Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:35:49, on 1-1-2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Users\Tini\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\FlashPlayerApp.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Tini\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Tini\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Classic Shell Service (ClassicShellService) - IvoSoft - C:\Program Files\Classic Shell\ClassicShellService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7554 bytes
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 26-12-2013 18:50:13
System Uptime: 31-12-2013 20:24:02 (25 hours ago)
.
Motherboard: MEDION | | P6640
Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz | SOCKET 0 | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 874,636 GiB free.
D: is Removable
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio-besturing
Device ID: PCI\VEN_10DE&DEV_0E0F&SUBSYS_00000000&REV_A1\4&324EBD10&0&0108
Manufacturer: Microsoft
Name: High Definition Audio-besturing
PNP Device ID: PCI\VEN_10DE&DEV_0E0F&SUBSYS_00000000&REV_A1\4&324EBD10&0&0108
Service: HDAudBus
.
==== System Restore Points ===================
.
RP1: 26-12-2013 19:25:47 - avast! antivirus system restore point
RP2: 29-12-2013 15:18:40 - Microsoft PowerPoint Viewer is geïnstalleerd
RP3: 30-12-2013 19:34:28 - AVG PC TuneUp 2014 is verwijderd
.
==== Installed Programs ======================
.
avast! Internet Security
BitTorrent
Classic Shell
DAEMON Tools Ultra
eMule
Free RAR Extract Frog
Intel(R) Processor Graphics
Kobo
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared 64-bit MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
NVIDIA-configuratiescherm 327.02
NVIDIA 3D Vision stuurprogramma 327.02
NVIDIA Grafisch stuurprogramma 327.02
NVIDIA Install Application
NVIDIA Optimus 1.14.17
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.14.17
NVIDIA Update Components
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Tini at 21:39:52 on 2014-01-01
Microsoft Windows 8 6.2.9200.0.1252.31.1043.18.8055.5881 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWow64\IntelCpHeciSvc.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8w ekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Users\Tini\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\explorer.exe
C:\Windows\system32\mmc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\FlashPlayerApp.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Tini\Desktop\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
uRun: [BitTorrent] "C:\Users\Tini\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{4883B31B-D819-4E6C-85D0-10A3322EAB71} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{4883B31B-D819-4E6C-85D0-10A3322EAB71}\4556C65623D223 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2013-12-26 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2013-12-26 207904]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-9 645952]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-9-5 30496]
R1 aswKbd;aswKbd;C:\Windows\System32\Drivers\aswKbd.sys [2013-12-27 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\Drivers\aswNdisFlt.sys [2013-12-27 439648]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-12-26 1034464]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-12-26 422216]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-12-26 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-26 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-12-27 113704]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-8-29 414496]
R3 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2013-12-26 79672]
R3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-11-14 723192]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\Windows\System32\Drivers\dtscsibus.sys [2013-12-29 29696]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter voor 64-bits Windows 7;C:\Windows\System32\Drivers\NETwNe64.sys [2012-6-2 11400192]
R3 RTL8168;Realtek 8168 NT-stuurprogramma;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
.
=============== Created Last 30 ================
.
2013-12-31 23:51:28 -------- d-----w- C:\ProgramData\eMule
2013-12-31 23:49:52 -------- d-----w- C:\Users\Tini\AppData\Local\eMule
2013-12-31 23:49:50 -------- d-----w- C:\Program Files (x86)\eMule
2013-12-31 15:54:29 -------- d-----w- C:\Users\Tini\AppData\Local\Kobo
2013-12-31 15:53:37 -------- d-----w- C:\Windows\tmp
2013-12-31 15:53:16 -------- d-----w- C:\Program Files (x86)\Kobo
2013-12-31 15:31:30 -------- d-----w- C:\Users\Tini\Boeken
2013-12-30 18:22:58 -------- d-----w- C:\Windows\LastGood.Tmp
2013-12-30 18:22:26 -------- d-----w- C:\Intel
2013-12-30 17:59:35 -------- d-----w- C:\Users\Tini\AppData\Local\ElevatedDiagnostics
2013-12-29 22:38:21 -------- d-----w- C:\Users\Tini\AppData\Local\Disc_Soft_Ltd
2013-12-29 22:25:36 29696 ----a-w- C:\Windows\System32\drivers\dtscsibus.sys
2013-12-29 22:25:32 -------- d-----w- C:\Users\Tini\AppData\Roaming\DAEMON Tools Ultra
2013-12-29 22:25:27 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Ultra
2013-12-29 22:25:11 -------- d-----w- C:\ProgramData\DAEMON Tools Ultra
2013-12-29 22:19:00 -------- d-----w- C:\Users\Tini\AppData\Roaming\AVG
2013-12-29 22:17:59 -------- d-----w- C:\ProgramData\AVG
2013-12-29 22:17:57 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-29 22:17:57 -------- d--h--w- C:\ProgramData\Common Files
2013-12-29 22:16:38 -------- d-----w- C:\Users\Tini\AppData\Roaming\DAEMON Tools Lite
2013-12-29 22:16:36 -------- d-----w- C:\Users\Tini\AppData\Roaming\OpenCandy
2013-12-29 22:13:44 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2013-12-29 16:07:40 -------- d-----w- C:\Windows\PCHEALTH
2013-12-29 16:03:40 -------- d-----w- C:\Users\Tini\AppData\Local\Microsoft Help
2013-12-29 14:57:34 -------- d-----w- C:\Users\Tini\Bestanden
2013-12-29 14:18:27 -------- d-----w- C:\Program Files (x86)\MSECache
