Ik had corrupte bestanden in windows nu was mijn vraag er door een infectie zijn corrupt geraakt en of er nog infectie is.
behandeld in dit topic http://ift.tt/1WaCJaC
Malwarebytes Anti-Malware
www.malwarebytes.org
Scandatum: 19/09/2015
Scantijd: 21:09
Logboekbestand: malware byte log.txt
Beheerder: Ja
Versie: 2.1.8.1057
Malware-database: v2015.09.19.06
Rootkit-database: v2015.09.18.01
Licentie: Gratis
Malware-bescherming: Uitgeschakeld
Bescherming tegen kwaadaardige websites: Uitgeschakeld
Zelfbescherming: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: pechkiek03
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 457226
Verstreken tijd: 24 min, 10 sec
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(Geen kwaadaardige items gedetecteerd)
Modules: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
Registerwaarden: 0
(Geen kwaadaardige items gedetecteerd)
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
Mappen: 0
(Geen kwaadaardige items gedetecteerd)
Bestanden: 0
(Geen kwaadaardige items gedetecteerd)
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
(end)
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-09-19 21:34:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 SAMSUNG_HD642JJ rev.1AA01118 596,17GB
Running: lme8xd97.exe; Driver: C:\Users\PECHKI~1\AppData\Local\Temp\fwddrkoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\kernel32.dll!SetUnhandledExcep tionFilter 00000000769a8769 4 bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076081401 2 bytes JMP 769cb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076081419 2 bytes JMP 769cb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076081431 2 bytes JMP 76a48f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007608144a 2 bytes CALL 769a4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000760814dd 2 bytes JMP 76a48832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseN ameA + 17 00000000760814f5 2 bytes JMP 76a48a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007608150d 2 bytes JMP 76a48728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseN ameW + 17 0000000076081525 2 bytes JMP 76a48af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007608153d 2 bytes JMP 769bfc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076081555 2 bytes JMP 769c68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007608156d 2 bytes JMP 76a48ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076081585 2 bytes JMP 76a48b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007608159d 2 bytes JMP 76a486ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000760815b5 2 bytes JMP 769bfd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000760815cd 2 bytes JMP 769cb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileN ameW + 20 00000000760816b2 2 bytes JMP 76a48eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileN ameW + 31 00000000760816bd 2 bytes JMP 76a48681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076081401 2 bytes JMP 769cb20b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076081419 2 bytes JMP 769cb336 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076081431 2 bytes JMP 76a48f39 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007608144a 2 bytes CALL 769a4885 C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760814dd 2 bytes JMP 76a48832 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 00000000760814f5 2 bytes JMP 76a48a08 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007608150d 2 bytes JMP 76a48728 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000076081525 2 bytes JMP 76a48af2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007608153d 2 bytes JMP 769bfc98 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076081555 2 bytes JMP 769c68df C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007608156d 2 bytes JMP 76a48ff1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076081585 2 bytes JMP 76a48b52 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007608159d 2 bytes JMP 76a486ec C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760815b5 2 bytes JMP 769bfd31 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760815cd 2 bytes JMP 769cb2cc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 00000000760816b2 2 bytes JMP 76a48eb4 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 00000000760816bd 2 bytes JMP 76a48681 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076081401 2 bytes JMP 769cb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076081419 2 bytes JMP 769cb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076081431 2 bytes JMP 76a48f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007608144a 2 bytes CALL 769a4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760814dd 2 bytes JMP 76a48832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 00000000760814f5 2 bytes JMP 76a48a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007608150d 2 bytes JMP 76a48728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000076081525 2 bytes JMP 76a48af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007608153d 2 bytes JMP 769bfc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076081555 2 bytes JMP 769c68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007608156d 2 bytes JMP 76a48ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076081585 2 bytes JMP 76a48b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007608159d 2 bytes JMP 76a486ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760815b5 2 bytes JMP 769bfd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760815cd 2 bytes JMP 769cb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 00000000760816b2 