Mededeling

Collapse
No announcement yet.

Problemen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Problemen

    Goedeavond,

    Ik heb een tijdje geleden problemen gehad met m'n pc - hij maakte contact met via onbekende verbindingen en de poorten waren opengezet - en nu heb ik alles opnieuw moeten installeren. Maar ik heb rare dingen geconstateerd en hoewel de MBAM scanlogs niets uitwijzen hebben diverse andere apparaten dat wel gedaan.
    Het rare is dat ik daarna MBAM had verwijderd, en meer hits zijn geweest, en ik daarna veel meer Windows updates aangeboden kreeg om te installeren - en ook updates die zich eerder niet lieten installeren konden nu wel worden gedaan.

    Hieronder de logs van de programma's waarvan gevraagd is deze te doen, en daaronder heb ik logjes van andere programma's geplaatst die ik al heb laten draaien - die ook één en ander hebben aangetroffen.

    Ik vermoed dat er ook iets met m'n MBAM is gebeurd want deze laat zich niet uitzetten, en destijds toen ik constateerde dat het niet goed zat met m'n pc was deze ook bewerkt. Mijn Windows firewall was aangezet, terwijl deze altijd uitstond omdat mijn virusscanner deze beheerde en ik kon hem ook niet meer uitzetten.
    Vanmiddag had ik ook gezien dat er veel host.exe aan het draaien was, terwijl er nog nauwelijks iets is geinstalleerd omdat ik hem heb proberen op te schonen.

    Ik wil graag bankieren, maar durf dat al maanden niet meer aan en hoop dat dit kan worden opgelost.

    Groet,

    Spijker


    AdwCleaner Ro.txt
    # AdwCleaner v4.207 - Logbestand aangemaakt 07/07/2015 op 01:09:41
    # Laatste update 21/06/2015 door Xplode
    # Database : 2015-07-05.2 [Server]
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x86)
    # Gebruikersnaam : DV - DV-PC
    # Gestart vanuit : C:\Users\DV\Downloads\AdwCleaner.exe
    # Optie : Scannen

    ***** [ Services ] *****


    ***** [ Bestanden / Mappen ] *****

    Bestand Gevonden : C:\Users\DV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Check for Updates.lnk
    Bestand Gevonden : C:\Users\DV\AppData\Roaming\Mozilla\Firefox\Profiles\gg9uk1kn.default\user.js

    ***** [ Geplande taken ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ Register ] *****


    ***** [ Webbrowsers ] *****

    -\\ Internet Explorer v0.0.0.0


    -\\ Mozilla Firefox v39.0 (x86 nl)


    *************************

    AdwCleaner[R0].txt - [861 bytes] - [07/07/2015 01:09:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [919 bytes] ##########


    AdwCleaner S0.txt
    # AdwCleaner v4.207 - Logbestand aangemaakt 07/07/2015 op 01:11:42
    # Laatste update 21/06/2015 door Xplode
    # Database : 2015-07-05.2 [Server]
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x86)
    # Gebruikersnaam : DV - DV-PC
    # Gestart vanuit : C:\Users\DV\Downloads\AdwCleaner.exe
    # Optie : Verwijderen

    ***** [ Services ] *****


    ***** [ Bestanden / Mappen ] *****

    Bestand Verwijderd : C:\Users\DV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Check for Updates.lnk
    Bestand Verwijderd : C:\Users\DV\AppData\Roaming\Mozilla\Firefox\Profiles\gg9uk1kn.default\user.js

    ***** [ Geplande taken ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ Register ] *****


    ***** [ Webbrowsers ] *****

    -\\ Internet Explorer v0.0.0.0


    -\\ Mozilla Firefox v39.0 (x86 nl)


    *************************

    AdwCleaner[R0].txt - [997 bytes] - [07/07/2015 01:09:41]
    AdwCleaner[S0].txt - [927 bytes] - [07/07/2015 01:11:42]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [985 bytes] ##########



    DDS.txt
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: BrowserJavaVersion: 11.45.2
    Run by DV at 20:16:21 on 2015-07-07
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2046.1317 [GMT 2:00]
    .
    AV: Kaspersky Total Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
    SP: Kaspersky Total Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Total Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system\HsMgr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k utcsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Virtual Keyboard Plugin: {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - c:\program files\kaspersky lab\kaspersky total security 15.0.2\ieext\ie_plugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_45\bin\ssv.dll
    BHO: Content Blocker Plugin: {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - c:\program files\kaspersky lab\kaspersky total security 15.0.2\ieext\ie_plugin.dll
    BHO: Safe Money Plugin: {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - c:\program files\kaspersky lab\kaspersky total security 15.0.2\ieext\ie_plugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_45\bin\jp2ssv.dll
    mRun: [Cmaudio8788GX] c:\windows\system\HsMgr.exe Envoke
    mRun: [StartCCC] "c:\program files\amd\ati.ace\core-static\x86\CLIStart.exe" MSRun
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - c:\program files\kaspersky lab\kaspersky total security 15.0.2\ieext\ie_plugin.dll
    TCP: NameServer = 83.128.0.3 62.45.46.69
    TCP: Interfaces\{1416F1E3-BE27-427E-9706-AFDE6F64C5A3} : DHCPNameServer = 83.128.0.3 62.45.46.69
    SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\dv\appdata\roaming\mozilla\firefox\profiles\gg9uk1kn.default\
    FF - plugin: c:\program files\java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre1.8.0_45\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\kaspersky lab\kaspersky total security 15.0.2\ffext\[email protected]\npcontentblocker.dll
    FF - plugin: c:\program files\kaspersky lab\kaspersky total security 15.0.2\ffext\[email protected]\nponlinebanking.dll
    FF - plugin: c:\program files\kaspersky lab\kaspersky total security 15.0.2\ffext\[email protected]\npvkplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_18_0_0_194.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\drivers\cm_km_w.sys [2013-1-14 197864]
    R1 klhk;klhk;c:\windows\system32\drivers\klhk.sys [2014-10-22 44208]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2014-10-10 34160]
    R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [2013-4-12 23920]
    R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2014-10-9 54328]
    R1 Klwtp;Klwtp;c:\windows\system32\drivers\klwtp.sys [2014-11-22 72560]
    R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2014-11-10 157240]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-11-21 212992]
    R2 AVP15.0.2;Kaspersky Anti-Virus Service 15.0.2;c:\program files\kaspersky lab\kaspersky total security 15.0.2\avp.exe [2014-12-23 194000]
    R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-14 20992]
    R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [2015-5-18 54640]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-6-21 77824]
    R3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2015-7-4 1760256]
    R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [2014-11-28 128728]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2014-10-30 36208]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-8-8 35696]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-7-6 14848]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2015-7-6 27192]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2015-7-6 49152]
    .
    =============== Created Last 30 ================
    .
    2015-07-06 23:09:37 -------- d-----w- C:\AdwCleaner
    2015-07-06 23:00:15 -------- d-----w- C:\$RECYCLE.BIN
    2015-07-06 22:53:08 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d10f76fc-4c66-4b2a-ba96-223439bdfb36}\offreg.2028.dll
    2015-07-06 22:46:10 98816 ----a-w- c:\windows\sed.exe
    2015-07-06 22:46:10 256000 ----a-w- c:\windows\PEV.exe
    2015-07-06 22:46:10 208896 ----a-w- c:\windows\MBR.exe
    2015-07-06 22:38:57 -------- d-----w- c:\program files\trend micro
    2015-07-06 18:19:01 -------- d-----w- c:\users\dv\appdata\local\VS Revo Group
    2015-07-06 18:18:41 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2015-07-06 18:18:41 -------- d-----w- c:\programdata\VS Revo Group
    2015-07-06 18:18:39 -------- d-----w- c:\program files\VS Revo Group
    2015-07-06 16:37:59 -------- d-----w- c:\program files\Speccy
    2015-07-06 14:39:30 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2015-07-06 14:38:36 -------- d-----w- c:\programdata\Oracle
    2015-07-06 14:34:49 -------- d-----w- c:\users\dv\appdata\local\Macromedia
    2015-07-06 14:34:09 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-07-06 14:34:09 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-07-06 14:33:21 -------- d-----w- c:\users\dv\appdata\local\Adobe
    2015-07-06 14:24:11 -------- d-----w- c:\users\dv\appdata\local\Intel
    2015-07-06 14:23:48 -------- d-----w- c:\program files\Intel Driver Update Utility
    2015-07-06 13:01:08 428032 ----a-w- c:\windows\system32\vbscript.dll
    2015-07-06 03:27:24 -------- d-----w- C:\fe1275758ea615fbf0c262453efaa8
    2015-07-06 02:40:09 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
    2015-07-06 02:40:09 221184 ----a-w- c:\windows\system32\rdpudd.dll
    2015-07-06 02:40:08 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
    2015-07-06 02:40:04 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2015-07-06 02:40:04 74240 ----a-w- c:\windows\system32\fsutil.exe
    2015-07-06 02:40:04 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2015-07-06 02:40:04 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2015-07-06 02:40:04 1699328 ----a-w- c:\windows\system32\esent.dll
    2015-07-06 02:40:04 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2015-07-06 02:40:04 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2015-07-06 02:39:25 74240 ----a-w- c:\windows\system32\TSWbPrxy.exe
    2015-07-06 02:38:28 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
    2015-07-06 02:38:28 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
    2015-07-06 02:38:14 5703168 ----a-w- c:\windows\system32\mstscax.dll
    2015-07-06 02:14:08 -------- d-----w- c:\windows\system32\drivers\en-US
    2015-07-06 02:11:11 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
    2015-07-06 02:11:07 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
    2015-07-06 02:08:07 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-07-06 02:02:11 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
    2015-07-06 02:02:09 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
    2015-07-06 02:02:09 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2015-07-06 02:02:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
    2015-07-06 02:02:08 53248 ----a-w- c:\windows\system32\tsgqec.dll
    2015-07-06 02:02:08 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
    2015-07-06 02:02:08 350208 ----a-w- c:\windows\system32\wksprt.exe
    2015-07-06 02:02:08 17920 ----a-w- c:\windows\system32\wksprtPS.dll
    2015-07-06 02:02:08 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2015-07-06 02:02:07 1068544 ----a-w- c:\windows\system32\mstsc.exe
    2015-07-06 01:56:57 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
    2015-07-06 01:45:18 -------- d-----w- C:\6bd0083582e5d98d13becf80
    2015-07-06 01:32:01 2311168 ----a-w- c:\windows\system32\wpdshext.dll
    2015-07-06 01:30:58 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
    2015-07-06 01:29:58 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
    2015-07-06 01:29:57 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2015-07-06 01:29:57 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2015-07-06 01:29:57 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2015-07-06 01:29:56 233472 ----a-w- c:\windows\system32\oleacc.dll
    2015-07-06 01:29:52 372736 ----a-w- c:\windows\system32\rastls.dll
    2015-07-06 01:29:35 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
    2015-07-06 01:29:35 185344 ----a-w- c:\windows\system32\wwansvc.dll
    2015-07-06 01:29:34 54656 ----a-w- c:\windows\system32\drivers\stream.sys
    2015-07-06 01:22:46 58880 ----a-w- c:\windows\system32\clfsw32.dll
    2015-07-06 01:22:46 249784 ----a-w- c:\windows\system32\clfs.sys
    2015-07-06 01:22:26 909312 ----a-w- c:\windows\system32\FntCache.dll
    2015-07-06 01:22:26 1250816 ----a-w- c:\windows\system32\DWrite.dll
    2015-07-06 01:20:00 -------- d-----w- c:\windows\CheckSur
    2015-07-06 01:19:50 417792 ----a-w- c:\windows\system32\WMPhoto.dll
    2015-07-06 01:04:44 317440 ----a-w- c:\windows\system32\spoolsv.exe
    2015-07-06 01:04:43 301568 ----a-w- c:\windows\system32\msieftp.dll
    2015-07-06 01:04:40 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
    2015-07-06 01:04:38 2616320 ----a-w- c:\windows\explorer.exe
    2015-07-06 01:04:37 3419136 ----a-w- c:\windows\system32\d2d1.dll
    2015-07-05 23:45:19 -------- d-----w- C:\73de7781020ac29b19b430f9
    2015-07-05 23:42:29 -------- d-----w- C:\2de9587c528f16901603c5389c33
    2015-07-05 22:37:24 163504 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10145.bin
    2015-07-05 21:50:04 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2015-07-05 21:50:04 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2015-07-05 21:50:04 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2015-07-05 21:50:04 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2015-07-05 21:50:03 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2015-07-05 21:50:03 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2015-07-05 21:50:03 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2015-07-05 21:48:35 99480 ----a-w- c:\windows\system32\infocardapi.dll
    2015-07-05 21:48:32 8856 ----a-w- c:\windows\system32\icardres.dll
    2015-07-05 21:48:24 619672 ----a-w- c:\windows\system32\icardagt.exe
    2015-07-05 21:48:21 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2015-07-05 21:47:16 5120 ----a-w- c:\windows\system32\wmi.dll
    2015-07-05 21:47:16 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2015-07-05 21:03:26 76800 ----a-w- c:\windows\system32\wdi.dll
    2015-07-05 21:03:26 635904 ----a-w- c:\windows\system32\perftrack.dll
    2015-07-05 21:03:26 27136 ----a-w- c:\windows\system32\powertracker.dll
    2015-07-05 21:01:37 33792 ----a-w- c:\windows\system32\wuapp.exe
    2015-07-05 21:01:37 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
    2015-07-05 21:01:36 92672 ----a-w- c:\windows\system32\wudriver.dll
    2015-07-05 21:01:36 69632 ----a-w- c:\windows\system32\WinSetupUI.dll
    2015-07-05 21:01:36 2937344 ----a-w- c:\windows\system32\wucltux.dll
    2015-07-05 21:01:36 173056 ----a-w- c:\windows\system32\wuwebv.dll
    2015-07-05 21:00:49 67584 ----a-w- c:\windows\system32\dwmapi.dll
    2015-07-05 21:00:49 1372160 ----a-w- c:\windows\system32\dwmcore.dll
    2015-07-05 21:00:44 715200 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
    2015-07-05 21:00:19 179200 ----a-w- c:\windows\system32\wintrust.dll
    2015-07-05 21:00:19 143872 ----a-w- c:\windows\system32\cryptsvc.dll
    2015-07-05 21:00:19 1174528 ----a-w- c:\windows\system32\crypt32.dll
    2015-07-05 21:00:19 103936 ----a-w- c:\windows\system32\cryptnet.dll
    2015-07-05 20:44:33 666624 ----a-w- c:\windows\system32\mssvp.dll
    2015-07-05 20:43:40 868864 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
    2015-07-05 20:41:48 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2015-07-05 20:40:52 155136 ----a-w- c:\windows\system32\charmap.exe
    2015-07-05 20:39:51 523776 ----a-w- c:\windows\system32\termsrv.dll
    2015-07-05 20:38:58 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2015-07-05 20:38:58 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
    2015-07-05 20:38:58 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2015-07-05 20:38:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2015-07-05 20:38:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2015-07-05 20:38:58 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2015-07-05 20:38:58 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2015-07-05 20:38:37 47104 ----a-w- c:\windows\system32\appinfo.dll
    2015-07-05 20:38:27 1237504 ----a-w- c:\windows\system32\msxml3.dll
    2015-07-05 20:38:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2015-07-05 20:38:25 530432 ----a-w- c:\windows\system32\comctl32.dll
    2015-07-05 20:28:28 -------- d-----w- c:\users\dv\appdata\roaming\library_dir
    2015-07-05 20:27:55 -------- d-----w- c:\users\dv\appdata\roaming\Raptr
    2015-07-05 20:27:55 -------- d-----w- c:\program files\Raptr
    2015-07-05 20:27:48 -------- d-----w- c:\program files\AMD AVT
    2015-07-05 20:18:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2015-07-05 20:18:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2015-07-05 20:18:45 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2015-07-05 20:18:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
    2015-07-05 20:18:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
    2015-07-05 20:01:12 -------- d-----w- c:\programdata\Package Cache
    2015-07-05 19:59:35 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2015-07-05 19:59:35 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2015-07-05 19:57:56 -------- d-----w- C:\AMD
    2015-07-05 19:49:06 442368 ----a-w- c:\windows\system32\atidemgy.dll
    2015-07-05 19:47:22 -------- d-----w- c:\program files\ATI Technologies
    2015-07-05 18:06:14 -------- d-----w- c:\program files\CCleaner
    2015-07-05 16:46:49 -------- d-----w- c:\windows\system32\SPReview
    2015-07-05 16:46:03 -------- d-----w- c:\windows\system32\EventProviders
    2015-07-05 16:01:58 97280 ----a-w- c:\windows\system32\dwmredir.dll
    2015-07-05 16:00:59 61952 ----a-w- c:\windows\system32\manage-bde.exe
    2015-07-05 15:33:43 -------- d-----w- c:\users\dv\appdata\local\Programs
    2015-07-05 14:41:03 -------- d-----w- c:\windows\ELAMBKUP
    2015-07-05 14:40:58 -------- d-----w- c:\program files\Kaspersky Lab
    2015-07-05 14:40:57 -------- d-----w- c:\programdata\Kaspersky Lab
    2015-07-04 22:22:34 -------- d-----w- c:\users\dv\appdata\local\ATI
    2015-07-04 22:22:32 -------- d-----w- c:\programdata\AMD
    2015-07-04 22:12:27 -------- d-----w- c:\program files\ATI
    2015-07-04 21:59:47 -------- d-sh--w- c:\windows\Installer
    2015-07-04 21:46:25 -------- d-----w- c:\users\dv\appdata\roaming\ASUS
    2015-07-04 21:46:20 413696 ----a-w- c:\windows\system32\wrap_oal.dll
    2015-07-04 21:46:20 102400 ----a-w- c:\windows\system32\OpenAL32.dll
    2015-07-04 21:46:01 303104 ------w- c:\windows\system32\cmasiop.dll
    2015-07-04 21:46:00 217088 ------w- c:\windows\system\HsSrv2.dll
    2015-07-04 21:46:00 122880 ------w- c:\windows\system32\Cm_Oal.dll
    2015-07-04 21:45:59 217088 ------w- c:\windows\system\HsSrv.dll
    2015-07-04 21:45:52 200704 ------w- c:\windows\system\HsMgr.exe
    2015-07-04 21:45:44 143360 ------w- c:\windows\system\VmixP8.dll
    2015-07-04 21:45:25 561152 ------w- c:\windows\system32\Cmeauoxy.exe
    2015-07-04 21:45:25 -------- d-----w- c:\program files\ASUS Xonar DG Audio
    2015-07-04 21:44:45 32768 ----a-w- c:\windows\system32\cmudaxp.dll
    2015-07-04 21:44:45 315392 ----a-w- c:\windows\system\CmiFltr.dll
    2015-07-04 21:44:45 1760256 ----a-w- c:\windows\system32\drivers\cmudaxp.sys
    2015-07-04 21:44:38 303104 ------w- c:\windows\system32\CmiInstallResAll.dll
    2015-07-04 21:44:29 319968 ----a-r- c:\windows\difxapi.dll
    2015-07-04 21:42:17 0 ----a-w- c:\windows\ativpsrm.bin
    2015-07-04 21:40:43 -------- d-s---w- c:\windows\system32\CompatTel
    2015-07-04 21:40:43 -------- d-----w- c:\windows\system32\appraiser
    2015-07-04 21:40:43 -------- d-----w- c:\windows\Migration
    2015-07-04 20:37:19 -------- d-----w- c:\windows\Panther
    2015-07-04 20:07:18 -------- d-----w- c:\program files\common files\ATI Technologies
    2015-07-04 20:07:17 -------- d-----w- c:\program files\AMD
    2015-07-04 20:06:24 9252600 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d10f76fc-4c66-4b2a-ba96-223439bdfb36}\mpengine.dll
    2015-07-04 20:06:22 246920 ------w- c:\windows\system32\MpSigStub.exe
    2015-07-04 20:03:06 -------- d-----w- c:\windows\system32\MRT
    2015-07-04 20:01:51 1167520 ----a-w- c:\windows\system32\aitstatic.exe
    2015-07-04 20:01:50 163840 ----a-w- c:\windows\system32\aepic.dll
    2015-07-04 19:57:46 -------- d-----w- c:\windows\system32\wbem\Performance
    2015-07-04 19:54:55 -------- d-sh--we c:\programdata\Sjablonen
    2015-07-04 19:54:55 -------- d-sh--we c:\programdata\Menu Start
    2015-07-04 19:54:55 -------- d-sh--we c:\programdata\Favorieten
    2015-07-04 19:54:55 -------- d-sh--we c:\programdata\Documenten
    2015-07-04 19:54:55 -------- d-sh--we c:\programdata\Bureaublad
    2015-07-04 14:56:45 -------- d-----w- C:\Recovery
    2015-07-03 17:43:54 -------- d-----w- C:\RegBackup
    2015-07-03 05:51:39 -------- d-----w- C:\Boot
    .
    ==================== Find3M ====================
    .
    2015-07-05 16:55:48 152576 ----a-w- c:\windows\system32\msclmd.dll
    2015-07-05 16:12:42 72560 ----a-w- c:\windows\system32\drivers\klwtp.sys
    2015-07-05 16:12:42 54328 ----a-w- c:\windows\system32\drivers\kltdi.sys
    2015-07-05 16:12:42 34160 ----a-w- c:\windows\system32\drivers\klim6.sys
    2015-07-05 16:12:42 23920 ----a-w- c:\windows\system32\drivers\klpd.sys
    2015-07-05 16:12:42 157240 ----a-w- c:\windows\system32\drivers\kneps.sys
    2015-07-05 16:12:41 54640 ----a-w- c:\windows\system32\drivers\kldisk.sys
    2015-07-05 16:12:41 153784 ----a-w- c:\windows\system32\drivers\kl1.sys
    2015-07-05 16:10:22 36208 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
    2015-07-05 16:10:22 35696 ----a-w- c:\windows\system32\drivers\klmouflt.sys
    2015-07-05 16:10:21 128728 ----a-w- c:\windows\system32\drivers\klflt.sys
    2015-07-05 16:10:20 44208 ----a-w- c:\windows\system32\drivers\klhk.sys
    2015-07-05 16:10:16 197864 ----a-w- c:\windows\system32\drivers\cm_km_w.sys
    2015-05-25 18:07:34 3989440 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2015-05-25 18:07:34 3934144 ----a-w- c:\windows\system32\ntoskrnl.exe
    2015-05-25 18:07:33 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2015-05-25 18:07:33 137664 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2015-05-25 18:04:08 1307648 ----a-w- c:\windows\system32\ntdll.dll
    2015-05-25 18:00:44 40448 ----a-w- c:\windows\system32\typeperf.exe
    2015-05-25 18:00:40 364544 ----a-w- c:\windows\system32\tracerpt.exe
    2015-05-25 18:00:29 69632 ----a-w- c:\windows\system32\smss.exe
    2015-05-25 18:00:26 262656 ----a-w- c:\windows\system32\rstrui.exe
    2015-05-25 18:00:25 37888 ----a-w- c:\windows\system32\relog.exe
    2015-05-25 18:00:17 82944 ----a-w- c:\windows\system32\logman.exe
    2015-05-25 18:00:17 22528 ----a-w- c:\windows\system32\lsass.exe
    2015-05-25 18:00:09 17408 ----a-w- c:\windows\system32\diskperf.exe
    2015-05-25 18:00:04 50176 ----a-w- c:\windows\system32\auditpol.exe
    2015-05-25 17:57:31 60416 ----a-w- c:\windows\system32\msobjs.dll
    2015-05-25 17:57:15 146432 ----a-w- c:\windows\system32\msaudite.dll
    2015-05-25 17:55:18 6656 ----a-w- c:\windows\system32\apisetschema.dll
    2015-05-25 17:55:17 686080 ----a-w- c:\windows\system32\adtschema.dll
    2015-05-25 17:00:20 2384384 ----a-w- c:\windows\system32\win32k.sys
    2015-05-25 16:53:50 36864 ----a-w- c:\windows\system32\UtcResources.dll
    2015-05-22 18:03:09 571392 ----a-w- c:\windows\system32\generaltel.dll
    2015-05-22 18:02:54 621568 ----a-w- c:\windows\system32\invagent.dll
    2015-05-22 18:02:49 333824 ----a-w- c:\windows\system32\devinv.dll
    2015-05-22 18:02:46 879104 ----a-w- c:\windows\system32\appraiser.dll
    2015-05-22 18:02:45 37888 ----a-w- c:\windows\system32\acmigration.dll
    2015-05-22 18:02:45 202752 ----a-w- c:\windows\system32\aepdu.dll
    2015-05-22 17:58:27 901120 ----a-w- c:\windows\system32\aeinv.dll
    2015-05-09 03:14:43 169984 ----a-w- c:\windows\system32\winsrv.dll
    2015-05-09 03:13:42 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2015-05-09 03:12:59 271360 ----a-w- c:\windows\system32\conhost.exe
    2015-05-09 01:59:25 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-05-09 01:59:25 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-09 01:59:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-09 01:59:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-04-29 18:07:12 4096 ----a-w- c:\windows\system32\msdxm.ocx
    2015-04-29 18:07:12 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2015-04-29 18:07:07 8192 ----a-w- c:\windows\system32\spwmp.dll
    2015-04-29 18:05:19 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2015-04-24 08:34:16 85504 ----a-w- c:\windows\system32\mantleaxl32.dll
    2015-04-24 08:34:16 113664 ----a-w- c:\windows\system32\mantle32.dll
    2015-04-24 08:34:04 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
    2015-04-24 08:34:04 294912 ----a-w- c:\windows\system32\ATIODE.exe
    2015-04-24 08:33:52 118784 ----a-w- c:\windows\system32\atibtmon.exe
    2015-04-24 08:33:50 995342 ----a-w- c:\windows\system32\amdocl_as32.exe
    2015-04-24 08:33:50 798734 ----a-w- c:\windows\system32\amdocl_ld32.exe
    2015-04-24 08:33:40 4590592 ----a-w- c:\windows\system32\amdmantle32.dll
    2015-04-24 08:33:40 38912 ----a-w- c:\windows\system32\amdmmcl.dll
    2015-04-24 08:33:30 265416 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
    2015-04-18 02:56:57 342016 ----a-w- c:\windows\system32\certcli.dll
    2015-04-13 03:19:24 259072 ----a-w- c:\windows\system32\services.exe
    .
    ============= FINISH: 20:17:17,75 ===============

