Hello!
Downloaded and installed small program from torrent site, and was immedately punished. Tons of ads and shaking screen (kind of screensaver), pop-up windows each 10 seconds etc. Run Malware Malwarebytes and got 150 or so suspicious trojans/worms etc. Thank to MM cleaning now my PC seems stable, but my guts telling me that something nasty still inside of computer.
When I run Windows Task Manager (Ctrl-Alt-Del) in "Services" Tab I can see too many unfamiliar processes, and computer seems acting laggish sometimes, especially browsers also started to act slower.
Please, help me to cure my poor machine!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686
Run by Riverdale at 21:25:42 on 2013-10-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4037.2214 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Users\Riverdale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Riverdale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Riverdale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Riverdale\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:tabs
mWinlogon: Userinit = userinit.exe,
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{52DA539B-8205-4795-8FA3-F4C037C026A6} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Users\Riverdale\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - ExtSQL: 2013-09-30 08:27; [email protected]; C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\extensions\[email protected]
FF - ExtSQL: 2013-10-07 04:43; {eca6641f-2176-42ba-bdbe-f3e327f8e0af}; C:\Users\Riverdale\AppData\Roaming\Mozilla\Firefox\Profiles\io8hcq5i.default\extensions\{eca6641f-2176-42ba-bdbe-f3e327f8e0af}
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\SymDS64.sys [2013-5-25 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\SymEFA64.sys [2013-5-25 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20130924.011\BHDrvx64.sys [2013-10-5 1393240]
R1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC};Symantec Endpoint Protection 12.1.3001.165.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [2013-5-25 169048]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.sys [2013-5-25 224416]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\symnets.sys [2013-5-25 433752]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-10-5 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2013-10-5 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-10-5 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [2013-10-5 408960]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-10-5 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-5 701512]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-23 14997280]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [2013-5-25 144368]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-6-24 140032]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-6-24 420608]
R3 cmudaxp;ASUS Xonar Essence STX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-10-5 2734080]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2007-8-2 12672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-10-5 140376]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2013-10-5 26136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-5 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-9-23 39200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-10-5 31800]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-24 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-23 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\iexplore.exe="C:\Program Files\Internet Explorer\iexplore.exe" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-10-08 04:52:19 -------- d-----w- C:\Program Files\AS SSD Benchmark
2013-10-07 05:19:24 -------- d-----w- C:\ProgramData\APN
2013-10-07 05:12:01 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-10-07 05:11:48 -------- d-----w- C:\Program Files (x86)\CSBrowserHelper
2013-10-07 05:11:33 -------- d-----w- C:\Users\Riverdale\AppData\Local\Conduit
2013-10-07 05:11:33 -------- d-----w- C:\ProgramData\Conduit
2013-10-07 05:11:30 -------- d-----w- C:\Users\Riverdale\AppData\Local\CRE
2013-10-07 05:10:54 -------- d-----w- C:\Users\Riverdale\AppData\Local\SwvUpdater
2013-10-07 04:37:18 -------- d-----w- C:\ProgramData\Stardock
2013-10-07 04:32:04 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\JAM Software
2013-10-07 04:32:03 -------- d-----w- C:\Program Files (x86)\JAM Software
2013-10-06 21:47:12 -------- d-----w- C:\Program Files\AnvilBenchmark_RC6
2013-10-06 16:31:39 -------- d-----w- C:\Program Files (x86)\AIDA64
2013-10-06 05:10:51 -------- d-----w- C:\Program Files (x86)\PDF-XChange Viewer
2013-10-06 03:29:04 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\TuneUp Software
2013-10-06 03:28:57 -------- d-----w- C:\ProgramData\TuneUp Software
2013-10-06 03:28:56 -------- d-sh--w- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-10-06 03:28:56 -------- d--h--w- C:\ProgramData\Common Files
2013-10-05 21:56:35 465408 ------w- C:\Windows\System32\cmasiopx.dll
2013-10-05 21:56:35 4533760 ------w- C:\Windows\System32\CmiCnfgp.cpl
2013-10-05 21:56:35 303104 ------w- C:\Windows\SysWow64\cmasiop.dll
2013-10-05 21:56:35 200704 ------w- C:\Windows\SysWow64\Cmpaoxy.dll
2013-10-05 21:56:35 143360 ------w- C:\Windows\SysWow64\VmixP8.dll
2013-10-05 21:56:35 12935168 ------w- C:\Windows\SysWow64\CmiCnfgp.dll
2013-10-05 21:56:35 122880 ------w- C:\Windows\SysWow64\Cm_Oal.dll