2 bytes JMP 76a48eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 00000000760816bd 2 bytes JMP 76a48681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076081401 2 bytes JMP 769cb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076081419 2 bytes JMP 769cb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076081431 2 bytes JMP 76a48f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007608144a 2 bytes CALL 769a4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760814dd 2 bytes JMP 76a48832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 00000000760814f5 2 bytes JMP 76a48a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007608150d 2 bytes JMP 76a48728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000076081525 2 bytes JMP 76a48af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007608153d 2 bytes JMP 769bfc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076081555 2 bytes JMP 769c68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007608156d 2 bytes JMP 76a48ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076081585 2 bytes JMP 76a48b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007608159d 2 bytes JMP 76a486ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760815b5 2 bytes JMP 769bfd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760815cd 2 bytes JMP 769cb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 00000000760816b2 2 bytes JMP 76a48eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 00000000760816bd 2 bytes JMP 76a48681 C:\Windows\syswow64\kernel32.dll
? C:\Windows\system32\mssprxy.dll [1184] entry point in ".rdata" section 00000000699b71e6
---- EOF - GMER 2.1 ----
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18015
Run by pechkiek03 at 21:41:14 on 2015-09-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6135.3960 [GMT 2:00]
.
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Persoonlijke firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CBEFD9A2-9D65-47B1-9702-71B86A733A46} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSyst emStart
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwf p.sys [2015-7-14 72400]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.s ys [2015-7-14 255240]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2015-7-14 53360]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2015-7-8 1353720]
R2 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2015-8-25 759712]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-23 1617696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-23 21007192]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2013-8-15 145736]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-9-9 409776]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\dr ivers\mbam.sys [2014-9-21 25816]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-28 18776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-28 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S?4 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\dr ivers\MBAMSwissArmy.sys [2014-9-21 113880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-5-29 1133880]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2015-8-23 282112]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-9-10 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windo ws\System32\drivers\mwac.sys [2014-9-21 63704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUs bFlt.sys [2011-10-14 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-14 1255736]
.
=============== Created Last 30 ================
.
2015-09-19 19:25:06 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{502A85DB-8F68-4B8B-B322-6E2C7D64049E}\offreg.2268.dll
2015-09-18 19:38:54 11062400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{502A85DB-8F68-4B8B-B322-6E2C7D64049E}\mpengine.dll
2015-09-15 01:04:30 -------- d--h--w- C:\$Windows.~BT
2015-09-15 00:29:28 -------- d-----w- C:\375ef7d18aa138b108a903b2189a0426
2015-09-14 20:10:06 -------- dc----w- C:\Users\pechkiek03\AppData\Local\MigWiz
2015-09-10 23:29:53 -------- d-s---w- C:\Windows\System32\CompatTel
2015-09-10 22:29:04 -------- d-----w- C:\Windows\System32\catroot2
2015-09-10 22:24:40 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2015-09-10 21:59:01 -------- d-----w- C:\RegBackup
2015-09-10 21:56:49 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2015-09-09 22:01:59 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-09-09 22:01:59 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-09-09 22:01:59 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-09-09 22:01:59 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-09-09 22:01:59 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-09-09 22:01:59 3209216 ----a-w- C:\Windows\System32\win32k.sys
2015-09-09 22:01:59 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-09-09 22:01:59 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-09-09 22:01:59 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-09-09 22:01:59 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-09-09 22:01:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-09-09 00:55:00 -------- d-----w- C:\Program Files\VideoLAN
2015-09-08 22:26:43 608048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-09-08 10:02:35 -------- d-----w- C:\Users\pechkiek03\AppData\Roaming\Foxit Scanner Images
2015-09-07 23:44:00 -------- d-----w- C:\SFCFix
2015-09-07 23:43:07 -------- d-----w- C:\Users\pechkiek03\AppData\Local\niemiro
2015-09-07 00:33:41 -------- d-sh--w- C:\$RECYCLE.BIN
2015-08-30 21:13:01 -------- d-----w- C:\Program Files (x86)\Garmin
2015-08-30 20:48:53 -------- d-----w- C:\ProgramData\Package Cache
