Tweet
AVG vond een aantal trojan horses. Toen aan de slag gegaan met malwarebytes en die vond ook eea. Hieronder de logfiles:
Malwarebytes Anti-Malware
Scandatum: 11-6-2015
Scantijd: 18:01:32
Logbestand: Malwarebytesscan.txt
Beheerder: Ja
Versie: 2.01.6.1022
Malware Gegevensbestand: v2015.06.11.03
Rootkit Gegevensbestand: v2015.06.02.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Zelfbescherming: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: RamonXP
Scantype: Aangepaste Scan
Resultaat: Voltooid
Objecten Gescand: 603869
Verstreken Tijd: 3 u, 11 m, 26 s
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(Geen kwaadaardige items gedetecteerd)
Modules: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
Registerwaardes: 4
Rootkit.Fileless.MTGen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|^84f266d4, In Quarantaine, [0c63d4e56a20da5c70542d57f015867a],
Rootkit.Fileless.MTGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|^84f266d4, In Quarantaine, [a0cf94252f5b82b4358f4341b64fc739],
Rootkit.Fileless.MTGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^123e2ce4, In Quarantaine, [92ddf0c929611e18daca0b7993727e82],
Rootkit.Fileless.MTGen, HKU\S-1-5-21-3479862513-3837734466-614173103-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^123e2ce4, In Quarantaine, [2a45d8e16525f93d1b88453fc24347b9],
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
Mappen: 5
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Bestanden: 11
Trojan.Agent.AI, C:\Users\RamonXP\AppData\Local\Temp\Quarantine.exe, In Quarantaine, [670895245e2c6bcb6b539ad342c0847c],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\zepplauncher.mif, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp146A.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp2FB9.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp3D7E.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp54F8.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp61DF.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6B91.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp7964.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp87BA.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\{00F0D54E-B94E-EAE2-A9E8-8F105A3FF686}, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
(end)
Adwcleaner:
# AdwCleaner v4.206 - Logbestand aangemaakt 11/06/2015 op 21:30:08
# Laatste update 01/06/2015 door Xplode
# Database : 2015-06-09.1 [Server]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
# Gebruikersnaam : RamonXP - RAMONXP-PC
# Gestart vanuit : C:\Users\RamonXP\Desktop\antivirus\adwcleaner_4.206.exe
# Optie : Verwijderen
***** [ Services ] *****
***** [ Bestanden / Mappen ] *****
***** [ Geplande taken ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Sleutel Verwijderd : HKU\.DEFAULT\Software\Avg Secure Update
Gegevens Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Webbrowsers ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Google Chrome v43.0.2357.124
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [1909 bytes] - [10/06/2015 08:05:33]
AdwCleaner[R1].txt - [1112 bytes] - [11/06/2015 21:21:01]
AdwCleaner[S0].txt - [1892 bytes] - [10/06/2015 08:11:25]
AdwCleaner[S1].txt - [1042 bytes] - [11/06/2015 21:30:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1101 bytes] ##########
DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840 BrowserJavaVersion: 11.31.2
Run by RamonXP at 21:37:07 on 2015-06-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3828.1056 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\RamonXP\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\System32\vds.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\RamonXP\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Users\RamonXP\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [Akamai NetSession Interface] "C:\Users\RamonXP\AppData\Local\Akamai\netsession_win.exe"
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Ubjjmedia] regsvr32.exe C:\Users\RamonXP\AppData\Local\Ubjjmedia\Ggzinf32.dll
mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{5F2F4E63-5A0D-4E3D-B30B-6D585AC1D35D} : DHCPNameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{5F2F4E63-5A0D-4E3D-B30B-6D585AC1D35D}\255746F6C666028656470225F6F646E65657370225567656E646965627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5F2F4E63-5A0D-4E3D-B30B-6D585AC1D35D}\2757D27657563747 : DHCPNameServer = 131.174.78.16 131.174.78.17
TCP: Interfaces\{5F2F4E63-5A0D-4E3D-B30B-6D585AC1D35D}\56465727F616D6 : DHCPNameServer = 131.174.117.20
TCP: Interfaces\{5F2F4E63-5A0D-4E3D-B30B-6D585AC1D35D}\75C414E4D2C49343745593 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B063B1D6-DF51-4225-AB4F-2D083E169197} : DHCPNameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{EC73D709-AD05-4DB1-ABA3-4CE4763BB6F2} : DHCPNameServer = 7.254.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-5-7 253920]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-5-7 220128]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2015-5-19 31376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-31 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2010-12-30 21616]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-4-27 284128]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-4-15 256992]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-5-4 291296]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-3-6 283064]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-4-7 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-5-18 3438544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-5-18 311792]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [2014-11-2 244392]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-5-19 1152656]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-31 13336]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-5-19 1893008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-5-19 23006864]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-31 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-5-19 410768]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-31 2533400]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2010-11-27 27760]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-12-31 175168]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-27 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-27 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-27 287232]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-13 25816]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-11-27 7689216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-27 184968]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-5-19 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-5-29 38032]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2010-11-27 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-13 1080120]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-2-18 315488]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-6-9 114688]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-11-27 169048]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-13 63704]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-10 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-4-10 56832]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-6 1255736]
.
