePath"="\"c:\program files (x86)\ShellfireVPN\jre6\bin\java\" \"-classpath\" \"c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe\" \"-Xrs\" \"-Dwrapper.service=true\" \"-Dwrapper.working.dir=c:\program files (x86)\ShellfireVPN\" \"-Dwrapper.config=c:\users\Remco\AppData\Roaming\ShellfireVPN\start.conf\" \"-Dwrapper.additional.1x=-Xrs\" \"-Dwrapper.stop.conf=c:\users\Remco\AppData\Roaming\ShellfireVPN\stop.conf\" \"org.rzo.yajsw.boot.WrapperServiceBooter\" "

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\ShellfireVPN\jre6\bin\java.exe

c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

c:\program files (x86)\ShellfireVPN\jre6\bin\java.exe

c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe

c:\program files (x86)\Bitcoin\bitcoin-qt.exe

c:\users\Remco\AppData\Local\CloudStation\bin\client-win.exe

c:\program files (x86)\TeamViewer\Version8\tv_w32.exe

.

**************************************************************************

.

Voltooingstijd: 2014-02-20  12:19:30 - machine werd herstart

ComboFix-quarantined-files.txt  2014-02-20 11:19

.

Pre-Run: 18.419.666.944 bytes beschikbaar

Post-Run: 18.682.056.704 bytes beschikbaar

.

- - End Of File - - 3B39061237FDF5CE7C860CB156BDCA37

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

CFScript.txt

Link to post
Share on other sites

Thanks for helping me.

 

 

 