2013-12-27 23:54:34 -------- d-----w- C:\Users\Tini\AppData\Roaming\Philipp Winterberg
2013-12-27 23:54:25 -------- d-----w- C:\Program Files (x86)\Free RAR Extract Frog
2013-12-27 20:31:59 -------- d-----w- C:\Users\Tini\AppData\Roaming\BitTorrent
2013-12-27 15:18:46 -------- d-----w- C:\Users\Tini\AppData\Local\Diagnostics
2013-12-27 15:03:45 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-12-27 15:03:37 439648 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2013-12-27 11:38:22 -------- d-----w- C:\Program Files\Classic Shell
2013-12-27 10:45:09 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-12-27 01:38:42 -------- d-----w- C:\Windows\SysWow64\NV
2013-12-27 01:38:42 -------- d-----w- C:\Windows\System32\NV
2013-12-27 00:33:41 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-12-27 00:33:41 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2013-12-27 00:33:41 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-12-27 00:33:41 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-12-27 00:33:41 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-12-27 00:33:41 3349466 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-12-27 00:33:41 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-12-27 00:33:41 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-12-27 00:33:41 1042208 ----a-w- C:\Windows\System32\nv3dappshext.dll
2013-12-27 00:32:29 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-12-27 00:32:24 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-12-27 00:32:24 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-12-27 00:24:00 64000 ----a-w- C:\Windows\System32\OpenCL.DLL
2013-12-27 00:24:00 60416 ----a-w- C:\Windows\SysWow64\OpenCL.DLL
2013-12-27 00:22:55 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2013-12-27 00:18:59 675840 ----a-w- C:\Windows\SysWow64\apphelp.dll
2013-12-27 00:17:58 3236864 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2013-12-27 00:16:38 11459584 ----a-w- C:\Windows\System32\glcndFilter.dll
2013-12-27 00:15:59 82944 ----a-w- C:\Windows\SysWow64\dskquota.dll
2013-12-27 00:14:59 798208 ----a-w- C:\Windows\SysWow64\WebcamUi.dll
2013-12-27 00:13:49 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL
2013-12-27 00:13:49 1184256 ----a-w- C:\Windows\System32\Display.dll
2013-12-27 00:13:49 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
2013-12-27 00:13:48 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL
2013-12-27 00:13:41 566784 ----a-w- C:\Windows\System32\wvc.dll
2013-12-27 00:13:41 462336 ----a-w- C:\Windows\System32\sysmon.ocx
2013-12-27 00:13:41 437248 ----a-w- C:\Windows\SysWow64\wvc.dll
2013-12-27 00:13:41 399360 ----a-w- C:\Windows\SysWow64\sysmon.ocx
2013-12-27 00:13:41 1374208 ----a-w- C:\Windows\System32\wdc.dll
2013-12-27 00:13:41 1245696 ----a-w- C:\Windows\SysWow64\wdc.dll
2013-12-26 23:08:22 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-26 23:08:22 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-26 23:02:35 -------- d-----r- C:\Windows\BrowserChoice
2013-12-26 19:33:11 -------- d-----w- C:\Windows\System32\MRT
2013-12-26 19:17:11 94208 ----a-w- C:\Windows\System32\synceng.dll
2013-12-26 19:17:11 72192 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-12-26 19:16:03 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-12-26 19:16:00 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-12-26 19:13:43 888832 ----a-w- C:\Windows\System32\nshwfp.dll
2013-12-26 19:12:49 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
2013-12-26 19:12:49 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
2013-12-26 19:11:43 62976 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-26 19:11:43 59392 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-26 19:11:36 652288 ----a-w- C:\Windows\System32\comctl32.dll
2013-12-26 19:11:36 541696 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-12-26 19:11:26 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-12-26 19:11:26 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-12-26 19:11:26 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-12-26 19:11:26 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-12-26 19:11:26 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-12-26 19:11:26 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-12-26 19:11:26 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-12-26 19:10:55 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-12-26 19:10:55 1022976 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-12-26 19:06:53 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2013-12-26 19:04:35 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-12-26 19:02:06 99328 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2013-12-26 19:02:06 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-12-26 19:02:06 54488 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-12-26 19:02:06 210560 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2013-12-26 19:02:05 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-12-26 19:02:05 32768 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2013-12-26 19:02:05 25600 ----a-w- C:\Windows\System32\drivers\usbprint.sys
2013-12-26 18:51:35 1890816 ----a-w- C:\Windows\System32\crypt32.dll
2013-12-26 18:51:34 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-12-26 18:49:43 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-12-26 18:49:43 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-12-26 18:49:19 141312 ----a-w- C:\Windows\System32\cryptnet.dll
2013-12-26 18:49:19 1255936 ----a-w- C:\Windows\System32\certutil.exe
2013-12-26 18:49:19 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-12-26 18:49:19 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-12-26 18:48:56 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-12-26 18:48:02 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-12-26 18:48:02 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-12-26 18:47:11 419328 ----a-w- C:\Windows\System32\schannel.dll