=============== Created Last 30 ================
.
2015-06-10 06:05:16 -------- d-----w- C:\AdwCleaner
2015-06-09 18:46:28 633856 ----a-w- C:\Windows\System32\comctl32.dll
2015-06-09 18:45:59 2426880 ----a-w- C:\Windows\System32\wininet.dll
2015-06-09 18:45:58 950784 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2015-06-09 18:45:58 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-09 18:45:58 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-09 18:45:58 382976 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2015-06-09 18:45:57 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2015-06-09 18:45:57 1016832 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-06-09 18:45:56 10949120 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
2015-06-09 18:36:40 -------- d-----w- C:\Users\RamonXP\AppData\Roaming\ChromeUpdate
2015-06-07 17:56:08 -------- d-----w- C:\Users\RamonXP\AppData\Local\Ubjjmedia
2015-06-07 17:55:58 -------- d-----w- C:\Users\RamonXP\AppData\Local\Epqtion
2015-06-02 07:22:55 -------- d-----w- C:\Program Files (x86)\Heroes of the Storm
2015-06-02 06:49:44 -------- d-----w- C:\Users\RamonXP\AppData\Local\GWX
2015-05-30 09:39:47 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2015-05-29 11:16:06 -------- d-----w- C:\ProgramData\boost_interprocess
2015-05-29 11:16:02 48784 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2015-05-29 11:16:02 38032 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2015-05-22 17:16:46 18652352 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2015-05-20 17:08:16 -------- d-----w- C:\Users\RamonXP\AppData\Local\Avg
2015-05-20 17:00:23 -------- d-----w- C:\Windows\SysWow64\NV
2015-05-20 17:00:23 -------- d-----w- C:\Windows\System32\NV
2015-05-19 20:56:19 -------- d-----w- C:\Users\RamonXP\AppData\Local\NVIDIA Corporation
2015-05-19 20:55:15 -------- d-----w- C:\Users\RamonXP\AppData\Local\NVIDIA
2015-05-19 20:05:42 1756424 ----a-w- C:\Windows\System32\nvspbridge64.dll
2015-05-19 20:05:42 1571696 ----a-w- C:\Windows\System32\nvspcap64.dll
2015-05-19 20:05:39 1316000 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2015-05-19 20:05:38 1320304 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2015-05-19 20:04:03 571024 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-05-19 20:03:42 937288 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-05-19 20:03:42 75080 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2015-05-19 20:03:42 62608 ----a-w- C:\Windows\System32\nvshext.dll
2015-05-19 20:03:42 3490448 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-05-19 20:03:42 1059984 ----a-w- C:\Windows\System32\nv3dappshext.dll
2015-05-19 20:03:41 4391871 ----a-w- C:\Windows\System32\nvcoproc.bin
2015-05-19 20:03:41 2558608 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-05-19 20:03:40 6872392 ----a-w- C:\Windows\System32\nvcpl.dll
2015-05-19 20:03:40 385352 ----a-w- C:\Windows\System32\nvmctray.dll
2015-05-19 19:49:14 52880 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2015-05-12 21:14:26 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:14:26 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:40:30 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-05-12 19:40:30 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-05-12 19:40:11 328704 ----a-w- C:\Windows\System32\services.exe
.
