Tweet
mbam
Malwarebytes Anti-Malware 1.75.0.1300
Databaseversie: v2013.09.12.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
bor :: TANTEGAB [administrator]
12-9-2013 18:05:21
mbam-log-2013-09-12 (18-05-21).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 213552
Verstreken tijd: 12 minuut/minuten, 52 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 13
HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\b (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 1
C:\Users\bor\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
Bestanden gedetecteerd: 3
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\bor\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.10.2
Run by bor at 18:47:23 on 2013-09-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.2039.651 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe,
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\bor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\bor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{BB75D2E8-D274-4CC1-A707-2BE0539070AE} : DHCPNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{BB75D2E8-D274-4CC1-A707-2BE0539070AE}\847463535344D2833353643444 : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-6 45856]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-12-6 711112]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-9-1 1643184]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2012-8-30 1109296]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 netw5v64;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter voor 64-bits Windows Vista;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-5 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-8 1255736]
.
=============== Created Last 30 ================
.
2013-09-12 16:04:32 -------- dc----w- C:\Users\bor\AppData\Roaming\Malwarebytes
2013-09-12 16:04:12 -------- dc----w- C:\ProgramData\Malwarebytes
2013-09-12 16:04:08 25928 -c--a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-12 16:04:08 -------- dc----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-12 16:03:45 -------- dc----w- C:\Users\bor\AppData\Local\Programs
2013-09-12 15:37:39 -------- dc----w- C:\Program Files\CCleaner
2013-09-10 16:14:10 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-09-10 16:14:09 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-09-10 16:14:04 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-09-10 16:14:03 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-09-02 18:36:15 -------- dc----w- C:\foto's
2013-09-02 18:30:30 -------- dc----w- C:\Windows\System32\appmgmt
2013-09-01 15:10:59 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-09-01 14:55:37 -------- dc----w- C:\Windows\System32\MRT
2013-09-01 12:10:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-09-01 12:10:19 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-09-01 12:10:19 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-09-01 12:10:19 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-09-01 12:10:16 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-09-01 12:10:16 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-09-01 12:10:16 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-09-01 12:10:16 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2013-09-10 16:33:13 71048 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-10 16:33:13 692616 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-01 15:10:59 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-09-01 11:43:41 45856 -c--a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2012-12-05 16:29:41 4096000 -c--a-w- C:\Program Files (x86)\GUTFE0E.tmp
.
============= FINISH: 18:49:11,04 ===============
Gmer
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-12 19:05:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS541680J9SA00 rev.SB2OC7BP 74,53GB
Running: 2eebwsj1.exe; Driver: C:\Users\bor\AppData\Local\Temp\uwliipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b21465 2 bytes [B2, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b214bb 2 bytes [B2, 77]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b21465 2 bytes [B2, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b214bb 2 bytes [B2, 77]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b21465 2 bytes [B2, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b214bb 2 bytes [B2, 77]
.text ... * 2
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077b21465 2 bytes [B2, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000077b214bb 2 bytes [B2, 77]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b21465 2 bytes [B2, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b214bb 2 bytes [B2, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread [344:352] 000007feffa56e50
Thread [344:364] 000007feff9b4d00
Thread [344:376] 000007feff8d3b90
Thread [344:380] 000007feff8d3b90
Thread [344:396] 000007feff8d3b90
Thread [344:412] 000007feff8d3b90
Thread [344:424] 000007feff8d3b90
Thread [344:456] 000007feff8d3b90
Thread [344:468] 000007feff8d3b90
Thread [344:480] 000007feff8d3b90
Thread [344:492] 000007feff8d3b90
Thread [344:504] 000007feff8d3b90
Thread [344:4084] 000007feff9b4d00
Thread [344:4088] 000007feff9b4d00
Thread [344:4092] 000007feff9b4d00
Thread [344:2420] 000007feff9b4d00
Thread [344:2380] 000007feff9b4d00
Thread [344:2356] 000007feff9b4d00
Thread [344:3088] 000007feff9b4d00
Thread [344:2632] 000007feff9b4d00
Thread [344:2424] 000007feff9b4d00
Thread [344:2696] 000007feff9b4d00
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bedc440
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 517
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BB75D2E8-D274-4CC1-A707-2BE0539070AE}@LeaseObtainedTime 1379005125
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BB75D2E8-D274-4CC1-A707-2BE0539070AE}@T1 1379006925
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BB75D2E8-D274-4CC1-A707-2BE0539070AE}@T2 1379008275
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BB75D2E8-D274-4CC1-A707-2BE0539070AE}@LeaseTerminatesTime 1379008725
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bedc440 (not active ControlSet)
---- EOF - GMER 2.1 ----
Malwarebytes Anti-Malware 1.75.0.1300
Databaseversie: v2013.09.12.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
bor :: TANTEGAB [administrator]
12-9-2013 18:05:21
mbam-log-2013-09-12 (18-05-21).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 213552
Verstreken tijd: 12 minuut/minuten, 52 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 13
HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\b (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 1
C:\Users\bor\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
Bestanden gedetecteerd: 3
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll (PUP.Optional.BabylonToolBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\bor\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.10.2
Run by bor at 18:47:23 on 2013-09-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.2039.651 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe,
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\bor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\bor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{BB75D2E8-D274-4CC1-A707-2BE0539070AE} : DHCPNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{BB75D2E8-D274-4CC1-A707-2BE0539070AE}\847463535344D2833353643444 : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-6 45856]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-12-6 711112]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-9-1 1643184]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2012-8-30 1109296]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 netw5v64;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter voor 64-bits Windows Vista;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-5 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-8 1255736]
.
