Mededeling

Collapse
No announcement yet.

Virus dat AVG heeft geinfecteerd en processen ongewenst afsluit

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virus dat AVG heeft geinfecteerd en processen ongewenst afsluit

    Ik heb het vermoeden dat er een virus aan mijn AVG free is gekoppeld. Het AVG programma funcioneert niet meer en bovendien kan ik het op geen manier verwijderen.
    Verder blokkeert dit virus het openen van TASK MANAGER en sluit ook de browser af wanneer er naar een virusgerelateerde pagina wordt gezocht.

    Het hele stappenplan heb ik geprobeerd op te volgen. Echter heb ik wel eerst een scan gedaan met de Quick scan van Malwarebyte, en later de normale scan. Beide logs zijn onder weergeven
    Verder heb ik Malwarebyte wel onder een andere naam moeten opslaan om het .exe bestand te runnen, en later heb ik ook MBAM moeten vernoemen om het programma te starten.
    De DDS en GMER stappen heb ik zonder bijzonderheden doorlopen.

    !update: deze tekst had ik eerst opgeslagen onder de naam 'virusprobleem.txt'. Het openen van dit bestand werd toen geblokkeerd. Hernoeming loste het probleem op.

    De eerste log van de Quickscan:


    ----------------------------------------------------------------------------------------
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.19.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16844
    Derek :: DEREK-HP [administrator]

    19-3-2014 10:04:53
    mbam-log-2014-03-19 (10-04-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 246047
    Time elapsed: 28 minute(s), 52 second(s)

    Memory Processes Detected: 1
    C:\Users\Derek\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> 4924 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 85
    HKLM\SYSTEM\CurrentControlSet\Services\SProtection (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
    HKCR\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{2c774641-5504-46a8-b63f-6715ae3fe376} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{c638abe2-47da-4351-b170-e6a673d25ca3} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{4CCADDA1-60AD-48AA-97C2-FA892D2499FB} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C774641-5504-46A8-B63F-6715AE3FE376} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C774641-5504-46A8-B63F-6715AE3FE376} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C774641-5504-46A8-B63F-6715AE3FE376} (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\IminentWebBooster.ScriptExtender.1 (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\IminentWebBooster.ScriptExtender (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\IminentWebBooster.BrowserHelperObject.1 (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\IminentWebBooster.BrowserHelperObject (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Business.Tinyfying.DownloadArgs (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Business.Tinyfying.LinkToPromoteArgs (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Business.Tinyfying.RawDataArgs (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Business.Tinyfying.TinyUrlArgs (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Business.Tinyfying.ViralLinkArgs (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.ClientCallback (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.ContractBase (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.GameOverCallback (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.GetCreditCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableResult (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.InstallationContextResult (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.LoginCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.LogoutCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.MyAccountCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.PlayContentCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.PostContentCallback (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.SetVariableCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.TestContentCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.WarmUpCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.DataContracts.WelcomeCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.ServerCommand (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.Communication.ServerResult (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.LightContent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.LightUri (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\Iminent.Mediator.MediatorServiceProxy (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCR\AppID\Iminent.WebBooster.InternetExplorer.DLL (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    HKCU\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCU\Software\Iminent.com (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCU\Software\Cr_Installer\1950 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
    HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\SOMOTO\SDP (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Vuze_Remote (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\UMBRELLA (PUP.Optional.Umbrella.A) -> Quarantined and deleted successfully.
    HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 15
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.VuzeRemoteTB.A) -> Data: ž2ºP•‰I³ò—2é-Ì -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.VuzeRemoteTB.A) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.VuzeRemoteTB.A) -> Data: Vuze Remote Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.VuzeRemoteTB.A) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.VuzeRemoteTB.A) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{ba14329e-9550-4989-b3f2-9732e92d17cc} (PUP.Optional.VuzeRemoteTB.A) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} (PUP.Optional.Iminent.A) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{84FF7BD6-B47F-46F8-9130-01B2696B36CB} (PUP.Optional.Iminent.A) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ba14329e-9550-4989-b3f2-9732e92d17cc} (PUP.Optional.VuzeRemoteTB.A) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{ba14329e-9550-4989-b3f2-9732e92d17cc} (PUP.Optional.VuzeRemoteTB.A) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IminentMessenger (PUP.Optional.Iminent.A) -> Data: C:\Program Files (x86)\Iminent\Iminent.Messengers.exe -> Quarantined and deleted successfully.
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0B1G1O1S0V1G1F -> Quarantined and deleted successfully.
    HKCU\Software\Somoto\SDP|affid (PUP.Optional.Somoto.A) -> Data: network_smb_gratisnovelas -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Umbrella|MUpdBlock (PUP.Optional.Umbrella.A) -> Data: {
    "MASSUPDATE" : {
    "CHROME_MBAR" : {
    "Checked" : 1,
    "RetryIdx" : 0,
    "Version" : 1
    },
    "FIREFOX_MBAR" : {
    "Checked" : 1,
    "RetryIdx" : 0,
    "Version" : 1
    }
    }
    }
    -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\SProtection|ImagePath (PUP.Optional.Iminent.A) -> Data: C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