2015-08-22 23:41:03 -------- d-----r- C:\Users\pechkiek03\AppData\Roaming\Brother
2015-08-22 22:59:00 -------- d-----w- C:\Users\pechkiek03\AppData\Roaming\Zeon
2015-08-22 22:39:53 -------- d-----w- C:\Users\pechkiek03\AppData\Roaming\ControlCenter4
2015-08-22 22:39:48 -------- d-----w- C:\Users\pechkiek03\AppData\Roaming\FLEXnet
2015-08-22 22:27:47 73728 ----a-w- C:\Windows\SysWow64\BrDctF2.dll
2015-08-22 22:27:47 5120 ----a-w- C:\Windows\SysWow64\BrDctF2L.dll
2015-08-22 22:27:47 3072 ----a-w- C:\Windows\SysWow64\BrDctF2S.dll
2015-08-22 22:27:47 214016 ----a-w- C:\Windows\SysWow64\NSSearch.dll
2015-08-22 22:27:47 -------- d-----w- C:\Program Files (x86)\Brother
2015-08-22 22:23:23 -------- d-----w- C:\Program Files\Nuance
2015-08-22 22:22:53 -------- d-----w- C:\ProgramData\zeon
2015-08-22 22:22:06 -------- d-----w- C:\Users\pechkiek03\AppData\Roaming\Nuance
2015-08-22 22:21:31 -------- d-----w- C:\ProgramData\Nuance
2015-08-22 22:21:31 -------- d-----w- C:\Program Files (x86)\Nuance
2015-08-22 22:21:31 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft Shared
2015-08-22 22:18:11 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2015-08-22 22:17:54 -------- d-----w- C:\ProgramData\Brother
.
==================== Find3M ====================
.
2015-09-19 19:01:54 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-08-27 18:18:27 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2015-08-27 18:18:27 1887232 ----a-w- C:\Windows\System32\msxml3.dll
2015-08-27 18:13:03 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2015-08-27 18:13:03 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-08-27 17:58:14 1391104 ----a-w- C:\Windows\SysWow64\msxml6.dll
2015-08-27 17:58:14 1241088 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-08-27 17:51:26 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2015-08-27 17:51:26 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-08-26 18:07:11 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-08-26 18:07:11 3165696 ----a-w- C:\Windows\System32\wucltux.dll
2015-08-26 18:07:11 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-08-26 18:06:43 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-08-26 18:06:33 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-08-26 18:06:30 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-08-26 17:56:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-08-26 17:56:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-08-26 17:55:37 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-08-18 00:07:25 6783280 ----a-w- C:\Windows\System32\nvcpl.dll
2015-08-18 00:07:24 3522168 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-08-18 00:07:22 933168 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-08-18 00:07:22 62768 ----a-w- C:\Windows\System32\nvshext.dll
2015-08-18 00:07:22 385144 ----a-w- C:\Windows\System32\nvmctray.dll
2015-08-18 00:07:22 2558768 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-08-18 00:06:25 5147024 ----a-w- C:\Windows\System32\nvcoproc.bin
2015-08-15 06:34:10 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-08-15 06:33:56 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-08-15 06:18:47 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-08-15 06:18:00 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-08-15 06:17:54 417792 ----a-w- C:\Windows\System32\html.iec
2015-08-15 06:17:49 585216 ----a-w- C:\Windows\System32\vbscript.dll
2015-08-15 06:17:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-08-15 06:04:47 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-08-15 06:04:46 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-08-15 06:04:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-08-15 06:00:44 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-08-15 05:57:20 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-08-15 05:53:22 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-08-15 05:46:15 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-08-15 05:40:29 504832 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-08-15 05:40:12 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-08-15 05:39:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-08-15 05:39:22 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-08-15 05:38:34 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-08-15 05:29:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-08-15 05:29:12 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-08-15 05:22:47 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-08-15 05:22:03 2126336 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-08-15 05:16:37 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-08-15 05:10:32 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-08-15 05:07:28 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-08-15 05:01:47 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-08-15 05:01:23 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-08-15 04:43:00 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-08-13 20:09:38 249856 ----a-w- C:\Windows\Setup1.exe
2015-08-13 20:09:36 73216 ----a-w- C:\Windows\ST6UNST.EXE
2015-08-12 14:29:37 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-12 14:29:37 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-05 17:56:14 1110016 ----a-w- C:\Windows\System32\schedsvc.dll
2015-08-05 17:56:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-08-05 17:56:06 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-08-05 17:40:50 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-08-04 18:03:10 692672 ----a-w- C:\Windows\System32\winload.efi
