Mededeling

Collapse
No announcement yet.

hijackt door politie

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • hijackt door politie

    nu weet ik dat het een virus is
    heb hem eerder gehad
    nu riep zoon kijk pap filmpje van ongeluk en hop je raad het al daar is die weer
    met veel omwegen systeem herstel gedaan
    en wil graag jullie hulp om de troep weer goed te verwijderen mijn dank is weer groot
    meb mail uit draai al gemaakt en plaat hem hier onder
    vriendelijke groet matjomj


    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.07.19.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    matjo :: MATJO-PC [administrator]

    19-7-2013 14:42:32
    mbam-log-2013-07-19 (14-42-32).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 282774
    Verstreken tijd: 3 minuut/minuten, 52 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 3
    C:\ProgramData\2433f433 (Trojan.Agent.TPL) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\matjo\AppData\Roaming\2433f433 (Trojan.Agent.TPL) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\matjo\AppData\Local\2433f433 (Trojan.Agent.TPL) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)

  • #2
    hier de dds texst uit draai

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16490
    Run by matjo at 14:52:20 on 2013-07-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2407 [GMT 2:00]
    .
    AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
    C:\Program Files (x86)\GfKLSPService\GfKLSPService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
    C:\OEM\USBDECTION\USBS3S4Detection.exe
    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Users\matjo\AppData\Local\DM\TinyDM.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.startpagina.nl/
    uSearch Bar = Preserve
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
    uRun: [Facebook Update] "C:\Users\matjo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Tiny download manager] "C:\Users\matjo\AppData\Local\DM\TinyDM.exe" /M
    mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldnl-nl.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{4A6B1BFE-5453-4C3A-8F79-266621F804CA} : DHCPNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\progra~3\browse~2\261040~1.25\{c16c1~1\browse~1.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
    x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
    R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-1-5 42840]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
    R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-3-14 137144]
    R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2011-1-9 81920]
    R2 GfkLSPService;GfkLSPService;C:\Program Files (x86)\GfKLSPService\GfKLSPService.exe [2010-4-20 2781184]
    R2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-7-28 128000]
    R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-11-17 44312]
    R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-9-20 2754984]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-2-1 2314240]
    R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-11-17 240160]
    R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-14 76320]
    R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2013-5-2 109064]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-11-17 283824]
    R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2011-1-9 2736128]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-17 56344]
    R3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.SYS [2006-12-5 572416]
    S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
    S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\Windows\System32\drivers\aabed2.sys [2008-3-20 28672]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-1 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