==================== Find3M ====================
.
2015-06-11 16:00:31 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:23:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-05-25 18:23:59 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:18:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-05-25 18:18:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-05-25 18:18:54 879104 ----a-w- C:\Windows\System32\advapi32.dll
2015-05-25 18:18:45 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-05-25 18:18:45 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-05-25 18:18:39 112640 ----a-w- C:\Windows\System32\smss.exe
2015-05-25 18:18:32 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-05-25 18:18:30 43008 ----a-w- C:\Windows\System32\relog.exe
2015-05-25 18:18:19 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-05-25 18:18:19 104448 ----a-w- C:\Windows\System32\logman.exe
2015-05-25 18:18:11 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-05-25 18:18:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-05-25 18:18:04 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-05-25 18:14:26 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-05-25 18:14:04 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-05-25 18:07:34 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07:34 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04:08 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-05-25 18:00:44 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-05-25 18:00:40 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-05-25 18:00:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-05-25 18:00:25 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-05-25 18:00:17 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-05-25 18:00:09 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-05-25 18:00:04 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-05-25 17:59:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-05-25 17:59:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-05-25 17:59:51 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-05-25 17:57:31 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-05-25 17:57:15 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-05-25 17:08:39 3206144 ----a-w- C:\Windows\System32\win32k.sys
2015-05-25 17:00:56 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-25 16:50:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-05-25 16:50:36 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-05-25 16:48:25 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-25 16:48:25 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 16:48:25 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 16:48:25 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-23 03:28:17 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-05-23 03:15:54 503808 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-05-23 03:15:40 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-05-23 03:15:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-05-23 03:14:51 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-05-23 03:13:48 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-05-23 03:05:21 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-05-23 03:04:50 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-05-23 02:52:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-05-23 02:47:31 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-05-23 02:37:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-05-23 02:37:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-05-23 02:20:35 1950720 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-05-22 19:16:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-05-22 19:16:44 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-05-22 19:01:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-05-22 19:00:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-05-22 19:00:25 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-05-22 18:52:21 6026240 ----a-w- C:\Windows\System32\jscript9.dll
2015-05-22 18:47:49 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-05-22 18:47:34 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-05-22 18:47:03 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-05-22 18:40:17 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-05-22 18:29:31 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-05-22 18:18:41 700416 ----a-w- C:\Windows\System32\generaltel.dll
2015-05-22 18:18:29 757248 ----a-w- C:\Windows\System32\invagent.dll
2015-05-22 18:18:24 423424 ----a-w- C:\Windows\System32\devinv.dll
2015-05-22 18:18:22 1021440 ----a-w- C:\Windows\System32\appraiser.dll
2015-05-22 18:18:21 45568 ----a-w- C:\Windows\System32\acmigration.dll
2015-05-22 18:18:21 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-05-22 18:13:03 1119232 ----a-w- C:\Windows\System32\aeinv.dll
2015-05-22 18:05:28 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-05-22 18:05:06 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-05-21 13:19:52 193536 ----a-w- C:\Windows\System32\aepic.dll
2015-05-17 13:26:20 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-05-17 13:26:20 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-07 11:50:22 378336 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2015-05-07 11:49:24 253920 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2015-05-07 11:49:22 220128 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2015-05-04 12:14:30 291296 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2015-04-29 18:21:46 9728 ----a-w- C:\Windows\System32\spwmp.dll
2015-04-29 18:19:43 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2015-04-29 18:07:12 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2015-04-29 18:07:12 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2015-04-29 18:07:07 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2015-04-29 18:05:19 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-04-27 11:19:16 284128 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2015-04-24 17:56:58 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-15 11:06:02 256992 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2015-04-14 07:37:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-04-14 07:37:46 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-14 07:37:42 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 21:45:01,31 ===============
Malwarebytes Anti-Malware
Scandatum: 11-6-2015
Scantijd: 18:01:32
Logbestand: Malwarebytesscan.txt
Beheerder: Ja
Versie: 2.01.6.1022
Malware Gegevensbestand: v2015.06.11.03
Rootkit Gegevensbestand: v2015.06.02.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Zelfbescherming: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: RamonXP
Scantype: Aangepaste Scan
Resultaat: Voltooid
Objecten Gescand: 603869