2015-08-04 18:00:24 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-08-04 17:56:54 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2015-08-04 17:56:37 59392 ----a-w- C:\Windows\System32\appidapi.dll
2015-08-04 17:56:37 32768 ----a-w- C:\Windows\System32\appidsvc.dll
2015-08-04 17:55:57 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-08-04 17:55:57 147456 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2015-08-04 17:47:42 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2015-08-04 16:58:09 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-07-30 18:06:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 13:13:38 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNativ e_v0300.dll
2015-07-30 13:13:11 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2015-07-23 00:06:26 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-23 00:06:25 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-23 00:06:25 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-23 00:03:19 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-23 00:03:07 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-23 00:03:07 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-23 00:03:07 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-23 00:03:06 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-23 00:01:53 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-23 00:01:39 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-23 00:01:32 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-22 23:58:17 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-22 23:57:53 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-22 23:51:59 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-22 17:57:49 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-22 17:57:49 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-22 17:54:12 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-22 17:52:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-22 17:52:19 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-22 17:52:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-22 17:52:03 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-22 17:52:03 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
.
============= FINISH: 21:41:48,50 ===============
behandeld in dit topic http://ift.tt/1WaCJaC
Malwarebytes Anti-Malware
www.malwarebytes.org
Scandatum: 19/09/2015
Scantijd: 21:09
Logboekbestand: malware byte log.txt
Beheerder: Ja
Versie: 2.1.8.1057
Malware-database: v2015.09.19.06
Rootkit-database: v2015.09.18.01
Licentie: Gratis
Malware-bescherming: Uitgeschakeld
Bescherming tegen kwaadaardige websites: Uitgeschakeld
Zelfbescherming: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: pechkiek03
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 457226
Verstreken tijd: 24 min, 10 sec
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(Geen kwaadaardige items gedetecteerd)
Modules: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
Registerwaarden: 0
(Geen kwaadaardige items gedetecteerd)
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
Mappen: 0
(Geen kwaadaardige items gedetecteerd)
Bestanden: 0
(Geen kwaadaardige items gedetecteerd)
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
(end)
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-09-19 21:34:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 SAMSUNG_HD642JJ rev.1AA01118 596,17GB
Running: lme8xd97.exe; Driver: C:\Users\PECHKI~1\AppData\Local\Temp\fwddrkoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\kernel32.dll!SetUnhandledExcep tionFilter 00000000769a8769 4 bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076081401 2 bytes JMP 769cb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076081419 2 bytes JMP 769cb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076081431 2 bytes JMP 76a48f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007608144a 2 bytes CALL 769a4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000760814dd 2 bytes JMP 76a48832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseN ameA + 17 00000000760814f5 2 bytes JMP 76a48a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007608150d 2 bytes JMP 76a48728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseN ameW + 17 0000000076081525 2 bytes JMP 76a48af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007608153d 2 bytes JMP 769bfc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076081555 2 bytes JMP 769c68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007608156d 2 bytes JMP 76a48ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076081585 2 bytes JMP 76a48b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007608159d 2 bytes JMP 76a486ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000760815b5 2 bytes JMP 769bfd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000760815cd 2 bytes JMP 769cb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileN ameW + 20 00000000760816b2 2 bytes JMP 76a48eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileN ameW + 31 00000000760816bd 2 bytes JMP 76a48681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076081401 2 bytes JMP 769cb20b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076081419 2 bytes JMP 769cb336 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076081431 2 bytes JMP 76a48f39 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007608144a 2 bytes CALL 769a4885 C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760814dd 2 bytes JMP 76a48832 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 00000000760814f5 2 bytes JMP 76a48a08 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007608150d 2 bytes JMP 76a48728 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000076081525 