  • #2
    GMER
    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2015-07-07 20:45:53
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1ER162 rev.CC45 931,51GB
    Running: npyjmxpb.exe; Driver: C:\Users\DV\AppData\Local\Temp\pxldapoc.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAdjustPrivilegesToken [0x8E6F80A0]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcConnectPort [0x8E6F8020]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcSendWaitReceivePort [0x8E6F8030]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwConnectPort [0x8E6F8050]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSection [0x8E6F8000]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSymbolicLinkObject [0x8E6F8190]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThread [0x8E6F80F0]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThreadEx [0x8E6F8040]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDebugActiveProcess [0x8E6F8130]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDeviceIoControlFile [0x8E6F81F0]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDuplicateObject [0x8E6F8160]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwLoadDriver [0x8E6F8140]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwMapViewOfSection [0x8E6F8170]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenProcess [0x8E6F8080]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenSection [0x8E6F8070]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenThread [0x8E6F8090]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwPlugPlayControl [0x8E6F81A0]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwProtectVirtualMemory [0x8E6F80B0]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryIntervalProfile [0x8E6F8480]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueueApcThread [0x8E6F8110]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwRequestWaitReplyPort [0x8E6F81E0]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeProcess [0x8E6F84A0]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeThread [0x8E6F81B0]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSecureConnectPort [0x8E6F8060]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetContextThread [0x8E6F8100]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationToken [0x8E6F8010]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetSystemInformation [0x8E6F8150]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendProcess [0x8E6F81D0]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendThread [0x8E6F81C0]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSystemDebugControl [0x8E6F8120]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateProcess [0x8E6F80C0]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateThread [0x8E6F80D0]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwUnmapViewOfSection [0x8E6F8180]
    SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwWriteVirtualMemory [0x8E6F80E0]

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!ZwRequestPort + 14AD 82E52BB5 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E8CB92 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82E93F9C 4 Bytes [A0, 80, 6F, 8E]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82E93FC4 4 Bytes [20, 80, 6F, 8E]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82E94008 4 Bytes [30, 80, 6F, 8E]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82E94058 4 Bytes [50, 80, 6F, 8E]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82E940BC 4 Bytes [00, 80, 6F, 8E]
    .text ...
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x97A0F000, 0x17E53A, 0xE8000020]

    ---- User code sections - GMER 2.1 ----

    ? C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe[1524] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
    ? C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe[1524] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: uxtheme.dllunknown module: KERNELBASE.dll
    ? C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe[1524] C:\Windows\system32\ADVAPI32.dll time/date stamp mismatch; unknown module: CRYPTSP.dllunknown module: WINTRUST.dllunknown module: SspiCli.dllunknown module: bcrypt.dllunknown module: pcwum.dllunknown module: KERNELBASE.dll
    .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe[1524] USER32.dll!NotifyWinEvent + 5B2 76A9D570 4 Bytes [80, 40, 33, 73] {ADD BYTE [EAX+0x33], 0x73}
    .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe[1524] USER32.dll!NotifyWinEvent + 6AE 76A9D66C 4 Bytes [30, 40, 33, 73]
    .text C:\Windows\system32\taskhost.exe[2764] ole32.dll!CoCreateInstance 76969D0B 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll
    .text C:\Windows\system32\taskhost.exe[2764] ole32.dll!CoCreateInstanceEx 76969D4E 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll
    ? C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe[2812] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: uxtheme.dllunknown module: KERNELBASE.dll
    ? C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe[2812] C:\Windows\system32\user32.dll time/date stamp mismatch; unknown module: CFGMGR32.dllunknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
    .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe[2812] user32.dll!LockWindowStation + 1C2 76A8494C 1 Byte [FC]
    .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe[2812] user32.dll!NotifyWinEvent + 5B2 76A9D570 4 Bytes [80, 40, 33, 73] {ADD BYTE [EAX+0x33], 0x73}
    .text C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe[2812] user32.dll!NotifyWinEvent + 6AE 76A9D66C 4 Bytes [30, 40, 33, 73]
    .text C:\Windows\system\HsMgr.exe[3232] ole32.dll!CoCreateInstance 76969D0B 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll
    .text C:\Windows\system\HsMgr.exe[3232] ole32.dll!CoCreateInstanceEx 76969D4E 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll
    .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3288] ole32.dll!CoCreateInstance 76969D0B 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll
    .text C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe[3288] ole32.dll!CoCreateInstanceEx 76969D4E 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll
    .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[3428] ole32.dll!CoCreateInstance 76969D0B 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll
    .text C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe[3428] ole32.dll!CoCreateInstanceEx 76969D4E 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
    AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
    AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys

    ---- Services - GMER 2.1 ----

    Service C:\Windows\system32 (*** hidden *** ) [MANUAL] MpsSvc <-- ROOTKIT !!!

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/[email protected]\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xDE 0x59 0xED 0xB1 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/[email protected]\Device\HarddiskVolume1\Program Files\Malwarebytes Anti-Malware\mbamservice.exe 0xBC 0xCB 0xC1 0x31 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/[email protected]\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0xB8 0xA1 0xB4 0xC4 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/[email protected]\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0x85 0x88 0x64 0xCA ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/[email protected]\Device\HarddiskVolume1\Program Files\Malwarebytes Anti-Malware\mbam.exe 0xB7 0x67 0x34 0xC6 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/[email protected]\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0x33 0x89 0xE1 0x31 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0xED 0x0B 0xA5 0x90 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xF4 0xC1 0x22 0xB2 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 0x59 0xE0 0xA5 0x25 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 0x5E 0xE1 0xB3 0x4F ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.exe 0x0A 0xB0 0x22 0x93 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Users\DV\AppData\Local\Temp\994D09E3-2323-11E5-A10F-001BFCFC5A70\TEST_WPF.EXE 0x75 0xFE 0xAB 0x5B ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe 0xB2 0xF8 0x10 0x1B ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Program Files\Malwarebytes Anti-Malware\mbamservice.exe 0xDA 0xF5 0xC4 0x0A ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0x2A 0xCA 0xEE 0x32 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe 0xC0 0xF3 0xD3 0x1F ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe 0xD0 0x40 0x87 0x20 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Program Files\Malwarebytes Anti-Malware\mbam.exe 0x4E 0x4B 0x68 0x00 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0x7C 0xF1 0x04 0xC3 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/[email protected]\Device\HarddiskVolume1\Program Files\Intel Driver Update Utility\DriverUpdateUI.exe 0xFE 0x63 0x97 0x62 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\[email protected] 38

    ---- EOF - GMER 2.1 ----

    Comment


    • #3
      RKill
      Rkill 2.7.0 by Lawrence Abrams (Grinler)
      http://www.bleepingcomputer.com/
      Copyright 2008-2015 BleepingComputer.com
      More Information about Rkill can be found at this link:
      http://www.bleepingcomputer.com/forums/topic308364.html

      Program started at: 07/07/2015 01:18:41 AM in x86 mode.
      Windows Version: Windows 7 Home Premium Service Pack 1

      Checking for Windows services to stop:

      * No malware services found to stop.

      Checking for processes to terminate:

      * C:\Windows\system\HsMgr.exe (PID: 2884) [WD-HEUR]

      1 proccess terminated!

      Checking Registry for malware related settings:

      * No issues found in the Registry.

      Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

      Performing miscellaneous checks:

      * Windows Firewall Disabled

      [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "EnableFirewall" = dword:00000000

      Checking Windows Service Integrity:

      * MpsSvc (MpsSvc) is not Running.
      Startup Type set to: Manual

      * Autorisatiestuurprogramma van Windows Firewall (mpsdrv) is not Running.
      Startup Type set to: Manual

      * MpsSvc => . [Incorrect ImagePath]

      Searching for Missing Digital Signatures:

      * No issues found.

      Checking HOSTS File:

      * HOSTS file entries found:

      127.0.0.1 localhost

      Program finished at: 07/07/2015 01:19:48 AM
      Execution time: 0 hours(s), 1 minute(s), and 7 seconds(s)



      JRT
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 7.3.3 (07.06.2015:2)
      OS: Windows 7 Home Premium x86
      Ran by DV on di 07-07-2015 at 1:21:16,95
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      ~~~ Services



      ~~~ Tasks



      ~~~ Registry Values



      ~~~ Registry Keys



      ~~~ Files



      ~~~ Folders



      ~~~ FireFox

      Emptied folder: C:\Users\DV\AppData\Roaming\mozilla\firefox\profiles\gg9uk1kn.default\minidumps [1 files]





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on di 07-07-2015 at 1:24:21,98
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      Comment