ComboFix 14-02-19.01 - Remco 20-02-2014  13:44:33.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.8174.5128 [GMT 1:00]
Gestart vanuit: d:\downloads\ComboFix.exe
gebruikte Opdracht switches :: d:\downloads\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Persoonlijke firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\jna2722945145574667792.dll
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-01-20 to 2014-02-20  ))))))))))))))))))))))))))))))
.
.
2014-02-20 12:47 . 2014-02-20 12:47 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2014-02-20 12:47 . 2014-02-20 12:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-19 11:35 . 2014-02-20 11:18 -------- d-----w- c:\programdata\boost_interprocess
2014-02-18 17:25 . 2014-02-18 17:25 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-02-18 17:25 . 2014-02-08 16:18 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-02-18 09:17 . 2014-02-18 09:17 -------- d-----w- c:\program files (x86)\ERUNT
2014-02-18 08:21 . 2014-02-18 08:22 -------- d-----w- c:\program files\HitmanPro
2014-02-18 08:09 . 2014-02-18 08:20 -------- d-----w- c:\programdata\HitmanPro
2014-02-13 06:48 . 2014-02-13 06:48 -------- d-----w- c:\windows\system32\drivers\en-US
2014-02-13 06:46 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-13 06:46 . 2013-11-26 22:49 6573056 ----a-w- c:\windows\system32\mstscax.dll
2014-02-13 05:17 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 05:17 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 05:15 . 2013-12-04 02:16 658432 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-13 05:14 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 05:14 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 05:14 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-13 05:14 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-09 17:21 . 2014-02-11 05:57 -------- d-----w- c:\users\Remco\AppData\Roaming\MaxCoin
2014-02-06 19:46 . 2014-02-06 19:46 -------- d-----w- c:\users\Remco\.ssh
2014-02-06 19:46 . 2014-02-06 19:48 -------- d-----w- c:\users\Remco\AppData\Roaming\GitHub
2014-02-06 19:46 . 2014-02-06 19:47 -------- d-----w- c:\users\Remco\AppData\Local\GitHub
2014-02-03 06:51 . 2014-01-06 18:38 270336 ----a-w- c:\windows\SysWow64\ssleay32.dll
2014-02-03 06:51 . 2014-01-06 18:38 270336 ----a-w- c:\windows\SysWow64\libssl32.dll
2014-02-03 06:51 . 2014-01-06 18:38 1176576 ----a-w- c:\windows\SysWow64\libeay32.dll
2014-02-03 06:51 . 2014-02-03 06:51 -------- d-----w- C:\OpenSSL-Win32
2014-01-27 15:42 . 2014-02-08 18:34 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-01-24 11:10 . 2014-01-24 11:10 -------- d-----w- c:\program files (x86)\Sony
2014-01-24 11:10 . 2014-01-24 11:10 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-13 05:20 . 2012-08-11 10:16 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-08 18:34 . 2013-09-17 20:22 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-02-08 18:34 . 2012-08-14 09:31 947296 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-02-08 18:34 . 2012-08-14 09:31 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-02-08 18:34 . 2011-09-15 11:34 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2011-09-15 11:34 3090184 ----a-w- c:\windows\system32\nvapi64.dll
2014-02-08 17:42 . 2012-08-10 13:25 6712608 ----a-w- c:\windows\system32\nvcpl.dll
2014-02-08 17:42 . 2012-08-10 13:25 3498272 ----a-w- c:\windows\system32\nvsvc64.dll
2014-02-08 17:42 . 2012-08-10 13:25 923936 ----a-w- c:\windows\system32\nvvsvc.exe
2014-02-08 17:42 . 2012-08-10 13:25 63776 ----a-w- c:\windows\system32\nvshext.dll
2014-02-08 17:42 . 2012-08-10 13:25 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-08 17:42 . 2012-08-10 13:25 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2014-02-05 17:52 . 2012-08-14 09:31 3573739 ----a-w- c:\windows\system32\nvcoproc.bin
2014-02-05 13:39 . 2012-08-10 15:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 13:39 . 2012-08-10 15:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-27 15:36 . 2012-08-10 13:46 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-01-27 15:36 . 2012-08-10 13:46 35656 ----a-w- c:\windows\system32\LMIport.dll
2014-01-27 15:36 . 2012-08-10 13:46 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-12-19 20:33 . 2014-01-11 08:26 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-11 08:26 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll
2013-12-18 20:09 . 2013-10-20 15:31 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-12 15:55 . 2012-08-10 13:46 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-12-10 02:13 . 2013-10-28 15:20 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:13 . 2013-10-28 15:20 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-05 08:42 . 2013-12-17 18:27 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-12-05 08:42 . 2013-12-17 18:27 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-12-05 08:42 . 2013-10-22 09:06 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-11-28 13:38 . 2014-01-11 08:26 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2013-11-28 13:38 . 2014-01-11 08:26 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-11-27 01:41 . 2014-01-15 06:11 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 06:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 06:11 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 06:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 06:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 06:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 06:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 06:11 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 06:11 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-12 06:32 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 06:32 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DymoQuickPrint"="c:\program files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2012-01-30 1865808]
"Allway Sync"="c:\program files (x86)\Allway Sync\Bin\syncappw.exe" [2011-11-10 94112]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"GoogleChromeAutoLaunch_06B807F4EA18B3F627189D54D9DCC4B5"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2013-11-27 899400]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Remco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bitcoin.lnk - c:\program files (x86)\Bitcoin\bitcoin-qt.exe -min [2011-1-30 22041600]
CloudStation.lnk - c:\users\Remco\AppData\Local\CloudStation\bin\cloud.exe [2014-1-18 3726752]
TeamViewer 8.lnk - c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe [2013-2-21 12641632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmafd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x]
R4 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 ShellfireVPN2Service;ShellfireVPN2Service;c:\program files (x86)\ShellfireVPN\jre6\bin\java -classpath c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe;c:\program files (x86)\ShellfireVPN\jre6\bin\java -classpath c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 ts_arnusb;[CommView] Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\ts_arnusbx.sys;c:\windows\SYSNATIVE\DRIVERS\ts_arnusbx.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-05 06:49 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 13:39]
.
2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 16:38]
.
2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 16:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01UnsuppModule]
@="{AEB16659-2125-4ADA-A4AB-45EE21E86469}"
[HKEY_CLASSES_ROOT\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}]
2014-01-18 08:02 2328576 ----a-w- c:\users\Remco\AppData\Local\CloudStation\iconoverlay_v5\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02SyncingModule]
@="{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}"
[HKEY_CLASSES_ROOT\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}]
2014-01-18 08:02 2328576 ----a-w- c:\users\Remco\AppData\Local\CloudStation\iconoverlay_v5\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03SyncedModule]
@="{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}"
[HKEY_CLASSES_ROOT\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}]
2014-01-18 08:02 2328576 ----a-w- c:\users\Remco\AppData\Local\CloudStation\iconoverlay_v5\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-06-08 57928]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-04 2919168]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>;192.168.*.*
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.254
Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - 
FF - ProfilePath - c:\users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Van Dale Grote woordenboeken Duits - c:\windows\ISUN0413.EXE
AddRemove-Van Dale Grote woordenboeken Engels - c:\windows\ISUN0413.EXE
AddRemove-Wubi - c:\ubuntu\uninstall-wubi.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellfireVPN2Service]
"ImagePath"="\"c:\program files (x86)\ShellfireVPN\jre6\bin\java\" \"-classpath\" \"c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe\" \"-Xrs\" \"-Dwrapper.service=true\" \"-Dwrapper.working.dir=c:\program files (x86)\ShellfireVPN\" \"-Dwrapper.config=c:\users\Remco\AppData\Roaming\ShellfireVPN\start.conf\" \"-Dwrapper.additional.1x=-Xrs\" \"-Dwrapper.stop.conf=c:\users\Remco\AppData\Roaming\ShellfireVPN\stop.conf\" \"org.rzo.yajsw.boot.WrapperServiceBooter\" "
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ShellfireVPN\jre6\bin\java.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files (x86)\ShellfireVPN\jre6\bin\java.exe
c:\program files (x86)\Bitcoin\bitcoin-qt.exe
c:\users\Remco\AppData\Local\CloudStation\bin\client-win.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
c:\program files (x86)\Microsoft Office\Office12\WINWORD.EXE
.
**************************************************************************
.
Voltooingstijd: 2014-02-20  13:50:05 - machine werd herstart
ComboFix-quarantined-files.txt  2014-02-20 12:50
ComboFix2.txt  2014-02-20 11:19
.
Pre-Run: 18.398.416.896 bytes beschikbaar
Post-Run: 18.359.259.136 bytes beschikbaar
.
- - End Of File - - 8A40EC0B3F80E7B1ABF36FBEB4492D96
A36C5E4F47E84449FF07ED3517B43A31
 
