Beste Nucia,
sinds een aantal maanden is mijn laptop niet meer vooruit te branden. Met name IE werkt super traag. Het gekke is dat Google Chrome wel gewoon snel werkt. Daarnaast krijg ik bij Windows Update een consequente foutmelding bij een update van IE naar versie 11 (code 9C59)
Ik vermoed dat er rommel in de vorm van virussen en/of malware op zit. En wellicht ook iets niet goed met de versie van .NET Framework als ik zo rondsurf op internet. Zeker weten doe ik dat niet.
Ik heb het stappenplan gevolgd, en dat leverde de onderstaande logs (overigens na het runnen van deze programma's blijf ik tegen hetzelfde probleem aanlopen)
Ik hoop dat iemand mij kan helpen.
Malwarebytes Anti-Malware
Scan Date: 23-10-2014
Scan Time: 22:58:17
Logfile: mbamlog.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.23.08
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Willy en Mieke
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326553
Time Elapsed: 17 min, 42 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 23
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (1).exe, Quarantined, [f43052c6304c3402fc7c4b57be46837d],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (2).exe, Quarantined, [4cd8d93f99e3aa8c9fd9dcc6679dd030],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (3).exe, Quarantined, [9e86a474f3891125dc9cc2e0f60e5fa1],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (4).exe, Quarantined, [9e86d5432f4d013554243171966e629e],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (5).exe, Quarantined, [3ce876a280fc0432fb7ddfc3e420758b],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (6).exe, Quarantined, [71b391876f0d66d096e2f1b117ed7b85],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (7).exe, Quarantined, [eb3980982e4eea4ce6921191669e3cc4],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (8).exe, Quarantined, [3fe546d2d7a5c175b6c2129047bd7090],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (9).exe, Quarantined, [00240414a8d448ee7efabee42cd8e41c],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player.exe, Quarantined, [2cf853c5681480b6c4b43d65000445bb],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (1).exe, Quarantined, [78ace830a6d6122433454870fb06867a],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (2).exe, Quarantined, [0f15ad6bf08cff3782f6d4e460a139c7],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (3).exe, Quarantined, [8c98e7319be10a2c07712296ff02eb15],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (4).exe, Quarantined, [cd57ce4a453755e1ef898731f60bad53],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (5).exe, Quarantined, [a1831efaf5870333fb7d4c6c58a96799],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (6).exe, Quarantined, [d64ec94fa9d32a0cbfb9bcfc33ce728e],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (7).exe, Quarantined, [180c2eea5f1d4aec80f8853354ad6997],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (8).exe, Quarantined, [ad77e4341a62d26437414e6ad8290000],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player.exe, Quarantined, [fa2a9d7b4834d95d0573ebcdb05160a0],
PUP.Optional.InstallBrain.A, C:\Users\Willy en Mieke\Downloads\VideoPerformerSetup.exe, Quarantined, [93918890b8c43df9dbf2b3c7c43d13ed],
PUP.Optional.InstallCore, C:\Users\Willy en Mieke\Downloads\FlvPlayerSetup.exe, Quarantined, [44e028f0de9e2d09eed1ab65f70eb24e],
PUP.Optional.MindSpark.A, C:\Users\Willy en Mieke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bringmesports.dl.tb.ask.com_0.localstorage, Quarantined, [59cb8395e795aa8c95525ae8847fbc44],
PUP.Optional.MindSpark.A, C:\Users\Willy en Mieke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bringmesports.dl.tb.ask.com_0.localstorage-journal, Quarantined, [ee368197cfadf93d43a451f1ed160bf5],
Physical Sectors: 0
(No malicious items detected)
(end)
# AdwCleaner v4.001 - Rapport aangemaakt 23/10/2014 op 23:34:39
# DB v2014-10-23.2
# Laatste Update 20/10/2014 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : Willy en Mieke - ASUS-LAPTOP
# Gestart vanuit : C:\Users\Willy en Mieke\Downloads\adwcleaner_4.001.exe
# Optie : Verwijderen
***** [ Services ] *****
***** [ Bestanden / Mappen ] *****
***** [ Taken ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.17116
-\\ Google Chrome v36.0.1985.143
*************************
AdwCleaner[R0].txt - [1439 octets] - [24/08/2014 15:57:12]
AdwCleaner[R1].txt - [1055 octets] - [23/10/2014 23:31:40]
AdwCleaner[S0].txt - [1471 octets] - [24/08/2014 16:54:37]
AdwCleaner[S1].txt - [972 octets] - [23/10/2014 23:34:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1031 octets] ##########
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17116
Run by Willy en Mieke at 23:42:25 on 2014-10-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2925.1387 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 212.54.40.25 212.54.44.54
TCP: Interfaces\{0D19064D-03C5-42EF-A337-F9F7E5849F26} : DHCPNameServer = 212.54.40.25 212.54.44.54
TCP: Interfaces\{0D19064D-03C5-42EF-A337-F9F7E5849F26}\3416D60796E6760284F6473707F6470223 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{0D19064D-03C5-42EF-A337-F9F7E5849F26}\3596475636F6D6440333440343 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.easetuner.com/download/SOPCORE.CAB
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-7-16 15928]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 125584]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-16 2314240]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-4-13 135560]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-16 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-25 115312]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-23 25816]
R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-23 968504]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-10-30 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-23 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-24 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-24 56832]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-9 1255736]
S4 BecHelperService;BecHelperService;C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe [2012-9-11 1915904]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-23 1871160]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-25 2984832]
.