=============== Created Last 30 ================
.
2013-09-12 16:04:32 -------- dc----w- C:\Users\bor\AppData\Roaming\Malwarebytes
2013-09-12 16:04:12 -------- dc----w- C:\ProgramData\Malwarebytes
2013-09-12 16:04:08 25928 -c--a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-12 16:04:08 -------- dc----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-12 16:03:45 -------- dc----w- C:\Users\bor\AppData\Local\Programs
2013-09-12 15:37:39 -------- dc----w- C:\Program Files\CCleaner
2013-09-10 16:14:10 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-09-10 16:14:09 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-09-10 16:14:04 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-09-10 16:14:03 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-09-02 18:36:15 -------- dc----w- C:\foto's
2013-09-02 18:30:30 -------- dc----w- C:\Windows\System32\appmgmt
2013-09-01 15:10:59 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-09-01 14:55:37 -------- dc----w- C:\Windows\System32\MRT
2013-09-01 12:10:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-09-01 12:10:19 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-09-01 12:10:19 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-09-01 12:10:19 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-09-01 12:10:16 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-09-01 12:10:16 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-09-01 12:10:16 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-09-01 12:10:16 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2013-09-10 16:33:13 71048 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-10 16:33:13 692616 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-01 15:10:59 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-09-01 11:43:41 45856 -c--a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2012-12-05 16:29:41 4096000 -c--a-w- C:\Program Files (x86)\GUTFE0E.tmp
.
============= FINISH: 18:49:11,04 ===============
Gmer
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-12 19:05:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS541680J9SA00 rev.SB2OC7BP 74,53GB
Running: 2eebwsj1.exe; Driver: C:\Users\bor\AppData\Local\Temp\uwliipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b21465 2 bytes [B2, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b214bb 2 bytes [B2, 77]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b21465 2 bytes [B2, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b214bb 2 bytes [B2, 77]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b21465 2 bytes [B2, 77]
.text C:\Program Files (x86)\AVG\AVG2012\avgtray.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b214bb 2 bytes [B2, 77]
.text ... * 2
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077b21465 2 bytes [B2, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2716] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000077b214bb 2 bytes [B2, 77]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b21465 2 bytes [B2, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b214bb 2 bytes [B2, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread [344:352] 000007feffa56e50
Thread [344:364] 000007feff9b4d00
Thread [344:376] 000007feff8d3b90
Thread [344:380] 000007feff8d3b90
Thread [344:396] 000007feff8d3b90
Thread [344:412] 000007feff8d3b90
Thread [344:424] 000007feff8d3b90
Thread [344:456] 000007feff8d3b90
Thread [344:468] 000007feff8d3b90
Thread [344:480] 000007feff8d3b90
Thread [344:492] 000007feff8d3b90
Thread [344:504] 000007feff8d3b90
Thread [344:4084] 000007feff9b4d00
Thread [344:4088] 000007feff9b4d00
Thread [344:4092] 000007feff9b4d00
Thread [344:2420] 000007feff9b4d00
Thread [344:2380] 000007feff9b4d00
Thread [344:2356] 000007feff9b4d00
Thread [344:3088] 000007feff9b4d00
Thread [344:2632] 000007feff9b4d00
Thread [344:2424] 000007feff9b4d00
Thread [344:2696] 000007feff9b4d00
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bedc440
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 517
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BB75D2E8-D274-4CC1-A707-2BE0539070AE}@LeaseObtainedTime 1379005125
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BB75D2E8-D274-4CC1-A707-2BE0539070AE}@T1 1379006925
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BB75D2E8-D274-4CC1-A707-2BE0539070AE}@T2 1379008275
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BB75D2E8-D274-4CC1-A707-2BE0539070AE}@LeaseTerminatesTime 1379008725
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bedc440 (not active ControlSet)
---- EOF - GMER 2.1 ----
Comment