    S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2009-12-30 25088]
    S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2010-1-21 18944]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-12 19456]
    S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-5 42328]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-12 57856]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-27 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-07-19 12:41:45 -------- d-----w- C:\Users\matjo\AppData\Local\Programs
    2013-07-19 10:15:49 -------- d-----w- C:\Users\matjo\AppData\Local\{D09E79BE-C665-481D-A182-5C21FC665363}
    2013-07-18 20:12:16 -------- d-----w- C:\Users\matjo\AppData\Local\{00691ED8-DC11-42AB-B167-6FD65EFFE744}
    2013-07-18 05:44:06 -------- d-----w- C:\Users\matjo\AppData\Local\{CEF29F42-E8E4-4638-9E41-F0EE34A442DA}
    2013-07-17 12:05:56 -------- d-----w- C:\Users\matjo\AppData\Local\{6132A5F4-5104-4C88-BBF9-21C22A6D753D}
    2013-07-16 20:27:34 -------- d-----w- C:\Users\matjo\AppData\Local\{5E784962-562C-4AD3-B9CB-36F21326F49A}
    2013-07-16 18:49:45 -------- d-----w- C:\Users\matjo\AppData\Local\{E9B5E195-DC36-49A9-9B07-FA6542902970}
    2013-07-16 06:41:53 -------- d-----w- C:\Users\matjo\AppData\Local\{51579CDA-9896-45F6-AAD2-1EAED7DFC0CC}
    2013-07-15 11:49:20 -------- d-----w- C:\Users\matjo\AppData\Local\{19E42F8C-7AA6-4308-87E0-AF3897CE5EE4}
    2013-07-14 14:45:44 -------- d-----w- C:\Users\matjo\AppData\Local\{2F26A587-3241-44F3-AEC7-A4BB6B30CF9A}
    2013-07-13 21:52:18 -------- d-----w- C:\Users\matjo\AppData\Local\{AFA5C79B-5134-49F8-9581-00E31454B371}
    2013-07-13 07:38:56 -------- d-----w- C:\Users\matjo\AppData\Local\{B3506036-0284-47E0-95B9-25BCBF121FD0}
    2013-07-12 11:56:46 -------- d-----w- C:\Users\matjo\AppData\Local\{398AD4E3-1DCB-4523-8B9C-B5834B0FA79B}
    2013-07-12 10:26:16 -------- d-----w- C:\Users\matjo\AppData\Local\{516FE44C-34E9-44AD-8D95-9B54763BE1AE}
    2013-07-11 12:11:03 -------- d-----w- C:\Users\matjo\AppData\Local\{1369B8F8-A4C9-48C9-B3F5-A9D1844F6759}
    2013-07-10 15:21:10 -------- d-----w- C:\Users\matjo\AppData\Local\{2F00D0E4-F3B9-4FBB-BAA1-16D67ACA3409}
    2013-07-09 14:17:08 -------- d-----w- C:\Users\matjo\AppData\Local\{8F774547-3B81-4038-8EF5-95662F0F156A}
    2013-07-09 05:32:29 -------- d-----w- C:\Users\matjo\AppData\Local\{8A57FCDC-8DF9-4A14-A8A1-244D9D51AB46}
    2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2013-07-09 04:08:14 -------- d-----w- C:\Users\matjo\AppData\Local\Apple
    2013-07-09 04:01:58 -------- d-----w- C:\Users\matjo\AppData\Local\{877ADE0C-3DF6-4F77-A28D-E7C3EF30E351}
    2013-07-08 14:14:09 -------- d-----w- C:\Users\matjo\AppData\Local\{DD4D051A-7761-4221-829F-FB4810A9B255}
    2013-07-07 20:33:52 -------- d-----w- C:\Users\matjo\AppData\Local\{EFA80E15-104A-458C-BB25-F59F52E37218}
    2013-07-07 19:52:03 -------- d-----w- C:\Users\matjo\AppData\Local\{A843D0EF-1FDD-494F-A609-659F97BE829A}
    2013-07-07 05:25:44 -------- d-----w- C:\Users\matjo\AppData\Local\{71DACF30-C239-4241-8454-304D6733CCAB}
    2013-07-06 14:43:55 -------- d-----w- C:\Users\matjo\AppData\Local\{2F38AA56-32E4-42F1-83D5-61C00CD817E2}
    2013-07-05 19:22:12 -------- d-----w- C:\Users\matjo\AppData\Local\{A757C577-ED31-4F67-B91C-C6A03A225F69}
    2013-07-05 06:29:57 -------- d-----w- C:\Users\matjo\AppData\Local\{EC3E13FC-E3D0-43E9-9697-964EE500F5C6}
    2013-07-04 18:22:22 -------- d-----w- C:\Users\matjo\AppData\Local\{3F2E309E-CBFA-4F15-BE11-AD573D8B0C0C}
    2013-07-04 05:28:21 -------- d-----w- C:\Users\matjo\AppData\Local\{4501F1B7-994F-4F1C-BEEB-62CD8C83B5B5}
    2013-07-03 10:15:41 -------- d-----w- C:\Users\matjo\AppData\Local\{562BD695-100C-46B2-BD24-75A65FFFEFD8}
    2013-07-02 10:53:00 -------- d-----w- C:\Users\matjo\AppData\Local\{7FAC3438-97FF-44DE-9600-DF2A3524D59B}