2013-12-26 18:47:11 323072 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-12-26 18:46:03 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-12-26 18:46:02 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-12-26 18:46:02 26624 ----a-w- C:\Windows\System32\ReAgentc.exe
2013-12-26 18:46:02 24064 ----a-w- C:\Windows\SysWow64\ReAgentc.exe
2013-12-26 18:44:54 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll
2013-12-26 18:43:11 79192 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-12-26 18:43:11 623448 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-12-26 18:43:11 498008 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-12-26 18:43:11 32256 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-12-26 18:43:11 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-12-26 18:43:11 21848 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-12-26 18:43:11 120832 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-12-26 18:41:54 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-12-26 18:41:54 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2013-12-26 18:41:54 542208 ----a-w- C:\Windows\System32\untfs.dll
2013-12-26 18:41:54 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2013-12-26 18:38:48 98304 ----a-w- C:\Windows\System32\apprepsync.dll
2013-12-26 18:37:53 2062848 ----a-w- C:\Windows\System32\d3d11.dll
2013-12-26 18:36:59 1444864 ----a-w- C:\Windows\System32\MSAudDecMFT.dll
2013-12-26 18:34:27 1558912 ----a-w- C:\Program Files\Windows Defender\DbgHelp.dll
2013-12-26 18:34:27 149264 ----a-w- C:\Program Files\Windows Defender\SymSrv.dll
2013-12-26 18:34:15 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2013-12-26 18:34:15 135680 ----a-w- C:\Windows\System32\appserverai.dll
2013-12-26 18:34:15 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2013-12-26 18:34:15 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2013-12-26 18:34:14 148480 ----a-w- C:\Windows\System32\poqexec.exe
2013-12-26 18:34:14 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-12-26 18:32:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-26 18:32:44 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-26 18:27:40 -------- d-----w- C:\Users\Tini\AppData\Roaming\AVAST Software
2013-12-26 18:27:19 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-12-26 18:27:19 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2013-12-26 18:27:19 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-26 18:27:19 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-26 18:27:19 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-26 18:27:19 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-26 18:27:16 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-26 18:26:14 -------- d-----w- C:\Program Files\AVAST Software
2013-12-26 18:25:13 -------- d-----w- C:\ProgramData\AVAST Software
2013-12-26 17:52:07 -------- d-----r- C:\Users\Tini\Searches
2013-12-26 17:51:25 -------- d-----r- C:\Users\Tini\Contacts
2013-12-26 17:50:43 -------- d-----w- C:\Users\Tini\AppData\Local\VirtualStore
2013-12-26 17:50:26 -------- d-----w- C:\Users\Tini\AppData\Local\Packages
2013-12-26 17:50:26 -------- d-----w- C:\ProgramData\PRICache
2013-12-26 17:41:59 -------- d-sh--w- C:\Recovery
2013-12-26 17:41:58 -------- d-sh--we C:\ProgramData\Sjablonen
2013-12-26 17:41:58 -------- d-sh--we C:\ProgramData\Menu Start
2013-12-26 17:41:57 -------- d-sh--we C:\ProgramData\Documenten
2013-12-26 17:41:57 -------- d-sh--we C:\ProgramData\Bureaublad
2013-12-20 23:03:12 241664 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2013-12-20 23:03:10 193536 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2013-12-20 23:03:00 729088 ----a-w- C:\Windows\System32\MetroIntelGenericUIFramework.dll
.
==================== Find3M ====================
.
2013-11-23 06:43:58 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-23 05:05:01 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-06 23:18:57 4036608 ----a-w- C:\Windows\System32\win32k.sys
2013-11-01 05:38:21 312320 ----a-w- C:\Windows\System32\msieftp.dll
2013-11-01 03:49:24 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-31 05:56:24 915968 ----a-w- C:\Windows\System32\MPSSVC.dll
2013-10-31 05:56:02 758784 ----a-w- C:\Windows\System32\FirewallAPI.dll
2013-10-31 04:01:46 550400 ----a-w- C:\Windows\SysWow64\FirewallAPI.dll
2013-10-31 03:42:19 74752 ----a-w- C:\Windows\System32\drivers\mpsdrv.sys
2013-10-28 05:50:42 588288 ----a-w- C:\Windows\System32\SHCore.dll
2013-10-28 04:05:52 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:19:12 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-13 20:49:43 100696 ----a-w- C:\Windows\System32\drivers\disk.sys
2013-10-10 11:53:35 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2013-10-10 09:32:09 115712 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-10 09:30:50 162304 ----a-w- C:\Windows\SysWow64\scrobj.dll
2013-10-10 09:30:50 156160 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-10 09:24:02 143872 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-10 09:23:41 146944 ----a-w- C:\Windows\System32\cscript.exe
2013-10-10 09:22:46 222720 ----a-w- C:\Windows\System32\scrobj.dll
2013-10-10 09:22:46 194048 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-10 09:21:20 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\Windows\System32\BFE.DLL
2013-10-08 22:30:32 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-10-08 22:30:17 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-10-08 22:30:17 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-10-08 22:27:56 99328 ----a-w- C:\Windows\System32\wudriver.dll
2013-10-08 22:27:56 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56 1622016 ----a-w- C:\Windows\System32\wucltux.dll
2013-10-08 22:27:56 142848 ----a-w- C:\Windows\System32\wuwebv.dll
2013-10-08 22:27:45 175104 ----a-w- C:\Windows\System32\storewuauth.dll
2013-10-05 06:10:20 285016 ----a-w- C:\Windows\System32\drivers\spaceport.sys
.