2 bytes JMP 76a48af2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007608153d 2 bytes JMP 769bfc98 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076081555 2 bytes JMP 769c68df C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007608156d 2 bytes JMP 76a48ff1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076081585 2 bytes JMP 76a48b52 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007608159d 2 bytes JMP 76a486ec C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760815b5 2 bytes JMP 769bfd31 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760815cd 2 bytes JMP 769cb2cc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 00000000760816b2 2 bytes JMP 76a48eb4 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[1944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 00000000760816bd 2 bytes JMP 76a48681 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076081401 2 bytes JMP 769cb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076081419 2 bytes JMP 769cb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076081431 2 bytes JMP 76a48f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007608144a 2 bytes CALL 769a4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760814dd 2 bytes JMP 76a48832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 00000000760814f5 2 bytes JMP 76a48a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007608150d 2 bytes JMP 76a48728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000076081525 2 bytes JMP 76a48af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007608153d 2 bytes JMP 769bfc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076081555 2 bytes JMP 769c68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007608156d 2 bytes JMP 76a48ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076081585 2 bytes JMP 76a48b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007608159d 2 bytes JMP 76a486ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760815b5 2 bytes JMP 769bfd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760815cd 2 bytes JMP 769cb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 00000000760816b2 2 bytes JMP 76a48eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 00000000760816bd 2 bytes JMP 76a48681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076081401 2 bytes JMP 769cb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076081419 2 bytes JMP 769cb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076081431 2 bytes JMP 76a48f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007608144a 2 bytes CALL 769a4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760814dd 2 bytes JMP 76a48832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 00000000760814f5 2 bytes JMP 76a48a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007608150d 2 bytes JMP 76a48728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 0000000076081525 2 bytes JMP 76a48af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007608153d 2 bytes JMP 769bfc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076081555 2 bytes JMP 769c68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007608156d 2 bytes JMP 76a48ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076081585 2 bytes JMP 76a48b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007608159d 2 bytes JMP 76a486ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760815b5 2 bytes JMP 769bfd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760815cd 2 bytes JMP 769cb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 00000000760816b2 2 bytes JMP 76a48eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 00000000760816bd 2 bytes JMP 76a48681 C:\Windows\syswow64\kernel32.dll
? C:\Windows\system32\mssprxy.dll [1184] entry point in ".rdata" section 00000000699b71e6
---- EOF - GMER 2.1 ----
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18015
Run by pechkiek03 at 21:41:14 on 2015-09-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6135.3960 [GMT 2:00]
.
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Persoonlijke firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CBEFD9A2-9D65-47B1-9702-71B86A733A46} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSyst emStart
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwf p.sys [2015-7-14 72400]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.s ys [2015-7-14 255240]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2015-7-14 53360]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2015-7-8 1353720]
R2 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2015-8-25 759712]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-23 1617696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-23 21007192]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2013-8-15 145736]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-9-9 409776]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\dr ivers\mbam.sys [2014-9-21 25816]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-28 18776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-28 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S?4 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\dr ivers\MBAMSwissArmy.sys [2014-9-21 113880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-5-29 1133880]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2015-8-23 282112]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-9-10 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windo ws\System32\drivers\mwac.sys [2014-9-21 63704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUs bFlt.sys [2011-10-14 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-14 1255736]
.