    2013-07-02 05:11:07 -------- d-----w- C:\Users\matjo\AppData\Local\NVIDIA
    2013-07-02 04:44:56 -------- d-----w- C:\Users\matjo\AppData\Local\{24C06778-0231-4DE4-A839-4391CCA66025}
    2013-07-01 13:51:49 -------- d-----w- C:\Users\matjo\AppData\Local\{72ADD86B-20E0-44BD-B828-2E1531E5F321}
    2013-06-30 20:55:18 -------- d-----w- C:\Users\matjo\AppData\Local\Wajam
    2013-06-30 20:54:38 -------- d-----w- C:\Users\matjo\AppData\Local\DM
    2013-06-30 09:29:20 -------- d-----w- C:\Users\matjo\AppData\Local\{45D1E0E6-A826-46FE-9847-75A7447C4B7F}
    2013-06-29 23:02:44 -------- d-----w- C:\Users\matjo\AppData\Local\{BE79C2A6-588C-4A66-B41F-325E53CC3655}
    2013-06-29 08:04:56 -------- d-----w- C:\Users\matjo\AppData\Local\{B080765F-F649-4965-8FF3-DCE0F33B264A}
    2013-06-28 21:13:41 -------- d-----w- C:\Users\matjo\AppData\Local\{2A594F6C-454B-4925-B7E3-4B0056826CAD}
    2013-06-28 18:49:39 -------- d-----w- C:\Program Files (x86)\SpotLite
    2013-06-28 09:12:37 -------- d-----w- C:\Users\matjo\AppData\Roaming\Spotnet
    2013-06-28 09:04:15 -------- d-----w- C:\Users\matjo\AppData\Local\{D8D4257B-4F44-4FA0-9310-9D492B6AC8FC}
    2013-06-28 07:16:11 -------- d-----w- C:\Users\matjo\AppData\Local\{70E5F130-CD64-4F4B-B40C-72AD54281DD2}
    2013-06-27 18:31:50 -------- d-----w- C:\Users\matjo\AppData\Local\{05AD108D-1490-46D4-A323-98CD5BE04A3A}
    2013-06-27 04:34:56 -------- d-----w- C:\Users\matjo\AppData\Local\{E8E1A258-6931-4745-A115-0CB2BB14886D}
    2013-06-26 11:25:35 -------- d-----w- C:\Users\matjo\AppData\Local\{486951F1-CDFF-4286-9D00-718EC2E2C859}
    2013-06-25 18:28:59 -------- d-----w- C:\Users\matjo\AppData\Local\{3AD8CD8B-C0E8-4ADF-96A6-F7A3350EDFC1}
    2013-06-25 05:57:57 -------- d-----w- C:\Users\matjo\AppData\Local\{F9A257AF-EC84-489B-A060-EB23D58580F5}
    2013-06-24 14:08:35 -------- d-----w- C:\Users\matjo\AppData\Local\{C916075B-134E-4171-8668-778DFA0D45A2}
    2013-06-23 18:14:07 -------- d-----w- C:\Users\matjo\AppData\Local\{91283D83-AD56-4596-B231-700F440E04BC}
    2013-06-23 05:46:14 -------- d-----w- C:\Users\matjo\AppData\Local\{D9D17077-63BB-474D-957A-EF5053E9EC45}
    2013-06-22 16:54:17 -------- d-----w- C:\Users\matjo\AppData\Local\{65BE7819-AB88-4C06-9C37-B02237B7C0CD}
    2013-06-21 19:53:17 -------- d-----w- C:\Users\matjo\AppData\Local\{2346E016-65F8-4CF7-9102-0D188B57313F}
    2013-06-21 06:27:51 -------- d-----w- C:\Users\matjo\AppData\Local\{1D8FA95E-FC03-4A8B-AF9E-CE7DC76A4ABF}
    2013-06-21 03:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2013-06-20 10:47:22 -------- d-----w- C:\Users\matjo\AppData\Local\{D60E7804-D971-414C-912C-85ADF13AA296}
    .
    ==================== Find3M ====================
    .
    2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
    2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
    2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
    2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
    2013-06-21 10:23:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
    2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
    2013-06-14 03:59:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-14 03:59:27 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
    2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
    2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
    2013-05-12 21:42:27 1832224 ----a-w- C:\Windows\System32\nvdispco6432018.dll
    2013-05-12 21:42:27 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432018.dll
    2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
    2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-05-01 01:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2013-05-01 01:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
    .
    ============= FINISH: 14:52:44,32 ===============