2013-10-05 21:56:35 122880 ------w- C:\Windows\System32\Cm_Oal.dll
2013-10-05 21:56:33 827904 ------w- C:\Windows\System32\Cmeauoxy.exe
2013-10-05 21:56:33 -------- d-----w- C:\Program Files\ASUS Xonar Essence STX Audio
2013-10-05 20:15:47 32768 ----a-w- C:\Windows\System32\cmudaxp.dll
2013-10-05 20:15:47 315392 ----a-w- C:\Windows\SysWow64\CmiFltr.dll
2013-10-05 20:15:47 315392 ----a-w- C:\Windows\system\CmiFltr.dll
2013-10-05 20:15:47 2734080 ----a-w- C:\Windows\System32\drivers\cmudaxp.sys
2013-10-05 19:50:10 282112 ------w- C:\Windows\system\HsMgr64.exe
2013-10-05 19:50:10 212992 ------w- C:\Windows\SysWow64\HsSrv2.dll
2013-10-05 19:50:10 200704 ------w- C:\Windows\SysWow64\HsMgr.exe
2013-10-05 19:50:10 122880 ------w- C:\Windows\system\HsSrv642.dll
2013-10-05 19:50:10 122880 ------w- C:\Windows\system\HsSrv64.dll
2013-10-05 19:50:04 359424 ------w- C:\Windows\System32\CmiInstallResAll64.dll
2013-10-05 18:34:05 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-05 18:34:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-05 18:31:09 -------- d-----w- C:\Program Files\CCleaner
2013-10-05 18:15:36 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\foobar2000
2013-10-05 18:15:31 -------- d-----w- C:\Program Files (x86)\foobar2000
2013-10-05 18:05:17 5407104 ----a-w- C:\Windows\PE_Rom.dll
2013-10-05 17:59:47 -------- d-----w- C:\ProgramData\ASUS OC Profiles
2013-10-05 17:59:45 -------- d-----w- C:\ProgramData\ASUS PowerControl Profiles
2013-10-05 17:58:27 46152 ----a-w- C:\Windows\SysWow64\drivers\ASUSFILTER.sys
2013-10-05 17:58:27 -------- d-----w- C:\Program Files\ASUS
2013-10-05 17:57:48 14464 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys
2013-10-05 17:52:56 26136 ----a-w- C:\Windows\System32\drivers\ICCWDT.sys
2013-10-05 17:52:56 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2013-10-05 17:51:14 184320 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll
2013-10-05 17:51:05 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-10-05 17:51:05 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-10-05 17:51:05 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-10-05 17:51:05 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-10-05 17:51:05 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-10-05 17:50:50 -------- d-----w- C:\ProgramData\ASUS
2013-10-05 17:50:45 28672 ----a-w- C:\Windows\SysWow64\AsIO.dll
2013-10-05 17:50:45 15232 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
2013-10-05 17:50:45 -------- d-----w- C:\Program Files (x86)\ASUS
2013-10-05 17:50:44 929844 ------w- C:\Windows\SysWow64\drivers\MFDLL\MFC42D.DLL
2013-10-05 17:50:44 385100 ------w- C:\Windows\SysWow64\drivers\MFDLL\MSVCRTD.DLL
2013-10-05 17:50:44 343040 ------w- C:\Windows\SysWow64\drivers\MFDLL\msvcrt.dll
2013-10-05 17:50:44 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2013-10-05 17:50:44 1028096 ------w- C:\Windows\SysWow64\drivers\MFDLL\MFC42.DLL
2013-10-05 17:50:44 10216 ------w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2013-10-05 17:50:44 -------- d-----w- C:\Windows\SysWow64\drivers\MFDLL
2013-10-05 17:47:50 -------- d-----w- C:\Program Files (x86)\Driver Fusion
2013-10-05 17:46:05 -------- d-----w- C:\Windows\pss
2013-10-05 17:43:34 -------- d-----w- C:\Program Files (x86)\ASM106xSATA
2013-10-05 17:41:44 -------- d-----w- C:\Program Files (x86)\Marvell
2013-10-05 17:37:12 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2013-10-05 17:21:00 -------- d-----w- C:\Users\Riverdale\AppData\Local\VS Revo Group
2013-10-05 17:20:58 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2013-10-05 17:20:58 -------- d-----w- C:\ProgramData\VS Revo Group
2013-10-05 17:20:58 -------- d-----w- C:\Program Files\Revo Uninstaller Pro
2013-10-05 15:54:31 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-10-05 15:50:27 16896 ----a-w- C:\Windows\AsTaskSched.dll
2013-10-05 15:50:27 -------- d-----w- C:\Windows\Intel_Chipset_V9.3.2.1014_20130805_Beta
2013-10-05 15:50:25 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-10-05 15:48:37 16344 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-10-05 15:48:10 64624 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-10-05 15:48:10 -------- d-----w- C:\Intel
2013-10-05 15:18:38 -------- d-----w- C:\Program Files (x86)\NEC DISPLAY SOLUTIONS
2013-10-05 15:14:46 -------- d-----w- C:\Program Files (x86)\Samsung Magician
2013-10-05 15:14:19 -------- d-----w- C:\ProgramData\Samsung
2013-09-30 11:10:53 -------- d-----w- C:\Program Files\CPUID
2013-09-30 08:58:37 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\Hard Disk Sentinel
2013-09-30 08:58:24 -------- d-----w- C:\Program Files (x86)\Hard Disk Sentinel
2013-09-30 08:54:20 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\TeraCopy
2013-09-30 08:54:14 -------- d-----w- C:\Program Files\TeraCopy
2013-09-30 08:54:00 -------- d-----w- C:\Users\Riverdale\AppData\Local\Programs
2013-09-28 16:57:35 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-09-28 13:17:21 -------- d-----w- C:\Users\Riverdale\AppData\Local\Symantec
2013-09-28 11:21:22 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4801DBE-CA3E-42A2-A7C2-DF10BB34FE66}\mpengine.dll
2013-09-28 10:18:21 -------- d-----w- C:\Users\Riverdale\AppData\Local\Macromedia
2013-09-28 06:44:18 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-09-28 06:44:18 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-09-27 13:45:38 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-09-27 13:45:38 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-09-27 13:37:44 -------- d-----w- C:\Users\Riverdale\AppData\Local\SKIDROW