Verstreken Tijd: 3 u, 11 m, 26 s
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(Geen kwaadaardige items gedetecteerd)
Modules: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
Registerwaardes: 4
Rootkit.Fileless.MTGen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|^84f266d4, In Quarantaine, [0c63d4e56a20da5c70542d57f015867a],
Rootkit.Fileless.MTGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|^84f266d4, In Quarantaine, [a0cf94252f5b82b4358f4341b64fc739],
Rootkit.Fileless.MTGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^123e2ce4, In Quarantaine, [92ddf0c929611e18daca0b7993727e82],
Rootkit.Fileless.MTGen, HKU\S-1-5-21-3479862513-3837734466-614173103-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^123e2ce4, In Quarantaine, [2a45d8e16525f93d1b88453fc24347b9],
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
Mappen: 5
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Bestanden: 11
Trojan.Agent.AI, C:\Users\RamonXP\AppData\Local\Temp\Quarantine.exe, In Quarantaine, [670895245e2c6bcb6b539ad342c0847c],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\zepplauncher.mif, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp146A.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp2FB9.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp3D7E.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp54F8.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp61DF.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6B91.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp7964.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp87BA.tmp, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor\temp\{00F0D54E-B94E-EAE2-A9E8-8F105A3FF686}, In Quarantaine, [75fa2a8fe5a51a1c3601e6041de68e72],
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
(end)
Adwcleaner:
# AdwCleaner v4.206 - Logbestand aangemaakt 11/06/2015 op 21:30:08
# Laatste update 01/06/2015 door Xplode
# Database : 2015-06-09.1 [Server]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
# Gebruikersnaam : RamonXP - RAMONXP-PC
# Gestart vanuit : C:\Users\RamonXP\Desktop\antivirus\adwcleaner_4.206.exe
# Optie : Verwijderen
***** [ Services ] *****
***** [ Bestanden / Mappen ] *****
***** [ Geplande taken ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Sleutel Verwijderd : HKU\.DEFAULT\Software\Avg Secure Update
Gegevens Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Webbrowsers ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Google Chrome v43.0.2357.124
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [1909 bytes] - [10/06/2015 08:05:33]
AdwCleaner[R1].txt - [1112 bytes] - [11/06/2015 21:21:01]
AdwCleaner[S0].txt - [1892 bytes] - [10/06/2015 08:11:25]
AdwCleaner[S1].txt - [1042 bytes] - [11/06/2015 21:30:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1101 bytes] ##########
DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840 BrowserJavaVersion: 11.31.2
Run by RamonXP at 21:37:07 on 2015-06-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3828.1056 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\RamonXP\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\System32\vds.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\RamonXP\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Users\RamonXP\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [Akamai NetSession Interface] "C:\Users\RamonXP\AppData\Local\Akamai\netsession_win.exe"
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Ubjjmedia] regsvr32.exe C:\Users\RamonXP\AppData\Local\Ubjjmedia\Ggzinf32.dll
mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{5F2F4E63-5A0D-4E3D-B30B-6D585AC1D35D} : DHCPNameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{5F2F4E63-5A0D-4E3D-B30B-6D585AC1D35D}\255746F6C666028656470225F6F646E65657370225567656E646965627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5F2F4E63-5A0D-4E3D-B30B-6D585AC1D35D}\2757D27657563747 : DHCPNameServer = 131.174.78.16 131.174.78.17
TCP: Interfaces\{5F2F4E63-5A0D-4E3D-B30B-6D585AC1D35D}\56465727F616D6 : DHCPNameServer = 131.174.117.20
TCP: Interfaces\{5F2F4E63-5A0D-4E3D-B30B-6D585AC1D35D}\75C414E4D2C49343745593 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B063B1D6-DF51-4225-AB4F-2D083E169197} : DHCPNameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{EC73D709-AD05-4DB1-ABA3-4CE4763BB6F2} : DHCPNameServer = 7.254.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-5-7 253920]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-5-7 220128]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2015-5-19 31376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-31 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2010-12-30 21616]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-4-27 284128]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-4-15 256992]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-5-4 291296]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-3-6 283064]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-4-7 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-5-18 3438544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-5-18 311792]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [2014-11-2 244392]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-5-19 1152656]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-31 13336]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-5-19 1893008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-5-19 23006864]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-31 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-5-19 410768]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-31 2533400]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2010-11-27 27760]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-12-31 175168]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-27 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-27 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-27 287232]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-13 25816]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-11-27 7689216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-27 184968]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-5-19 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-5-29 38032]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2010-11-27 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-13 1080120]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-2-18 315488]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-6-9 114688]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-11-27 169048]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-13 63704]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-10 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-4-10 56832]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-6 1255736]
.