    Comment


    • #3
      Gmer uit draai deze in 2en moeten delen omdat die tegroot is

      GMER 2.1.19163 - http://www.gmer.net
      Rootkit scan 2013-07-19 15:04:08
      Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350041 rev.CC44 465,76GB
      Running: eunmxrlm.exe; Driver: C:\Users\matjo\AppData\Local\Temp\ugdoypow.sys


      ---- Kernel code sections - GMER 2.1 ----

      INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033a9000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
      INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800033a902f 16 bytes [00, 02, 00, 00, 00, 00, 00, ...]
      .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff8800639fd64 12 bytes {MOV RAX, 0xfffffa8005d6c2a0; JMP RAX}

      ---- User code sections - GMER 2.1 ----

      .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1680] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000761287b1 4 bytes [C2, 04, 00, 00]
      .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\GfKLSPService\GfKLSPService.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\GfKLSPService\GfKLSPService.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[756] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000761287b1 5 bytes [33, C0, C2, 04, 00]
      .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Users\matjo\AppData\Local\DM\TinyDM.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Users\matjo\AppData\Local\DM\TinyDM.exe[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000751c2da4 5 bytes JMP 0000000171be9ebc
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 00000000751dcbf3 5 bytes JMP 0000000171d391b6
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 0000000171b4189b
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000751fcb0c 5 bytes JMP 0000000171d39151
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000751fce64 5 bytes JMP 0000000171d3921b
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007520fbd1 5 bytes JMP 0000000171d390d8
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007520fc9d 5 bytes JMP 0000000171d3905f
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007520fcd6 5 bytes JMP 0000000171d38ffb
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007520fcfa 5 bytes JMP 0000000171d38f97
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000753193ec 5 bytes JMP 0000000171d393d0
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000718c388e 5 bytes JMP 0000000071d39280
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000071967922 5 bytes JMP 0000000071d39328
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3388] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000763c2694 5 bytes JMP 0000000171d395c8
      ? C:\Windows\system32\mssprxy.dll [3388] entry point in ".rdata" section 00000000738271e6
      ? C:\Windows\System32\NLSData0013.dll [3388] entry point in ".rdata" section 000000006abbbd91
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000773d25fd 6 bytes JMP 0000000171c08054
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000773e2a63 6 bytes JMP 0000000171ba980d
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000761234b5 5 bytes JMP 0000000171ba75e3
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000751b8a29 5 bytes JMP 0000000171c103df
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000751bd22e 5 bytes JMP 0000000171bb3643
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000751c2da4 5 bytes JMP 0000000171be9ebc
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000751c6285 5 bytes JMP 0000000171c07ff1
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000751c7603 5 bytes JMP 0000000171be25b4
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 00000000751dcbf3 5 bytes JMP 0000000171d391b6
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 0000000171b4189b
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000751df52b 5 bytes JMP 0000000171c2ed14
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000751fcb0c 5 bytes JMP 0000000171d39151
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000751fce64 5 bytes JMP 0000000171d3921b
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007520fbd1 5 bytes JMP 0000000171d390d8
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007520fc9d 5 bytes JMP 0000000171d3905f
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007520fcd6 5 bytes JMP 0000000171d38ffb
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007520fcfa 5 bytes JMP 0000000171d38f97
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075036143 5 bytes JMP 0000000171d39984
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000752b3e59 5 bytes JMP 0000000171d39a7c
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000752b3eae 5 bytes JMP 0000000171d39afa
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000752b4731 5 bytes JMP 0000000171d399ee
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000752b5dee 5 bytes JMP 0000000171d39a9a
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000753193ec 5 bytes JMP 0000000171d393d0
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000718c388e 5 bytes JMP 0000000071d39280
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000071967922 5 bytes JMP 0000000071d39328
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4200] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000763c2694 5 bytes JMP 0000000171d395c8
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000773d25fd 6 bytes JMP 0000000171c08054
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000773e2a63 6 bytes JMP 0000000171ba980d
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000761234b5 5 bytes JMP 0000000171ba75e3
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000751b8a29 5 bytes JMP 0000000171c103df
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000751bd22e 5 bytes JMP 0000000171bb3643
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000751c2da4 5 bytes JMP 0000000171be9ebc
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000751c6285 5 bytes JMP 0000000171c07ff1
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000751c7603 5 bytes JMP 0000000171be25b4
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 00000000751dcbf3 5 bytes JMP 0000000171d391b6
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000751dcfca 5 bytes JMP 0000000171b4189b
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000751df52b 5 bytes JMP 0000000171c2ed14
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000751fcb0c 5 bytes JMP 0000000171d39151
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000751fce64 5 bytes JMP 0000000171d3921b
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007520fbd1 5 bytes JMP 0000000171d390d8
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007520fc9d 5 bytes JMP 0000000171d3905f
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007520fcd6 5 bytes JMP 0000000171d38ffb
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007520fcfa 5 bytes JMP 0000000171d38f97
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075036143 5 bytes JMP 0000000171d39984
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000752b3e59 5 bytes JMP 0000000171d39a7c
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000752b3eae 5 bytes JMP 0000000171d39afa
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000752b4731 5 bytes JMP 0000000171d399ee
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000752b5dee 5 bytes JMP 0000000171d39a9a
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000753193ec 5 bytes JMP 0000000171d393d0
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075191465 2 bytes [19, 75]
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751914bb 2 bytes [19, 75]
      .text ... * 2
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000718c388e 5 bytes JMP 0000000071d39280
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000071967922 5 bytes JMP 0000000071d39328
      .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4396] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW

      Comment


      • #4
        00000000763c2694 5 bytes JMP 0000000171d395c8

        ---- Kernel IAT/EAT - GMER 2.1 ----

        IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001076f1c] \SystemRoot\System32\Drivers\sptd.sys [.text]
        IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001076cc0] \SystemRoot\System32\Drivers\sptd.sys [.text]
        IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800107769c] \SystemRoot\System32\Drivers\sptd.sys [.text]
        IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001077a98] \SystemRoot\System32\Drivers\sptd.sys [.text]
        IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010778f4] \SystemRoot\System32\Drivers\sptd.sys [.text]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoAcquireRemoveLockEx] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoWMIRegistrationControl] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!ExFreePoolWithTag] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoWMIWriteEvent] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoRegisterDeviceInterface] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoSetDeviceInterfaceState] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoStartPacket] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoStartTimer] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!RtlInitUnicodeString] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoDeleteDevice] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!KeSetEvent] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoFreeWorkItem] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!MmGetSystemRoutineAddress] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!KeInitializeEvent] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!RtlQueryRegistryValues] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!RtlInitAnsiString] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!RtlGetVersion] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoDetachDevice] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!PoRequestPowerIrp] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoCancelIrp] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoStopTimer] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoStartNextPacket] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoAllocateWorkItem] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!_vsnwprintf] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!PoStartNextPowerIrp] [f64bb0000000a624] [unknown section]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!_vsnprintf] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!ZwClose] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IofCompleteRequest] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoInitializeTimer] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoFreeIrp] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fc68850fef8b4100] [unknown section]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!PoCallDriver] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoAllocateIrp] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!RtlCompareMemory] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!ObfReferenceObject] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoSetStartIoAttributes] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoInitializeRemoveLockEx] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoCreateDevice] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IofCallDriver] [f4ab29000000f8ab] [unknown section]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLockAtDpcLevel] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLock] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoBuildPartialMdl] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoReleaseRemoveLockEx] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLock] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] [fffffeb0820ffe3b] [unknown section]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoFreeMdl] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!KeDelayExecutionThread] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoGetSfioStreamIdentifier] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoQueueWorkItem] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] [fffff738e8c5b60f] [unknown section]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] [fbb0850f00217b80] [unknown section]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoAllocateMdl] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!ZwEnumerateValueKey] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoGetDeviceInterfaces] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!ZwOpenKey] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!KeBugCheckEx] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!KeWaitForSingleObject] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!NlsMbCodePageTag] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoIs32bitProcess] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!MmProbeAndLockPages] [fe83e4334503eb00] [unknown section]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!MmUnlockPages] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoAllocateSfioStreamIdentifier] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoFreeSfioStreamIdentifier] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!IoGetIoPriorityHint] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!EtwUnregister] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!EtwRegister] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!EtwEventEnabled] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!EtwWrite] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!EtwProviderEnabled] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[ntoskrnl.exe!__C_specific_handler] [?]
        IAT C:\Windows\System32\Drivers\aa3rgnr3.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] [?]