============= FINISH: 21:41:04,53 ===============
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2014-01-01 22:09:15
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB
Running: hmop5luk.exe; Driver: C:\Users\Tini\AppData\Local\Temp\kxtcrpob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000153100 7 bytes [40, 4F, 82, 01, 00, 51, F2]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000153108 7 bytes [01, 15, C0, FF, 00, 12, DB]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\wininit.exe[600] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\services.exe[684] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\lsass.exe[692] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[796] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[852] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[920] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\svchost.exe[976] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[424] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\svchost.exe[432] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1596] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[1660] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\dashost.exe[1920] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\svchost.exe[3032] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\DllHost.exe[3588] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\csrss.exe[5196] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\winlogon.exe[4584] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb224d257c 8 bytes JMP 000007fc1f8003b0
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb224d6b10 9 bytes JMP 000007fc1f800308
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb22555658 7 bytes JMP 000007fc1f800260
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb22555778 7 bytes JMP 000007fc1f8002d0
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb22571564 7 bytes JMP 000007fc1f800340
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb225840e4 7 bytes JMP 000007fc1f800298
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb22584178 8 bytes JMP 000007fc1f800228
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb2258479c 8 bytes JMP 000007fc1f800378
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb1f8128a0 7 bytes JMP 000007fc1f8000d8
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb1f8128e8 5 bytes JMP 000007fc1f800180
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb1f82f590 6 bytes JMP 000007fc1f800148
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb1f82f8ac 5 bytes JMP 000007fc1f800110
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb205ec5b0 7 bytes JMP 000007fc1f800490
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb205f31f0 9 bytes JMP 000007fc1f8003e8
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb205f33e0 5 bytes JMP 000007fc1f800458
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb205f7160 5 bytes JMP 000007fc1f800420
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb21e41070 8 bytes JMP 000007fc1f8001f0
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb21e60c10 8 bytes JMP 000007fc1f8001b8
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fb1b276d10 5 bytes JMP 000007fc1b200110
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fb1b27d060 5 bytes JMP 000007fc1b2000d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2073177a 4 bytes [73, 20, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb20731782 4 bytes [73, 20, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4220] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[4220] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4220] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4220] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4220] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2073177a 4 bytes [73, 20, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4220] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb20731782 4 bytes [73, 20, FB, 07]
.text C:\Windows\system32\SearchIndexer.exe[1620] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\taskhostex.exe[4964] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5160] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5160] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5160] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5160] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\Explorer.EXE[5288] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\Explorer.EXE[5288] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\Explorer.EXE[5288] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\Explorer.EXE[5288] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5056] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5056] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5056] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5056] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\System32\igfxtray.exe[428] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\igfxsrvc.exe[2124] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[48] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[732] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[732] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2073177a 4 bytes [73, 20, FB, 07]
.text C:\Windows\System32\igfxpers.exe[732] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb20731782 4 bytes [73, 20, FB, 07]
.text C:\Windows\System32\RuntimeBroker.exe[3860] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[488] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[488] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[488] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[488] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[488] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[488] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[5744] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5744] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[5744] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[5744] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[2224] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[644] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[644] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[644] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[972] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[972] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fb2073177a 4 bytes [73, 20, FB, 07]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[972] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fb20731782 4 bytes [73, 20, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fb2073177a 4 bytes [73, 20, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fb20731782 4 bytes [73, 20, FB, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [5196:4932] fffff960008f85e8
---- Processes - GMER 2.1 ----
Library C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe (*** suspicious ***) @ C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [3664] 00000000012d0000
Library C:\Program Files (x86)\DAEMON Tools Ultra\imgengine.dll (*** suspicious ***) @ C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [3664] 00000000716a0000
Library C:\Program Files (x86)\DAEMON Tools Ultra\Engine.dll (*** suspicious ***) @ C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [3664] 000000006c3f0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Scan saved at 21:35:49, on 1-1-2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Users\Tini\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\FlashPlayerApp.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Tini\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Tini\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Classic Shell Service (ClassicShellService) - IvoSoft - C:\Program Files\Classic Shell\ClassicShellService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7554 bytes
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 26-12-2013 18:50:13
System Uptime: 31-12-2013 20:24:02 (25 hours ago)
.