    Folders Detected: 143
    C:\Program Files (x86)\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\de (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\en (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\es (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\fr (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\inst (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\inst\Bootstrapper (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\it (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\ro (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\tr (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Iminent\Mediator (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Iminent\Mediator\Datas\Cache (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Roaming\iminent\Mediator (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Roaming\iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\IminentToolbar (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Roaming\OpenCandy\B8E33846A07D4349A5D767359A168CD0 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Roaming\OpenCandy\OpenCandy_B8E33846A07D4349A5D767359A168CD0 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Temp\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Temp\Iminent\Log (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Delete on reboot.
    C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Temp\ct2504091 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Conduit\CT2504091 (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Vuze_Remote (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.

    Files Detected: 697
    C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (PUP.Optional.Iminent) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Temp\FLVPlayerSetup.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe (PUP.Optional.MoviesToolBar.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Temp\uninstall215043883.exe (PUP.Optional.ExpressFiles.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Temp\e4j766F.tmp_dir1376865387\user\mism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Temp\e4jB2.tmp_dir1362678639\user\mism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\Downloads\FLVPlayerSetup-35qRPiT.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
    C:\Users\Derek\Downloads\FLVPlayerSetup-eQSgGGZ.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
    C:\Users\Derek\Downloads\freefileviewer_730.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\Downloads\freeopener_715.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\Downloads\InternationalPrimoPDF.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Derek\Downloads\SoftonicDownloader_voor_vlc-media-player.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
    C:\Users\Derek\Local Settings\Temporary Internet Files\Content.IE5\4XODT690\IminentSetupYahoo[1].exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\Local Settings\Temporary Internet Files\Content.IE5\4XODT690\Setup[1].exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Windows\Installer\32fbeafc.msi (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Roaming\divx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\SearchTheWeb.xml (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\f_in_box.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.AxImp.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.Booster.UI.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.Business.Connect.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.Business.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.Business.tlb (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.Entity.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.exe.config (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.InstallLog (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.InstallState (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.Mediator.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.Mediator.tlb (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.Messengers.exe.config (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.Services.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.WinCore.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM.WinEvents.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.WinCore.WLM15.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.Windows.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Iminent.Workflow.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Microsoft.DirectX.AudioVideoPlayback.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\Microsoft.Expression.Interactions.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\StartWeb.xml (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\System.Data.SQLite.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\System.Data.SQLite.xml (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\System.Windows.Interactivity.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\System.Windows.Interactivity.xml (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\USearch.xml (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\WPFLocalizeExtension.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\WPFLocalizeExtension.xml (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\de\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\de\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\de\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\de\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\de\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\de\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\de\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\en\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\en\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\en\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\en\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\en\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\en\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\en\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\es\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\es\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\es\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\es\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\es\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\es\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\es\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\fr\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\fr\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\fr\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\fr\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\fr\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\fr\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\fr\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\inst\main.ico (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\inst\msacm32.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\inst\SearchTheWeb.ico (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\inst\Universely.ico (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\it\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\it\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\it\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\it\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\it\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\it\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\it\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\ro\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\ro\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\ro\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\tr\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\tr\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\tr\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\tr\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Iminent\tr\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\SearchTheWeb.lnk (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Blog.lnk (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\FAQ.lnk (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Help.lnk (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Iminent.lnk (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1033.11575f00-7bdc-4181-ba0a-b298aeab228c.dat (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Roaming\iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Roaming\iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> Delete on reboot.
    C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Vuze_Remote\GottenAppsContextMenu.xml (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Vuze_Remote\OtherAppsContextMenu.xml (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Vuze_Remote\SharedAppsContextMenu.xml (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Vuze_Remote\toolbar.cfg (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Vuze_Remote\ToolbarContextMenu.xml (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Vuze_Remote\uninstall.exe (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (PUP.Optional.VuzeRemoteTB.A) -> Quarantined and deleted successfully.