        ---- Devices - GMER 2.1 ----

        Device \Driver\aa3rgnr3 \Device\Scsi\aa3rgnr31 fffffa8005dc72c0
        Device \FileSystem\Ntfs \Ntfs fffffa800447f2c0
        Device \Driver\USBSTOR \Device\0000007a fffffa80062ce2c0
        Device \Driver\USBSTOR \Device\00000078 fffffa80062ce2c0
        Device \Driver\usbehci \Device\USBPDO-1 fffffa8005d6e2c0
        Device \Driver\cdrom \Device\CdRom0 fffffa80059952c0
        Device \Driver\USBSTOR \Device\0000007b fffffa80062ce2c0
        Device \Driver\USBSTOR \Device\00000079 fffffa80062ce2c0
        Device \Driver\usbehci \Device\USBFDO-0 fffffa8005d6e2c0
        Device \Driver\USBSTOR \Device\0000007c fffffa80062ce2c0
        Device \Driver\usbehci \Device\USBFDO-1 fffffa8005d6e2c0
        Device \Driver\NetBT \Device\NetBT_Tcpip_{4A6B1BFE-5453-4C3A-8F79-266621F804CA} fffffa8005b002c0
        Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8005b002c0
        Device \Driver\usbehci \Device\USBPDO-0 fffffa8005d6e2c0
        Device \Driver\aa3rgnr3 \Device\ScsiPort1 fffffa8005dc72c0

        ---- Modules - GMER 2.1 ----

        Module \SystemRoot\System32\Drivers\aa3rgnr3.SYS (USB Mass Storage Class Driver/Microsoft Corporation SIGNED)(2011-04-28 05:23:20) fffff88004000000-fffff8800404c000 (311296 bytes)

        ---- Registry - GMER 2.1 ----

        Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
        Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
        Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
        Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x6D 0x69 0x07 0x8F ...
        Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
        Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
        Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
        Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
        Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
        Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x6D 0x69 0x07 0x8F ...
        Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
        Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xA0 0x02 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CE25CB4-BCB9-8C44-CCE2-082F5ABFBB7D}
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CE25CB4-BCB9-8C44-CCE2-082F5ABFBB7D}@hadlgnhkblepcjgi 0x69 0x61 0x6F 0x6A ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CE25CB4-BCB9-8C44-CCE2-082F5ABFBB7D}@iabbmkahlgenhclelg 0x63 0x61 0x6B 0x6A ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CE25CB4-BCB9-8C44-CCE2-082F5ABFBB7D}@iafkkhleohiioilggl 0x69 0x61 0x6F 0x6A ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CE25CB4-BCB9-8C44-CCE2-082F5ABFBB7D}@dbfkddealaogoebjpollibngmeghdkgdknlaaepm 0x68 0x61 0x6F 0x61 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CE25CB4-BCB9-8C44-CCE2-082F5ABFBB7D}@jbfkddealaogoebjpollhcjjdggnikbnjldeeaphfkpapgjoebpe 0x68 0x61 0x6F 0x61 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CE25CB4-BCB9-8C44-CCE2-082F5ABFBB7D}@dbfkddealaogoebjpollfbmiaijelfdfbpinbnal 0x62 0x61 0x64 0x6E ...

        ---- EOF - GMER 2.1 ----

        Comment


        • #5
          Hoi matjomj ,

          Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
          .
          • Log enkel in als beheerder met alle rechten.
          • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
          • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
          • Volg aandachtig de instructies die door mij worden gegeven.
          • Volg enkel het door mij gegeven advies op
          • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
          • Als je iets niet weet of verstaat, vraag het dan even aub.
          • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
          • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
          • Zet je emoticons (Smileys) uit als je logs plaatst aub .
          • De logs niet als bijlage, noch tussen codetags zetten aub.

          .
          Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
          De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

          Stap 1:

          Malware scannen en verwijderen....