      • #4
        ComboFix 15-07-07.01 - DV 07-07-2015 0:48.1.2 - x86
        Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2046.1257 [GMT 2:00]
        Gestart vanuit: c:\users\DV\Downloads\ComboFix.exe
        AV: Kaspersky Total Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
        FW: Kaspersky Total Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
        SP: Kaspersky Total Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
        SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        .
        .
        (((((((((((((((((((( Bestanden Gemaakt van 2015-06-06 to 2015-07-06 ))))))))))))))))))))))))))))))
        .
        .
        2015-07-06 22:38 . 2015-07-06 22:39 -------- d-----w- c:\program files\trend micro
        2015-07-06 22:38 . 2015-07-06 22:39 -------- d-----w- C:\rsit
        2015-07-06 18:18 . 2015-07-06 18:18 -------- d-----w- c:\programdata\VS Revo Group
        2015-07-06 18:18 . 2009-12-30 08:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
        2015-07-06 18:18 . 2015-07-06 18:18 -------- d-----w- c:\program files\VS Revo Group
        2015-07-06 16:37 . 2015-07-06 16:38 -------- d-----w- c:\program files\Speccy
        2015-07-06 14:39 . 2015-07-06 14:39 -------- d-----w- c:\program files\Common Files\Java
        2015-07-06 14:39 . 2015-07-06 14:38 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
        2015-07-06 14:38 . 2015-07-06 14:39 -------- d-----w- c:\programdata\Oracle
        2015-07-06 14:38 . 2015-07-06 14:38 -------- d-----w- c:\program files\Java
        2015-07-06 14:34 . 2015-07-06 14:34 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
        2015-07-06 14:34 . 2015-07-06 14:34 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
        2015-07-06 14:34 . 2015-07-06 14:34 -------- d-----w- c:\windows\system32\Macromed
        2015-07-06 14:23 . 2015-07-06 14:23 -------- d-----w- c:\program files\Intel Driver Update Utility
        2015-07-06 13:01 . 2013-12-10 02:02 428032 ----a-w- c:\windows\system32\vbscript.dll
        2015-07-06 03:27 . 2015-07-06 03:32 -------- d-----w- C:\fe1275758ea615fbf0c262453efaa8
        2015-07-06 02:40 . 2015-01-31 03:33 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
        2015-07-06 02:40 . 2015-01-31 00:48 221184 ----a-w- c:\windows\system32\rdpudd.dll
        2015-07-06 02:40 . 2015-01-31 03:33 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
        2015-07-06 02:40 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
        2015-07-06 02:40 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
        2015-07-06 02:40 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
        2015-07-06 02:40 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
        2015-07-06 02:40 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
        2015-07-06 02:40 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
        2015-07-06 02:40 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
        2015-07-06 02:39 . 2014-12-11 17:47 74240 ----a-w- c:\windows\system32\TSWbPrxy.exe
        2015-07-06 02:38 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
        2015-07-06 02:38 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
        2015-07-06 02:38 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\system32\mstscax.dll
        2015-07-06 02:14 . 2015-07-06 02:14 -------- d-----w- c:\windows\system32\drivers\en-US
        2015-07-06 02:11 . 2012-08-23 14:44 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
        2015-07-06 02:11 . 2012-08-23 11:12 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
        2015-07-06 02:08 . 2015-05-01 13:16 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
        2015-07-06 02:02 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
        2015-07-06 02:02 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
        2015-07-06 02:02 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
        2015-07-06 02:02 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
        2015-07-06 02:02 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
        2015-07-06 02:02 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
        2015-07-06 02:02 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
        2015-07-06 02:02 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
        2015-07-06 02:02 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe
        2015-07-06 02:02 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
        2015-07-06 01:56 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
        2015-07-06 01:45 . 2015-07-06 01:45 -------- d-----w- C:\6bd0083582e5d98d13becf80
        2015-07-06 01:32 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\system32\wpdshext.dll
        2015-07-06 01:30 . 2014-11-11 01:32 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
        2015-07-06 01:29 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
        2015-07-06 01:29 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
        2015-07-06 01:29 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
        2015-07-06 01:29 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
        2015-07-06 01:29 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
        2015-07-06 01:29 . 2014-09-04 05:04 372736 ----a-w- c:\windows\system32\rastls.dll
        2015-07-06 01:29 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
        2015-07-06 01:29 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
        2015-07-06 01:29 . 2015-04-11 03:07 54656 ----a-w- c:\windows\system32\drivers\stream.sys
        2015-07-06 01:22 . 2015-03-04 04:16 249784 ----a-w- c:\windows\system32\clfs.sys
        2015-07-06 01:22 . 2015-03-04 04:10 58880 ----a-w- c:\windows\system32\clfsw32.dll
        2015-07-06 01:22 . 2015-04-20 02:56 909312 ----a-w- c:\windows\system32\FntCache.dll
        2015-07-06 01:22 . 2015-04-20 02:56 1250816 ----a-w- c:\windows\system32\DWrite.dll
        2015-07-06 01:20 . 2015-07-06 01:20 -------- d-----w- c:\windows\CheckSur
        2015-07-06 01:19 . 2015-02-04 02:54 417792 ----a-w- c:\windows\system32\WMPhoto.dll
        2015-07-06 01:04 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
        2015-07-06 01:04 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
        2015-07-06 01:04 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
        2015-07-06 01:04 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
        2015-07-06 01:04 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
        2015-07-05 23:45 . 2015-07-05 23:45 -------- d-----w- C:\73de7781020ac29b19b430f9
        2015-07-05 23:42 . 2015-07-05 23:42 -------- d-----w- C:\2de9587c528f16901603c5389c33
        2015-07-05 22:37 . 2015-07-05 22:37 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
        2015-07-05 21:50 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
        2015-07-05 21:50 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
        2015-07-05 21:50 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
        2015-07-05 21:50 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
        2015-07-05 21:50 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
        2015-07-05 21:50 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
        2015-07-05 21:50 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
        2015-07-05 21:48 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
        2015-07-05 21:48 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
        2015-07-05 21:48 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
        2015-07-05 21:48 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
        2015-07-05 21:47 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
        2015-07-05 21:47 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
        2015-07-05 21:03 . 2015-01-09 02:48 76800 ----a-w- c:\windows\system32\wdi.dll
        2015-07-05 21:03 . 2015-01-09 02:48 635904 ----a-w- c:\windows\system32\perftrack.dll
        2015-07-05 21:03 . 2015-01-09 02:48 27136 ----a-w- c:\windows\system32\powertracker.dll
        2015-07-05 21:01 . 2015-05-09 03:13 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
        2015-07-05 21:01 . 2015-05-09 03:13 33792 ----a-w- c:\windows\system32\wuapp.exe
        2015-07-05 21:01 . 2015-05-09 03:13 131584 ----a-w- c:\windows\system32\wuauclt.exe
        2015-07-05 21:01 . 2015-05-09 03:14 92672 ----a-w- c:\windows\system32\wudriver.dll
        2015-07-05 21:01 . 2015-05-09 03:14 35840 ----a-w- c:\windows\system32\wups2.dll
        2015-07-05 21:01 . 2015-05-09 03:14 30208 ----a-w- c:\windows\system32\wups.dll
        2015-07-05 21:01 . 2015-05-09 03:14 2937344 ----a-w- c:\windows\system32\wucltux.dll
        2015-07-05 21:01 . 2015-05-09 03:14 2045952 ----a-w- c:\windows\system32\wuaueng.dll
        2015-07-05 21:01 . 2015-05-09 03:14 173056 ----a-w- c:\windows\system32\wuwebv.dll
        2015-07-05 21:01 . 2015-05-09 03:14 566784 ----a-w- c:\windows\system32\wuapi.dll
        2015-07-05 21:01 . 2015-05-09 03:13 69632 ----a-w- c:\windows\system32\WinSetupUI.dll
        2015-07-05 21:00 . 2015-03-14 03:04 67584 ----a-w- c:\windows\system32\dwmapi.dll
        2015-07-05 21:00 . 2015-03-14 03:04 1372160 ----a-w- c:\windows\system32\dwmcore.dll
        2015-07-05 21:00 . 2015-05-09 18:09 715200 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
        2015-07-05 21:00 . 2015-04-27 19:05 179200 ----a-w- c:\windows\system32\wintrust.dll
        2015-07-05 21:00 . 2015-04-27 19:04 143872 ----a-w- c:\windows\system32\cryptsvc.dll
        2015-07-05 21:00 . 2015-04-27 19:04 1174528 ----a-w- c:\windows\system32\crypt32.dll
        2015-07-05 21:00 . 2015-04-27 19:04 103936 ----a-w- c:\windows\system32\cryptnet.dll
        2015-07-05 20:44 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
        2015-07-05 20:43 . 2014-06-18 01:52 868864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
        2015-07-05 20:41 . 2014-11-26 03:32 571904 ----a-w- c:\windows\system32\oleaut32.dll
        2015-07-05 20:40 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
        2015-07-05 20:39 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
        2015-07-05 20:38 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
        2015-07-05 20:38 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
        2015-07-05 20:38 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
        2015-07-05 20:38 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
        2015-07-05 20:38 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
        2015-07-05 20:38 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
        2015-07-05 20:38 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
        2015-07-05 20:38 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
        2015-07-05 20:38 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\system32\msxml3.dll
        2015-07-05 20:38 . 2015-03-10 03:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
        2015-07-05 20:38 . 2015-04-24 17:56 530432 ----a-w- c:\windows\system32\comctl32.dll
        2015-07-05 20:31 . 2015-07-05 20:31 -------- d-----w- c:\programdata\ATI
        2015-07-05 20:27 . 2015-07-05 20:28 -------- d-----w- c:\program files\Raptr
        2015-07-05 20:27 . 2015-07-05 20:27 -------- d-----w- c:\program files\AMD AVT
        2015-07-05 20:18 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
        .
        .
        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2015-07-05 16:55 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
        2015-07-05 16:12 . 2014-11-22 12:12 72560 ----a-w- c:\windows\system32\drivers\klwtp.sys
        2015-07-05 16:12 . 2014-11-10 15:48 157240 ----a-w- c:\windows\system32\drivers\kneps.sys
        2015-07-05 16:12 . 2014-10-10 15:02 34160 ----a-w- c:\windows\system32\drivers\klim6.sys
        2015-07-05 16:12 . 2014-10-09 10:31 54328 ----a-w- c:\windows\system32\drivers\kltdi.sys
        2015-07-05 16:12 . 2013-04-12 12:34 23920 ----a-w- c:\windows\system32\drivers\klpd.sys
        2015-07-05 16:12 . 2015-05-18 20:16 54640 ----a-w- c:\windows\system32\drivers\kldisk.sys
        2015-07-05 16:12 . 2014-03-31 08:47 153784 ----a-w- c:\windows\system32\drivers\kl1.sys
        2015-07-05 16:10 . 2014-10-30 02:22 36208 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
        2015-07-05 16:10 . 2013-08-08 14:10 35696 ----a-w- c:\windows\system32\drivers\klmouflt.sys
        2015-07-05 16:10 . 2014-11-28 16:19 128728 ----a-w- c:\windows\system32\drivers\klflt.sys
        2015-07-05 16:10 . 2014-10-22 19:13 44208 ----a-w- c:\windows\system32\drivers\klhk.sys
        2015-07-05 16:10 . 2013-01-14 18:10 197864 ----a-w- c:\windows\system32\drivers\cm_km_w.sys
        2015-04-24 08:34 . 2015-04-24 08:34 85504 ----a-w- c:\windows\system32\mantleaxl32.dll
        2015-04-24 08:34 . 2015-04-24 08:34 113664 ----a-w- c:\windows\system32\mantle32.dll
        2015-04-24 08:34 . 2015-04-24 08:34 45056 ----a-w- c:\windows\system32\ATIODCLI.exe
        2015-04-24 08:34 . 2015-04-24 08:34 294912 ----a-w- c:\windows\system32\ATIODE.exe
        2015-04-24 08:33 . 2015-04-24 08:33 118784 ----a-w- c:\windows\system32\atibtmon.exe
        2015-04-24 08:33 . 2015-04-24 08:33 995342 ----a-w- c:\windows\system32\amdocl_as32.exe
        2015-04-24 08:33 . 2015-04-24 08:33 798734 ----a-w- c:\windows\system32\amdocl_ld32.exe
        2015-04-24 08:33 . 2015-04-24 08:33 4590592 ----a-w- c:\windows\system32\amdmantle32.dll
        2015-04-24 08:33 . 2015-04-24 08:33 38912 ----a-w- c:\windows\system32\amdmmcl.dll
        2015-04-24 08:33 . 2015-04-24 08:33 265416 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
        .
        .
        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
        REGEDIT4
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "Cmaudio8788GX"="c:\windows\system\HsMgr.exe" [2008-07-11 200704]
        "StartCCC"="c:\program files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-11-20 748232]
        "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "ConsentPromptBehaviorAdmin"= 5 (0x5)
        "ConsentPromptBehaviorUser"= 3 (0x3)
        "EnableUIADesktopToggle"= 0 (0x0)
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
        2015-05-15 02:26 55568 ----a-w- c:\progra~1\Raptr\raptrstub.exe
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
        "DisableMonitoring"=dword:00000001
        .
        R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
        R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
        R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
        S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys [2015-07-05 197864]
        S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys [2015-07-05 44208]
        S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2015-07-05 34160]
        S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2015-07-05 23920]
        S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2015-07-05 54328]
        S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys [2015-07-05 72560]
        S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2015-07-05 157240]
        S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-11-21 212992]
        S2 AVP15.0.2;Kaspersky Anti-Virus Service 15.0.2;c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [2015-07-05 194000]
        S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
        S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys [2015-07-05 54640]
        S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-06-21 77824]
        S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 1760256]
        S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2015-07-05 128728]
        S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2015-07-05 36208]
        S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2015-07-05 35696]
        S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
        .
        .
        --- Andere Services/Drivers In Geheugen ---
        .
        *NewlyCreated* - WS2IFSL
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        utcsvc REG_MULTI_SZ DiagTrack
        .
        Inhoud van de 'Gedeelde Taken' map
        .
        2015-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
        - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-06 14:34]
        .
        .
        ------- Bijkomende Scan -------
        .
        IE: {{5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
        TCP: DhcpNameServer = 83.128.0.3 62.45.46.69
        FF - ProfilePath - c:\users\DV\AppData\Roaming\Mozilla\Firefox\Profiles\gg9uk1kn.default\
        FF - user.js: plugin.state.npcontentblocker - 2
        FF - user.js: plugin.state.nponlinebanking - 2
        FF - user.js: plugin.state.npvkplugin - 2
        .
        - - - - ORPHANS VERWIJDERD - - - -
        .
        HKLM-Run-Cmaudio8788 - cmicnfgp.cpl
        .
        .
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
        "ImagePath"="."
        .
        --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
        @Denied: (Full) (Everyone)
        .
        --------------------- DLLs Geladen Onder Lopende Processen ---------------------
        .
        - - - - - - - > 'Explorer.exe'(8156)
        c:\windows\system\HsSrv.dll
        .
        ------------------------ Andere Aktieve Processen ------------------------
        .
        c:\windows\system32\atieclxx.exe
        c:\windows\system32\taskhost.exe
        c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
        c:\windows\System32\WUDFHost.exe
        c:\windows\system32\conhost.exe
        c:\program files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
        c:\program files\AMD\ATI.ACE\Core-Static\MOM.exe
        c:\program files\Windows Media Player\wmpnetwk.exe
        c:\program files\AMD\ATI.ACE\Core-Static\CCC.exe
        c:\windows\system32\sppsvc.exe
        c:\windows\system32\taskhost.exe
        .
        **************************************************************************
        .
        Voltooingstijd: 2015-07-07 01:06:11 - machine werd herstart
        ComboFix-quarantined-files.txt 2015-07-06 23:06
        .
        Pre-Run: 866.929.577.984 bytes beschikbaar
        Post-Run: 867.209.367.552 bytes beschikbaar
        .
        - - End Of File - - 6B16572DF5AD60651262516922A9F8CF
        A36C5E4F47E84449FF07ED3517B43A31

        Comment


        • #5
          info.txt logfile of random's system information tool 1.10 2015-07-07 00:39:28

          ======MBR======

          0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2 F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E100074266668 0000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E 028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E8 8D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201 722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA 007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB0024 02E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174 696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9AB4DC6C010000802021 0007EFFFFF000800000058707400000000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000055AA

          ======Uninstall list======

          Adobe Flash Player 18 NPAPI-->C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_194_Plugin.exe -maintain plugin
          AMD Accelerated Video Transcoding-->MsiExec.exe /X{D427123D-6FED-3FF4-8490-49BAD3970C11}
          AMD Catalyst Install Manager-->msiexec /q/x{DE7D695C-2EC7-AFDF-F786-6E938DE83175} REBOOT=ReallySuppress
          AMD Drag and Drop Transcoding-->MsiExec.exe /X{5DFCB6D6-D483-87BF-AE69-48DFD89AE3F0}
          AMD Wireless Display v3.0-->MsiExec.exe /I{7B6DB690-4552-9EDC-40F3-4F73B2B98EB1}
          ASUS Xonar DG Audio Driver-->C:\Windows\System32\cmeauoxy.exe /rm /ppcioxygen
          Catalyst Control Center - Branding-->MsiExec.exe /I{11087D24-567D-7D88-69C6-D7A08B5F4C47}
          CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
          Intel(R) Driver Update Utility 2.0-->MsiExec.exe /X{59DB38EB-F864-4E10-841D-38CFBCF864B0}
          Intel® Driver Update Utility-->"C:\ProgramData\Package Cache\{8409c4f7-2340-4933-a304-5d37db4fb48b}\Intel® Driver Update Utility Installer.exe" /uninstall
          Java 8 Update 45-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218045F0}
          Kaspersky Total Security-->MsiExec.exe /I{02FECEE0-16B2-43DB-BC3B-C844477FC142}
          Kaspersky Total Security-->MsiExec.exe /I{02FECEE0-16B2-43DB-BC3B-C844477FC142} REMOVE=ALL
          Microsoft .NET Framework 4.5.2 (Nederlands)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\NLD\\Setup.exe /repair /x86 /lcid 1043
          Microsoft .NET Framework 4.5.2 (NLD)-->MsiExec.exe /X{F9062696-5B87-39CC-90CE-DA256689262D}
          Microsoft .NET Framework 4.5.2-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\\Setup.exe /repair /x86
          Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{3911CF56-9EF2-39BA-846A-C27BD3CD0685}
          Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
          Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
          Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727-->"C:\ProgramData\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe" /uninstall
          Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727-->MsiExec.exe /X{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}
          Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727-->MsiExec.exe /X{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}
          Mozilla Firefox 39.0 (x86 nl)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
          Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
          Raptr-->"C:\Program Files\Raptr\uninstall.exe"
          Revo Uninstaller Pro 3.1.2-->"C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
          Security Update for Microsoft .NET Framework 4.5.2 (KB2972107)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {CBD8D84A-257A-3A60-9819-5DF166F9CD25}
          Security Update for Microsoft .NET Framework 4.5.2 (KB2972216)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {4DC3F78D-5CCF-37B9-9A05-EDDC456F4F20}
          Security Update for Microsoft .NET Framework 4.5.2 (KB2978128)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {00BE0B8D-C610-34AA-ABD1-EE023DA39E5D}
          Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {1863F765-CBE8-3EB3-B434-CA6B6DF2561E}
          Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {3DDE5FB2-7F31-38AB-9407-F5698AD72FE8}
          Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {3DFE50DE-BA81-369E-B149-CC3B8AB09405}
          Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {C7D8B9A9-9C79-3278-A33E-C621DA724830}
          Speccy-->"C:\Program Files\Speccy\uninst.exe"

          ======System event log======

          Computer Name: DV-PC
          Event Code: 17
          Message: Er is een gecorrigeerde hardwarefout opgetreden.

          Onderdeel: PCI Express Root Port
          Foutbron: Geavanceerde foutrapportage (PCI Express)

          Bus:Apparaat:Functie: 0x00x20x0
          Leverancier-id:Apparaat-id: 0x1106:0xa364
          Klassecode: 0x30400

          Zie de detailweergave van deze vermelding voor aanvullende informatie.
          Record Number: 63180137
          Source Name: Microsoft-Windows-WHEA-Logger
          Time Written: 20150705192335.015971-000
          Event Type: Waarschuwing
          User: NT AUTHORITY\LOCAL SERVICE

          Computer Name: DV-PC
          Event Code: 17
          Message: Er is een gecorrigeerde hardwarefout opgetreden.

          Onderdeel: PCI Express Root Port
          Foutbron: Geavanceerde foutrapportage (PCI Express)

          Bus:Apparaat:Functie: 0x00x20x0
          Leverancier-id:Apparaat-id: 0x1106:0xa364
          Klassecode: 0x30400

          Zie de detailweergave van deze vermelding voor aanvullende informatie.
          Record Number: 63180136
          Source Name: Microsoft-Windows-WHEA-Logger
          Time Written: 20150705192335.015971-000
          Event Type: Waarschuwing
          User: NT AUTHORITY\LOCAL SERVICE

          Computer Name: DV-PC
          Event Code: 17
          Message: Er is een gecorrigeerde hardwarefout opgetreden.

          Onderdeel: PCI Express Root Port
          Foutbron: Geavanceerde foutrapportage (PCI Express)

          Bus:Apparaat:Functie: 0x00x20x0
          Leverancier-id:Apparaat-id: 0x1106:0xa364
          Klassecode: 0x30400

          Zie de detailweergave van deze vermelding voor aanvullende informatie.
          Record Number: 63180135
          Source Name: Microsoft-Windows-WHEA-Logger
          Time Written: 20150705192335.014971-000
          Event Type: Waarschuwing
          User: NT AUTHORITY\LOCAL SERVICE

          Computer Name: DV-PC
          Event Code: 17
          Message: Er is een gecorrigeerde hardwarefout opgetreden.

          Onderdeel: PCI Express Root Port
          Foutbron: Geavanceerde foutrapportage (PCI Express)

          Bus:Apparaat:Functie: 0x00x20x0
          Leverancier-id:Apparaat-id: 0x1106:0xa364
          Klassecode: 0x30400

          Zie de detailweergave van deze vermelding voor aanvullende informatie.
          Record Number: 63180134
          Source Name: Microsoft-Windows-WHEA-Logger
          Time Written: 20150705192335.014971-000
          Event Type: Waarschuwing
          User: NT AUTHORITY\LOCAL SERVICE

          Computer Name: DV-PC
          Event Code: 17
          Message: Er is een gecorrigeerde hardwarefout opgetreden.

          Onderdeel: PCI Express Root Port
          Foutbron: Geavanceerde foutrapportage (PCI Express)

          Bus:Apparaat:Functie: 0x00x20x0
          Leverancier-id:Apparaat-id: 0x1106:0xa364
          Klassecode: 0x30400

          Zie de detailweergave van deze vermelding voor aanvullende informatie.
          Record Number: 63180133
          Source Name: Microsoft-Windows-WHEA-Logger
          Time Written: 20150705192335.014971-000
          Event Type: Waarschuwing
          User: NT AUTHORITY\LOCAL SERVICE

          =====Application event log=====

          Computer Name: 37L4247D28-05
          Event Code: 412
          Message: Catalog Database (1076) Catalog Database: Kan de header van logboekbestand C:\Windows\system32\CatRoot2\edb.log niet lezen. Fout -546.
          Record Number: 5
          Source Name: ESENT
          Time Written: 20150704193947.000000-000
          Event Type: Fout
          User:

          Computer Name: 37L4247D28-05
          Event Code: 5617
          Message: Subsystemen van Windows Management Instrumentation-service zijn geïnitialiseerd
          Record Number: 4
          Source Name: Microsoft-Windows-WMI
          Time Written: 20150704193944.000000-000
          Event Type: Informatie
          User:

          Computer Name: 37L4247D28-05
          Event Code: 5615
          Message: De Windows Management Instrumentation-service is gestart
          Record Number: 3
          Source Name: Microsoft-Windows-WMI
          Time Written: 20150704193940.000000-000
          Event Type: Informatie
          User:

          Computer Name: 37L4247D28-05
          Event Code: 1531
          Message: De User Profile-service is gestart.


          Record Number: 2
          Source Name: Microsoft-Windows-User Profiles Service
          Time Written: 20150704193935.889755-000
          Event Type: Informatie
          User: NT AUTHORITY\SYSTEM

          Computer Name: 37L4247D28-05
          Event Code: 4625
          Message: Het EventSystem-subsysteem onderdrukt gedurende 86400 seconden dubbele vermeldingen in het gebeurtenislogboek. De time-out voor onderdrukking kan worden ingesteld met de REG_DWORD-waarde SuppressDuplicateDuration in de volgende registersleutel: HKLM\Software\Microsoft\EventSystem\EventLog.
          Record Number: 1
          Source Name: Microsoft-Windows-EventSystem
          Time Written: 20150704193936.000000-000
          Event Type: Informatie
          User:

          =====Security event log=====

          Computer Name: 37L4247D28-05
          Event Code: 4672
          Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

          Onderwerp:
          Beveiligings-id: S-1-5-18
          Accountnaam: SYSTEM
          Accountdomein: NT AUTHORITY
          Aanmeldings-id: 0x3e7

          Bevoegdheden: SeAssignPrimaryTokenPrivilege
          SeTcbPrivilege
          SeSecurityPrivilege
          SeTakeOwnershipPrivilege
          SeLoadDriverPrivilege
          SeBackupPrivilege
          SeRestorePrivilege
          SeDebugPrivilege
          SeAuditPrivilege
          SeSystemEnvironmentPrivilege
          SeImpersonatePrivilege
          Record Number: 5
          Source Name: Microsoft-Windows-Security-Auditing
          Time Written: 20150704193910.945311-000
          Event Type: Controle geslaagd
          User:

          Computer Name: 37L4247D28-05
          Event Code: 4624
          Message: Er is een account aangemeld.

          Onderwerp:
          Beveiligings-id: S-1-5-18
          Accountnaam: 37L4247D28-05$
          Accountdomein: WORKGROUP
          Aanmeldings-id: 0x3e7

          Aanmeldingstype: 5

          Nieuwe aanmelding:
          Beveiligings-id: S-1-5-18
          Accountnaam: SYSTEM
          Accountdomein: NT AUTHORITY
          Aanmeldings-id: 0x3e7
          Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

          Procesgegevens:
          Proces-id: 0x1e8
          Naam proces: C:\Windows\System32\services.exe

          Netwerkgegevens:
          Naam van werkstation:
          Netwerkadres van bron: -
          Poort van bron: -

          Gedetailleerde verificatiegegevens:
          Aanmeldingsproces: Advapi
          Verificatiepakket: Negotiate
          Doorgezette services: -
          Pakketnaam (alleen NTLM): -
          Sleutellengte: 0

          Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

          De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

          In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

          Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

          In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

          De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
          - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
          - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
          - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
          - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
          Record Number: 4
          Source Name: Microsoft-Windows-Security-Auditing
          Time Written: 20150704193910.945311-000
          Event Type: Controle geslaagd
          User:

          Computer Name: 37L4247D28-05
          Event Code: 4902
          Message: De tabel voor controlebeleid per gebruiker is gemaakt.

          Aantal elementen: 0
          Beleids-id: 0x2fb1d
          Record Number: 3
          Source Name: Microsoft-Windows-Security-Auditing
          Time Written: 20150704193905.875302-000
          Event Type: Controle geslaagd
          User:

          Computer Name: 37L4247D28-05
          Event Code: 4624
          Message: Er is een account aangemeld.

          Onderwerp:
          Beveiligings-id: S-1-0-0
          Accountnaam: -
          Accountdomein: -
          Aanmeldings-id: 0x0

          Aanmeldingstype: 0

          Nieuwe aanmelding:
          Beveiligings-id: S-1-5-18
          Accountnaam: SYSTEM
          Accountdomein: NT AUTHORITY
          Aanmeldings-id: 0x3e7
          Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

          Procesgegevens:
          Proces-id: 0x4
          Naam proces:

          Netwerkgegevens:
          Naam van werkstation: -
          Netwerkadres van bron: -
          Poort van bron: -

          Gedetailleerde verificatiegegevens:
          Aanmeldingsproces: -
          Verificatiepakket: -
          Doorgezette services: -
          Pakketnaam (alleen NTLM): -
          Sleutellengte: 0

          Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

          De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

          In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

          Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

          In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

          De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.
          - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.
          - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.
          - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.
          - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.
          Record Number: 2
          Source Name: Microsoft-Windows-Security-Auditing
          Time Written: 20150704193903.566498-000
          Event Type: Controle geslaagd
          User:

          Computer Name: 37L4247D28-05
          Event Code: 4608
          Message: Windows wordt opgestart.