=============== Created Last 30 ================
.
2015-06-10 06:05:16 -------- d-----w- C:\AdwCleaner
2015-06-09 18:46:28 633856 ----a-w- C:\Windows\System32\comctl32.dll
2015-06-09 18:45:59 2426880 ----a-w- C:\Windows\System32\wininet.dll
2015-06-09 18:45:58 950784 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2015-06-09 18:45:58 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-09 18:45:58 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-09 18:45:58 382976 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2015-06-09 18:45:57 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2015-06-09 18:45:57 1016832 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-06-09 18:45:56 10949120 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
2015-06-09 18:36:40 -------- d-----w- C:\Users\RamonXP\AppData\Roaming\ChromeUpdate
2015-06-07 17:56:08 -------- d-----w- C:\Users\RamonXP\AppData\Local\Ubjjmedia
2015-06-07 17:55:58 -------- d-----w- C:\Users\RamonXP\AppData\Local\Epqtion
2015-06-02 07:22:55 -------- d-----w- C:\Program Files (x86)\Heroes of the Storm
2015-06-02 06:49:44 -------- d-----w- C:\Users\RamonXP\AppData\Local\GWX
2015-05-30 09:39:47 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2015-05-29 11:16:06 -------- d-----w- C:\ProgramData\boost_interprocess
2015-05-29 11:16:02 48784 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2015-05-29 11:16:02 38032 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2015-05-22 17:16:46 18652352 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2015-05-20 17:08:16 -------- d-----w- C:\Users\RamonXP\AppData\Local\Avg
2015-05-20 17:00:23 -------- d-----w- C:\Windows\SysWow64\NV
2015-05-20 17:00:23 -------- d-----w- C:\Windows\System32\NV
2015-05-19 20:56:19 -------- d-----w- C:\Users\RamonXP\AppData\Local\NVIDIA Corporation
2015-05-19 20:55:15 -------- d-----w- C:\Users\RamonXP\AppData\Local\NVIDIA
2015-05-19 20:05:42 1756424 ----a-w- C:\Windows\System32\nvspbridge64.dll
2015-05-19 20:05:42 1571696 ----a-w- C:\Windows\System32\nvspcap64.dll
2015-05-19 20:05:39 1316000 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2015-05-19 20:05:38 1320304 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2015-05-19 20:04:03 571024 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-05-19 20:03:42 937288 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-05-19 20:03:42 75080 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2015-05-19 20:03:42 62608 ----a-w- C:\Windows\System32\nvshext.dll
2015-05-19 20:03:42 3490448 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-05-19 20:03:42 1059984 ----a-w- C:\Windows\System32\nv3dappshext.dll
2015-05-19 20:03:41 4391871 ----a-w- C:\Windows\System32\nvcoproc.bin
2015-05-19 20:03:41 2558608 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-05-19 20:03:40 6872392 ----a-w- C:\Windows\System32\nvcpl.dll
2015-05-19 20:03:40 385352 ----a-w- C:\Windows\System32\nvmctray.dll
2015-05-19 19:49:14 52880 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2015-05-12 21:14:26 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:14:26 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:40:30 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-05-12 19:40:30 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-05-12 19:40:11 328704 ----a-w- C:\Windows\System32\services.exe
.