    (end)

    ---------------------------------------------------------------------------------------------

    De log van de volledige scan:


    ---------------------------------------------------------------------------------------------
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.19.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16844
    Derek :: DEREK-HP [administrator]

    19-3-2014 15:40:11
    mbam-log-2014-03-19 (15-40-11).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 1058839
    Time elapsed: 3 hour(s), 33 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Program Files (x86)\Vuze\.install4j\user\mism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001 (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
    C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\wtrwmln6.default\extensions\[email protected] com\uninstall.exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.

    (end)


    ---------------------------------------------------------------------------------------------


    1e deel van de log van DDS. Alleen DDS.txt



    ---------------------------------------------------------------------------------------------
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16843 BrowserJavaVersion: 10.25.2
    Run by Derek at 19:38:30 on 2014-03-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.4046.1294 [GMT 1:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\windows\system32\svchost.exe -k GPSvcGroup
    C:\windows\system32\Hpservice.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\vcsFPService.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\Dwm.exe
    C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
    C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
    C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
    C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
    C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
    C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\windows\servicing\TrustedInstaller.exe
    C:\windows\System32\rundll32.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Users\Derek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Windows\System32\spool\drivers\x64\3\E_FATIBVE.EXE
    C:\Windows\System32\StikyNot.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Users\Derek\AppData\Roaming\AutoIt3\AutoIt3.exe
    C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\SysWOW64\RunDll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\DeviceManager.exe
    C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
    C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\system32\sppsvc.exe
    C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    \\?\C:\windows\system32\wbem\WMIADAP.EXE
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\System32\cscript.exe
    .

  • #2
    2e deel van de DDS log.
    ----------------------------------------------------------------------------------------------


    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com?pc=CMNTDF
    uDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: RewardsArcadeSuite: {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
    TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [Spotify Web Helper] "C:\Users\Derek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [Google Update] "C:\Users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Facebook Update] "C:\Users\Derek\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [EPSON Stylus DX5000 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\windows\TEMP\E_SA058.tmp" /EF "HKCU"
    uRun: [Java] cmd /c cd C:\Users\Derek\AppData\Roaming\AutoIt3 & AutoIt3.exe soundmng.txt
    uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
    mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [IFXSPMGT] "C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [KPN Assistent] C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe /auto
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
    mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-app?lic=SUFIREEtWjlYTTktVjJQNEUtUVJTSjctTkRJR0stQQ"&"inst=NzYtOTE5ODQ0NDQ4LVNUMTJGT0krMS1ERFQrMC1TVD EyQVBQKzEtRVVMQSsx"&"prod=94"&"ver=2012.0.1831"&"mid=e8fcb83fd33347d1a6e39165b2f1d05c-3990406038a73d7abba15789c46a5b1643f3bd4e
    StartupFolder: C:\Users\Derek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{3335B286-B157-4661-9DDA-D835986BD6C2} : DHCPNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{3335B286-B157-4661-9DDA-D835986BD6C2}\2596373756565777E65647 : DHCPNameServer = 194.109.6.66 194.109.9.99
    TCP: Interfaces\{3335B286-B157-4661-9DDA-D835986BD6C2}\3596475636F6D6243424234334 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{3335B286-B157-4661-9DDA-D835986BD6C2}\84F534F6D607163737F54456C6F5355727 : DHCPNameServer = 192.168.6.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: DeviceNP - DeviceNP.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = EpePcNp64 DPPassFilter scecli
    mASetup: {715FAAA0-6832-48E5-89CB-F186DB699271} - C:\windows\SysWOW64\msiexec.exe /fua {715FAAA0-6832-48E5-89CB-F186DB699271} /qb-!
    x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
    x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
    x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .

    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\wtrwmln6.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Derek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Derek\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
    FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
    FF - user.js: extensions.Softonic.autoRvrt - false
    FF - user.js: extensions.Softonic_i.newTab - false
    FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=
    FF - user.js: extensions.Softonic.id - 04cd4471000000000000a088b4bbc261
    FF - user.js: extensions.Softonic.instlDay - 15621
    FF - user.js: extensions.Softonic.vrsn - 1.6.7.4
    FF - user.js: extensions.Softonic.vrsni - 1.6.7.4
    FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.419:20:01
    FF - user.js: extensions.Softonic.prtnrId - softonic
    FF - user.js: extensions.Softonic.prdct - Softonic
    FF - user.js: extensions.Softonic.aflt - orgnl
    FF - user.js: extensions.Softonic_i.smplGrp - none
    FF - user.js: extensions.Softonic.tlbrId - base
    FF - user.js: extensions.Softonic.instlRef - MON00001
    FF - user.js: extensions.Softonic.dfltLng -
    FF - user.js: extensions.Softonic.excTlbr - false
    FF - user.js: extensions.Softonic.admin - false
    FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
    FF - user.js: extensions.iminent.id - 04cd4471000000000000a088b4bbc261
    FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
    FF - user.js: extensions.iminent.instlDay - 16014
    FF - user.js: extensions.iminent.vrsn - 1.8.26.8
    FF - user.js: extensions.iminent.vrsni - 1.8.26.8
    FF - user.js: extensions.iminent.vrsnTs - 1.8.26.820:12:21
    FF - user.js: extensions.iminent.prtnrId - iminent
    FF - user.js: extensions.iminent.prdct - iminent
    FF - user.js: extensions.iminent.aflt - orgnl
    FF - user.js: extensions.iminent.smplGrp - none
    FF - user.js: extensions.iminent.tlbrId - base
    FF - user.js: extensions.iminent.instlRef -
    FF - user.js: extensions.iminent.dfltLng -
    FF - user.js: extensions.iminent.excTlbr - false
    FF - user.js: extensions.iminent.ffxUnstlRst - false
    FF - user.js: extensions.iminent.admin - false
    FF - user.js: extensions.iminent.autoRvrt - false
    FF - user.js: extensions.iminent.rvrt - false
    FF - user.js: extensions.iminent.newTab - false
    .
    .
    .
    .
    .
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-11-1 294712]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
    R0 MfeEpeOpal;MfeEpeOpal;C:\windows\System32\drivers\MfeEpeOpal.sys [2013-2-1 101288]
    R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2013-2-1 158888]
    R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-5-4 55856]
    R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-11-1 212280]
    R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-1-22 283200]
    R1 LUMDriver;LUMDriver;C:\windows\System32\drivers\LUMDriver.sys [2008-1-2 24848]
    R1 PersonalSecureDrive;PersonalSecureDrive;C:\windows\System32\drivers\psd.sys [2011-9-21 44576]
    R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-11-26 89600]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
    R2 BBDemon;Backbone Service;C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe [2007-5-4 36864]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
    R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-3-14 152992]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
    R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-3-23 133688]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-5-13 270624]
    R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-8-26 322048]
    R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-9-12 523680]
    R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2012-9-24 31040]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-4 13336]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
    R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2013-2-1 1323008]
    R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-30 230416]
    R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2011-9-14 502464]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2012-2-15 2602576]
    R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2011-8-4 32192]
    R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-8-4 344616]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-8-4 39464]
    R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2013-2-25 175928]
    R3 johci;JMicron 1394 Filter Driver;C:\windows\System32\drivers\johci.sys [2013-2-25 26208]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-4 2656536]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2012-3-1 195584]
    S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-3-3 63336]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2012-4-15 99384]
    S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-9-5 476728]
    S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-3-30 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2011-2-15 1116656]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2012-4-15 203320]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-2-9 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S4 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-5-4 117552]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .inf: inffile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2014-03-19 14:38:46 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