          Deze gebeurtenis wordt in het logboek geregistreerd wanneer LSASS.EXE wordt gestart en het subsysteem voor controle wordt geïnitialiseerd.
          Record Number: 1
          Source Name: Microsoft-Windows-Security-Auditing
          Time Written: 20150704193903.504098-000
          Event Type: Controle geslaagd
          User:

          ======Environment variables======

          "ComSpec"=%SystemRoot%\system32\cmd.exe
          "FP_NO_HOST_CHECK"=NO
          "OS"=Windows_NT
          "Path"=C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\ Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\AMD\ATI.ACE\Core-Static
          "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
          "PROCESSOR_ARCHITECTURE"=x86
          "TEMP"=%SystemRoot%\TEMP
          "TMP"=%SystemRoot%\TEMP
          "USERNAME"=SYSTEM
          "windir"=%SystemRoot%
          "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
          "NUMBER_OF_PROCESSORS"=2
          "PROCESSOR_LEVEL"=6
          "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
          "PROCESSOR_REVISION"=0f02

          -----------------EOF-----------------

          Comment


          • #6
            Logfile of random's system information tool 1.10 (written by random/random)
            Run by DV at 2015-07-07 00:38:56
            Microsoft Windows 7 Home Premium Service Pack 1
            System drive C: has 827 GB (87%) free of 954 GB
            Total RAM: 2046 MB (63% free)

            Logfile of Trend Micro HijackThis v2.0.4
            Scan saved at 0:39:23, on 7-7-2015
            Platform: Windows 7 SP1 (WinNT 6.00.3505)
            MSIE: Unable to get Internet Explorer version!
            Boot mode: Normal

            Running processes:
            C:\Windows\system32\taskhost.exe
            C:\Windows\system32\Dwm.exe
            C:\Windows\Explorer.EXE
            C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
            C:\Windows\system\HsMgr.exe
            C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
            C:\Program Files\Common Files\Java\Java Update\jusched.exe
            C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
            C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
            C:\Users\DV\Downloads\RSIT.exe
            C:\Program Files\trend micro\DV.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
            O2 - BHO: VirtualKeyboardBrowserHelperObject - {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
            O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
            O2 - BHO: ContentBlockerBrowserHelperObject - {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
            O2 - BHO: Safe Money Plugin - {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
            O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
            O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
            O4 - HKLM\..\Run: [Cmaudio8788GX] C:\Windows\system\HsMgr.exe Envoke
            O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
            O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
            O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
            O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
            O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
            O9 - Extra button: Virtual Keyboard - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
            O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
            O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
            O23 - Service: Kaspersky Anti-Virus Service 15.0.2 (AVP15.0.2) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
            O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

            --
            End of file - 3609 bytes

            ======Scheduled tasks folder======

            C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

            =========Mozilla firefox=========

            ProfilePath - C:\Users\DV\AppData\Roaming\Mozilla\Firefox\Profiles\gg9uk1kn.default

            "[email protected]"=C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\[email protected]
            "[email protected]"=C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\[email protected]
            "[email protected]"=C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\[email protected]


            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
            "Description"=Adobe® Flash® Player 18.0.0.194 Plugin
            "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
            "Description"=Java™ Deployment Toolkit
            "Path"=C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
            "Description"=Oracle® Next Generation Java™ Plug-In
            "Path"=C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098]
            "Description"=
            "Path"=C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\[email protected]

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5]
            "Description"=
            "Path"=C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\[email protected]

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E]
            "Description"=
            "Path"=C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keybo[email protected]


            C:\Users\DV\AppData\Roaming\Mozilla\Firefox\Profiles\gg9uk1kn.default\extensions\
            {0545b830-f0aa-4d7e-8820-50a4629a56fe}
            {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

            ======Registry dump======

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD}]
            Virtual Keyboard Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
            Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-06 460384]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93BC2EA7-2F17-4729-948A-D2E03FFB2412}]
            Content Blocker Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82}]
            Safe Money Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23 1699112]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
            Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-06 172640]

            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
            "Cmaudio8788"=RunDll32 cmicnfgp.cpl,CMICtrlWnd
            "Cmaudio8788GX"=C:\Windows\system\HsMgr.exe [2008-07-11 200704]
            "StartCCC"=C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [2014-11-20 748232]
            "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-04-30 334896]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
            C:\PROGRA~1\Raptr\raptrstub.exe [2015-05-15 55568]

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
            "SecurityProviders"=credssp.dll

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
            "ConsentPromptBehaviorAdmin"=5
            "ConsentPromptBehaviorUser"=3
            "EnableUIADesktopToggle"=0
            "dontdisplaylastusername"=0
            "legalnoticecaption"=
            "legalnoticetext"=
            "shutdownwithoutlogon"=1
            "undockwithoutlogon"=1

            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
            "NoDriveTypeAutoRun"=60

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
            "vidc.mrle"=msrle32.dll
            "vidc.msvc"=msvidc32.dll
            "msacm.imaadpcm"=imaadp32.acm
            "msacm.msg711"=msg711.acm
            "msacm.msgsm610"=msgsm32.acm
            "msacm.msadpcm"=msadp32.acm
            "midimapper"=midimap.dll
            "wavemapper"=msacm32.drv
            "vidc.uyvy"=msyuv.dll
            "vidc.yuy2"=msyuv.dll
            "vidc.yvyu"=msyuv.dll
            "vidc.iyuv"=iyuv_32.dll
            "vidc.i420"=iyuv_32.dll
            "vidc.yvu9"=tsbyuv.dll
            "msacm.l3acm"=C:\Windows\System32\l3codeca.acm
            "vidc.cvid"=iccvid.dll
            "wave"=wdmaud.drv
            "midi"=wdmaud.drv
            "mixer"=wdmaud.drv
            "aux"=wdmaud.drv
            "wave2"=wdmaud.drv
            "midi2"=wdmaud.drv
            "mixer2"=wdmaud.drv
            "wave1"=wdmaud.drv
            "midi1"=wdmaud.drv
            "mixer1"=wdmaud.drv
            "aux1"=wdmaud.drv
            Last edited by Spijker; 07-07-15, 21:53.

            Comment


            • #7
              ======File associations======

              .js - edit - C:\Windows\System32\Notepad.exe %1
              .js - open - C:\Windows\System32\WScript.exe "%1" %*