          Start MBAM.
          Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
          • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
          • Ga naar het tabblad "Updates" en Update MBAM.
          • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
          • Druk vervolgens op "Scannen" om de scan te starten.
          • Het scannen kan een tijdje duren, dus wees geduldig.
          • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
          • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
          • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

          Indien MBAM vraagt om een herstart, doe dit dan ook.
          Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
          In dat geval post je dus de twee logs.

          De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


          Bij problemen!!!

          ___________________________________________________________

          Stap 2:

          Controle op slechte toolbars...

          Opmerking:Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
          Beveiligingssoftware uitschakelen.

          Download AdwCleaner by Xplode naar je Bureaublad.
          • Sluit alle openstaande vensters
          • Start AdwCleaner en klik op Verwijderen

          • KLIK HIER voor een vergroting! 
          • Klik bij AdwCleaner – Information op OK
          • Klik bij AdwCleaner – Restart Required op OK

          Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
          Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

          Vergeet niet om je "smileys" uit te schakelen.

          Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

          ___________________________________________________________

          Stap 3:

          Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


          DDS is een diagnosetool en maakt gebruik van scripts.
          Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


          Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
          Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
          Beide logfiles sla je op je bureaublad.

          Post de inhoud van DDS.txt.

          De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

          ___________________________________________________________

          Stap 4:

          Controle op updates...

          Download Security Check op je bureaublad via hier of hier

          Start Security Check
          Volg de Instructies in het scherm
          Aan het eind verschijnt een log ( checkup.txt )
          Plaats de inhoud ervan in je volgende antwoord.

          In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
          .
          • MBAM
          • AdwCleaner
          • DDS
          • checkup.txt

          .
          Deze logs NIET als bijlage of tussen codetags posten aub.
          (Desnoods in meerdere postingen.)

          Emphyrio
          Last edited by Emphyrio; 19-07-13, 14:20.
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment


          • #6
            Malwarebytes Anti-Malware 1.75.0.1300
            www.malwarebytes.org

            Databaseversie: v2013.07.19.05

            Windows 7 Service Pack 1 x64 NTFS
            Internet Explorer 9.0.8112.16421
            matjo :: MATJO-PC [administrator]

            19-7-2013 15:24:46
            mbam-log-2013-07-19 (15-24-46).txt

            Scan type: Volledige scan (C:\|)
            Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
            Uitgeschakelde scan opties: P2P
            Objecten gescand: 435345
            Verstreken tijd: 42 minuut/minuten, 17 seconde(n)

            Geheugenprocessen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Geheugenmodulen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registersleutels gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registerwaarden gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registerdata gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Mappen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Bestanden gedetecteerd: 1
            C:\Users\matjo\AppData\Local\Zylom Games\SCRABBLE(R) WETTIG GEDEPONEERD kruiswoordpuzzelspel\scrabble.exe (PUP.Downloader.ZYL) -> Succesvol in quarantaine geplaatst en verwijderd.

            (einde)

            Comment


            • #7
              # AdwCleaner v2.305 - Verslag gemaakt op 19/07/2013 om 16:19:42
              # Geactualiseerd op 11/07/2013 door Xplode
              # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
              # Gebruiker : matjo - MATJO-PC
              # Opstarten Modus : Normale modus
              # Gelanceerd vanaf : C:\Users\matjo\Desktop\adwcleaner.exe
              # Optie [Verwijderen]


              ***** [Diensten] *****


              ***** [Files / Mappen] *****

              File Verwijderd : C:\END
              Map Verwijderd : C:\Program Files (x86)\Wajam
              Map Verwijderd : C:\ProgramData\iWin
              Map Verwijderd : C:\ProgramData\Trymedia
              Map Verwijderd : C:\Users\matjo\AppData\Local\Wajam
              Map Verwijderd : C:\Users\matjo\AppData\Roaming\iWin
              Map Verwijderd : C:\Users\matjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
              Map Verwijderd : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}