Motherboard: MEDION | | P6640
Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz | SOCKET 0 | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 874,636 GiB free.
D: is Removable
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio-besturing
Device ID: PCI\VEN_10DE&DEV_0E0F&SUBSYS_00000000&REV_A1\4&324EBD10&0&0108
Manufacturer: Microsoft
Name: High Definition Audio-besturing
PNP Device ID: PCI\VEN_10DE&DEV_0E0F&SUBSYS_00000000&REV_A1\4&324EBD10&0&0108
Service: HDAudBus
.
==== System Restore Points ===================
.
RP1: 26-12-2013 19:25:47 - avast! antivirus system restore point
RP2: 29-12-2013 15:18:40 - Microsoft PowerPoint Viewer is geïnstalleerd
RP3: 30-12-2013 19:34:28 - AVG PC TuneUp 2014 is verwijderd
.
==== Installed Programs ======================
.
avast! Internet Security
BitTorrent
Classic Shell
DAEMON Tools Ultra
eMule
Free RAR Extract Frog
Intel(R) Processor Graphics
Kobo
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared 64-bit MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
NVIDIA-configuratiescherm 327.02
NVIDIA 3D Vision stuurprogramma 327.02
NVIDIA Grafisch stuurprogramma 327.02
NVIDIA Install Application
NVIDIA Optimus 1.14.17
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.14.17
NVIDIA Update Components
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Tini at 21:39:52 on 2014-01-01
Microsoft Windows 8 6.2.9200.0.1252.31.1043.18.8055.5881 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWow64\IntelCpHeciSvc.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8w ekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Users\Tini\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\explorer.exe
C:\Windows\system32\mmc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\FlashPlayerApp.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Tini\Desktop\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
uRun: [BitTorrent] "C:\Users\Tini\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{4883B31B-D819-4E6C-85D0-10A3322EAB71} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{4883B31B-D819-4E6C-85D0-10A3322EAB71}\4556C65623D223 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2013-12-26 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2013-12-26 207904]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-9 645952]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-9-5 30496]
R1 aswKbd;aswKbd;C:\Windows\System32\Drivers\aswKbd.sys [2013-12-27 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\Drivers\aswNdisFlt.sys [2013-12-27 439648]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-12-26 1034464]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-12-26 422216]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-12-26 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-26 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-12-27 113704]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-8-29 414496]
R3 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2013-12-26 79672]
R3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-11-14 723192]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\Windows\System32\Drivers\dtscsibus.sys [2013-12-29 29696]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter voor 64-bits Windows 7;C:\Windows\System32\Drivers\NETwNe64.sys [2012-6-2 11400192]
R3 RTL8168;Realtek 8168 NT-stuurprogramma;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
.
=============== Created Last 30 ================
.
2013-12-31 23:51:28 -------- d-----w- C:\ProgramData\eMule
2013-12-31 23:49:52 -------- d-----w- C:\Users\Tini\AppData\Local\eMule
2013-12-31 23:49:50 -------- d-----w- C:\Program Files (x86)\eMule
2013-12-31 15:54:29 -------- d-----w- C:\Users\Tini\AppData\Local\Kobo
2013-12-31 15:53:37 -------- d-----w- C:\Windows\tmp
2013-12-31 15:53:16 -------- d-----w- C:\Program Files (x86)\Kobo
2013-12-31 15:31:30 -------- d-----w- C:\Users\Tini\Boeken
2013-12-30 18:22:58 -------- d-----w- C:\Windows\LastGood.Tmp
2013-12-30 18:22:26 -------- d-----w- C:\Intel
2013-12-30 17:59:35 -------- d-----w- C:\Users\Tini\AppData\Local\ElevatedDiagnostics
2013-12-29 22:38:21 -------- d-----w- C:\Users\Tini\AppData\Local\Disc_Soft_Ltd
2013-12-29 22:25:36 29696 ----a-w- C:\Windows\System32\drivers\dtscsibus.sys
2013-12-29 22:25:32 -------- d-----w- C:\Users\Tini\AppData\Roaming\DAEMON Tools Ultra
2013-12-29 22:25:27 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Ultra
2013-12-29 22:25:11 -------- d-----w- C:\ProgramData\DAEMON Tools Ultra
2013-12-29 22:19:00 -------- d-----w- C:\Users\Tini\AppData\Roaming\AVG
2013-12-29 22:17:59 -------- d-----w- C:\ProgramData\AVG
2013-12-29 22:17:57 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-29 22:17:57 -------- d--h--w- C:\ProgramData\Common Files
2013-12-29 22:16:38 -------- d-----w- C:\Users\Tini\AppData\Roaming\DAEMON Tools Lite
2013-12-29 22:16:36 -------- d-----w- C:\Users\Tini\AppData\Roaming\OpenCandy
2013-12-29 22:13:44 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2013-12-29 16:07:40 -------- d-----w- C:\Windows\PCHEALTH
2013-12-29 16:03:40 -------- d-----w- C:\Users\Tini\AppData\Local\Microsoft Help
2013-12-29 14:57:34 -------- d-----w- C:\Users\Tini\Bestanden
2013-12-29 14:18:27 -------- d-----w- C:\Program Files (x86)\MSECache
2013-12-27 23:54:34 -------- d-----w- C:\Users\Tini\AppData\Roaming\Philipp Winterberg
2013-12-27 23:54:25 -------- d-----w- C:\Program Files (x86)\Free RAR Extract Frog
2013-12-27 20:31:59 -------- d-----w- C:\Users\Tini\AppData\Roaming\BitTorrent
2013-12-27 15:18:46 -------- d-----w- C:\Users\Tini\AppData\Local\Diagnostics
2013-12-27 15:03:45 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-12-27 15:03:37 439648 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2013-12-27 11:38:22 -------- d-----w- C:\Program Files\Classic Shell