=============== Created Last 30 ================
.
2015-09-19 19:25:06 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{502A85DB-8F68-4B8B-B322-6E2C7D64049E}\offreg.2268.dll
2015-09-18 19:38:54 11062400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{502A85DB-8F68-4B8B-B322-6E2C7D64049E}\mpengine.dll
2015-09-15 01:04:30 -------- d--h--w- C:\$Windows.~BT
2015-09-15 00:29:28 -------- d-----w- C:\375ef7d18aa138b108a903b2189a0426
2015-09-14 20:10:06 -------- dc----w- C:\Users\pechkiek03\AppData\Local\MigWiz
2015-09-10 23:29:53 -------- d-s---w- C:\Windows\System32\CompatTel
2015-09-10 22:29:04 -------- d-----w- C:\Windows\System32\catroot2
2015-09-10 22:24:40 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2015-09-10 21:59:01 -------- d-----w- C:\RegBackup
2015-09-10 21:56:49 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2015-09-09 22:01:59 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-09-09 22:01:59 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-09-09 22:01:59 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-09-09 22:01:59 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-09-09 22:01:59 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-09-09 22:01:59 3209216 ----a-w- C:\Windows\System32\win32k.sys
2015-09-09 22:01:59 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-09-09 22:01:59 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-09-09 22:01:59 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-09-09 22:01:59 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-09-09 22:01:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-09-09 00:55:00 -------- d-----w- C:\Program Files\VideoLAN
2015-09-08 22:26:43 608048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-09-08 10:02:35 -------- d-----w- C:\Users\pechkiek03\AppData\Roaming\Foxit Scanner Images
2015-09-07 23:44:00 -------- d-----w- C:\SFCFix
2015-09-07 23:43:07 -------- d-----w- C:\Users\pechkiek03\AppData\Local\niemiro
2015-09-07 00:33:41 -------- d-sh--w- C:\$RECYCLE.BIN
2015-08-30 21:13:01 -------- d-----w- C:\Program Files (x86)\Garmin
2015-08-30 20:48:53 -------- d-----w- C:\ProgramData\Package Cache
2015-08-22 23:41:03 -------- d-----r- C:\Users\pechkiek03\AppData\Roaming\Brother
2015-08-22 22:59:00 -------- d-----w- C:\Users\pechkiek03\AppData\Roaming\Zeon
2015-08-22 22:39:53 -------- d-----w- C:\Users\pechkiek03\AppData\Roaming\ControlCenter4
2015-08-22 22:39:48 -------- d-----w- C:\Users\pechkiek03\AppData\Roaming\FLEXnet
2015-08-22 22:27:47 73728 ----a-w- C:\Windows\SysWow64\BrDctF2.dll
2015-08-22 22:27:47 5120 ----a-w- C:\Windows\SysWow64\BrDctF2L.dll
2015-08-22 22:27:47 3072 ----a-w- C:\Windows\SysWow64\BrDctF2S.dll
2015-08-22 22:27:47 214016 ----a-w- C:\Windows\SysWow64\NSSearch.dll
2015-08-22 22:27:47 -------- d-----w- C:\Program Files (x86)\Brother
2015-08-22 22:23:23 -------- d-----w- C:\Program Files\Nuance
2015-08-22 22:22:53 -------- d-----w- C:\ProgramData\zeon
2015-08-22 22:22:06 -------- d-----w- C:\Users\pechkiek03\AppData\Roaming\Nuance
2015-08-22 22:21:31 -------- d-----w- C:\ProgramData\Nuance
2015-08-22 22:21:31 -------- d-----w- C:\Program Files (x86)\Nuance
2015-08-22 22:21:31 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft Shared
2015-08-22 22:18:11 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2015-08-22 22:17:54 -------- d-----w- C:\ProgramData\Brother
.
==================== Find3M ====================
.
