Logfile of random's system information tool 1.10 (written by random/random) Run by Anke at 2014-11-19 21:35:35 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 824 MB (1%) free of 76 GB Total RAM: 1528 MB (27% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:35:53, on 19/11/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17420) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe C:\Program Files\ClamWin\bin\ClamTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Anke\Desktop\RSIT.exe C:\Program Files\trend micro\Anke.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [C:/Program Files/Media Freeware/Free Youtube To Video Converter/Free Youtube To Video Converter.exe] C:\Program Files\Media Freeware\Free Youtube To Video Converter\Free Youtube To Video Converter.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Anke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{9057084B-A503-4EB9-8C3F-42833D5AE6B1}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{9057084B-A503-4EB9-8C3F-42833D5AE6B1}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS2\Services\Tcpip\..\{9057084B-A503-4EB9-8C3F-42833D5AE6B1}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 6902 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler =========Mozilla firefox========= ProfilePath - C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\ad6ajl7f.default prefs.js - "browser.search.suggest.enabled" - true prefs.js - "browser.search.useDBForOrder" - true prefs.js - "browser.startup.homepage" - "http://www.sweet-page.com/?type=hp&ts=1415263302&from=cor&uid=ST380013AS_3JVDABXY" "faststartff@gmail.com"=C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\ad6ajl7f.default\extensions\faststartff@gmail.com [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.71.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Skype Technologies S.A..com/Skype Web Plugin] "Description"=Skype Web Plugin "Path"=C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@UtilityChest_49.com/Plugin] "Description"=Utility Chest Plugin "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect] "Description"= "Path"=C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll nsIQTScriptablePlugin.xpt C:\Program Files\Mozilla Firefox\searchplugins\ bing.xml bolcom-nl.xml google.xml marktplaats-nl.xml sweet-page.xml wikipedia-nl.xml C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\ad6ajl7f.default\extensions\ faststartff@gmail.com staged ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23 72336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-20 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-20 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 974432] "AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13 472984] "Adobe Creative Cloud"=C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2013-09-03 2237328] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2014-09-11 77824] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-09-26 271744] "ClamWin"=C:\Program Files\ClamWin\bin\ClamTray.exe [2014-08-07 86016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2013-03-28 39408] "C:/Program Files/Media Freeware/Free Youtube To Video Converter/Free Youtube To Video Converter.exe"=C:\Program Files\Media Freeware\Free Youtube To Video Converter\Free Youtube To Video Converter.exe [2013-10-15 711168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] C:\PROGRA~1\MCAFEE~1\307523~1.318\SSSCHE~1.EXE [] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-11-18 10:49:15 ----A---- C:\Windows\system32\oleaut32.dll 2014-11-18 10:49:07 ----A---- C:\Windows\system32\IMJP10K.DLL 2014-11-18 10:49:00 ----A---- C:\Windows\system32\msi.dll 2014-11-18 10:48:32 ----A---- C:\Windows\system32\msxml3r.dll 2014-11-18 10:48:32 ----A---- C:\Windows\system32\msxml3.dll 2014-11-18 10:48:29 ----A---- C:\Windows\system32\audiosrv.dll 2014-11-18 10:48:29 ----A---- C:\Windows\system32\AUDIOKSE.dll 2014-11-18 10:48:28 ----A---- C:\Windows\system32\EncDump.dll 2014-11-18 10:48:28 ----A---- C:\Windows\system32\AudioEng.dll 2014-11-18 10:48:27 ----A---- C:\Windows\system32\AudioSes.dll 2014-11-18 10:48:25 ----A---- C:\Windows\system32\win32k.sys 2014-11-18 10:48:17 ----A---- C:\Windows\system32\schannel.dll 2014-11-18 10:48:17 ----A---- C:\Windows\system32\ncrypt.dll 2014-11-18 10:48:16 ----A---- C:\Windows\system32\wdigest.dll 2014-11-18 10:48:16 ----A---- C:\Windows\system32\TSpkg.dll 2014-11-18 10:48:16 ----A---- C:\Windows\system32\msv1_0.dll 2014-11-18 10:48:16 ----A---- C:\Windows\system32\kerberos.dll 2014-11-18 10:48:15 ----A---- C:\Windows\system32\credssp.dll 2014-11-18 10:47:56 ----A---- C:\Windows\system32\generaltel.dll 2014-11-18 10:47:56 ----A---- C:\Windows\system32\aepdu.dll 2014-11-18 10:47:55 ----A---- C:\Windows\system32\aeinv.dll 2014-11-18 10:47:53 ----A---- C:\Windows\system32\packager.dll 2014-11-18 10:47:48 ----A---- C:\Windows\system32\termsrv.dll 2014-11-18 10:47:48 ----A---- C:\Windows\system32\adtschema.dll 2014-11-18 10:47:47 ----A---- C:\Windows\system32\msaudite.dll 2014-11-18 10:47:47 ----A---- C:\Windows\system32\lsasrv.dll 2014-11-18 10:47:47 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2014-11-18 10:45:31 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-18 10:45:31 ----A---- C:\Windows\system32\ieetwproxystub.dll 2014-11-18 10:45:31 ----A---- C:\Windows\system32\ieetwcollector.exe 2014-11-18 10:45:30 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-18 10:45:29 ----A---- C:\Windows\system32\iernonce.dll 2014-11-18 10:45:29 ----A---- C:\Windows\system32\iedkcs32.dll 2014-11-18 10:45:29 ----A---- C:\Windows\system32\ie4uinit.exe 2014-11-18 10:45:28 ----A---- C:\Windows\system32\urlmon.dll 2014-11-18 10:45:27 ----A---- C:\Windows\system32\jsproxy.dll 2014-11-18 10:45:27 ----A---- C:\Windows\system32\jscript9diag.dll 2014-11-18 10:45:27 ----A---- C:\Windows\system32\ieUnatt.exe 2014-11-18 10:45:26 ----A---- C:\Windows\system32\msfeeds.dll 2014-11-18 10:45:26 ----A---- C:\Windows\system32\ieapfltr.dll 2014-11-18 10:45:26 ----A---- C:\Windows\system32\dxtmsft.dll 2014-11-18 10:45:23 ----A---- C:\Windows\system32\msrating.dll 2014-11-18 10:45:23 ----A---- C:\Windows\system32\iesetup.dll 2014-11-18 10:45:21 ----A---- C:\Windows\system32\wininet.dll 2014-11-18 10:45:21 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2014-11-18 10:45:19 ----A---- C:\Windows\system32\dxtrans.dll 2014-11-18 10:45:18 ----A---- C:\Windows\system32\ieui.dll 2014-11-18 10:45:17 ----A---- C:\Windows\system32\ieframe.dll 2014-11-18 10:45:15 ----A---- C:\Windows\system32\mshtmled.dll 2014-11-18 10:45:14 ----A---- C:\Windows\system32\mshtmlmedia.dll 2014-11-18 10:45:14 ----A---- C:\Windows\system32\MshtmlDac.dll 2014-11-18 10:45:13 ----A---- C:\Windows\system32\iertutil.dll 2014-11-18 10:45:07 ----A---- C:\Windows\system32\mshtml.dll 2014-11-18 10:45:05 ----A---- C:\Windows\system32\vbscript.dll 2014-11-18 10:45:04 ----A---- C:\Windows\system32\jscript9.dll 2014-11-08 03:05:50 ----A---- C:\Windows\system32\rdpcorets.dll 2014-11-08 03:05:24 ----A---- C:\Windows\system32\mstscax.dll 2014-11-08 01:30:59 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-11-07 11:01:54 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys 2014-11-07 11:00:57 ----A---- C:\Windows\system32\rdpudd.dll 2014-11-07 11:00:56 ----A---- C:\Windows\system32\rdpendp_winip.dll 2014-11-07 10:58:49 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-11-07 10:58:30 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-11-07 10:58:20 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys 2014-11-07 10:58:07 ----A---- C:\Windows\system32\wksprtPS.dll 2014-11-07 10:58:07 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-11-07 10:58:06 ----A---- C:\Windows\system32\MsRdpWebAccess.dll 2014-11-07 10:58:05 ----A---- C:\Windows\system32\tsgqec.dll 2014-11-07 10:58:03 ----A---- C:\Windows\system32\TSWbPrxy.exe 2014-11-07 10:58:03 ----A---- C:\Windows\system32\rdvidcrl.dll 2014-11-07 10:58:02 ----A---- C:\Windows\system32\wksprt.exe 2014-11-07 10:58:00 ----A---- C:\Windows\system32\mstsc.exe 2014-11-07 10:06:08 ----A---- C:\Windows\wininit.ini 2014-11-07 08:52:10 ----A---- C:\TDSSKiller.3.0.0.41_07.11.2014_08.52.10_log.txt 2014-11-07 03:07:56 ----D---- C:\Program Files\stinger 2014-11-06 21:44:54 ----D---- C:\Users\Anke\AppData\Roaming\.clamwin 2014-11-06 21:44:10 ----D---- C:\ProgramData\.clamwin 2014-11-06 21:44:10 ----D---- C:\Program Files\ClamWin 2014-11-06 21:05:56 ----D---- C:\ProgramData\2308189059 2014-11-06 13:29:06 ----D---- C:\Users\Anke\AppData\Roaming\TeamViewer 2014-11-06 11:22:51 ----D---- C:\ProgramData\3537eb60efafda 2014-11-06 11:22:27 ----D---- C:\ProgramData\dealpeak 2014-11-06 10:59:17 ----D---- C:\Users\Anke\AppData\Roaming\LibreOffice 2014-11-06 10:49:09 ----D---- C:\Program Files\LibreOffice 4 2014-11-06 10:22:12 ----D---- C:\ProgramData\GetTheDiscount 2014-11-06 09:42:04 ----D---- C:\Users\Anke\AppData\Roaming\sweet-page 2014-11-06 09:23:26 ----D---- C:\Program Files\Kingsoft 2014-11-06 09:23:15 ----D---- C:\Users\Anke\AppData\Roaming\Kingsoft 2014-10-20 16:01:16 ----A---- C:\Windows\system32\javaws.exe 2014-10-20 16:00:45 ----A---- C:\Windows\system32\WindowsAccessBridge.dll 2014-10-20 16:00:43 ----A---- C:\Windows\system32\javaw.exe 2014-10-20 16:00:43 ----A---- C:\Windows\system32\java.exe 2014-10-20 16:00:16 ----D---- C:\Program Files\Java ======List of files/folders modified in the last 1 month====== 2014-11-19 21:35:43 ----D---- C:\Program Files\Trend Micro 2014-11-19 21:35:21 ----D---- C:\Windows\Temp 2014-11-19 18:19:53 ----D---- C:\Windows\system32\config 2014-11-19 18:06:58 ----D---- C:\Windows\Prefetch 2014-11-19 17:32:26 ----D---- C:\Windows\Microsoft.NET 2014-11-19 17:25:58 ----RSD---- C:\Windows\assembly 2014-11-19 17:05:36 ----D---- C:\Windows\winsxs 2014-11-19 16:51:16 ----D---- C:\Windows\System32 2014-11-19 16:51:15 ----D---- C:\Windows\system32\en-US 2014-11-19 16:51:14 ----SD---- C:\Windows\system32\CompatTel 2014-11-19 16:51:13 ----D---- C:\Windows\system32\drivers 2014-11-19 16:51:12 ----D---- C:\Program Files\Internet Explorer 2014-11-18 16:44:34 ----SHD---- C:\Windows\Installer 2014-11-18 16:43:31 ----D---- C:\Windows\system32\MRT 2014-11-18 16:38:16 ----A---- C:\Windows\system32\MRT.exe 2014-11-18 16:36:16 ----SHD---- C:\System Volume Information 2014-11-18 16:35:46 ----D---- C:\Users\Anke\AppData\Roaming\tixati 2014-11-18 11:35:16 ----D---- C:\Windows 2014-11-18 11:17:33 ----A---- C:\Windows\system32\FlashPlayerApp.exe 2014-11-18 10:42:59 ----D---- C:\Windows\system32\catroot2 2014-11-09 19:22:55 ----D---- C:\Windows\inf 2014-11-09 19:22:55 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-11-07 11:17:35 ----RD---- C:\Program Files 2014-11-07 11:17:35 ----HD---- C:\ProgramData 2014-11-07 11:17:33 ----D---- C:\ProgramData\MFAData 2014-11-07 11:16:34 ----D---- C:\Windows\system32\wbem 2014-11-07 11:16:34 ----D---- C:\Windows\system32\drivers\en-US 2014-11-07 11:16:34 ----D---- C:\Windows\PolicyDefinitions 2014-11-07 11:16:33 ----D---- C:\Windows\system32\DriverStore 2014-11-07 10:34:39 ----D---- C:\Program Files\Common Files 2014-11-06 21:09:33 ----D---- C:\Windows\ShellNew 2014-11-06 21:08:18 ----D---- C:\Windows\system32\Tasks 2014-11-06 21:08:17 ----D---- C:\Windows\Tasks 2014-11-06 10:54:20 ----RSD---- C:\Windows\Fonts 2014-11-02 15:09:32 ----D---- C:\Windows\system32\NDF 2014-10-30 12:24:45 ----N---- C:\Windows\system32\MpSigStub.exe 2014-10-20 16:06:23 ----D---- C:\ProgramData\Oracle ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 231800] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440] R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096] R1 MpKsldf7f2b04;MpKsldf7f2b04; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6FB24B70-519B-447A-817D-FD5A2921A99B}\MpKsldf7f2b04.sys [2014-11-19 39464] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920] R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35088] R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] R3 aeaudio;aeaudio; C:\Windows\system32\drivers\aeaudio.sys [2003-10-23 100384] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2004-04-15 612416] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312] S3 AVFSFilter;AVFSFilter; C:\Windows\system32\DRIVERS\avfsfilter.sys [] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704] R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176] R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 22192] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20 107912] S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-18 267440] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20 107912] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-03-28 194032] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-06 102912] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-07 115608] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-28 1343400] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] -----------------EOF-----------------