    2014-03-19 14:38:46 -------- d-----w- C:\derekisdelul
    2014-03-19 09:03:23 -------- d-----w- C:\Users\Derek\AppData\Roaming\Malwarebytes
    2014-03-19 09:02:11 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-03-17 16:21:16 -------- d-----w- C:\Users\Derek\AppData\Local\PrimoPDFContent
    2014-03-16 22:57:26 -------- d-----w- C:\Users\Derek\AppData\Roaming\AutoIt3
    2014-03-16 22:57:21 62728639 ----a-w- C:\Users\Derek\AppData\Roaming\launcher.exe
    2014-03-15 11:16:13 -------- d-----w- C:\Program Files\iPod
    2014-03-15 11:16:12 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-03-15 11:16:12 -------- d-----w- C:\Program Files\iTunes
    2014-03-15 11:16:12 -------- d-----w- C:\Program Files (x86)\iTunes
    2014-03-14 21:42:01 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2014-03-14 21:42:01 2706432 ----a-w- C:\windows\System32\mshtml.tlb
    2014-03-14 21:42:00 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2014-03-14 21:42:00 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
    2014-03-14 21:37:06 484864 ----a-w- C:\windows\System32\wer.dll
    2014-03-14 21:37:06 381440 ----a-w- C:\windows\SysWow64\wer.dll
    2014-03-14 21:37:05 3156480 ----a-w- C:\windows\System32\win32k.sys
    2014-03-14 21:36:48 624128 ----a-w- C:\windows\System32\qedit.dll
    2014-03-14 21:36:48 509440 ----a-w- C:\windows\SysWow64\qedit.dll
    2014-03-13 14:22:17 -------- d-----w- C:\Users\Derek\AppData\Local\{A15C3B7E-2E77-432A-AFC2-6F7F3305A036}
    2014-03-11 21:24:39 5777288 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
    2014-03-07 20:55:49 -------- d-----w- C:\Users\Derek\AppData\Local\WebPlayer
    2014-03-04 14:13:42 -------- d-----w- C:\ProgramData\UDL
    2014-03-04 14:10:37 -------- d-----w- C:\Program Files (x86)\ABBYY FineReader 6.0 Sprint
    2014-03-04 13:54:10 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2014-03-04 13:54:10 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2014-03-04 13:54:10 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2014-03-04 13:54:10 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2014-03-04 13:54:10 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2014-03-04 13:54:09 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2014-03-04 13:54:09 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2014-03-04 13:53:02 80024 ----a-w- C:\windows\SysWow64\PICSDK.dll
    2014-03-04 13:53:02 71840 ----a-w- C:\windows\SysWow64\EPPicMgr.dll
    2014-03-04 13:53:02 501912 ----a-w- C:\windows\SysWow64\PICSDK2.dll
    2014-03-04 13:53:02 120992 ----a-w- C:\windows\SysWow64\EpPicPrt.dll
    2014-03-04 13:53:02 108704 ----a-w- C:\windows\SysWow64\PICEntry.dll
    2014-03-04 13:32:07 8704 ----a-w- C:\windows\System32\E_GCINST.DLL
    2014-03-04 13:32:06 86528 ----a-w- C:\windows\System32\E_IBCBBVE.DLL
    2014-03-04 13:32:05 126976 ----a-w- C:\windows\System32\E_ILMBVE.DLL
    2014-03-04 13:32:02 -------- d-----w- C:\Program Files\EPSON
    2014-03-04 13:31:58 -------- d-----w- C:\ProgramData\EPSON
    2014-03-04 13:31:40 -------- d-----w- C:\Program Files (x86)\epson
    2014-03-04 13:31:39 93184 ----a-w- C:\windows\System32\esxcwiad.dll
    2014-02-26 19:49:23 -------- d-----w- C:\Users\Derek\AppData\Local\{BB3BB5C9-176F-4841-9834-F3D6C2CC58DE}
    2014-02-25 15:23:22 -------- d-----w- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
    2014-02-24 21:16:06 -------- d-----w- C:\Users\Derek\AppData\Local\{EF414A9B-3962-44A3-9EE4-DB851BF305D7}
    .
    ==================== Find3M ====================
    .
    2014-03-11 21:25:00 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-11 21:24:59 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-23 08:13:41 2241536 ----a-w- C:\windows\System32\wininet.dll
    2014-02-23 08:11:59 3960320 ----a-w- C:\windows\System32\jscript9.dll
    2014-02-23 08:11:52 67072 ----a-w- C:\windows\System32\iesetup.dll
    2014-02-23 08:11:52 136704 ----a-w- C:\windows\System32\iesysprep.dll
    2014-02-23 06:54:46 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
    2014-02-23 06:53:22 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
    2014-02-23 06:53:18 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
    2014-02-23 06:53:18 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
    2014-02-23 05:39:39 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
    2014-02-23 05:35:24 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
    2014-02-09 20:14:04 549104 ----a-w- C:\windows\System32\drivers\SynTP.sys
    2014-02-09 20:14:04 422640 ----a-w- C:\windows\System32\SynTPCo19.dll
    2014-02-09 20:14:04 252144 ----a-w- C:\windows\System32\SynTPAPI.dll
    2014-02-09 20:14:04 1795952 ----a-w- C:\windows\System32\WdfCoInstaller01011.dll
    2014-02-09 20:14:04 169712 ----a-w- C:\windows\SysWow64\SynTPCom.dll
    2014-02-09 20:14:03 723184 ----a-w- C:\windows\System32\SynCOM.dll
    2014-02-09 20:14:03 400624 ----a-w- C:\windows\SysWow64\SynCom.dll
    2014-02-09 20:14:02 92 ----a-w- C:\windows\System32\calibration.bin
    2014-02-09 20:14:02 161880 ----a-w- C:\windows\System32\pca-manta.bin
    2013-12-24 23:09:41 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
    2013-12-21 09:39:33 600064 ----a-w- C:\windows\System32\vbscript.dll
    2013-12-21 07:56:10 523776 ----a-w- C:\windows\SysWow64\vbscript.dll
    .
    ============= FINISH: 19:40:35,54 ===============