2015-09-19 19:01:54 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-08-27 18:18:27 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2015-08-27 18:18:27 1887232 ----a-w- C:\Windows\System32\msxml3.dll
2015-08-27 18:13:03 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2015-08-27 18:13:03 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-08-27 17:58:14 1391104 ----a-w- C:\Windows\SysWow64\msxml6.dll
2015-08-27 17:58:14 1241088 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-08-27 17:51:26 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2015-08-27 17:51:26 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-08-26 18:07:11 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-08-26 18:07:11 3165696 ----a-w- C:\Windows\System32\wucltux.dll
2015-08-26 18:07:11 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-08-26 18:06:43 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-08-26 18:06:33 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-08-26 18:06:30 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-08-26 17:56:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-08-26 17:56:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-08-26 17:55:37 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-08-18 00:07:25 6783280 ----a-w- C:\Windows\System32\nvcpl.dll
2015-08-18 00:07:24 3522168 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-08-18 00:07:22 933168 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-08-18 00:07:22 62768 ----a-w- C:\Windows\System32\nvshext.dll
2015-08-18 00:07:22 385144 ----a-w- C:\Windows\System32\nvmctray.dll
2015-08-18 00:07:22 2558768 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-08-18 00:06:25 5147024 ----a-w- C:\Windows\System32\nvcoproc.bin
2015-08-15 06:34:10 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-08-15 06:33:56 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-08-15 06:18:47 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-08-15 06:18:00 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-08-15 06:17:54 417792 ----a-w- C:\Windows\System32\html.iec
2015-08-15 06:17:49 585216 ----a-w- C:\Windows\System32\vbscript.dll
2015-08-15 06:17:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-08-15 06:04:47 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-08-15 06:04:46 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-08-15 06:04:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-08-15 06:00:44 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-08-15 05:57:20 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-08-15 05:53:22 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-08-15 05:46:15 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-08-15 05:40:29 504832 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-08-15 05:40:12 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-08-15 05:39:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-08-15 05:39:22 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-08-15 05:38:34 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-08-15 05:29:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-08-15 05:29:12 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-08-15 05:22:47 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-08-15 05:22:03 2126336 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-08-15 05:16:37 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-08-15 05:10:32 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-08-15 05:07:28 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-08-15 05:01:47 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-08-15 05:01:23 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-08-15 04:43:00 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-08-13 20:09:38 249856 ----a-w- C:\Windows\Setup1.exe
2015-08-13 20:09:36 73216 ----a-w- C:\Windows\ST6UNST.EXE
2015-08-12 14:29:37 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-12 14:29:37 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-05 17:56:14 1110016 ----a-w- C:\Windows\System32\schedsvc.dll
2015-08-05 17:56:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-08-05 17:56:06 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-08-05 17:40:50 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-08-04 18:03:10 692672 ----a-w- C:\Windows\System32\winload.efi
2015-08-04 18:00:24 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-08-04 17:56:54 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2015-08-04 17:56:37 59392 ----a-w- C:\Windows\System32\appidapi.dll
2015-08-04 17:56:37 32768 ----a-w- C:\Windows\System32\appidsvc.dll
2015-08-04 17:55:57 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-08-04 17:55:57 147456 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2015-08-04 17:47:42 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2015-08-04 16:58:09 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-07-30 18:06:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 13:13:38 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNativ e_v0300.dll
2015-07-30 13:13:11 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2015-07-23 00:06:26 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-23 00:06:25 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-23 00:06:25 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-23 00:03:19 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-23 00:03:07 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-23 00:03:07 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-23 00:03:07 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-23 00:03:06 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-23 00:01:53 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-23 00:01:39 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-23 00:01:32 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-22 23:58:17 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-22 23:57:53 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-22 23:51:59 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-22 17:57:49 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-22 17:57:49 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-22 17:54:12 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-22 17:52:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-22 17:52:19 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-22 17:52:03 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-22 17:52:03 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-22 17:52:03 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
.
============= FINISH: 21:41:48,50 ===============
corrupte bestanden