==================== Find3M ====================
.
2015-06-11 16:00:31 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:23:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-05-25 18:23:59 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:18:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-05-25 18:18:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-05-25 18:18:54 879104 ----a-w- C:\Windows\System32\advapi32.dll
2015-05-25 18:18:45 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-05-25 18:18:45 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-05-25 18:18:39 112640 ----a-w- C:\Windows\System32\smss.exe
2015-05-25 18:18:32 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-05-25 18:18:30 43008 ----a-w- C:\Windows\System32\relog.exe
2015-05-25 18:18:19 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-05-25 18:18:19 104448 ----a-w- C:\Windows\System32\logman.exe
2015-05-25 18:18:11 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-05-25 18:18:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-05-25 18:18:04 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-05-25 18:14:26 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-05-25 18:14:04 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-05-25 18:07:34 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07:34 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04:08 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-05-25 18:00:44 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-05-25 18:00:40 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-05-25 18:00:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-05-25 18:00:25 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-05-25 18:00:17 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-05-25 18:00:09 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-05-25 18:00:04 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-05-25 17:59:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-05-25 17:59:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-05-25 17:59:51 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-05-25 17:57:31 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-05-25 17:57:15 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-05-25 17:08:39 3206144 ----a-w- C:\Windows\System32\win32k.sys
2015-05-25 17:00:56 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-25 16:50:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-05-25 16:50:36 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-05-25 16:48:25 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-25 16:48:25 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 16:48:25 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 16:48:25 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-23 03:28:17 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-05-23 03:15:54 503808 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-05-23 03:15:40 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-05-23 03:15:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-05-23 03:14:51 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-05-23 03:13:48 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-05-23 03:05:21 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-05-23 03:04:50 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-05-23 02:52:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-05-23 02:47:31 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-05-23 02:37:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-05-23 02:37:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-05-23 02:20:35 1950720 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-05-22 19:16:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-05-22 19:16:44 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-05-22 19:01:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-05-22 19:00:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-05-22 19:00:25 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-05-22 18:52:21 6026240 ----a-w- C:\Windows\System32\jscript9.dll
2015-05-22 18:47:49 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-05-22 18:47:34 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-05-22 18:47:03 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-05-22 18:40:17 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-05-22 18:29:31 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-05-22 18:18:41 700416 ----a-w- C:\Windows\System32\generaltel.dll
2015-05-22 18:18:29 757248 ----a-w- C:\Windows\System32\invagent.dll
2015-05-22 18:18:24 423424 ----a-w- C:\Windows\System32\devinv.dll
2015-05-22 18:18:22 1021440 ----a-w- C:\Windows\System32\appraiser.dll
2015-05-22 18:18:21 45568 ----a-w- C:\Windows\System32\acmigration.dll
2015-05-22 18:18:21 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-05-22 18:13:03 1119232 ----a-w- C:\Windows\System32\aeinv.dll
2015-05-22 18:05:28 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-05-22 18:05:06 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-05-21 13:19:52 193536 ----a-w- C:\Windows\System32\aepic.dll
2015-05-17 13:26:20 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-05-17 13:26:20 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-07 11:50:22 378336 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2015-05-07 11:49:24 253920 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2015-05-07 11:49:22 220128 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2015-05-04 12:14:30 291296 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2015-04-29 18:21:46 9728 ----a-w- C:\Windows\System32\spwmp.dll
2015-04-29 18:19:43 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2015-04-29 18:07:12 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2015-04-29 18:07:12 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2015-04-29 18:07:07 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2015-04-29 18:05:19 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-04-27 11:19:16 284128 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2015-04-24 17:56:58 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-15 11:06:02 256992 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2015-04-14 07:37:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-04-14 07:37:46 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-14 07:37:42 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 21:45:01,31 ===============
Comment