2013-12-27 10:45:09 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-12-27 01:38:42 -------- d-----w- C:\Windows\SysWow64\NV
2013-12-27 01:38:42 -------- d-----w- C:\Windows\System32\NV
2013-12-27 00:33:41 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-12-27 00:33:41 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2013-12-27 00:33:41 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-12-27 00:33:41 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-12-27 00:33:41 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-12-27 00:33:41 3349466 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-12-27 00:33:41 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-12-27 00:33:41 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-12-27 00:33:41 1042208 ----a-w- C:\Windows\System32\nv3dappshext.dll
2013-12-27 00:32:29 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-12-27 00:32:24 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-12-27 00:32:24 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-12-27 00:24:00 64000 ----a-w- C:\Windows\System32\OpenCL.DLL
2013-12-27 00:24:00 60416 ----a-w- C:\Windows\SysWow64\OpenCL.DLL
2013-12-27 00:22:55 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2013-12-27 00:18:59 675840 ----a-w- C:\Windows\SysWow64\apphelp.dll
2013-12-27 00:17:58 3236864 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2013-12-27 00:16:38 11459584 ----a-w- C:\Windows\System32\glcndFilter.dll
2013-12-27 00:15:59 82944 ----a-w- C:\Windows\SysWow64\dskquota.dll
2013-12-27 00:14:59 798208 ----a-w- C:\Windows\SysWow64\WebcamUi.dll
2013-12-27 00:13:49 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL
2013-12-27 00:13:49 1184256 ----a-w- C:\Windows\System32\Display.dll
2013-12-27 00:13:49 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
2013-12-27 00:13:48 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL
2013-12-27 00:13:41 566784 ----a-w- C:\Windows\System32\wvc.dll
2013-12-27 00:13:41 462336 ----a-w- C:\Windows\System32\sysmon.ocx
2013-12-27 00:13:41 437248 ----a-w- C:\Windows\SysWow64\wvc.dll
2013-12-27 00:13:41 399360 ----a-w- C:\Windows\SysWow64\sysmon.ocx
2013-12-27 00:13:41 1374208 ----a-w- C:\Windows\System32\wdc.dll
2013-12-27 00:13:41 1245696 ----a-w- C:\Windows\SysWow64\wdc.dll
2013-12-26 23:08:22 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-26 23:08:22 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-26 23:02:35 -------- d-----r- C:\Windows\BrowserChoice
2013-12-26 19:33:11 -------- d-----w- C:\Windows\System32\MRT
2013-12-26 19:17:11 94208 ----a-w- C:\Windows\System32\synceng.dll
2013-12-26 19:17:11 72192 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-12-26 19:16:03 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-12-26 19:16:00 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-12-26 19:13:43 888832 ----a-w- C:\Windows\System32\nshwfp.dll
2013-12-26 19:12:49 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
2013-12-26 19:12:49 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
2013-12-26 19:11:43 62976 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-26 19:11:43 59392 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-26 19:11:36 652288 ----a-w- C:\Windows\System32\comctl32.dll
2013-12-26 19:11:36 541696 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-12-26 19:11:26 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-12-26 19:11:26 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-12-26 19:11:26 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-12-26 19:11:26 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-12-26 19:11:26 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-12-26 19:11:26 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-12-26 19:11:26 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-12-26 19:10:55 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-12-26 19:10:55 1022976 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-12-26 19:06:53 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2013-12-26 19:04:35 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-12-26 19:02:06 99328 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2013-12-26 19:02:06 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-12-26 19:02:06 54488 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-12-26 19:02:06 210560 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2013-12-26 19:02:05 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-12-26 19:02:05 32768 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2013-12-26 19:02:05 25600 ----a-w- C:\Windows\System32\drivers\usbprint.sys
2013-12-26 18:51:35 1890816 ----a-w- C:\Windows\System32\crypt32.dll
2013-12-26 18:51:34 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-12-26 18:49:43 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-12-26 18:49:43 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-12-26 18:49:19 141312 ----a-w- C:\Windows\System32\cryptnet.dll
2013-12-26 18:49:19 1255936 ----a-w- C:\Windows\System32\certutil.exe
2013-12-26 18:49:19 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-12-26 18:49:19 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-12-26 18:48:56 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-12-26 18:48:02 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-12-26 18:48:02 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-12-26 18:47:11 419328 ----a-w- C:\Windows\System32\schannel.dll
2013-12-26 18:47:11 323072 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-12-26 18:46:03 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-12-26 18:46:02 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-12-26 18:46:02 26624 ----a-w- C:\Windows\System32\ReAgentc.exe