 
 
 
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
 
Databaseversie: v2012.08.26.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Remco :: REMCO-PC [administrator]
 
26-8-2012 17:02:49
mbam-log-2012-08-26 (17-02-49).txt
 
Scantype: Volledige scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 347164
Verstreken tijd: 10 minuut/minuten, 50 seconde(n)
 
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
(einde)
 
Link to post
Share on other sites

Sorry, wrong MBAM log.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Databaseversie: v2014.02.19.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Remco :: REMCO-PC [administrator]
 
20-2-2014 13:50:49
mbam-log-2014-02-20 (13-50-49).txt
 
Scan type: Volledige scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 604908
Verstreken tijd: 54 minuut/minuten, 14 seconde(n)
 
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Mappen gedetecteerd: 2
C:\ProgramData\boost_interprocess (PUP.Optional.BoostInterProcess.A) -> Zal worden verwijderd tijdens het herstarten.
C:\ProgramData\boost_interprocess\20140220134815.610798 (PUP.Optional.BoostInterProcess.A) -> Zal worden verwijderd tijdens het herstarten.
 
Bestanden gedetecteerd: 1
C:\ProgramData\boost_interprocess\20140220134815.610798\BitcoinURI (PUP.Optional.BoostInterProcess.A) -> Zal worden verwijderd tijdens het herstarten.
 
(einde)
Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

D:\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application deleted - quarantined

D:\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

D:\Downloads\epm.exe Win32/OpenCandy potentially unsafe application deleted - quarantined

D:\Downloads\FreemakeVideoConverterSetup.exe Win32/OpenCandy potentially unsafe application deleted - quarantined

D:\Downloads\spsetup122.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

D:\Downloads\cpuminer-master\cpuminer-master\cpuminer\minerd.exe a variant of Win32/BitCoinMiner.W potentially unsafe application deleted - quarantined

D:\Downloads\cudaminer-2014-02-02\cudaminer.exe a variant of Win32/BitCoinMiner.W potentially unsafe application deleted - quarantined

D:\Downloads\cudaminer-2014-02-07\cudaminer-2014-02-07\x64\cudaminer.exe probably a variant of Win64/BitCoinMiner.U potentially unsafe application deleted - quarantined

D:\Downloads\cudaminer-2014-02-07\cudaminer-2014-02-07\x86\cudaminer.exe a variant of Win32/BitCoinMiner.W potentially unsafe application deleted - quarantined

D:\Software\ccleaner 3.2.6.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
Link to post
Share on other sites

 

D:\Downloads\avc-free.exe

D:\Downloads\ccsetup407.exe

D:\Downloads\epm.exe

D:\Downloads\FreemakeVideoConverterSetup.exe

D:\Downloads\spsetup122.exe

D:\Downloads\cpuminer-master\cpuminer-master\cpuminer\minerd.exe

D:\Downloads\cudaminer-2014-02-02\cudaminer.exe

D:\Downloads\cudaminer-2014-02-07\cudaminer-2014-02-07\x64\cudaminer.exe

D:\Downloads\cudaminer-2014-02-07\cudaminer-2014-02-07\x86\cudaminer.exe

D:\Software\ccleaner 3.2.6.exe

These files aren´t malware but contain security risks. I would delete them immediately - your choice.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Those files were already deleted??

 

 

# AdwCleaner v3.019 - Report created 21/02/2014 at 13:22:28
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Remco - REMCO-PC
# Running from : D:\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Remco\AppData\Local\PackageAware
File Deleted : C:\Users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\invalidprefs.js
File Deleted : C:\Users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_test-my-hardware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_test-my-hardware_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\StartSearch
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v27.0.1 (nl)
 
[ File : C:\Users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "Search The Web (privitize)");
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Remco\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2274 octets] - [21/02/2014 13:21:19]
AdwCleaner[s0].txt - [2086 octets] - [21/02/2014 13:22:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2146 octets] ##########
 
 
 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
ESET Smart Security 4.2   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
  Adobe Flash Player 12.0.0.44 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1) 
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 36% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

Yes, I saw that later.

 

Your system is clean now! :)

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

  • Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Note: Your hard disk is highly fragmented. This may decrease system performance. If it ISN´T a SSD drive, use a tool to defragment it.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.