2013-09-27 13:37:13 -------- d-----w- C:\Users\Riverdale\AppData\Local\Daum
2013-09-27 13:36:42 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\Malwarebytes
2013-09-27 13:36:42 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-27 13:36:07 -------- d-----w- C:\Users\Riverdale\AppData\Roaming\NVIDIA
2013-09-27 13:36:06 -------- d-----w- C:\Users\Riverdale\AppData\Local\Daedalic Entertainment
2013-09-27 13:23:59 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-09-24 13:40:30 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-09-24 13:40:30 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-09-24 13:40:30 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-09-24 13:40:30 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-09-24 13:19:24 -------- d-----w- C:\Windows\System32\SPReview
2013-09-24 13:19:20 -------- d-----w- C:\Windows\System32\EventProviders
2013-09-24 13:16:06 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2013-09-24 13:16:06 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2013-09-24 13:16:03 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2013-09-24 13:16:02 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-09-24 13:16:02 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-24 13:16:01 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2013-09-24 13:16:00 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2013-09-24 13:16:00 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2013-09-23 20:02:14 -------- d-----w- C:\Windows\Panther
2013-09-23 20:01:53 -------- d-----w- C:\Windows\System32\oem
2013-09-23 17:16:41 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-09-23 17:16:39 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-09-23 17:16:39 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-09-23 17:16:39 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-09-23 17:16:39 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-09-23 17:16:39 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-09-23 17:16:35 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-09-23 17:16:35 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-09-23 17:16:27 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-09-23 17:13:49 -------- d-----w- C:\NVIDIA
2013-09-23 17:00:41 -------- d-----w- C:\Windows\SysWow64\Wat
2013-09-23 17:00:41 -------- d-----w- C:\Windows\System32\Wat
2013-09-23 16:44:40 -------- d-----w- C:\Windows\System32\MRT
2013-09-23 16:34:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-23 16:34:34 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-23 16:29:48 -------- d-----w- C:\Users\Riverdale\AppData\Local\Google
2013-09-23 16:29:45 -------- d-----w- C:\Users\Riverdale\AppData\Local\Deployment
2013-09-23 16:29:45 -------- d-----w- C:\Users\Riverdale\AppData\Local\Apps
2013-09-23 16:25:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-09-23 16:25:08 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-09-23 16:25:08 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-09-23 16:25:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-09-23 16:25:08 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-09-23 16:25:08 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-09-23 16:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2013-09-23 16:17:41 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-09-23 16:17:06 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-09-23 16:17:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-09-23 16:17:06 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-09-23 16:15:40 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-09-23 16:15:39 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-09-23 16:15:38 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-09-23 16:15:38 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-23 16:09:13 544568 ----a-w- C:\Windows\System32\PROUnstl.exe
2013-09-23 16:07:57 -------- d-sh--w- C:\Windows\Installer
.
==================== Find3M ====================
.
2013-10-05 21:16:40 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-10-05 21:16:40 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-10-05 21:16:40 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-10-05 21:16:40 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-09-28 11:47:34 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-09-28 11:47:14 576400 ----a-w- C:\Windows\System32\SymVPN.dll
2013-09-28 11:47:14 56720 ----a-w- C:\Windows\System32\snacnp.dll
2013-09-28 11:47:14 50576 ----a-w- C:\Windows\SysWow64\snacnp.dll
2013-09-28 11:47:14 44448 ----a-w- C:\Windows\System32\drivers\WGX64.SYS
2013-09-28 11:47:14 420240 ----a-w- C:\Windows\SysWow64\SymVPN.dll
2013-09-28 11:47:14 157584 ----a-w- C:\Windows\System32\FwsVpn.dll
2013-09-28 11:47:14 136592 ----a-w- C:\Windows\SysWow64\FwsVpn.dll
2013-09-24 13:30:24 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-09-24 13:30:24 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-08-20 13:33:40 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-08-20 13:32:58 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-08-20 13:32:46 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 21:25:50.82 ===============
via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/510284/windows-7-64-bit-seems-infected/
Aucun commentaire:
Enregistrer un commentaire