              ======List of files/folders created in the last 1 month======

              2015-07-07 00:38:57 ----D---- C:\Program Files\trend micro
              2015-07-07 00:38:56 ----D---- C:\rsit
              2015-07-06 23:50:29 ----A---- C:\Windows\system32\FNTCACHE.DAT
              2015-07-06 20:18:41 ----D---- C:\ProgramData\VS Revo Group
              2015-07-06 20:18:41 ----A---- C:\Windows\system32\drivers\revoflt.sys
              2015-07-06 20:18:39 ----D---- C:\Program Files\VS Revo Group
              2015-07-06 18:37:59 ----D---- C:\Program Files\Speccy
              2015-07-06 16:39:35 ----D---- C:\ProgramData\Sun
              2015-07-06 16:39:34 ----D---- C:\Program Files\Common Files\Java
              2015-07-06 16:39:30 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
              2015-07-06 16:38:36 ----D---- C:\ProgramData\Oracle
              2015-07-06 16:38:31 ----D---- C:\Program Files\Java
              2015-07-06 16:34:49 ----D---- C:\Users\DV\AppData\Roaming\Macromedia
              2015-07-06 16:34:49 ----D---- C:\Users\DV\AppData\Roaming\Adobe
              2015-07-06 16:34:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
              2015-07-06 16:34:07 ----D---- C:\Windows\system32\Macromed
              2015-07-06 16:23:48 ----D---- C:\Program Files\Intel Driver Update Utility
              2015-07-06 15:01:08 ----A---- C:\Windows\system32\vbscript.dll
              2015-07-06 05:27:24 ----D---- C:\fe1275758ea615fbf0c262453efaa8
              2015-07-06 04:40:09 ----A---- C:\Windows\system32\rdpudd.dll
              2015-07-06 04:40:09 ----A---- C:\Windows\system32\rdpcorets.dll
              2015-07-06 04:40:08 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
              2015-07-06 04:40:04 ----A---- C:\Windows\system32\fsutil.exe
              2015-07-06 04:40:04 ----A---- C:\Windows\system32\esent.dll
              2015-07-06 04:40:04 ----A---- C:\Windows\system32\drivers\nvstor.sys
              2015-07-06 04:40:04 ----A---- C:\Windows\system32\drivers\nvraid.sys
              2015-07-06 04:40:04 ----A---- C:\Windows\system32\drivers\iaStorV.sys
              2015-07-06 04:40:04 ----A---- C:\Windows\system32\drivers\amdxata.sys
              2015-07-06 04:40:04 ----A---- C:\Windows\system32\drivers\amdsata.sys
              2015-07-06 04:40:03 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
              2015-07-06 04:39:25 ----A---- C:\Windows\system32\TSWbPrxy.exe
              2015-07-06 04:38:28 ----A---- C:\Windows\system32\KBDYAK.DLL
              2015-07-06 04:38:28 ----A---- C:\Windows\system32\KBDTAT.DLL
              2015-07-06 04:38:28 ----A---- C:\Windows\system32\KBDRU1.DLL
              2015-07-06 04:38:28 ----A---- C:\Windows\system32\KBDRU.DLL
              2015-07-06 04:38:28 ----A---- C:\Windows\system32\KBDBASH.DLL
              2015-07-06 04:38:14 ----A---- C:\Windows\system32\mstscax.dll
              2015-07-06 04:14:08 ----D---- C:\Windows\system32\drivers\en-US
              2015-07-06 04:11:11 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
              2015-07-06 04:11:07 ----A---- C:\Windows\system32\rdpendp_winip.dll
              2015-07-06 04:08:07 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
              2015-07-06 04:02:11 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
              2015-07-06 04:02:09 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
              2015-07-06 04:02:09 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
              2015-07-06 04:02:08 ----A---- C:\Windows\system32\wksprtPS.dll
              2015-07-06 04:02:08 ----A---- C:\Windows\system32\wksprt.exe
              2015-07-06 04:02:08 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
              2015-07-06 04:02:08 ----A---- C:\Windows\system32\tsgqec.dll
              2015-07-06 04:02:08 ----A---- C:\Windows\system32\rdvidcrl.dll
              2015-07-06 04:02:08 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
              2015-07-06 04:02:07 ----A---- C:\Windows\system32\mstsc.exe
              2015-07-06 03:56:57 ----A---- C:\Windows\system32\msmpeg2vdec.dll
              2015-07-06 03:45:18 ----D---- C:\6bd0083582e5d98d13becf80
              2015-07-06 03:32:01 ----A---- C:\Windows\system32\wpdshext.dll
              2015-07-06 03:31:59 ----A---- C:\Windows\system32\dpnet.dll
              2015-07-06 03:31:58 ----A---- C:\Windows\system32\rpcrt4.dll
              2015-07-06 03:31:52 ----A---- C:\Windows\system32\IMJP10K.DLL
              2015-07-06 03:31:51 ----A---- C:\Windows\system32\msxml6r.dll
              2015-07-06 03:31:51 ----A---- C:\Windows\system32\msxml6.dll
              2015-07-06 03:31:50 ----A---- C:\Windows\system32\generaltel.dll
              2015-07-06 03:31:49 ----A---- C:\Windows\system32\invagent.dll
              2015-07-06 03:31:49 ----A---- C:\Windows\system32\devinv.dll
              2015-07-06 03:31:49 ----A---- C:\Windows\system32\appraiser.dll
              2015-07-06 03:31:49 ----A---- C:\Windows\system32\aeinv.dll
              2015-07-06 03:31:49 ----A---- C:\Windows\system32\acmigration.dll
              2015-07-06 03:31:48 ----A---- C:\Windows\system32\aepdu.dll
              2015-07-06 03:31:47 ----A---- C:\Windows\system32\win32k.sys
              2015-07-06 03:31:45 ----A---- C:\Windows\system32\drivers\hidparse.sys
              2015-07-06 03:31:45 ----A---- C:\Windows\system32\drivers\hidclass.sys
              2015-07-06 03:31:44 ----A---- C:\Windows\system32\drivers\usb8023.sys
              2015-07-06 03:31:40 ----A---- C:\Windows\system32\drivers\fvevol.sys
              2015-07-06 03:31:37 ----D---- C:\ab52579175f2f037b6333406
              2015-07-06 03:31:37 ----A---- C:\Windows\system32\pku2u.dll
              2015-07-06 03:31:30 ----A---- C:\Windows\system32\cryptdlg.dll
              2015-07-06 03:31:25 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
              2015-07-06 03:31:25 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
              2015-07-06 03:31:25 ----A---- C:\Windows\system32\cdd.dll
              2015-07-06 03:31:23 ----A---- C:\Windows\system32\imagehlp.dll
              2015-07-06 03:31:10 ----A---- C:\Windows\system32\wscript.exe
              2015-07-06 03:31:10 ----A---- C:\Windows\system32\scrrun.dll
              2015-07-06 03:31:09 ----A---- C:\Windows\system32\cscript.exe
              2015-07-06 03:31:08 ----A---- C:\Windows\system32\WindowsCodecs.dll
              2015-07-06 03:31:06 ----A---- C:\Windows\system32\mswsock.dll
              2015-07-06 03:31:05 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
              2015-07-06 03:31:05 ----A---- C:\Windows\system32\drivers\ndis.sys
              2015-07-06 03:31:03 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
              2015-07-06 03:31:03 ----A---- C:\Windows\system32\credui.dll
              2015-07-06 03:30:58 ----A---- C:\Windows\system32\drivers\tdx.sys
              2015-07-06 03:30:38 ----A---- C:\Windows\system32\wincredprovider.dll
              2015-07-06 03:30:38 ----A---- C:\Windows\system32\objsel.dll
              2015-07-06 03:30:38 ----A---- C:\Windows\system32\dpapiprovider.dll
              2015-07-06 03:30:38 ----A---- C:\Windows\system32\dimsroam.dll
              2015-07-06 03:30:38 ----A---- C:\Windows\system32\cngprovider.dll
              2015-07-06 03:30:38 ----A---- C:\Windows\system32\capiprovider.dll
              2015-07-06 03:30:38 ----A---- C:\Windows\system32\adprovider.dll
              2015-07-06 03:30:28 ----A---- C:\Windows\system32\msi.dll
              2015-07-06 03:30:21 ----A---- C:\Windows\system32\OxpsConverter.exe
              2015-07-06 03:30:14 ----A---- C:\Windows\system32\dnsrslvr.dll
              2015-07-06 03:30:14 ----A---- C:\Windows\system32\dnscacheugc.exe
              2015-07-06 03:30:14 ----A---- C:\Windows\system32\dnsapi.dll
              2015-07-06 03:30:10 ----A---- C:\Windows\system32\drivers\srvnet.sys
              2015-07-06 03:30:10 ----A---- C:\Windows\system32\drivers\srv2.sys
              2015-07-06 03:30:10 ----A---- C:\Windows\system32\drivers\srv.sys
              2015-07-06 03:30:09 ----A---- C:\Windows\system32\xmllite.dll
              2015-07-06 03:30:09 ----A---- C:\Windows\system32\prevhost.exe
              2015-07-06 03:30:03 ----A---- C:\Windows\system32\psisdecd.dll
              2015-07-06 03:29:58 ----A---- C:\Windows\system32\umpnpmgr.dll
              2015-07-06 03:29:57 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
              2015-07-06 03:29:57 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
              2015-07-06 03:29:57 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
              2015-07-06 03:29:56 ----A---- C:\Windows\system32\oleacc.dll
              2015-07-06 03:29:52 ----A---- C:\Windows\system32\rastls.dll
              2015-07-06 03:29:35 ----A---- C:\Windows\system32\wwansvc.dll
              2015-07-06 03:29:35 ----A---- C:\Windows\system32\wwanprotdim.dll
              2015-07-06 03:29:34 ----A---- C:\Windows\system32\drivers\stream.sys
              2015-07-06 03:22:46 ----A---- C:\Windows\system32\clfsw32.dll
              2015-07-06 03:22:46 ----A---- C:\Windows\system32\clfs.sys
              2015-07-06 03:22:26 ----A---- C:\Windows\system32\FntCache.dll
              2015-07-06 03:22:26 ----A---- C:\Windows\system32\DWrite.dll
              2015-07-06 03:20:00 ----D---- C:\Windows\CheckSur
              2015-07-06 03:19:50 ----A---- C:\Windows\system32\WMPhoto.dll
              2015-07-06 03:04:44 ----A---- C:\Windows\system32\spoolsv.exe
              2015-07-06 03:04:43 ----A---- C:\Windows\system32\msieftp.dll
              2015-07-06 03:04:40 ----A---- C:\Windows\system32\d3d10warp.dll
              2015-07-06 03:04:38 ----A---- C:\Windows\explorer.exe
              2015-07-06 03:04:37 ----A---- C:\Windows\system32\d2d1.dll
              2015-07-06 02:40:48 ----D---- C:\Windows\SoftwareDistribution
              2015-07-06 01:45:19 ----D---- C:\73de7781020ac29b19b430f9
              2015-07-06 01:42:29 ----D---- C:\2de9587c528f16901603c5389c33
              2015-07-05 23:50:04 ----A---- C:\Windows\system32\WUDFSvc.dll
              2015-07-05 23:50:04 ----A---- C:\Windows\system32\WUDFPlatform.dll
              2015-07-05 23:50:04 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
              2015-07-05 23:50:04 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
              2015-07-05 23:50:03 ----A---- C:\Windows\system32\WUDFx.dll
              2015-07-05 23:50:03 ----A---- C:\Windows\system32\WUDFHost.exe
              2015-07-05 23:50:03 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
              2015-07-05 23:48:35 ----A---- C:\Windows\system32\infocardapi.dll
              2015-07-05 23:48:32 ----A---- C:\Windows\system32\icardres.dll
              2015-07-05 23:48:24 ----A---- C:\Windows\system32\icardagt.exe
              2015-07-05 23:48:21 ----A---- C:\Windows\system32\TsWpfWrp.exe
              2015-07-05 23:47:16 ----A---- C:\Windows\system32\wmi.dll
              2015-07-05 23:47:16 ----A---- C:\Windows\system32\drivers\fs_rec.sys
              2015-07-05 23:15:32 ----A---- C:\Windows\system32\UIAnimation.dll
              2015-07-05 23:15:26 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
              2015-07-05 23:15:26 ----AH---- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
              2015-07-05 23:15:26 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
              2015-07-05 23:15:25 ----AH---- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
              2015-07-05 23:15:25 ----AH---- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
              2015-07-05 23:15:25 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
              2015-07-05 23:15:25 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
              2015-07-05 23:15:25 ----AH---- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
              2015-07-05 23:15:25 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
              2015-07-05 23:15:25 ----A---- C:\Windows\system32\XpsGdiConverter.dll
              2015-07-05 23:15:24 ----A---- C:\Windows\system32\XpsPrint.dll
              2015-07-05 23:15:24 ----A---- C:\Windows\system32\dxgi.dll
              2015-07-05 23:15:24 ----A---- C:\Windows\system32\d3d10level9.dll
              2015-07-05 23:15:24 ----A---- C:\Windows\system32\d3d10core.dll
              2015-07-05 23:15:24 ----A---- C:\Windows\system32\d3d10_1core.dll
              2015-07-05 23:15:24 ----A---- C:\Windows\system32\d3d10_1.dll
              2015-07-05 23:15:24 ----A---- C:\Windows\system32\d3d10.dll
              2015-07-05 23:15:23 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
              2015-07-05 23:03:26 ----A---- C:\Windows\system32\wdi.dll
              2015-07-05 23:03:26 ----A---- C:\Windows\system32\powertracker.dll
              2015-07-05 23:03:26 ----A---- C:\Windows\system32\perftrack.dll
              2015-07-05 23:01:37 ----A---- C:\Windows\system32\wuauclt.exe
              2015-07-05 23:01:37 ----A---- C:\Windows\system32\wuapp.exe
              2015-07-05 23:01:37 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
              2015-07-05 23:01:36 ----A---- C:\Windows\system32\wuwebv.dll
              2015-07-05 23:01:36 ----A---- C:\Windows\system32\wups2.dll
              2015-07-05 23:01:36 ----A---- C:\Windows\system32\wups.dll
              2015-07-05 23:01:36 ----A---- C:\Windows\system32\wudriver.dll
              2015-07-05 23:01:36 ----A---- C:\Windows\system32\wucltux.dll
              2015-07-05 23:01:36 ----A---- C:\Windows\system32\wuaueng.dll
              2015-07-05 23:01:36 ----A---- C:\Windows\system32\wuapi.dll
              2015-07-05 23:01:36 ----A---- C:\Windows\system32\WinSetupUI.dll
              2015-07-05 23:00:49 ----A---- C:\Windows\system32\dwmcore.dll
              2015-07-05 23:00:49 ----A---- C:\Windows\system32\dwmapi.dll
              2015-07-05 23:00:44 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
              2015-07-05 23:00:19 ----A---- C:\Windows\system32\wintrust.dll
              2015-07-05 23:00:19 ----A---- C:\Windows\system32\cryptsvc.dll
              2015-07-05 23:00:19 ----A---- C:\Windows\system32\cryptnet.dll
              2015-07-05 23:00:19 ----A---- C:\Windows\system32\crypt32.dll
              2015-07-05 22:45:37 ----A---- C:\Windows\system32\UtcResources.dll
              2015-07-05 22:45:37 ----A---- C:\Windows\system32\ntkrnlpa.exe
              2015-07-05 22:45:37 ----A---- C:\Windows\system32\diagtrack.dll
              2015-07-05 22:45:36 ----A---- C:\Windows\system32\tdh.dll
              2015-07-05 22:45:36 ----A---- C:\Windows\system32\schannel.dll
              2015-07-05 22:45:36 ----A---- C:\Windows\system32\ntoskrnl.exe
              2015-07-05 22:45:36 ----A---- C:\Windows\system32\ntdll.dll
              2015-07-05 22:45:36 ----A---- C:\Windows\system32\lsasrv.dll
              2015-07-05 22:45:36 ----A---- C:\Windows\system32\kerberos.dll
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\wdigest.dll
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\typeperf.exe
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\TSpkg.dll
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\tracerpt.exe
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\sspicli.dll
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\srcore.dll
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\srclient.dll
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\smss.exe
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\sechost.dll
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\rstrui.exe
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\relog.exe
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\ncrypt.dll
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\msv1_0.dll
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\lsass.exe
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\logman.exe
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\drivers\ksecdd.sys
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\diskperf.exe
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\csrsrv.dll
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\auditpol.exe
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\advapi32.dll
              2015-07-05 22:45:35 ----A---- C:\Windows\system32\adtschema.dll
              2015-07-05 22:45:34 ----A---- C:\Windows\system32\sspisrv.dll
              2015-07-05 22:45:34 ----A---- C:\Windows\system32\secur32.dll
              2015-07-05 22:45:34 ----A---- C:\Windows\system32\msobjs.dll
              2015-07-05 22:45:34 ----A---- C:\Windows\system32\msaudite.dll
              2015-07-05 22:45:34 ----A---- C:\Windows\system32\credssp.dll
              2015-07-05 22:45:34 ----A---- C:\Windows\system32\apisetschema.dll
              2015-07-05 22:44:33 ----A---- C:\Windows\system32\tquery.dll
              2015-07-05 22:44:33 ----A---- C:\Windows\system32\SearchProtocolHost.exe
              2015-07-05 22:44:33 ----A---- C:\Windows\system32\SearchIndexer.exe
              2015-07-05 22:44:33 ----A---- C:\Windows\system32\mssvp.dll
              2015-07-05 22:44:33 ----A---- C:\Windows\system32\mssrch.dll
              2015-07-05 22:44:33 ----A---- C:\Windows\system32\mssph.dll
              2015-07-05 22:44:32 ----A---- C:\Windows\system32\SearchFilterHost.exe
              2015-07-05 22:44:32 ----A---- C:\Windows\system32\mssphtb.dll
              2015-07-05 22:44:32 ----A---- C:\Windows\system32\msscntrs.dll
              2015-07-05 22:44:28 ----A---- C:\Windows\system32\cdosys.dll
              2015-07-05 22:44:24 ----A---- C:\Windows\system32\d3d11.dll
              2015-07-05 22:44:20 ----A---- C:\Windows\system32\certcli.dll
              2015-07-05 22:44:11 ----A---- C:\Windows\system32\scavengeui.dll
              2015-07-05 22:44:09 ----A---- C:\Windows\system32\CPFilters.dll
              2015-07-05 22:44:08 ----A---- C:\Windows\system32\sbe.dll
              2015-07-05 22:44:06 ----A---- C:\Windows\system32\iologmsg.dll
              2015-07-05 22:44:06 ----A---- C:\Windows\system32\drivers\storport.sys
              2015-07-05 22:44:06 ----A---- C:\Windows\system32\drivers\msiscsi.sys
              2015-07-05 22:44:06 ----A---- C:\Windows\system32\drivers\Diskdump.sys
              2015-07-05 22:44:01 ----A---- C:\Windows\system32\netevent.dll
              2015-07-05 22:44:01 ----A---- C:\Windows\system32\netcorehc.dll
              2015-07-05 22:44:01 ----A---- C:\Windows\system32\iphlpsvc.dll
              2015-07-05 22:44:01 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
              2015-07-05 22:43:40 ----A---- C:\Windows\system32\osk.exe
              2015-07-05 22:43:39 ----A---- C:\Windows\system32\WMVDECOD.DLL
              2015-07-05 22:43:36 ----A---- C:\Windows\system32\certutil.exe
              2015-07-05 22:43:35 ----A---- C:\Windows\system32\certenc.dll
              2015-07-05 22:43:28 ----A---- C:\Windows\system32\EncDec.dll
              2015-07-05 22:43:26 ----A---- C:\Windows\system32\shell32.dll
              2015-07-05 22:43:23 ----A---- C:\Windows\system32\TSWorkspace.dll
              2015-07-05 22:43:18 ----A---- C:\Windows\system32\inetcomm.dll
              2015-07-05 22:43:13 ----A---- C:\Windows\system32\msihnd.dll
              2015-07-05 22:43:13 ----A---- C:\Windows\system32\consent.exe
              2015-07-05 22:43:13 ----A---- C:\Windows\system32\authui.dll
              2015-07-05 22:43:07 ----A---- C:\Windows\system32\msctf.dll
              2015-07-05 22:43:06 ----A---- C:\Windows\system32\drivers\ntfs.sys
              2015-07-05 22:43:04 ----A---- C:\Windows\system32\win32spl.dll
              2015-07-05 22:43:03 ----A---- C:\Windows\system32\FXSCOVER.exe
              2015-07-05 22:43:00 ----A---- C:\Windows\system32\webio.dll
              2015-07-05 22:42:56 ----A---- C:\Windows\system32\netapi32.dll
              2015-07-05 22:42:56 ----A---- C:\Windows\system32\browser.dll
              2015-07-05 22:42:56 ----A---- C:\Windows\system32\browcli.dll
              2015-07-05 22:42:52 ----A---- C:\Windows\system32\tzres.dll
              2015-07-05 22:42:46 ----A---- C:\Windows\system32\gdi32.dll
              2015-07-05 22:42:44 ----A---- C:\Windows\system32\jscript.dll
              2015-07-05 22:42:43 ----A---- C:\Windows\system32\services.exe
              2015-07-05 22:42:42 ----A---- C:\Windows\system32\msvcrt.dll
              2015-07-05 22:42:41 ----A---- C:\Windows\system32\drivers\portcls.sys
              2015-07-05 22:42:41 ----A---- C:\Windows\system32\drivers\drmk.sys
              2015-07-05 22:42:40 ----A---- C:\Windows\system32\drivers\afd.sys
              2015-07-05 22:42:39 ----A---- C:\Windows\system32\qedit.dll
              2015-07-05 22:42:38 ----A---- C:\Windows\system32\drivers\tcpip.sys
              2015-07-05 22:42:38 ----A---- C:\Windows\system32\drivers\netio.sys
              2015-07-05 22:42:38 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
              2015-07-05 22:42:35 ----A---- C:\Windows\system32\mscories.dll
              2015-07-05 22:42:35 ----A---- C:\Windows\system32\mscorier.dll
              2015-07-05 22:42:35 ----A---- C:\Windows\system32\dfshim.dll
              2015-07-05 22:42:34 ----A---- C:\Windows\system32\profsvc.dll
              2015-07-05 22:42:29 ----A---- C:\Windows\system32\gameux.dll
              2015-07-05 22:42:28 ----A---- C:\Windows\system32\Wpc.dll
              2015-07-05 22:42:15 ----A---- C:\Windows\system32\packager.dll
              2015-07-05 22:41:48 ----A---- C:\Windows\system32\oleaut32.dll
              2015-07-05 22:41:46 ----A---- C:\Windows\system32\shimeng.dll
              2015-07-05 22:41:46 ----A---- C:\Windows\system32\sdbinst.exe
              2015-07-05 22:41:46 ----A---- C:\Windows\system32\apphelp.dll
              2015-07-05 22:41:46 ----A---- C:\Windows\system32\aelupsvc.dll
              2015-07-05 22:41:45 ----A---- C:\Windows\system32\WebClnt.dll
              2015-07-05 22:41:45 ----A---- C:\Windows\system32\davclnt.dll
              2015-07-05 22:41:37 ----A---- C:\Windows\system32\IKEEXT.DLL
              2015-07-05 22:41:36 ----A---- C:\Windows\system32\nshwfp.dll
              2015-07-05 22:41:36 ----A---- C:\Windows\system32\FWPUCLNT.DLL
              2015-07-05 22:41:34 ----A---- C:\Windows\system32\poqexec.exe
              2015-07-05 22:41:31 ----A---- C:\Windows\system32\odbctrac.dll
              2015-07-05 22:41:31 ----A---- C:\Windows\system32\odbcjt32.dll
              2015-07-05 22:41:31 ----A---- C:\Windows\system32\odbccu32.dll
              2015-07-05 22:41:31 ----A---- C:\Windows\system32\odbccr32.dll
              2015-07-05 22:41:31 ----A---- C:\Windows\system32\odbccp32.dll
              2015-07-05 22:41:29 ----A---- C:\Windows\system32\drivers\partmgr.sys
              2015-07-05 22:41:26 ----A---- C:\Windows\system32\synceng.dll
              2015-07-05 22:41:25 ----A---- C:\Windows\system32\ubpm.dll
              2015-07-05 22:41:22 ----A---- C:\Windows\system32\shdocvw.dll
              2015-07-05 22:41:15 ----A---- C:\Windows\system32\jnwmon.dll
              2015-07-05 22:41:15 ----A---- C:\Windows\system32\InkEd.dll
              2015-07-05 22:41:13 ----A---- C:\Windows\system32\localspl.dll
              2015-07-05 22:41:12 ----A---- C:\Windows\system32\lpk.dll
              2015-07-05 22:41:12 ----A---- C:\Windows\system32\fontsub.dll
              2015-07-05 22:41:12 ----A---- C:\Windows\system32\dciman32.dll
              2015-07-05 22:41:12 ----A---- C:\Windows\system32\atmlib.dll
              2015-07-05 22:41:12 ----A---- C:\Windows\system32\atmfd.dll
              2015-07-05 22:41:05 ----A---- C:\Windows\system32\winlogon.exe
              2015-07-05 22:41:05 ----A---- C:\Windows\system32\rdrmemptylst.exe
              2015-07-05 22:41:04 ----A---- C:\Windows\system32\winsta.dll
              2015-07-05 22:41:04 ----A---- C:\Windows\system32\rdpwsx.dll
              2015-07-05 22:41:04 ----A---- C:\Windows\system32\rdpcorekmts.dll
              2015-07-05 22:41:04 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
              2015-07-05 22:41:04 ----A---- C:\Windows\system32\drivers\rdpwd.sys
              2015-07-05 22:40:52 ----A---- C:\Windows\system32\charmap.exe
              2015-07-05 22:40:50 ----A---- C:\Windows\system32\drivers\ataport.sys
              2015-07-05 22:40:46 ----A---- C:\Windows\system32\ntshrui.dll
              2015-07-05 22:40:43 ----A---- C:\Windows\system32\taskhost.exe
              2015-07-05 22:40:41 ----A---- C:\Windows\system32\dhcpcsvc6.dll
              2015-07-05 22:40:41 ----A---- C:\Windows\system32\dhcpcore6.dll
              2015-07-05 22:40:24 ----A---- C:\Windows\system32\drivers\usbcir.sys
              2015-07-05 22:40:17 ----A---- C:\Windows\system32\wmdrmsdk.dll
              2015-07-05 22:40:17 ----A---- C:\Windows\system32\mf.dll
              2015-07-05 22:40:17 ----A---- C:\Windows\system32\drmv2clt.dll
              2015-07-05 22:40:17 ----A---- C:\Windows\system32\blackbox.dll
              2015-07-05 22:40:14 ----A---- C:\Windows\system32\drmmgrtn.dll
              2015-07-05 22:40:14 ----A---- C:\Windows\system32\AUDIOKSE.dll
              2015-07-05 22:40:13 ----A---- C:\Windows\system32\winresume.exe
              2015-07-05 22:40:13 ----A---- C:\Windows\system32\winload.exe
              2015-07-05 22:40:13 ----A---- C:\Windows\system32\quartz.dll
              2015-07-05 22:40:13 ----A---- C:\Windows\system32\evr.dll
              2015-07-05 22:40:13 ----A---- C:\Windows\system32\drivers\PEAuth.sys
              2015-07-05 22:40:13 ----A---- C:\Windows\system32\drivers\cng.sys
              2015-07-05 22:40:13 ----A---- C:\Windows\system32\ci.dll
              2015-07-05 22:40:13 ----A---- C:\Windows\system32\audiosrv.dll
              2015-07-05 22:40:12 ----A---- C:\Windows\system32\qdvd.dll
              2015-07-05 22:40:12 ----A---- C:\Windows\system32\pcasvc.dll
              2015-07-05 22:40:12 ----A---- C:\Windows\system32\mfplat.dll
              2015-07-05 22:40:12 ----A---- C:\Windows\system32\EncDump.dll
              2015-07-05 22:40:12 ----A---- C:\Windows\system32\drivers\mountmgr.sys
              2015-07-05 22:40:12 ----A---- C:\Windows\system32\cryptui.dll
              2015-07-05 22:40:12 ----A---- C:\Windows\system32\cryptsp.dll
              2015-07-05 22:40:12 ----A---- C:\Windows\system32\AudioSes.dll
              2015-07-05 22:40:12 ----A---- C:\Windows\system32\AudioEng.dll
              2015-07-05 22:40:11 ----A---- C:\Windows\system32\msscp.dll
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\setbcdlocale.dll
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\rrinstaller.exe
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\pcawrk.exe
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\pcalua.exe
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\pcadm.dll
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\msnetobj.dll
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\msmmsp.dll
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\mfps.dll
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\mfpmp.exe
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\drivers\appid.sys
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\audiodg.exe
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\appidsvc.dll
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\appidpolicyconverter.exe
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\appidcertstorecheck.exe
              2015-07-05 22:40:10 ----A---- C:\Windows\system32\appidapi.dll
              2015-07-05 22:40:09 ----A---- C:\Windows\system32\pcaevts.dll
              2015-07-05 22:40:09 ----A---- C:\Windows\system32\mferror.dll
              2015-07-05 22:39:51 ----A---- C:\Windows\system32\termsrv.dll
              2015-07-05 22:39:42 ----A---- C:\Windows\system32\drivers\http.sys
              2015-07-05 22:39:40 ----A---- C:\Windows\system32\wmp.dll
              2015-07-05 22:39:39 ----A---- C:\Windows\system32\wmploc.DLL
              2015-07-05 22:39:39 ----A---- C:\Windows\system32\spwmp.dll
              2015-07-05 22:39:39 ----A---- C:\Windows\system32\dxmasf.dll
              2015-07-05 22:39:36 ----A---- C:\Windows\system32\wer.dll
              2015-07-05 22:39:34 ----A---- C:\Windows\system32\mfc42u.dll
              2015-07-05 22:39:34 ----A---- C:\Windows\system32\mfc42.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
              2015-07-05 22:39:32 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
              2015-07-05 22:39:32 ----A---- C:\Windows\system32\winsrv.dll
              2015-07-05 22:39:32 ----A---- C:\Windows\system32\KernelBase.dll
              2015-07-05 22:39:32 ----A---- C:\Windows\system32\kernel32.dll
              2015-07-05 22:39:32 ----A---- C:\Windows\system32\conhost.exe
              2015-07-05 22:39:30 ----A---- C:\Windows\system32\nlasvc.dll
              2015-07-05 22:39:30 ----A---- C:\Windows\system32\nlaapi.dll
              2015-07-05 22:39:30 ----A---- C:\Windows\system32\ncsi.dll
              2015-07-05 22:39:29 ----A---- C:\Windows\system32\drivers\mrxdav.sys
              2015-07-05 22:39:27 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
              2015-07-05 22:39:27 ----A---- C:\Windows\system32\RMActivate_ssp.exe
              2015-07-05 22:39:27 ----A---- C:\Windows\system32\RMActivate_isv.exe
              2015-07-05 22:39:27 ----A---- C:\Windows\system32\RMActivate.exe
              2015-07-05 22:39:26 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
              2015-07-05 22:39:26 ----A---- C:\Windows\system32\secproc_ssp.dll
              2015-07-05 22:39:26 ----A---- C:\Windows\system32\secproc_isv.dll
              2015-07-05 22:39:26 ----A---- C:\Windows\system32\secproc.dll
              2015-07-05 22:39:26 ----A---- C:\Windows\system32\msdrm.dll
              2015-07-05 22:39:20 ----A---- C:\Windows\system32\drivers\bowser.sys
              2015-07-05 22:39:15 ----A---- C:\Windows\system32\Wdfres.dll
              2015-07-05 22:39:15 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
              2015-07-05 22:39:15 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
              2015-07-05 22:39:14 ----A---- C:\Windows\system32\usp10.dll
              2015-07-05 22:39:00 ----A---- C:\Windows\system32\scesrv.dll
              2015-07-05 22:38:58 ----A---- C:\Windows\system32\drivers\usbuhci.sys
              2015-07-05 22:38:58 ----A---- C:\Windows\system32\drivers\usbport.sys
              2015-07-05 22:38:58 ----A---- C:\Windows\system32\drivers\usbohci.sys
              2015-07-05 22:38:58 ----A---- C:\Windows\system32\drivers\usbhub.sys
              2015-07-05 22:38:58 ----A---- C:\Windows\system32\drivers\usbehci.sys
              2015-07-05 22:38:58 ----A---- C:\Windows\system32\drivers\usbd.sys
              2015-07-05 22:38:58 ----A---- C:\Windows\system32\drivers\usbccgp.sys
              2015-07-05 22:38:37 ----A---- C:\Windows\system32\appinfo.dll
              2015-07-05 22:38:27 ----A---- C:\Windows\system32\msxml3.dll
              2015-07-05 22:38:26 ----A---- C:\Windows\system32\msxml3r.dll
              2015-07-05 22:38:25 ----A---- C:\Windows\system32\comctl32.dll
              2015-07-05 22:31:18 ----D---- C:\ProgramData\ATI
              2015-07-05 22:28:28 ----D---- C:\Users\DV\AppData\Roaming\library_dir
              2015-07-05 22:27:55 ----D---- C:\Users\DV\AppData\Roaming\Raptr
              2015-07-05 22:27:55 ----D---- C:\Program Files\Raptr
              2015-07-05 22:27:48 ----D---- C:\Program Files\AMD AVT
              2015-07-05 22:18:45 ----A---- C:\Windows\system32\WsmWmiPl.dll
              2015-07-05 22:18:45 ----A---- C:\Windows\system32\WsmSvc.dll
              2015-07-05 22:18:45 ----A---- C:\Windows\system32\WsmAuto.dll
              2015-07-05 22:18:45 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
              2015-07-05 22:18:45 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
              2015-07-05 22:01:12 ----D---- C:\ProgramData\Package Cache
              2015-07-05 21:59:35 ----A---- C:\Windows\system32\rdpcore.dll
              2015-07-05 21:59:35 ----A---- C:\Windows\system32\drivers\tdtcp.sys
              2015-07-05 21:57:56 ----D---- C:\AMD