    ---------------------------------------------------------------------------------------------

    en tot slot de log van GMER


    ---------------------------------------------------------------------------------------------


    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-03-19 20:22:52
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.MH00 465,76GB
    Running: 5c535jws.exe; Driver: C:\Users\Derek\AppData\Local\Temp\ugtiapow.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80003606000 45 bytes [1C, 11, 44, 0B, 80, FA, FF, ...]
    INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff8000360602f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[2600] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77]
    .text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[2600] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77]
    .text C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe[2960] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77]
    .text ... * 2
    .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[5124] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77]
    .text C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe[5124] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77]
    .text ... * 2
    .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[5380] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77]
    .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[5380] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6104] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6104] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77]
    .text ... * 2
    .text C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe[5088] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77]
    .text C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe[5088] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4988] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000776b8769 5 bytes JMP 0000000100468140
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7292] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7292] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread C:\windows\system32\svchost.exe [1728:1968] 000007fefa728274
    Thread C:\windows\system32\svchost.exe [1728:2240] 000007fefa728274
    Thread C:\windows\system32\WLANExt.exe [1900:1100] 0000000180123100
    Thread C:\windows\system32\WLANExt.exe [1900:1464] 00000001800c2be0
    Thread C:\windows\system32\WLANExt.exe [1900:1704] 0000000180123100
    Thread C:\windows\system32\WLANExt.exe [1900:2336] 000007fef8a32f9c
    Thread C:\windows\system32\WLANExt.exe [1900:2412] 0000000000f88bf8
    Thread C:\windows\system32\WLANExt.exe [1900:2416] 0000000000f88c14
    Thread C:\windows\system32\WLANExt.exe [1900:2420] 0000000000f88bdc
    Thread C:\windows\system32\WLANExt.exe [1900:2424] 000007fef8a32f9c
    Thread C:\windows\System32\spoolsv.exe [2080:3204] 000007fef61910c8
    Thread C:\windows\System32\spoolsv.exe [2080:3288] 000007fef6166144
    Thread C:\windows\System32\spoolsv.exe [2080:3292] 000007fef5e35fd0
    Thread C:\windows\System32\spoolsv.exe [2080:3296] 000007fef7763438
    Thread C:\windows\System32\spoolsv.exe [2080:3300] 000007fef5e363ec
    Thread C:\windows\System32\spoolsv.exe [2080:3320] 000007fef7763438
    Thread C:\windows\System32\spoolsv.exe [2080:3324] 000007fef5e363ec
    Thread C:\windows\System32\spoolsv.exe [2080:3364] 000007fef5dd5e5c
    Thread C:\windows\System32\spoolsv.exe [2080:3424] 000007fef6585074
    Thread C:\windows\System32\spoolsv.exe [2080:3552] 000007fef5db7b4c
    ---- Processes - GMER 2.1 ----