=============== Created Last 30 ================
.
2014-10-23 20:56:34 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-23 20:56:03 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-23 20:56:03 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-23 20:56:03 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-23 20:56:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-23 20:54:53 -------- d-----w- C:\Users\Willy en Mieke\AppData\Local\Programs
2014-10-23 17:05:16 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-10-23 17:05:16 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-10-23 16:54:15 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-23 16:54:15 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-10-23 16:54:14 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-10-23 16:54:12 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-10-23 16:54:11 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-10-23 16:54:03 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-23 16:54:03 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-23 16:54:03 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-23 16:54:03 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-23 16:54:02 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-23 16:54:02 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-23 16:52:58 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-10-23 16:48:12 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-23 16:48:12 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-10-23 16:48:07 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-10-23 16:48:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-23 16:48:03 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-10-23 16:48:03 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-10-23 16:48:02 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-23 16:48:01 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-23 16:47:40 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-23 16:47:39 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-23 16:30:51 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F5E52EF-8781-48F3-A6CC-29F6411CC9BF}\mpengine.dll
.
==================== Find3M ====================
.
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-20 05:17:42 2236928 ----a-w- C:\Windows\System32\wininet.dll
2014-09-20 05:16:11 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-20 05:16:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-20 05:16:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-09-20 05:15:22 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-20 03:57:57 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-20 03:57:04 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-20 03:57:01 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-20 03:57:01 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-09-20 03:56:33 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-20 03:38:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-20 03:33:44 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-20 02:43:32 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-09-20 02:35:33 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 23:43:34,30 ===============
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-23 23:58:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB
Running: i3hvwbbm.exe; Driver: C:\Users\WILLYE~1\AppData\Local\Temp\pwliqpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031fb000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031fb02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Microsoft Security Client\NisSrv.exe [2176:2248] 000007fefedba808
Thread C:\Program Files\Microsoft Security Client\NisSrv.exe [2176:2408] 000007fefeae6e60
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2916:3912] 000007fefb702bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2916:3960] 000007fef05b4830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2916:3012] 000007fef8305124
---- EOF - GMER 2.1 ----
sinds een aantal maanden is mijn laptop niet meer vooruit te branden. Met name IE werkt super traag. Het gekke is dat Google Chrome wel gewoon snel werkt. Daarnaast krijg ik bij Windows Update een consequente foutmelding bij een update van IE naar versie 11 (code 9C59)
Ik vermoed dat er rommel in de vorm van virussen en/of malware op zit. En wellicht ook iets niet goed met de versie van .NET Framework als ik zo rondsurf op internet. Zeker weten doe ik dat niet.
Ik heb het stappenplan gevolgd, en dat leverde de onderstaande logs (overigens na het runnen van deze programma's blijf ik tegen hetzelfde probleem aanlopen)
Ik hoop dat iemand mij kan helpen.
Malwarebytes Anti-Malware
Scan Date: 23-10-2014
Scan Time: 22:58:17
Logfile: mbamlog.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.23.08
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Willy en Mieke
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326553
Time Elapsed: 17 min, 42 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 23
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (1).exe, Quarantined, [f43052c6304c3402fc7c4b57be46837d],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (2).exe, Quarantined, [4cd8d93f99e3aa8c9fd9dcc6679dd030],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (3).exe, Quarantined, [9e86a474f3891125dc9cc2e0f60e5fa1],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (4).exe, Quarantined, [9e86d5432f4d013554243171966e629e],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (5).exe, Quarantined, [3ce876a280fc0432fb7ddfc3e420758b],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (6).exe, Quarantined, [71b391876f0d66d096e2f1b117ed7b85],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (7).exe, Quarantined, [eb3980982e4eea4ce6921191669e3cc4],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (8).exe, Quarantined, [3fe546d2d7a5c175b6c2129047bd7090],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player (9).exe, Quarantined, [00240414a8d448ee7efabee42cd8e41c],
PUP.Optional.SimplyInstaller.A, C:\Users\Willy en Mieke\Downloads\1Player.exe, Quarantined, [2cf853c5681480b6c4b43d65000445bb],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (1).exe, Quarantined, [78ace830a6d6122433454870fb06867a],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (2).exe, Quarantined, [0f15ad6bf08cff3782f6d4e460a139c7],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (3).exe, Quarantined, [8c98e7319be10a2c07712296ff02eb15],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (4).exe, Quarantined, [cd57ce4a453755e1ef898731f60bad53],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (5).exe, Quarantined, [a1831efaf5870333fb7d4c6c58a96799],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (6).exe, Quarantined, [d64ec94fa9d32a0cbfb9bcfc33ce728e],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (7).exe, Quarantined, [180c2eea5f1d4aec80f8853354ad6997],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player (8).exe, Quarantined, [ad77e4341a62d26437414e6ad8290000],
PUP.Optional.DomaIQ.Gen, C:\Users\Willy en Mieke\Downloads\Player.exe, Quarantined, [fa2a9d7b4834d95d0573ebcdb05160a0],