              Comment


              • #8
                2015-07-05 21:49:06 ----A---- C:\Windows\system32\atidemgy.dll
                2015-07-05 21:47:22 ----D---- C:\Program Files\ATI Technologies
                2015-07-05 20:06:14 ----D---- C:\Program Files\CCleaner
                2015-07-05 18:46:49 ----D---- C:\Windows\system32\SPReview
                2015-07-05 18:46:03 ----D---- C:\Windows\system32\EventProviders
                2015-07-05 18:03:02 ----A---- C:\Windows\system32\mshtml.dll
                2015-07-05 18:02:59 ----A---- C:\Windows\system32\mfc40u.dll
                2015-07-05 18:02:59 ----A---- C:\Windows\system32\mfc40.dll
                2015-07-05 18:02:58 ----A---- C:\Windows\system32\sysmain.dll
                2015-07-05 18:02:55 ----A---- C:\Windows\system32\ieframe.dll
                2015-07-05 18:02:53 ----A---- C:\Windows\system32\spwizui.dll
                2015-07-05 18:02:53 ----A---- C:\Windows\system32\mscoree.dll
                2015-07-05 18:02:49 ----A---- C:\Windows\system32\iertutil.dll
                2015-07-05 18:02:49 ----A---- C:\Windows\system32\CertEnroll.dll
                2015-07-05 18:02:48 ----A---- C:\Windows\system32\PresentationHostProxy.dll
                2015-07-05 18:02:48 ----A---- C:\Windows\system32\PresentationHost.exe
                2015-07-05 18:02:47 ----A---- C:\Windows\system32\schedsvc.dll
                2015-07-05 18:02:47 ----A---- C:\Windows\system32\drivers\hwpolicy.sys
                2015-07-05 18:02:46 ----A---- C:\Windows\system32\RacEngn.dll
                2015-07-05 18:02:45 ----A---- C:\Windows\system32\AuthFWSnapin.dll
                2015-07-05 18:02:44 ----A---- C:\Windows\system32\wininet.dll
                2015-07-05 18:02:44 ----A---- C:\Windows\system32\rdpdd.dll
                2015-07-05 18:02:44 ----A---- C:\Windows\system32\qmgr.dll
                2015-07-05 18:02:43 ----A---- C:\Windows\system32\ole32.dll
                2015-07-05 18:02:43 ----A---- C:\Windows\system32\ExplorerFrame.dll
                2015-07-05 18:02:42 ----A---- C:\Windows\system32\wevtsvc.dll
                2015-07-05 18:02:42 ----A---- C:\Windows\system32\urlmon.dll
                2015-07-05 18:02:41 ----A---- C:\Windows\system32\vssapi.dll
                2015-07-05 18:02:41 ----A---- C:\Windows\system32\SearchFolder.dll
                2015-07-05 18:02:40 ----A---- C:\Windows\system32\d3d9.dll
                2015-07-05 18:02:39 ----A---- C:\Windows\system32\taskschd.dll
                2015-07-05 18:02:38 ----A---- C:\Windows\system32\spreview.exe
                2015-07-05 18:02:38 ----A---- C:\Windows\system32\spinstall.exe
                2015-07-05 18:02:37 ----A---- C:\Windows\system32\gpsvc.dll
                2015-07-05 18:02:36 ----A---- C:\Windows\system32\wbengine.exe
                2015-07-05 18:02:36 ----A---- C:\Windows\system32\odbc32.dll
                2015-07-05 18:02:36 ----A---- C:\Windows\system32\mstime.dll
                2015-07-05 18:02:36 ----A---- C:\Windows\system32\MPSSVC.dll
                2015-07-05 18:02:36 ----A---- C:\Windows\system32\diagperf.dll
                2015-07-05 18:02:35 ----A---- C:\Windows\system32\WinSAT.exe
                2015-07-05 18:02:35 ----A---- C:\Windows\system32\tsmf.dll
                2015-07-05 18:02:35 ----A---- C:\Windows\system32\dot3api.dll
                2015-07-05 18:02:34 ----A---- C:\Windows\system32\iedkcs32.dll
                2015-07-05 18:02:33 ----A---- C:\Windows\system32\winhttp.dll
                2015-07-05 18:02:33 ----A---- C:\Windows\system32\setupapi.dll
                2015-07-05 18:02:33 ----A---- C:\Windows\system32\msfeeds.dll
                2015-07-05 18:02:32 ----A---- C:\Windows\system32\MSVidCtl.dll
                2015-07-05 18:02:32 ----A---- C:\Windows\system32\dbgeng.dll
                2015-07-05 18:02:31 ----A---- C:\Windows\system32\VSSVC.exe
                2015-07-05 18:02:31 ----A---- C:\Windows\system32\netlogon.dll
                2015-07-05 18:02:31 ----A---- C:\Windows\system32\netcfgx.dll
                2015-07-05 18:02:30 ----A---- C:\Windows\system32\user32.dll
                2015-07-05 18:02:30 ----A---- C:\Windows\system32\Query.dll
                2015-07-05 18:02:29 ----A---- C:\Windows\system32\upnp.dll
                2015-07-05 18:02:29 ----A---- C:\Windows\system32\netfxperf.dll
                2015-07-05 18:02:29 ----A---- C:\Windows\system32\mmcndmgr.dll
                2015-07-05 18:02:29 ----A---- C:\Windows\system32\DShowRdpFilter.dll
                2015-07-05 18:02:28 ----A---- C:\Windows\system32\sppobjs.dll
                2015-07-05 18:02:28 ----A---- C:\Windows\system32\lsm.exe
                2015-07-05 18:02:28 ----A---- C:\Windows\system32\imapi2fs.dll
                2015-07-05 18:02:27 ----A---- C:\Windows\system32\SessEnv.dll
                2015-07-05 18:02:27 ----A---- C:\Windows\system32\PortableDeviceApi.dll
                2015-07-05 18:02:26 ----A---- C:\Windows\system32\shlwapi.dll
                2015-07-05 18:02:26 ----A---- C:\Windows\system32\mcbuilder.exe
                2015-07-05 18:02:25 ----A---- C:\Windows\system32\userenv.dll
                2015-07-05 18:02:25 ----A---- C:\Windows\system32\certmgr.dll
                2015-07-05 18:02:24 ----A---- C:\Windows\system32\xpsservices.dll
                2015-07-05 18:02:24 ----A---- C:\Windows\system32\drvstore.dll
                2015-07-05 18:02:24 ----A---- C:\Windows\system32\comdlg32.dll
                2015-07-05 18:02:23 ----A---- C:\Windows\system32\sppwinob.dll
                2015-07-05 18:02:23 ----A---- C:\Windows\system32\rpcss.dll
                2015-07-05 18:02:23 ----A---- C:\Windows\system32\cmd.exe
                2015-07-05 18:02:22 ----A---- C:\Windows\system32\Wldap32.dll
                2015-07-05 18:02:22 ----A---- C:\Windows\system32\propsys.dll
                2015-07-05 18:02:22 ----A---- C:\Windows\system32\mfds.dll
                2015-07-05 18:02:22 ----A---- C:\Windows\system32\framedynos.dll
                2015-07-05 18:02:22 ----A---- C:\Windows\system32\drivers\volsnap.sys
                2015-07-05 18:02:22 ----A---- C:\Windows\system32\BFE.DLL
                2015-07-05 18:02:21 ----A---- C:\Windows\system32\wmicmiplugin.dll
                2015-07-05 18:02:21 ----A---- C:\Windows\system32\samsrv.dll
                2015-07-05 18:02:21 ----A---- C:\Windows\system32\azroles.dll
                2015-07-05 18:02:20 ----A---- C:\Windows\system32\werconcpl.dll
                2015-07-05 18:02:19 ----A---- C:\Windows\system32\themeui.dll
                2015-07-05 18:02:19 ----A---- C:\Windows\system32\taskeng.exe
                2015-07-05 18:02:19 ----A---- C:\Windows\system32\spp.dll
                2015-07-05 18:02:19 ----A---- C:\Windows\system32\dhcpcore.dll
                2015-07-05 18:02:18 ----A---- C:\Windows\system32\NaturalLanguage6.dll
                2015-07-05 18:02:18 ----A---- C:\Windows\system32\mfreadwrite.dll
                2015-07-05 18:02:18 ----A---- C:\Windows\system32\dbghelp.dll
                2015-07-05 18:02:18 ----A---- C:\Windows\system32\basecsp.dll
                2015-07-05 18:02:17 ----A---- C:\Windows\system32\WinSATAPI.dll
                2015-07-05 18:02:17 ----A---- C:\Windows\system32\taskcomp.dll
                2015-07-05 18:02:17 ----A---- C:\Windows\system32\drivers\1394ohci.sys
                2015-07-05 18:02:17 ----A---- C:\Windows\system32\calc.exe
                2015-07-05 18:02:16 ----A---- C:\Windows\system32\vpnike.dll
                2015-07-05 18:02:16 ----A---- C:\Windows\system32\UIRibbon.dll
                2015-07-05 18:02:16 ----A---- C:\Windows\system32\srvsvc.dll
                2015-07-05 18:02:16 ----A---- C:\Windows\system32\sqlsrv32.dll
                2015-07-05 18:02:16 ----A---- C:\Windows\system32\QAGENTRT.DLL
                2015-07-05 18:02:15 ----A---- C:\Windows\system32\ws2_32.dll
                2015-07-05 18:02:15 ----A---- C:\Windows\system32\sxs.dll
                2015-07-05 18:02:15 ----A---- C:\Windows\system32\netshell.dll
                2015-07-05 18:02:15 ----A---- C:\Windows\system32\lpksetup.exe
                2015-07-05 18:02:15 ----A---- C:\Windows\system32\ie4uinit.exe
                2015-07-05 18:02:15 ----A---- C:\Windows\system32\hgprint.dll
                2015-07-05 18:02:15 ----A---- C:\Windows\system32\fveapi.dll
                2015-07-05 18:02:14 ----A---- C:\Windows\system32\stobject.dll
                2015-07-05 18:02:14 ----A---- C:\Windows\system32\inetpp.dll
                2015-07-05 18:02:14 ----A---- C:\Windows\system32\drivers\rdbss.sys
                2015-07-05 18:02:14 ----A---- C:\Windows\system32\drivers\msdsm.sys
                2015-07-05 18:02:13 ----A---- C:\Windows\system32\prncache.dll
                2015-07-05 18:02:13 ----A---- C:\Windows\system32\printui.dll
                2015-07-05 18:02:13 ----A---- C:\Windows\system32\dps.dll
                2015-07-05 18:02:12 ----A---- C:\Windows\system32\WSDApi.dll
                2015-07-05 18:02:12 ----A---- C:\Windows\system32\wmpeffects.dll
                2015-07-05 18:02:12 ----A---- C:\Windows\system32\net1.exe
                2015-07-05 18:02:11 ----A---- C:\Windows\system32\rpchttp.dll
                2015-07-05 18:02:11 ----A---- C:\Windows\system32\drivers\pci.sys
                2015-07-05 18:02:11 ----A---- C:\Windows\system32\aitagent.exe
                2015-07-05 18:02:10 ----A---- C:\Windows\system32\WMVCORE.DLL
                2015-07-05 18:02:10 ----A---- C:\Windows\system32\wlangpui.dll
                2015-07-05 18:02:10 ----A---- C:\Windows\system32\vds.exe
                2015-07-05 18:02:10 ----A---- C:\Windows\system32\scansetting.dll
                2015-07-05 18:02:10 ----A---- C:\Windows\system32\MMDevAPI.dll
                2015-07-05 18:02:10 ----A---- C:\Windows\system32\FXSSVC.exe
                2015-07-05 18:02:09 ----A---- C:\Windows\system32\t2embed.dll
                2015-07-05 18:02:09 ----A---- C:\Windows\system32\QSHVHOST.DLL
                2015-07-05 18:02:09 ----A---- C:\Windows\system32\pnidui.dll
                2015-07-05 18:02:09 ----A---- C:\Windows\system32\IPSECSVC.DLL
                2015-07-05 18:02:08 ----A---- C:\Windows\system32\webservices.dll
                2015-07-05 18:02:07 ----A---- C:\Windows\system32\fde.dll
                2015-07-05 18:02:07 ----A---- C:\Windows\system32\drivers\termdd.sys
                2015-07-05 18:02:06 ----A---- C:\Windows\system32\SyncCenter.dll
                2015-07-05 18:02:06 ----A---- C:\Windows\system32\netdiagfx.dll
                2015-07-05 18:02:06 ----A---- C:\Windows\system32\drivers\sbp2port.sys
                2015-07-05 18:02:05 ----A---- C:\Windows\system32\wscapi.dll
                2015-07-05 18:02:05 ----A---- C:\Windows\system32\sdengin2.dll
                2015-07-05 18:02:03 ----A---- C:\Windows\system32\WinSCard.dll
                2015-07-05 18:02:03 ----A---- C:\Windows\system32\WFS.exe
                2015-07-05 18:02:03 ----A---- C:\Windows\system32\pla.dll
                2015-07-05 18:02:02 ----A---- C:\Windows\system32\wisptis.exe
                2015-07-05 18:02:02 ----A---- C:\Windows\system32\msasn1.dll
                2015-07-05 18:02:02 ----A---- C:\Windows\system32\mcmde.dll
                2015-07-05 18:02:02 ----A---- C:\Windows\system32\drivers\vhdmp.sys
                2015-07-05 18:02:01 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
                2015-07-05 18:02:01 ----A---- C:\Windows\system32\drivers\msahci.sys
                2015-07-05 18:02:00 ----A---- C:\Windows\system32\wiaservc.dll
                2015-07-05 18:02:00 ----A---- C:\Windows\system32\setupcl.exe
                2015-07-05 18:02:00 ----A---- C:\Windows\system32\imapi2.dll
                2015-07-05 18:02:00 ----A---- C:\Windows\system32\iepeers.dll
                2015-07-05 18:02:00 ----A---- C:\Windows\system32\DXPTaskRingtone.dll
                2015-07-05 18:01:58 ----A---- C:\Windows\system32\WMPEncEn.dll
                2015-07-05 18:01:58 ----A---- C:\Windows\system32\onex.dll
                2015-07-05 18:01:58 ----A---- C:\Windows\system32\dwmredir.dll
                2015-07-05 18:01:57 ----A---- C:\Windows\system32\winmm.dll
                2015-07-05 18:01:57 ----A---- C:\Windows\system32\vaultsvc.dll
                2015-07-05 18:01:57 ----A---- C:\Windows\system32\TabSvc.dll
                2015-07-05 18:01:57 ----A---- C:\Windows\system32\shsvcs.dll
                2015-07-05 18:01:57 ----A---- C:\Windows\system32\rasmans.dll
                2015-07-05 18:01:57 ----A---- C:\Windows\system32\hbaapi.dll
                2015-07-05 18:01:57 ----A---- C:\Windows\system32\drivers\udfs.sys
                2015-07-05 18:01:57 ----A---- C:\Windows\system32\drivers\acpi.sys
                2015-07-05 18:01:57 ----A---- C:\Windows\system32\autofmt.exe
                2015-07-05 18:01:56 ----A---- C:\Windows\system32\Narrator.exe
                2015-07-05 18:01:55 ----A---- C:\Windows\system32\netiohlp.dll
                2015-07-05 18:01:55 ----A---- C:\Windows\system32\bootres.dll
                2015-07-05 18:01:55 ----A---- C:\Windows\system32\autochk.exe
                2015-07-05 18:01:54 ----A---- C:\Windows\system32\samcli.dll
                2015-07-05 18:01:54 ----A---- C:\Windows\system32\proquota.exe
                2015-07-05 18:01:54 ----A---- C:\Windows\system32\msutb.dll
                2015-07-05 18:01:54 ----A---- C:\Windows\system32\IPHLPAPI.DLL
                2015-07-05 18:01:54 ----A---- C:\Windows\system32\halmacpi.dll
                2015-07-05 18:01:54 ----A---- C:\Windows\system32\hal.dll
                2015-07-05 18:01:53 ----A---- C:\Windows\system32\thumbcache.dll
                2015-07-05 18:01:53 ----A---- C:\Windows\system32\regapi.dll
                2015-07-05 18:01:53 ----A---- C:\Windows\system32\msinfo32.exe
                2015-07-05 18:01:53 ----A---- C:\Windows\system32\mimefilt.dll
                2015-07-05 18:01:53 ----A---- C:\Windows\system32\ipsmsnap.dll
                2015-07-05 18:01:53 ----A---- C:\Windows\system32\autoconv.exe
                2015-07-05 18:01:52 ----A---- C:\Windows\system32\wcncsvc.dll
                2015-07-05 18:01:52 ----A---- C:\Windows\system32\tcpipcfg.dll
                2015-07-05 18:01:52 ----A---- C:\Windows\system32\srchadmin.dll
                2015-07-05 18:01:52 ----A---- C:\Windows\system32\schtasks.exe
                2015-07-05 18:01:52 ----A---- C:\Windows\system32\powercpl.dll
                2015-07-05 18:01:52 ----A---- C:\Windows\system32\framedyn.dll
                2015-07-05 18:01:52 ----A---- C:\Windows\system32\eapphost.dll
                2015-07-05 18:01:51 ----A---- C:\Windows\system32\drivers\volmgr.sys
                2015-07-05 18:01:50 ----A---- C:\Windows\system32\umpo.dll
                2015-07-05 18:01:50 ----A---- C:\Windows\system32\QAGENT.DLL
                2015-07-05 18:01:50 ----A---- C:\Windows\system32\netid.dll
                2015-07-05 18:01:50 ----A---- C:\Windows\system32\DXP.dll
                2015-07-05 18:01:50 ----A---- C:\Windows\system32\drivers\netbt.sys
                2015-07-05 18:01:50 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
                2015-07-05 18:01:50 ----A---- C:\Windows\system32\actxprxy.dll
                2015-07-05 18:01:49 ----A---- C:\Windows\system32\wdc.dll
                2015-07-05 18:01:49 ----A---- C:\Windows\system32\StructuredQuery.dll
                2015-07-05 18:01:47 ----A---- C:\Windows\system32\untfs.dll
                2015-07-05 18:01:46 ----A---- C:\Windows\system32\Vault.dll
                2015-07-05 18:01:46 ----A---- C:\Windows\system32\sdclt.exe
                2015-07-05 18:01:46 ----A---- C:\Windows\system32\nci.dll
                2015-07-05 18:01:45 ----A---- C:\Windows\system32\wlanpref.dll
                2015-07-05 18:01:45 ----A---- C:\Windows\system32\sppsvc.exe
                2015-07-05 18:01:44 ----A---- C:\Windows\system32\WMNetMgr.dll
                2015-07-05 18:01:44 ----A---- C:\Windows\system32\RpcRtRemote.dll
                2015-07-05 18:01:44 ----A---- C:\Windows\system32\Robocopy.exe
                2015-07-05 18:01:44 ----A---- C:\Windows\system32\ListSvc.dll
                2015-07-05 18:01:44 ----A---- C:\Windows\system32\licmgr10.dll
                2015-07-05 18:01:43 ----A---- C:\Windows\system32\DxpTaskSync.dll
                2015-07-05 18:01:42 ----A---- C:\Windows\system32\taskmgr.exe
                2015-07-05 18:01:42 ----A---- C:\Windows\system32\mtxclu.dll
                2015-07-05 18:01:42 ----A---- C:\Windows\system32\msdri.dll
                2015-07-05 18:01:42 ----A---- C:\Windows\system32\drivers\mpio.sys
                2015-07-05 18:01:42 ----A---- C:\Windows\system32\Display.dll
                2015-07-05 18:01:41 ----A---- C:\Windows\system32\XpsRasterService.dll
                2015-07-05 18:01:41 ----A---- C:\Windows\system32\userinit.exe
                2015-07-05 18:01:41 ----A---- C:\Windows\system32\termmgr.dll
                2015-07-05 18:01:41 ----A---- C:\Windows\system32\sharemediacpl.dll
                2015-07-05 18:01:41 ----A---- C:\Windows\system32\puiobj.dll
                2015-07-05 18:01:41 ----A---- C:\Windows\system32\DiagCpl.dll
                2015-07-05 18:01:40 ----A---- C:\Windows\system32\eudcedit.exe
                2015-07-05 18:01:40 ----A---- C:\Windows\system32\drivers\scsiport.sys
                2015-07-05 18:01:39 ----A---- C:\Windows\system32\logoncli.dll
                2015-07-05 18:01:38 ----A---- C:\Windows\system32\shsetup.dll
                2015-07-05 18:01:38 ----A---- C:\Windows\system32\rasppp.dll
                2015-07-05 18:01:38 ----A---- C:\Windows\system32\msdtctm.dll
                2015-07-05 18:01:38 ----A---- C:\Windows\system32\biocpl.dll
                2015-07-05 18:01:37 ----A---- C:\Windows\system32\wiadefui.dll
                2015-07-05 18:01:37 ----A---- C:\Windows\system32\sppcomapi.dll
                2015-07-05 18:01:37 ----A---- C:\Windows\system32\SensorsCpl.dll
                2015-07-05 18:01:37 ----A---- C:\Windows\system32\msconfig.exe
                2015-07-05 18:01:37 ----A---- C:\Windows\system32\FirewallControlPanel.dll
                2015-07-05 18:01:37 ----A---- C:\Windows\system32\cabview.dll
                2015-07-05 18:01:36 ----A---- C:\Windows\system32\wpccpl.dll
                2015-07-05 18:01:36 ----A---- C:\Windows\system32\themecpl.dll
                2015-07-05 18:01:36 ----A---- C:\Windows\system32\dnscmmc.dll
                2015-07-05 18:01:35 ----A---- C:\Windows\system32\tapisrv.dll
                2015-07-05 18:01:35 ----A---- C:\Windows\system32\scecli.dll
                2015-07-05 18:01:35 ----A---- C:\Windows\system32\PhotoScreensaver.scr
                2015-07-05 18:01:35 ----A---- C:\Windows\system32\hgcpl.dll
                2015-07-05 18:01:35 ----A---- C:\Windows\system32\drivers\rdyboost.sys
                2015-07-05 18:01:34 ----A---- C:\Windows\system32\SndVolSSO.dll
                2015-07-05 18:01:34 ----A---- C:\Windows\system32\mscms.dll
                2015-07-05 18:01:34 ----A---- C:\Windows\system32\mprddm.dll
                2015-07-05 18:01:34 ----A---- C:\Windows\system32\localsec.dll
                2015-07-05 18:01:34 ----A---- C:\Windows\system32\iasacct.dll
                2015-07-05 18:01:34 ----A---- C:\Windows\system32\fontext.dll
                2015-07-05 18:01:34 ----A---- C:\Windows\system32\bcdsrv.dll
                2015-07-05 18:01:33 ----A---- C:\Windows\system32\wlanui.dll
                2015-07-05 18:01:33 ----A---- C:\Windows\system32\wkssvc.dll
                2015-07-05 18:01:33 ----A---- C:\Windows\system32\VAN.dll
                2015-07-05 18:01:33 ----A---- C:\Windows\system32\usercpl.dll
                2015-07-05 18:01:33 ----A---- C:\Windows\system32\prntvpt.dll
                2015-07-05 18:01:33 ----A---- C:\Windows\system32\PerfCenterCPL.dll
                2015-07-05 18:01:33 ----A---- C:\Windows\system32\mblctr.exe
                2015-07-05 18:01:33 ----A---- C:\Windows\system32\KMSVC.DLL
                2015-07-05 18:01:33 ----A---- C:\Windows\system32\batmeter.dll
                2015-07-05 18:01:32 ----A---- C:\Windows\system32\netcenter.dll
                2015-07-05 18:01:31 ----A---- C:\Windows\system32\wpdbusenum.dll
                2015-07-05 18:01:31 ----A---- C:\Windows\system32\w32tm.exe
                2015-07-05 18:01:31 ----A---- C:\Windows\system32\spwizeng.dll
                2015-07-05 18:01:31 ----A---- C:\Windows\system32\SndVol.exe
                2015-07-05 18:01:31 ----A---- C:\Windows\system32\azroleui.dll
                2015-07-05 18:01:31 ----A---- C:\Windows\system32\accessibilitycpl.dll
                2015-07-05 18:01:30 ----A---- C:\Windows\system32\zipfldr.dll
                2015-07-05 18:01:30 ----A---- C:\Windows\system32\fdeploy.dll
                2015-07-05 18:01:30 ----A---- C:\Windows\system32\drivers\ks.sys
                2015-07-05 18:01:29 ----A---- C:\Windows\system32\networkmap.dll
                2015-07-05 18:01:29 ----A---- C:\Windows\system32\netjoin.dll
                2015-07-05 18:01:29 ----A---- C:\Windows\system32\MSAC3ENC.DLL
                2015-07-05 18:01:29 ----A---- C:\Windows\system32\adsldp.dll
                2015-07-05 18:01:28 ----A---- C:\Windows\system32\wusa.exe
                2015-07-05 18:01:28 ----A---- C:\Windows\system32\prnfldr.dll
                2015-07-05 18:01:28 ----A---- C:\Windows\system32\mspbda.dll
                2015-07-05 18:01:28 ----A---- C:\Windows\system32\MCEWMDRMNDBootstrap.dll
                2015-07-05 18:01:28 ----A---- C:\Windows\system32\Faultrep.dll
                2015-07-05 18:01:28 ----A---- C:\Windows\system32\cfgmgr32.dll
                2015-07-05 18:01:27 ----A---- C:\Windows\system32\taskbarcpl.dll
                2015-07-05 18:01:27 ----A---- C:\Windows\system32\sud.dll
                2015-07-05 18:01:27 ----A---- C:\Windows\system32\slui.exe
                2015-07-05 18:01:27 ----A---- C:\Windows\system32\photowiz.dll
                2015-07-05 18:01:27 ----A---- C:\Windows\system32\OnLineIDCpl.dll
                2015-07-05 18:01:27 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
                2015-07-05 18:01:27 ----A---- C:\Windows\system32\iasrad.dll
                2015-07-05 18:01:27 ----A---- C:\Windows\system32\ActionCenter.dll
                2015-07-05 18:01:26 ----A---- C:\Windows\system32\wpd_ci.dll
                2015-07-05 18:01:26 ----A---- C:\Windows\system32\sisbkup.dll
                2015-07-05 18:01:26 ----A---- C:\Windows\system32\shwebsvc.dll
                2015-07-05 18:01:26 ----A---- C:\Windows\system32\iprtrmgr.dll
                2015-07-05 18:01:26 ----A---- C:\Windows\system32\ifsutil.dll
                2015-07-05 18:01:26 ----A---- C:\Windows\system32\ieUnatt.exe
                2015-07-05 18:01:26 ----A---- C:\Windows\system32\halacpi.dll
                2015-07-05 18:01:26 ----A---- C:\Windows\system32\ftp.exe
                2015-07-05 18:01:26 ----A---- C:\Windows\system32\dot3cfg.dll
                2015-07-05 18:01:26 ----A---- C:\Windows\system32\defaultlocationcpl.dll
                2015-07-05 18:01:25 ----A---- C:\Windows\system32\syncui.dll
                2015-07-05 18:01:25 ----A---- C:\Windows\system32\sdcpl.dll
                2015-07-05 18:01:25 ----A---- C:\Windows\system32\recovery.dll
                2015-07-05 18:01:25 ----A---- C:\Windows\system32\iesysprep.dll
                2015-07-05 18:01:25 ----A---- C:\Windows\system32\efscore.dll
                2015-07-05 18:01:25 ----A---- C:\Windows\system32\ActionCenterCPL.dll
                2015-07-05 18:01:24 ----A---- C:\Windows\system32\sppnp.dll
                2015-07-05 18:01:24 ----A---- C:\Windows\system32\DeviceCenter.dll
                2015-07-05 18:01:24 ----A---- C:\Windows\system32\bcdedit.exe
                2015-07-05 18:01:24 ----A---- C:\Windows\system32\autoplay.dll
                2015-07-05 18:01:23 ----A---- C:\Windows\system32\wmpmde.dll
                2015-07-05 18:01:23 ----A---- C:\Windows\system32\vdsutil.dll
                2015-07-05 18:01:23 ----A---- C:\Windows\system32\systemcpl.dll
                2015-07-05 18:01:23 ----A---- C:\Windows\system32\rtutils.dll
                2015-07-05 18:01:23 ----A---- C:\Windows\system32\OobeFldr.dll
                2015-07-05 18:01:23 ----A---- C:\Windows\system32\ntlanman.dll
                2015-07-05 18:01:23 ----A---- C:\Windows\system32\dskquoui.dll
                2015-07-05 18:01:22 ----A---- C:\Windows\system32\recdisc.exe
                2015-07-05 18:01:22 ----A---- C:\Windows\system32\ntprint.dll
                2015-07-05 18:01:22 ----A---- C:\Windows\system32\bcdboot.exe
                2015-07-05 18:01:21 ----A---- C:\Windows\system32\sethc.exe
                2015-07-05 18:01:21 ----A---- C:\Windows\system32\riched20.dll
                2015-07-05 18:01:20 ----A---- C:\Windows\system32\wmpsrcwp.dll