2013-12-26 18:46:02 24064 ----a-w- C:\Windows\SysWow64\ReAgentc.exe
2013-12-26 18:44:54 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll
2013-12-26 18:43:11 79192 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-12-26 18:43:11 623448 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-12-26 18:43:11 498008 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-12-26 18:43:11 32256 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-12-26 18:43:11 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-12-26 18:43:11 21848 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-12-26 18:43:11 120832 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-12-26 18:41:54 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-12-26 18:41:54 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2013-12-26 18:41:54 542208 ----a-w- C:\Windows\System32\untfs.dll
2013-12-26 18:41:54 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2013-12-26 18:38:48 98304 ----a-w- C:\Windows\System32\apprepsync.dll
2013-12-26 18:37:53 2062848 ----a-w- C:\Windows\System32\d3d11.dll
2013-12-26 18:36:59 1444864 ----a-w- C:\Windows\System32\MSAudDecMFT.dll
2013-12-26 18:34:27 1558912 ----a-w- C:\Program Files\Windows Defender\DbgHelp.dll
2013-12-26 18:34:27 149264 ----a-w- C:\Program Files\Windows Defender\SymSrv.dll
2013-12-26 18:34:15 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2013-12-26 18:34:15 135680 ----a-w- C:\Windows\System32\appserverai.dll
2013-12-26 18:34:15 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2013-12-26 18:34:15 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2013-12-26 18:34:14 148480 ----a-w- C:\Windows\System32\poqexec.exe
2013-12-26 18:34:14 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-12-26 18:32:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-26 18:32:44 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-26 18:27:40 -------- d-----w- C:\Users\Tini\AppData\Roaming\AVAST Software
2013-12-26 18:27:19 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-12-26 18:27:19 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2013-12-26 18:27:19 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-26 18:27:19 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-26 18:27:19 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-26 18:27:19 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-26 18:27:16 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-26 18:26:14 -------- d-----w- C:\Program Files\AVAST Software
2013-12-26 18:25:13 -------- d-----w- C:\ProgramData\AVAST Software
2013-12-26 17:52:07 -------- d-----r- C:\Users\Tini\Searches
2013-12-26 17:51:25 -------- d-----r- C:\Users\Tini\Contacts
2013-12-26 17:50:43 -------- d-----w- C:\Users\Tini\AppData\Local\VirtualStore
2013-12-26 17:50:26 -------- d-----w- C:\Users\Tini\AppData\Local\Packages
2013-12-26 17:50:26 -------- d-----w- C:\ProgramData\PRICache
2013-12-26 17:41:59 -------- d-sh--w- C:\Recovery
2013-12-26 17:41:58 -------- d-sh--we C:\ProgramData\Sjablonen
2013-12-26 17:41:58 -------- d-sh--we C:\ProgramData\Menu Start
2013-12-26 17:41:57 -------- d-sh--we C:\ProgramData\Documenten
2013-12-26 17:41:57 -------- d-sh--we C:\ProgramData\Bureaublad
2013-12-20 23:03:12 241664 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2013-12-20 23:03:10 193536 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2013-12-20 23:03:00 729088 ----a-w- C:\Windows\System32\MetroIntelGenericUIFramework.dll
.
==================== Find3M ====================
.
2013-11-23 06:43:58 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-23 05:05:01 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-06 23:18:57 4036608 ----a-w- C:\Windows\System32\win32k.sys
2013-11-01 05:38:21 312320 ----a-w- C:\Windows\System32\msieftp.dll
2013-11-01 03:49:24 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-31 05:56:24 915968 ----a-w- C:\Windows\System32\MPSSVC.dll
2013-10-31 05:56:02 758784 ----a-w- C:\Windows\System32\FirewallAPI.dll
2013-10-31 04:01:46 550400 ----a-w- C:\Windows\SysWow64\FirewallAPI.dll
2013-10-31 03:42:19 74752 ----a-w- C:\Windows\System32\drivers\mpsdrv.sys
2013-10-28 05:50:42 588288 ----a-w- C:\Windows\System32\SHCore.dll
2013-10-28 04:05:52 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:19:12 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-13 20:49:43 100696 ----a-w- C:\Windows\System32\drivers\disk.sys
2013-10-10 11:53:35 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2013-10-10 09:32:09 115712 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-10 09:30:50 162304 ----a-w- C:\Windows\SysWow64\scrobj.dll
2013-10-10 09:30:50 156160 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-10 09:24:02 143872 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-10 09:23:41 146944 ----a-w- C:\Windows\System32\cscript.exe
2013-10-10 09:22:46 222720 ----a-w- C:\Windows\System32\scrobj.dll
2013-10-10 09:22:46 194048 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-10 09:21:20 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\Windows\System32\BFE.DLL
2013-10-08 22:30:32 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-10-08 22:30:17 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-10-08 22:30:17 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-10-08 22:27:56 99328 ----a-w- C:\Windows\System32\wudriver.dll
2013-10-08 22:27:56 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56 1622016 ----a-w- C:\Windows\System32\wucltux.dll
2013-10-08 22:27:56 142848 ----a-w- C:\Windows\System32\wuwebv.dll
2013-10-08 22:27:45 175104 ----a-w- C:\Windows\System32\storewuauth.dll
2013-10-05 06:10:20 285016 ----a-w- C:\Windows\System32\drivers\spaceport.sys
.