    Library C:\Users\Derek\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe [5088](2014-01-03 00:45:04) 0000000004080000
    Library C:\Users\Derek\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe [5088](2013-10-18 23:55:02) 000000005f1a0000
    Library C:\Users\Derek\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe [5088] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 000000005b260000

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf41539af
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xED 0x47 0xC3 0x85 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x56 0x6E 0xBA 0x52 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xED 0xF7 0x0E 0x26 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf41539af (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xED 0x47 0xC3 0x85 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x56 0x6E 0xBA 0x52 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xED 0xF7 0x0E 0x26 ...

    ---- EOF - GMER 2.1 ----



    ---------------------------------------------------------------------------------------------


    Ik hoop hierbij voldoende informatie te hebben verstrekt. Alvast heel erg bedankt voor het verhelpen van mijn probleem!!

    Met vriendelijke groet,
    Derek Risseeuw

    Comment


    • #3
      Download Zoek.zip naar het bureaublad.
      • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.


      Antivirussoftware uitschakelen
      Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

      Zoek.exe uitvoeren
      Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
      • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
      • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
      • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
      • Klik nu op de knop "Run script".
      • Er verschijnt een popup met de melding dat er geen script aangetroffen is, druk gewoon op OK.
      • Zoek.exe gaat nu een scan + reparatie uitvoeren, bij sommige systemen kan deze langer dan een half uur duren.
      • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
      • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
      • Post het geopende logje in het volgende bericht als bijlage.


      Zoek.exe logbestand plaatsen
      • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht.
        (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        Bedankt Juisterr!! hier is het zoek-results bijgevoegd! (geen zoek-results.log dus, maar dat komt op hetzelfde neer neem ik aan?)

        Ik wacht af op je reactie!
        Bijgevoegde Bestanden

        Comment


        • #5
          Ja hoor, vertel even hoe het nu gaat aub.

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Ik loop helaas nog tegen dezelfde problemen aan... Elke browser wordt standaard afgesloten als ik iets virus-gerelateerd zoek. Verder is AVG free ook nog steeds corrupt: Als ik het programma run, opent het zelf onderdelen van zichzelf en functioneert totaal niet.
            Ook kan ik geen bestand openen met een naam waar 'virus' in voorkomt.

            als laatste, deze ochtend kon ik geen verbinding met internet maken. iets binnen de besturingsoftware binnen de computer functioneerde niet goed. Nu werkt het wel weer na een paar keer rebooten.

            Comment


            • #7
              1. Ga naar start>configuratiescherm>software of programma's en onderdelen en verwijder daar AVG.
              2. Volg hierna de onderstaande instructies.


              32bit Windows
              Download avgremover.exe naar het bureaublad.
              • Start de computer op in de veilige modus (klik)
              • Dubbelklik op "avgremover.exe" om de uninstall tool te starten.
              • Herstart de computer.


              64 bit Windows
              Download avgremoverx64.exe naar het bureaublad.
              • Start de computer op in de veilige modus (klik)
              • Dubbelklik op "avgremoverx64.exe" om de uninstall tool te starten.
              • Herstart de computer.