                2015-07-05 18:01:20 ----A---- C:\Windows\system32\netplwiz.dll
                2015-07-05 18:01:20 ----A---- C:\Windows\system32\NAPHLPR.DLL
                2015-07-05 18:01:20 ----A---- C:\Windows\system32\migisol.dll
                2015-07-05 18:01:20 ----A---- C:\Windows\system32\fms.dll
                2015-07-05 18:01:20 ----A---- C:\Windows\system32\AxInstSv.dll
                2015-07-05 18:01:20 ----A---- C:\Windows\system32\activeds.dll
                2015-07-05 18:01:19 ----A---- C:\Windows\system32\dpx.dll
                2015-07-05 18:01:19 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
                2015-07-05 18:01:18 ----A---- C:\Windows\system32\wsqmcons.exe
                2015-07-05 18:01:18 ----A---- C:\Windows\system32\nshipsec.dll
                2015-07-05 18:01:18 ----A---- C:\Windows\system32\msftedit.dll
                2015-07-05 18:01:18 ----A---- C:\Windows\system32\isoburn.exe
                2015-07-05 18:01:18 ----A---- C:\Windows\system32\httpapi.dll
                2015-07-05 18:01:18 ----A---- C:\Windows\system32\dot3svc.dll
                2015-07-05 18:01:18 ----A---- C:\Windows\system32\asycfilt.dll
                2015-07-05 18:01:17 ----A---- C:\Windows\system32\wlanmsm.dll
                2015-07-05 18:01:17 ----A---- C:\Windows\system32\wavemsp.dll
                2015-07-05 18:01:17 ----A---- C:\Windows\system32\ReAgent.dll
                2015-07-05 18:01:17 ----A---- C:\Windows\system32\provsvc.dll
                2015-07-05 18:01:17 ----A---- C:\Windows\system32\dot3ui.dll
                2015-07-05 18:01:16 ----A---- C:\Windows\system32\tzutil.exe
                2015-07-05 18:01:16 ----A---- C:\Windows\system32\sysclass.dll
                2015-07-05 18:01:16 ----A---- C:\Windows\system32\ocsetup.exe
                2015-07-05 18:01:16 ----A---- C:\Windows\system32\dsuiext.dll
                2015-07-05 18:01:16 ----A---- C:\Windows\system32\drivers\ndproxy.sys
                2015-07-05 18:01:16 ----A---- C:\Windows\system32\dfrgui.exe
                2015-07-05 18:01:15 ----A---- C:\Windows\twain_32.dll
                2015-07-05 18:01:15 ----A---- C:\Windows\system32\wvc.dll
                2015-07-05 18:01:15 ----A---- C:\Windows\system32\wtsapi32.dll
                2015-07-05 18:01:15 ----A---- C:\Windows\system32\wimgapi.dll
                2015-07-05 18:01:15 ----A---- C:\Windows\system32\webcheck.dll
                2015-07-05 18:01:15 ----A---- C:\Windows\system32\twext.dll
                2015-07-05 18:01:15 ----A---- C:\Windows\system32\PkgMgr.exe
                2015-07-05 18:01:15 ----A---- C:\Windows\system32\mstask.dll
                2015-07-05 18:01:15 ----A---- C:\Windows\system32\certprop.dll
                2015-07-05 18:01:14 ----A---- C:\Windows\system32\uxlib.dll
                2015-07-05 18:01:14 ----A---- C:\Windows\system32\ssText3d.scr
                2015-07-05 18:01:14 ----A---- C:\Windows\system32\SmiEngine.dll
                2015-07-05 18:01:14 ----A---- C:\Windows\system32\slwga.dll
                2015-07-05 18:01:14 ----A---- C:\Windows\system32\setupugc.exe
                2015-07-05 18:01:14 ----A---- C:\Windows\system32\qcap.dll
                2015-07-05 18:01:14 ----A---- C:\Windows\system32\qasf.dll
                2015-07-05 18:01:14 ----A---- C:\Windows\system32\occache.dll
                2015-07-05 18:01:14 ----A---- C:\Windows\system32\msrating.dll
                2015-07-05 18:01:14 ----A---- C:\Windows\system32\msfeedsbs.dll
                2015-07-05 18:01:14 ----A---- C:\Windows\system32\imm32.dll
                2015-07-05 18:01:13 ----A---- C:\Windows\system32\wwanconn.dll
                2015-07-05 18:01:13 ----A---- C:\Windows\system32\srrstr.dll
                2015-07-05 18:01:12 ----A---- C:\Windows\system32\WPDShServiceObj.dll
                2015-07-05 18:01:12 ----A---- C:\Windows\system32\wimserv.exe
                2015-07-05 18:01:12 ----A---- C:\Windows\system32\rdpencom.dll
                2015-07-05 18:01:12 ----A---- C:\Windows\system32\perfmon.exe
                2015-07-05 18:01:12 ----A---- C:\Windows\system32\nslookup.exe
                2015-07-05 18:01:12 ----A---- C:\Windows\system32\msvfw32.dll
                2015-07-05 18:01:12 ----A---- C:\Windows\system32\mciavi32.dll
                2015-07-05 18:01:12 ----A---- C:\Windows\system32\imgutil.dll
                2015-07-05 18:01:12 ----A---- C:\Windows\system32\diskraid.exe
                2015-07-05 18:01:12 ----A---- C:\Windows\system32\DevicePairingFolder.dll
                2015-07-05 18:01:12 ----A---- C:\Windows\system32\clusapi.dll
                2015-07-05 18:01:12 ----A---- C:\Windows\system32\audiodev.dll
                2015-07-05 18:01:12 ----A---- C:\Windows\system32\acppage.dll
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\wmpdxm.dll
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\vpnikeapi.dll
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\UserAccountControlSettings.dll
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\sdrsvc.dll
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\remotepg.dll
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\raschap.dll
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\QUTIL.DLL
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\onexui.dll
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\olepro32.dll
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\ocsetapi.dll
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\nltest.exe
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\networkexplorer.dll
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\NAPCRYPT.DLL
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\iTVData.dll
                2015-07-05 18:01:11 ----A---- C:\Windows\system32\input.dll
                2015-07-05 18:01:10 ----A---- C:\Windows\system32\wpdwcn.dll
                2015-07-05 18:01:10 ----A---- C:\Windows\system32\vdsbas.dll
                2015-07-05 18:01:10 ----A---- C:\Windows\system32\runonce.exe
                2015-07-05 18:01:10 ----A---- C:\Windows\system32\Mcx2Svc.dll
                2015-07-05 18:01:10 ----A---- C:\Windows\system32\logagent.exe
                2015-07-05 18:01:10 ----A---- C:\Windows\system32\inseng.dll
                2015-07-05 18:01:10 ----A---- C:\Windows\system32\dxdiagn.dll
                2015-07-05 18:01:10 ----A---- C:\Windows\bfsvc.exe
                2015-07-05 18:01:09 ----A---- C:\Windows\system32\msvidc32.dll
                2015-07-05 18:01:09 ----A---- C:\Windows\system32\msiexec.exe
                2015-07-05 18:01:09 ----A---- C:\Windows\system32\MFPlay.dll
                2015-07-05 18:01:09 ----A---- C:\Windows\system32\eapp3hst.dll
                2015-07-05 18:01:09 ----A---- C:\Windows\system32\drivers\rmcast.sys
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\wmpshell.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\wmdrmdev.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\unimdmat.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\tabcal.exe
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\srvcli.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\sqlcese30.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\shacct.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\rdpd3d.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\PortableDeviceSyncProvider.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\PnPUnattend.exe
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\pdh.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\OpcServices.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\ncryptui.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\mprapi.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\lsmproxy.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\iscsium.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\cscapi.dll
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\Bubbles.scr
                2015-07-05 18:01:08 ----A---- C:\Windows\system32\bitsadmin.exe
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\WPDSp.dll
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\utildll.dll
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\Ribbons.scr
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\QSVRMGMT.DLL
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\PortableDeviceStatus.dll
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\olethk32.dll
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\Mystify.scr
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\mshtmled.dll
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\MdSched.exe
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\mapistub.dll
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\mapi32.dll
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\lpremove.exe
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\djoin.exe
                2015-07-05 18:01:07 ----A---- C:\Windows\system32\ActionQueue.dll
                2015-07-05 18:01:06 ----A---- C:\Windows\system32\WMADMOD.DLL
                2015-07-05 18:01:06 ----A---- C:\Windows\system32\wiavideo.dll
                2015-07-05 18:01:06 ----A---- C:\Windows\system32\takeown.exe
                2015-07-05 18:01:06 ----A---- C:\Windows\system32\fphc.dll
                2015-07-05 18:01:06 ----A---- C:\Windows\system32\dot3msm.dll
                2015-07-05 18:01:06 ----A---- C:\Windows\system32\avifil32.dll
                2015-07-05 18:01:05 ----A---- C:\Windows\system32\WMVSDECD.DLL
                2015-07-05 18:01:05 ----A---- C:\Windows\system32\wmdrmnet.dll
                2015-07-05 18:01:05 ----A---- C:\Windows\system32\WindowsAnytimeUpgrade.exe
                2015-07-05 18:01:05 ----A---- C:\Windows\system32\sqmapi.dll
                2015-07-05 18:01:05 ----A---- C:\Windows\system32\sppinst.dll
                2015-07-05 18:01:05 ----A---- C:\Windows\system32\qdv.dll
                2015-07-05 18:01:05 ----A---- C:\Windows\system32\QCLIPROV.DLL
                2015-07-05 18:01:05 ----A---- C:\Windows\system32\msyuv.dll
                2015-07-05 18:01:05 ----A---- C:\Windows\system32\msrle32.dll
                2015-07-05 18:01:05 ----A---- C:\Windows\system32\iyuv_32.dll
                2015-07-05 18:01:05 ----A---- C:\Windows\system32\EhStorAPI.dll
                2015-07-05 18:01:05 ----A---- C:\Windows\system32\cca.dll
                2015-07-05 18:01:04 ----A---- C:\Windows\system32\wsnmp32.dll
                2015-07-05 18:01:04 ----A---- C:\Windows\system32\WMSPDMOD.DLL
                2015-07-05 18:01:04 ----A---- C:\Windows\system32\vfwwdm32.dll
                2015-07-05 18:01:04 ----A---- C:\Windows\system32\unattend.dll
                2015-07-05 18:01:04 ----A---- C:\Windows\system32\setupcln.dll
                2015-07-05 18:01:04 ----A---- C:\Windows\system32\RelPost.exe
                2015-07-05 18:01:04 ----A---- C:\Windows\system32\pdhui.dll
                2015-07-05 18:01:04 ----A---- C:\Windows\system32\MuiUnattend.exe
                2015-07-05 18:01:04 ----A---- C:\Windows\system32\cmstp.exe
                2015-07-05 18:01:04 ----A---- C:\Windows\system32\basesrv.dll
                2015-07-05 18:01:03 ----A---- C:\Windows\system32\wkscli.dll
                2015-07-05 18:01:03 ----A---- C:\Windows\system32\WavDest.dll
                2015-07-05 18:01:03 ----A---- C:\Windows\system32\umb.dll
                2015-07-05 18:01:03 ----A---- C:\Windows\system32\tsbyuv.dll
                2015-07-05 18:01:03 ----A---- C:\Windows\system32\sppuinotify.dll
                2015-07-05 18:01:03 ----A---- C:\Windows\system32\spbcd.dll
                2015-07-05 18:01:03 ----A---- C:\Windows\system32\PrintIsolationProxy.dll
                2015-07-05 18:01:03 ----A---- C:\Windows\system32\netiougc.exe
                2015-07-05 18:01:03 ----A---- C:\Windows\system32\msorcl32.dll
                2015-07-05 18:01:03 ----A---- C:\Windows\system32\iscsicli.exe
                2015-07-05 18:01:03 ----A---- C:\Windows\system32\iasrecst.dll
                2015-07-05 18:01:03 ----A---- C:\Windows\system32\drivers\ndisuio.sys
                2015-07-05 18:01:03 ----A---- C:\Windows\system32\AzSqlExt.dll
                2015-07-05 18:01:02 ----A---- C:\Windows\system32\syssetup.dll
                2015-07-05 18:01:02 ----A---- C:\Windows\system32\resutils.dll
                2015-07-05 18:01:02 ----A---- C:\Windows\system32\rastapi.dll
                2015-07-05 18:01:02 ----A---- C:\Windows\system32\nrpsrv.dll
                2015-07-05 18:01:02 ----A---- C:\Windows\system32\netbtugc.exe
                2015-07-05 18:01:02 ----A---- C:\Windows\system32\mydocs.dll
                2015-07-05 18:01:02 ----A---- C:\Windows\system32\MultiDigiMon.exe
                2015-07-05 18:01:02 ----A---- C:\Windows\system32\itircl.dll
                2015-07-05 18:01:02 ----A---- C:\Windows\system32\diskpart.exe
                2015-07-05 18:01:02 ----A---- C:\Windows\system32\CertPolEng.dll
                2015-07-05 18:01:02 ----A---- C:\Windows\system32\amstream.dll
                2015-07-05 18:01:01 ----A---- C:\Windows\system32\wmpps.dll
                2015-07-05 18:01:01 ----A---- C:\Windows\system32\WerFaultSecure.exe
                2015-07-05 18:01:01 ----A---- C:\Windows\system32\tlscsp.dll
                2015-07-05 18:01:01 ----A---- C:\Windows\system32\ReAgentc.exe
                2015-07-05 18:01:01 ----A---- C:\Windows\system32\netutils.dll
                2015-07-05 18:01:01 ----A---- C:\Windows\system32\FXSTIFF.dll
                2015-07-05 18:01:01 ----A---- C:\Windows\system32\findstr.exe
                2015-07-05 18:01:01 ----A---- C:\Windows\system32\eappgnui.dll
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\wiarpc.dll
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\wdiasqmmodule.dll
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\sppc.dll
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\spopk.dll
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\shimgvw.dll
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\repair-bde.exe
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\muifontsetup.dll
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\mobsync.exe
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\mciqtz32.dll
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\luainstall.dll
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\iccvid.dll
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\HotStartUserAgent.dll
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\drivers\usbrpm.sys
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\drivers\tdi.sys
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\drivers\CompositeBus.sys
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\dosx.exe
                2015-07-05 18:01:00 ----A---- C:\Windows\system32\cabinet.dll
                2015-07-05 18:00:59 ----A---- C:\Windows\system32\unlodctr.exe
                2015-07-05 18:00:59 ----A---- C:\Windows\system32\rdprefdrvapi.dll
                2015-07-05 18:00:59 ----A---- C:\Windows\system32\netcfg.exe
                2015-07-05 18:00:59 ----A---- C:\Windows\system32\msdmo.dll
                2015-07-05 18:00:59 ----A---- C:\Windows\system32\manage-bde.exe
                2015-07-05 18:00:59 ----A---- C:\Windows\system32\inetmib1.dll
                2015-07-05 18:00:57 ----A---- C:\Windows\system32\UIRibbonRes.dll
                2015-07-05 18:00:57 ----A---- C:\Windows\system32\profprov.dll
                2015-07-05 18:00:57 ----A---- C:\Windows\system32\perfts.dll
                2015-07-05 18:00:57 ----A---- C:\Windows\system32\odbcconf.dll
                2015-07-05 18:00:57 ----A---- C:\Windows\system32\drivers\cdrom.sys
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\wshbth.dll
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\TRAPI.dll
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\schedcli.dll
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\RDPENCDD.dll
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\napdsnap.dll
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\msfeedssync.exe
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\LogonUI.exe
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\icaapi.dll
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\FXSMON.dll
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\elsTrans.dll
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\dsauth.dll
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\drivers\tunnel.sys
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\drivers\dfsc.sys
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\cscdll.dll
                2015-07-05 18:00:56 ----A---- C:\Windows\system32\bitsperf.dll
                2015-07-05 18:00:55 ----A---- C:\Windows\system32\wsdchngr.dll
                2015-07-05 18:00:55 ----A---- C:\Windows\system32\sscore.dll
                2015-07-05 18:00:55 ----A---- C:\Windows\system32\shgina.dll
                2015-07-05 18:00:55 ----A---- C:\Windows\system32\riched32.dll
                2015-07-05 18:00:55 ----A---- C:\Windows\system32\drivers\ndiswan.sys
                2015-07-05 18:00:55 ----A---- C:\Windows\system32\drivers\acpipmi.sys
                2015-07-05 18:00:54 ----A---- C:\Windows\system32\rdpcfgex.dll
                2015-07-05 18:00:54 ----A---- C:\Windows\system32\drivers\hidusb.sys
                2015-07-05 18:00:53 ----A---- C:\Windows\system32\wshirda.dll
                2015-07-05 18:00:53 ----A---- C:\Windows\system32\drivers\IPMIDrv.sys
                2015-07-05 18:00:52 ----A---- C:\Windows\system32\drivers\USBCAMD2.sys
                2015-07-05 18:00:52 ----A---- C:\Windows\system32\drivers\USBCAMD.sys
                2015-07-05 18:00:52 ----A---- C:\Windows\system32\drivers\kbdhid.sys
                2015-07-05 18:00:51 ----A---- C:\Windows\system32\drivers\wanarp.sys
                2015-07-05 18:00:51 ----A---- C:\Windows\system32\drivers\umbus.sys
                2015-07-05 18:00:51 ----A---- C:\Windows\system32\drivers\tdpipe.sys
                2015-07-05 18:00:51 ----A---- C:\Windows\system32\drivers\HdAudio.sys
                2015-07-05 18:00:51 ----A---- C:\Windows\system32\browseui.dll
                2015-07-05 18:00:50 ----A---- C:\Windows\system32\shunimpl.dll
                2015-07-05 18:00:50 ----A---- C:\Windows\system32\RDPREFDD.dll
                2015-07-05 18:00:50 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
                2015-07-05 18:00:50 ----A---- C:\Windows\system32\drivers\scfilter.sys
                2015-07-05 18:00:50 ----A---- C:\Windows\system32\drivers\RDPCDD.sys
                2015-07-05 18:00:50 ----A---- C:\Windows\system32\drivers\hdaudbus.sys
                2015-07-05 18:00:50 ----A---- C:\Windows\system32\C_ISCII.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDUS.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDUGHR1.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDTURME.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDTUQ.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDTUF.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDTAJIK.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDSG.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDSF.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDPO.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDNEPR.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDMON.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDMAORI.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDLT1.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\kbdlk41a.dll
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDINTEL.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDINTAM.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDINORI.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDINMAR.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDINKAN.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDINHIN.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDINBEN.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDGR1.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDGKL.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDGEO.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDCZ1.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDBULG.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\KBDBLR.DLL
                2015-07-05 18:00:49 ----A---- C:\Windows\system32\dpnaddr.dll
                2015-07-05 18:00:48 ----A---- C:\Windows\system32\spwizres.dll
                2015-07-05 18:00:48 ----A---- C:\Windows\system32\pifmgr.dll
                2015-07-05 18:00:48 ----A---- C:\Windows\system32\nlsbres.dll
                2015-07-05 18:00:48 ----A---- C:\Windows\system32\BlbEvents.dll
                2015-07-05 18:00:34 ----A---- C:\Windows\system32\wdscore.dll
                2015-07-05 18:00:13 ----A---- C:\Windows\system32\wbemcomn.dll
                2015-07-05 17:25:59 ----D---- C:\Users\DV\AppData\Roaming\Mozilla
                2015-07-05 17:25:48 ----D---- C:\ProgramData\Mozilla
                2015-07-05 17:25:47 ----D---- C:\Program Files\Mozilla Maintenance Service
                2015-07-05 17:25:39 ----D---- C:\Program Files\Mozilla Firefox
                2015-07-05 16:41:03 ----D---- C:\Windows\ELAMBKUP
                2015-07-05 16:40:58 ----D---- C:\Program Files\Kaspersky Lab
                2015-07-05 16:40:57 ----D---- C:\ProgramData\Kaspersky Lab
                2015-07-05 16:40:47 ----A---- C:\ProgramData\ntuser.dat
                2015-07-05 00:22:34 ----D---- C:\Users\DV\AppData\Roaming\ATI
                2015-07-05 00:22:32 ----D---- C:\ProgramData\AMD
                2015-07-05 00:12:27 ----D---- C:\Program Files\ATI
                2015-07-05 00:00:18 ----D---- C:\Program Files\Microsoft.NET
                2015-07-04 23:59:47 ----SHD---- C:\Windows\Installer
                2015-07-04 23:46:25 ----D---- C:\Users\DV\AppData\Roaming\ASUS
                2015-07-04 23:46:20 ----A---- C:\Windows\system32\wrap_oal.dll
                2015-07-04 23:46:20 ----A---- C:\Windows\system32\OpenAL32.dll
                2015-07-04 23:46:01 ----N---- C:\Windows\system32\cmasiop.ini
                2015-07-04 23:46:01 ----N---- C:\Windows\system32\cmasiop.dll
                2015-07-04 23:46:00 ----N---- C:\Windows\system32\Cm_Oal.dll
                2015-07-04 23:45:25 ----N---- C:\Windows\system32\Cmeauoxy.exe
                2015-07-04 23:45:25 ----D---- C:\Program Files\ASUS Xonar DG Audio
                2015-07-04 23:44:45 ----A---- C:\Windows\system32\drivers\cmudaxp.sys
                2015-07-04 23:44:45 ----A---- C:\Windows\system32\cmudaxp.dll
                2015-07-04 23:44:38 ----N---- C:\Windows\system32\CmiInstallResAll.dll
                2015-07-04 23:44:29 ----RA---- C:\Windows\difxapi.dll
                2015-07-04 23:40:43 ----SD---- C:\Windows\system32\CompatTel
                2015-07-04 23:40:43 ----D---- C:\Windows\system32\appraiser
                2015-07-04 23:40:43 ----D---- C:\Windows\Migration
                2015-07-04 22:37:19 ----D---- C:\Windows\Panther
                2015-07-04 22:07:18 ----D---- C:\Program Files\Common Files\ATI Technologies
                2015-07-04 22:07:17 ----D---- C:\Program Files\AMD
                2015-07-04 22:06:22 ----N---- C:\Windows\system32\MpSigStub.exe
                2015-07-04 22:03:06 ----D---- C:\Windows\system32\MRT
                2015-07-04 22:03:03 ----A---- C:\Windows\system32\MRT.exe
                2015-07-04 22:01:51 ----A---- C:\Windows\system32\aitstatic.exe
                2015-07-04 22:01:50 ----A---- C:\Windows\system32\aepic.dll
                2015-07-04 21:58:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
                2015-07-04 21:55:24 ----D---- C:\Users\DV\AppData\Roaming\Identities
                2015-07-04 21:55:11 ----SD---- C:\Users\DV\AppData\Roaming\Microsoft
                2015-07-04 21:55:11 ----D---- C:\Users\DV\AppData\Roaming\Media Center Programs
                2015-07-04 21:54:55 ----SHD---- C:\ProgramData\Sjablonen
                2015-07-04 21:54:55 ----SHD---- C:\ProgramData\Menu Start
                2015-07-04 21:54:55 ----SHD---- C:\ProgramData\Favorieten
                2015-07-04 21:54:55 ----SHD---- C:\ProgramData\Documenten
                2015-07-04 21:54:55 ----SHD---- C:\ProgramData\Bureaublad
                2015-07-04 21:39:01 ----D---- C:\Windows\Prefetch
                2015-07-04 21:38:40 ----ASH---- C:\hiberfil.sys
                2015-07-04 16:56:45 ----SHD---- C:\Recovery
                2015-07-03 19:43:54 ----D---- C:\RegBackup
                2015-07-03 17:05:45 ----RHD---- C:\MSOCache
                2015-07-03 07:51:40 ----RASH---- C:\BOOTSECT.BAK
                2015-07-03 07:51:39 ----SHD---- C:\Boot
                2015-07-03 06:52:50 ----SHD---- C:\System Volume Information
                2015-07-03 06:52:50 ----ASH---- C:\pagefile.sys