PUP.Optional.InstallBrain.A, C:\Users\Willy en Mieke\Downloads\VideoPerformerSetup.exe, Quarantined, [93918890b8c43df9dbf2b3c7c43d13ed],
PUP.Optional.InstallCore, C:\Users\Willy en Mieke\Downloads\FlvPlayerSetup.exe, Quarantined, [44e028f0de9e2d09eed1ab65f70eb24e],
PUP.Optional.MindSpark.A, C:\Users\Willy en Mieke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bringmesports.dl.tb.ask.com_0.localstorage, Quarantined, [59cb8395e795aa8c95525ae8847fbc44],
PUP.Optional.MindSpark.A, C:\Users\Willy en Mieke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bringmesports.dl.tb.ask.com_0.localstorage-journal, Quarantined, [ee368197cfadf93d43a451f1ed160bf5],
Physical Sectors: 0
(No malicious items detected)
(end)
# AdwCleaner v4.001 - Rapport aangemaakt 23/10/2014 op 23:34:39
# DB v2014-10-23.2
# Laatste Update 20/10/2014 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : Willy en Mieke - ASUS-LAPTOP
# Gestart vanuit : C:\Users\Willy en Mieke\Downloads\adwcleaner_4.001.exe
# Optie : Verwijderen
***** [ Services ] *****
***** [ Bestanden / Mappen ] *****
***** [ Taken ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.17116
-\\ Google Chrome v36.0.1985.143
*************************
AdwCleaner[R0].txt - [1439 octets] - [24/08/2014 15:57:12]
AdwCleaner[R1].txt - [1055 octets] - [23/10/2014 23:31:40]
AdwCleaner[S0].txt - [1471 octets] - [24/08/2014 16:54:37]
AdwCleaner[S1].txt - [972 octets] - [23/10/2014 23:34:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1031 octets] ##########
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17116
Run by Willy en Mieke at 23:42:25 on 2014-10-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2925.1387 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 212.54.40.25 212.54.44.54
TCP: Interfaces\{0D19064D-03C5-42EF-A337-F9F7E5849F26} : DHCPNameServer = 212.54.40.25 212.54.44.54
TCP: Interfaces\{0D19064D-03C5-42EF-A337-F9F7E5849F26}\3416D60796E6760284F6473707F6470223 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{0D19064D-03C5-42EF-A337-F9F7E5849F26}\3596475636F6D6440333440343 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.easetuner.com/download/SOPCORE.CAB
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-7-16 15928]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 125584]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-16 2314240]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-4-13 135560]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-16 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-25 115312]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-23 25816]
R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-23 968504]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-10-30 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-23 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-24 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-24 56832]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-9 1255736]
S4 BecHelperService;BecHelperService;C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe [2012-9-11 1915904]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-23 1871160]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-25 2984832]
.
=============== Created Last 30 ================
.
2014-10-23 20:56:34 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-23 20:56:03 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-23 20:56:03 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-23 20:56:03 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-23 20:56:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-23 20:54:53 -------- d-----w- C:\Users\Willy en Mieke\AppData\Local\Programs
2014-10-23 17:05:16 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-10-23 17:05:16 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-10-23 16:54:15 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-23 16:54:15 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-10-23 16:54:14 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-10-23 16:54:12 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-10-23 16:54:11 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-10-23 16:54:03 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-23 16:54:03 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-23 16:54:03 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-23 16:54:03 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-23 16:54:02 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-23 16:54:02 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-23 16:52:58 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-10-23 16:48:12 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-23 16:48:12 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-10-23 16:48:07 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-10-23 16:48:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-23 16:48:03 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-10-23 16:48:03 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-10-23 16:48:02 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-23 16:48:01 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-23 16:47:40 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-23 16:47:39 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-23 16:30:51 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F5E52EF-8781-48F3-A6CC-29F6411CC9BF}\mpengine.dll
.
==================== Find3M ====================
.
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-20 05:17:42 2236928 ----a-w- C:\Windows\System32\wininet.dll
2014-09-20 05:16:11 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-20 05:16:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-20 05:16:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-09-20 05:15:22 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-20 03:57:57 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-20 03:57:04 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-20 03:57:01 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-20 03:57:01 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-09-20 03:56:33 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-20 03:38:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-20 03:33:44 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-20 02:43:32 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-09-20 02:35:33 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 23:43:34,30 ===============
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-23 23:58:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB
Running: i3hvwbbm.exe; Driver: C:\Users\WILLYE~1\AppData\Local\Temp\pwliqpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031fb000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031fb02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Microsoft Security Client\NisSrv.exe [2176:2248] 000007fefedba808
Thread C:\Program Files\Microsoft Security Client\NisSrv.exe [2176:2408] 000007fefeae6e60
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2916:3912] 000007fefb702bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2916:3960] 000007fef05b4830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2916:3012] 000007fef8305124
---- EOF - GMER 2.1 ----
Comment