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Ik heb het deinstalatieprogramma geinstalleerd en in safe mode gerund. Daarna heb ik de computer opnieuw opgestart maar bleef het probleem...
                Ook in normale mode had avgremover geen effect. Om de een of andere reden kan de remover AVG niet vinden. ik heb AVG2014 dat in de C:/Program Files (x86)/AVG/AVG2014 directory staat.
                Enig idee hoe ik dit op een andere manier kan verwijderen of onschadelijk maken?

                De log van avgremover heb ik bijgevoegd. Ik heb het programma een stuk of 5 keer gerund, dus die logs staan er allemaal in.
                Bijgevoegde Bestanden
                Last edited by derekr; 21-03-14, 11:12.

                Comment


                • #9
                  Probeer dit eens

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Is goed! ik zal eerst hier even naar kijken!

                    Comment


                    • #11
                      Het is ondertussen gelukt AVG2014 te verwijderen! helaas loop ik nog wel tegen hetzelfde virus aan... Alle problemen die ik dus eerst had zijn nog steeds aanwezig. Weet je hoe ik dit kan weghalen?

                      Comment


                      • #12
                        Wil je zoek.exe nog eens laten runnen en daar de nieuwe uitslag van neer zetten aub.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Helaas... Ik heb dit keer voor de full scan van zoek.exe gekozen (optie 4), maar geen verder resultaat. Zie de log. Moet ik misschien proberen zoek.exe in safe mode te draaien?
                          Bijgevoegde Bestanden

                          Comment


                          • #14
                            Proberen eerst wat anders.

                            Download Emsisoft Anti-Malware naar het bureaublad.
                            • Dubbelklik op "EmsisoftAntiMalwareSetup.exe" om Emsisoft Anti-Malware te installeren.
                            • Kies in het volgende scherm de gewenste taal en klik op "OK"
                            • Selecteer de optie "Ik accepteer de licentieovereenkomst" en klik op "Installeren"
                            • Klik in het licentiescherm op de knop "Volgende" .
                            • Vink in het volgende scherm de optie "Update extra talen uit" en klik op volgende.
                            • Klik nu op de optie "Computer scannen" en kies de optie "Slim" en druk op de knop "scan"
                            • Laat de gevonden items in quarantaine plaatsen en klik op "Rapport bekijken" plaats de inhoud hiervan in het volgende bericht als bijlage
                            • klik op volgende nogmaals op volgende en daarna op voltooien.

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              Gisteren heb ik 2 scans uitgevoerd met emsisoft. Eerst in normale mode maar windows gaf in het Action Center de notificatie dat emsisoft (en bovendien ook windows security center service) uitgeschakeld stond. Deze kon ik niet inschakelen, dat werd geblokkeerd. Bij de tweede scan ben ik overgestapt daarom naar safe mode overgestapt. Deze leverde helaas geen resultaten op... De beide logs staan in de bijlage.
                              Verder heb ik een aantal dingen opgemerkt: Emsisoft had een paar keer een pop up, waarin het een programma dat zichzelf wou openen tegenhield:
                              1. Programma gedraagt zich in gelijkwaardige manier als spyware (LAN bypass backdoor)
                              C:\Program Files (86)\Samsung\Kies\KiesHelper.exe
                              2. Programma probeert ontzichtbaar data van het internet te downloaden
                              C:\Program Files (86)\Samsung\Kies\KiesTrayAgent.exe
                              3. Firefox gaf eenzelfde probleem, maar specificaties heb ik hier niet van. Er werd toen heel snel een oost-europese uitziende pagina geopend...

                              Tot slot geeft emsisoft ANTI-MALWARE nu aan dat de 30 dagen proefversie al gebruikt is... Dit terwijl ik hem nu 2 dagen geinstalleerd heb... blijkbaar wordt dit dus ook ondermijnd...

                              Sorry voor de lap tekst, maar er zijn best dus best wel wat noemenswaardige dingen gebeurd zoals je ziet. Kun je me verder helpen nu?

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X