                Comment


                • #9
                  ======List of files/folders modified in the last 1 month======

                  2015-07-07 00:39:16 ----D---- C:\Windows\Temp
                  2015-07-07 00:38:57 ----RD---- C:\Program Files
                  2015-07-07 00:31:08 ----D---- C:\Windows\system32\config
                  2015-07-06 23:50:38 ----D---- C:\Windows
                  2015-07-06 23:50:29 ----D---- C:\Windows\System32
                  2015-07-06 20:45:41 ----D---- C:\Windows\inf
                  2015-07-06 20:40:56 ----D---- C:\Windows\winsxs
                  2015-07-06 20:40:41 ----D---- C:\Windows\system32\catroot2
                  2015-07-06 20:22:31 ----HD---- C:\ProgramData
                  2015-07-06 20:22:05 ----D---- C:\Windows\system32\drivers
                  2015-07-06 18:32:37 ----D---- C:\Windows\system32\LogFiles
                  2015-07-06 17:37:00 ----D---- C:\Program Files\Internet Explorer
                  2015-07-06 17:17:00 ----D---- C:\Windows\system32\migration
                  2015-07-06 16:39:34 ----D---- C:\Program Files\Common Files
                  2015-07-06 16:34:12 ----D---- C:\Windows\system32\Tasks
                  2015-07-06 16:34:11 ----D---- C:\Windows\Tasks
                  2015-07-06 06:12:49 ----D---- C:\Windows\rescache
                  2015-07-06 05:11:39 ----D---- C:\Windows\system32\nl-NL
                  2015-07-06 05:11:38 ----RSD---- C:\Windows\Fonts
                  2015-07-06 05:11:37 ----D---- C:\Windows\system32\DriverStore
                  2015-07-06 04:51:45 ----D---- C:\Windows\Microsoft.NET
                  2015-07-06 04:47:45 ----RSD---- C:\Windows\assembly
                  2015-07-06 04:14:10 ----D---- C:\Windows\system32\drivers\nl-NL
                  2015-07-06 04:14:10 ----D---- C:\Windows\PolicyDefinitions
                  2015-07-06 04:14:09 ----D---- C:\Windows\ehome
                  2015-07-06 04:14:09 ----D---- C:\Program Files\Common Files\System
                  2015-07-06 04:14:08 ----D---- C:\Windows\system32\wbem
                  2015-07-06 03:35:43 ----D---- C:\Windows\Logs
                  2015-07-06 03:35:27 ----D---- C:\Windows\AppCompat
                  2015-07-06 01:24:37 ----D---- C:\Windows\tracing
                  2015-07-06 01:12:39 ----D---- C:\Windows\system32\catroot
                  2015-07-06 01:11:34 ----D---- C:\Windows\system32\AdvancedInstallers
                  2015-07-06 01:11:33 ----D---- C:\Windows\AppPatch
                  2015-07-06 01:11:30 ----D---- C:\Windows\system32\Dism
                  2015-07-06 01:11:07 ----D---- C:\Program Files\Windows Journal
                  2015-07-06 01:11:04 ----D---- C:\Windows\system32\zh-HK
                  2015-07-06 01:11:04 ----D---- C:\Windows\system32\pt-PT
                  2015-07-06 01:11:04 ----D---- C:\Windows\system32\pt-BR
                  2015-07-06 01:11:04 ----D---- C:\Windows\system32\pl-PL
                  2015-07-06 01:11:04 ----D---- C:\Windows\system32\ko-KR
                  2015-07-06 01:11:04 ----D---- C:\Windows\system32\it-IT
                  2015-07-06 01:11:04 ----D---- C:\Windows\system32\hu-HU
                  2015-07-06 01:11:04 ----D---- C:\Windows\system32\el-GR
                  2015-07-06 01:11:04 ----D---- C:\Program Files\Windows Media Player
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\zh-TW
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\zh-CN
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\tr-TR
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\sv-SE
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\ru-RU
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\nb-NO
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\ja-JP
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\fr-FR
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\fi-FI
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\es-ES
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\en-US
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\de-DE
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\da-DK
                  2015-07-06 01:11:03 ----D---- C:\Windows\system32\cs-CZ
                  2015-07-06 01:10:57 ----D---- C:\Program Files\Windows Defender
                  2015-07-06 01:10:51 ----D---- C:\Windows\system32\CodeIntegrity
                  2015-07-06 01:10:51 ----D---- C:\Windows\system32\Boot
                  2015-07-05 23:27:05 ----SD---- C:\ProgramData\Microsoft
                  2015-07-05 20:07:33 ----D---- C:\Windows\debug
                  2015-07-05 19:45:34 ----D---- C:\Program Files\Windows Sidebar
                  2015-07-05 19:45:34 ----D---- C:\Program Files\Windows Mail
                  2015-07-05 19:45:34 ----D---- C:\Program Files\DVD Maker
                  2015-07-05 19:45:28 ----D---- C:\Program Files\Windows Portable Devices
                  2015-07-05 19:45:23 ----D---- C:\Program Files\Windows Photo Viewer
                  2015-07-05 19:44:47 ----D---- C:\Windows\servicing
                  2015-07-05 19:43:08 ----D---- C:\Windows\system32\oobe
                  2015-07-05 19:43:02 ----D---- C:\Windows\system32\sysprep
                  2015-07-05 19:42:47 ----D---- C:\Windows\system32\Setup
                  2015-07-05 19:42:47 ----D---- C:\Windows\system32\manifeststore
                  2015-07-05 19:42:45 ----D---- C:\Windows\system32\sppui
                  2015-07-05 19:42:09 ----D---- C:\Windows\system32\migwiz
                  2015-07-05 18:55:48 ----A---- C:\Windows\system32\msclmd.dll
                  2015-07-05 16:23:34 ----D---- C:\Windows\system32\wdi
                  2015-07-05 00:12:58 ----D---- C:\Program Files\Common Files\microsoft shared
                  2015-07-04 23:46:00 ----D---- C:\Windows\system
                  2015-07-04 21:55:26 ----D---- C:\Windows\system32\restore
                  2015-07-04 21:55:21 ----SHD---- C:\$Recycle.Bin
                  2015-07-04 21:55:08 ----RD---- C:\Users
                  2015-07-04 21:54:55 ----D---- C:\Windows\system32\Recovery
                  2015-07-04 21:54:55 ----D---- C:\Program Files\Windows NT
                  2015-07-04 21:42:34 ----D---- C:\Windows\system32\drivers\UMDF

                  ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

                  R0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK); C:\Windows\system32\DRIVERS\cm_km_w.sys [2015-07-05 197864]
                  R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2015-07-05 153784]
                  R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
                  R1 klhk;klhk; C:\Windows\system32\DRIVERS\klhk.sys [2015-07-05 44208]
                  R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2015-07-05 705208]
                  R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2015-07-05 34160]
                  R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2015-07-05 23920]
                  R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2015-07-05 54328]
                  R1 Klwtp;Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [2015-07-05 72560]
                  R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2015-07-05 157240]
                  R2 kldisk;kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [2015-07-05 54640]
                  R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
                  R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-11-21 16955392]
                  R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-11-21 472576]
                  R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2014-06-21 77824]
                  R3 cmudaxp;ASUS Xonar DG Audio Interface; C:\Windows\system32\drivers\cmudaxp.sys [2011-03-10 1760256]
                  R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2015-07-05 128728]
                  R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2015-07-05 36208]
                  R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2015-07-05 35696]
                  R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
                  R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
                  S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
                  S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
                  S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
                  S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
                  S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
                  S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
                  S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
                  S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
                  S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
                  S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

                  ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

                  R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-11-21 212992]
                  R2 AVP15.0.2;Kaspersky Anti-Virus Service 15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [2015-07-05 194000]
                  R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
                  S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
                  S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-06 268976]
                  S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-07-01 148136]
                  S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
                  S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
                  S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
                  S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

                  -----------------EOF-----------------
                  Last edited by Spijker; 07-07-15, 22:15.

                  Comment


                  • #10
                    Hieronder de logs van de programma's waarvan gevraagd is deze te doen
                    Een hele hoop logs die niet gevraagd werden.

                    Voorts: NOOIT Combofix runnen zonder het advies van een Gekwalificeerd Helper. De kans dat je je systeem ermee naar de knoppen helpt is groot.
                    Ik begrijp ook niet waarom je RKill draait.


                    Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                    ComboFix /Uninstall

                    Zorg ervoor dat er dus een spatie is tussen Combofix en /
                    Daarna klik je op Enter.


                    Klik op de afbeelding om te vergroten....


                    Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw,
                    verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen
                    en reset je Systeemherstel opnieuw.




                    Download of Update Ccleaner

                    Start CCleaner op.
                    • Run Ccleaner en klik in de linkse kolom op Opties
                    • Selecteer het tabblad Geavanceerd
                    • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                    • Selecteer het tabblad Instellingen
                    • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                    • Klik in de linkse kolom op Cleaner.
                    • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                    • Klik vervolgens in de linkse kolom op Register
                    • Klik op Scan naar problemen.
                    • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                    • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                    .


                    Emphyrio
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Hoi,

                      Op de eerste plaats bedankt dat je me wilt helpen.

                      Op de tweede plaats weet ik dat ook niet, ik heb al geruime tijd last van problemen en het houdt maar niet op, vandaar dat ik heel veel programma's heb gedownload en ze heb laten draaien. Ik ben nog niet eens op de helft, en toen kwam ik via via hier terecht en ben ik even gestopt met het laten draaien van die programma's.

                      Wanneer ik de eerste opdracht uitvoer gebeurd er niets, dus ik neem aan dat het er dan niet meer aanwezig is?
                      Dit mede omdat ik al heel lang gebruik maak van CCleaner en ik elke dag voordat ik mijn pc uitzet na het schoonmaken ook de registerscan laat uitvoeren?

                      En vannacht kreeg ik weer een update van Microsoft die zich herhadelijk liet downloaden en installeren - vijf keer achterelkaar was deze geïnstalleerd. Na het verwijderen wilde ik het opnieuw uitvoeren en toen kreeg ik de melding: foutcode 80244019

                      Ergens klopt er nog steeds iets niet met m'n pc...die hits hebben dat ook laten zien - ik heb er nog niets meer gedaan, dus het staat er allemaal nog op.

                      Comment


                      • #12
                        Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                        c:\users\DV\Downloads\ComboFix.exe /Uninstall

                        Zorg ervoor dat er dus een spatie is tussen Combofix en /
                        Daarna klik je op Enter.


                        Klik op de afbeelding om te vergroten....


                        Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw,
                        verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen
                        en reset je Systeemherstel opnieuw.


                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Hoi,

                          Hij geeft nog steeds aan deze niet te kunnen vinden.
                          En het zit het de logjes die ik heb doorgestuurd want ik kan ineens weer niets downloaden via de Windows updates? Hij geeft code 80244019 aan?

                          Groet,

                          Spijker

                          Comment


                          • #14
                            Dan doe je toch iets fout, want :
                            Gestart vanuit: c:\users\DV\Downloads\ComboFix.exe
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              zie bijlagen:

                              Click image for larger version

Name:	uitvoeren.jpg
Views:	1
Size:	37,9 KB
ID:	1068346

                              Click image for larger version

Name:	foutmelding.jpg
Views:	1
Size:	32,9 KB
ID:	1068347

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X