============= FINISH: 21:41:04,53 ===============
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2014-01-01 22:09:15
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB
Running: hmop5luk.exe; Driver: C:\Users\Tini\AppData\Local\Temp\kxtcrpob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000153100 7 bytes [40, 4F, 82, 01, 00, 51, F2]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000153108 7 bytes [01, 15, C0, FF, 00, 12, DB]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\wininit.exe[600] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\services.exe[684] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\lsass.exe[692] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[796] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[852] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[920] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\svchost.exe[976] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[1004] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[424] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\svchost.exe[432] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1596] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[1660] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\dashost.exe[1920] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\svchost.exe[3032] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\DllHost.exe[3588] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\csrss.exe[5196] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\winlogon.exe[4584] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb224d257c 8 bytes JMP 000007fc1f8003b0
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb224d6b10 9 bytes JMP 000007fc1f800308
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb22555658 7 bytes JMP 000007fc1f800260
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb22555778 7 bytes JMP 000007fc1f8002d0
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb22571564 7 bytes JMP 000007fc1f800340
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb225840e4 7 bytes JMP 000007fc1f800298
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb22584178 8 bytes JMP 000007fc1f800228
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb2258479c 8 bytes JMP 000007fc1f800378
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb1f8128a0 7 bytes JMP 000007fc1f8000d8
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb1f8128e8 5 bytes JMP 000007fc1f800180
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb1f82f590 6 bytes JMP 000007fc1f800148
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb1f82f8ac 5 bytes JMP 000007fc1f800110
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb205ec5b0 7 bytes JMP 000007fc1f800490
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb205f31f0 9 bytes JMP 000007fc1f8003e8
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb205f33e0 5 bytes JMP 000007fc1f800458
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb205f7160 5 bytes JMP 000007fc1f800420
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb21e41070 8 bytes JMP 000007fc1f8001f0
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb21e60c10 8 bytes JMP 000007fc1f8001b8
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fb1b276d10 5 bytes JMP 000007fc1b200110
.text C:\Windows\system32\dwm.exe[44] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fb1b27d060 5 bytes JMP 000007fc1b2000d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2073177a 4 bytes [73, 20, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4628] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb20731782 4 bytes [73, 20, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4220] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[4220] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4220] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4220] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4220] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2073177a 4 bytes [73, 20, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[4220] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb20731782 4 bytes [73, 20, FB, 07]
.text C:\Windows\system32\SearchIndexer.exe[1620] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\taskhostex.exe[4964] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5160] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5160] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5160] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[5160] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\Explorer.EXE[5288] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\Explorer.EXE[5288] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\Explorer.EXE[5288] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\Explorer.EXE[5288] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5056] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5056] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5056] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5056] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Windows\System32\igfxtray.exe[428] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\system32\igfxsrvc.exe[2124] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[48] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[732] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[732] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2073177a 4 bytes [73, 20, FB, 07]
.text C:\Windows\System32\igfxpers.exe[732] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb20731782 4 bytes [73, 20, FB, 07]
.text C:\Windows\System32\RuntimeBroker.exe[3860] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[488] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[488] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[488] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[488] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[488] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[488] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[5744] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5744] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[5744] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[5744] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4084] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[3008] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[2224] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[2224] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[644] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[644] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[644] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[972] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[972] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fb2073177a 4 bytes [73, 20, FB, 07]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[972] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fb20731782 4 bytes [73, 20, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 000007fb22614a10 6 bytes {NOP ; JMP 0xffffffff801bbd4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 000007fb226331c4 6 bytes {NOP ; JMP 0xffffffff8019d1e0}
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb224cf7eb 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb1d8e1532 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb1d8e153a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb1d8e165a 4 bytes [8E, 1D, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fb2073177a 4 bytes [73, 20, FB, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fb20731782 4 bytes [73, 20, FB, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [5196:4932] fffff960008f85e8
---- Processes - GMER 2.1 ----
Library C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe (*** suspicious ***) @ C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [3664] 00000000012d0000
Library C:\Program Files (x86)\DAEMON Tools Ultra\imgengine.dll (*** suspicious ***) @ C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [3664] 00000000716a0000
Library C:\Program Files (x86)\DAEMON Tools Ultra\Engine.dll (*** suspicious ***) @ C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [3664] 000000006c3f0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----