              ***** [Register] *****

              Sleutel Verwijderd : HKCU\Software\APN PIP
              Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit
              Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\conduitEngine
              Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\PriceGong
              Sleutel Verwijderd : HKCU\Software\AppDataLow\Toolbar
              Sleutel Verwijderd : HKCU\Software\BabylonToolbar
              Sleutel Verwijderd : HKCU\Software\DataMngr
              Sleutel Verwijderd : HKCU\Software\InstallCore
              Sleutel Verwijderd : HKCU\Software\Microsoft\Babylon
              Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
              Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
              Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
              Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
              Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
              Sleutel Verwijderd : HKCU\Software\Softonic
              Sleutel Verwijderd : HKCU\Software\Wajam
              Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar
              Sleutel Verwijderd : HKCU\Software\5c4d8dbb23bed42
              Sleutel Verwijderd : HKLM\Software\Babylon
              Sleutel Verwijderd : HKLM\Software\BabylonToolbar
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\escort.DLL
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Conduit.Engine
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2644243
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2905303
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wajam.WajamBHO
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
              Sleutel Verwijderd : HKLM\Software\Conduit
              Sleutel Verwijderd : HKLM\Software\conduitEngine
              Sleutel Verwijderd : HKLM\Software\DataMngr
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\af2e5d77adc8b777439a13fdd0599351
              Sleutel Verwijderd : HKLM\Software\PIP
              Sleutel Verwijderd : HKLM\Software\Wajam
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\5c4d8dbb23bed42
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AC49E3F-ABB4-4ACE-BC6B-62245DAE0BEC}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
              Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
              Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
              Sleutel Verwijderd : HKLM\SOFTWARE\Software
              Waarde Verwijderd : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
              Waarde Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
              Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

              ***** [Browsers] *****

              -\\ Internet Explorer v9.0.8112.16490

              [OK] Het register bevat geen enkele ongeoorloofde invoer.

              -\\ Google Chrome v27.0.1453.116

              File : C:\Users\matjo\AppData\Local\Google\Chrome\User Data\Default\Preferences

              Verwijderd [l.23] : icon_url = "hxxp://www.babylon.com/favicon.ico",
              Verwijderd [l.26] : keyword = "babylon.com",
              Verwijderd [l.30] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=111304&tt=201208_mnt_n_3412_2&

              *************************

              AdwCleaner[R1].txt - [11070 octets] - [19/07/2013 16:17:15]
              AdwCleaner[S1].txt - [397 octets] - [19/07/2013 16:18:07]
              AdwCleaner[S2].txt - [10817 octets] - [19/07/2013 16:19:42]

              ########## EOF - C:\AdwCleaner[S2].txt - [10878 octets] ##########
              Last edited by matjomj; 19-07-13, 15:23.

              Comment


              • #8
                de dds teskst log opnieuw

                DDS (Ver_2012-11-20.01) - NTFS_AMD64
                Internet Explorer: 9.0.8112.16490
                Run by matjo at 16:24:19 on 2013-07-19
                Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2224 [GMT 2:00]
                .
                AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
                SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
                SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                .
                ============== Running Processes ===============
                .
                C:\Windows\system32\lsm.exe
                C:\Windows\system32\svchost.exe -k DcomLaunch
                C:\Windows\system32\nvvsvc.exe
                C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
                C:\Windows\system32\svchost.exe -k RPCSS
                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                C:\Windows\system32\svchost.exe -k LocalService
                C:\Windows\system32\svchost.exe -k netsvcs
                C:\Windows\system32\svchost.exe -k GPSvcGroup
                C:\Windows\system32\svchost.exe -k NetworkService
                C:\Windows\System32\spoolsv.exe
                C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                C:\Windows\system32\taskeng.exe
                C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                C:\Windows\system32\nvvsvc.exe
                C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
                C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
                C:\Windows\system32\taskhost.exe
                C:\Windows\system32\Dwm.exe
                C:\Program Files (x86)\GfKLSPService\GfKLSPService.exe
                C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
                C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
                C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
                C:\Windows\Explorer.EXE
                C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
                C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                C:\Windows\PixArt\Pac207\Monitor.exe
                C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
                C:\Windows\system32\svchost.exe -k imgsvc
                C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
                C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
                C:\OEM\USBDECTION\USBS3S4Detection.exe
                C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
                C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                C:\Windows\system32\SearchIndexer.exe
                C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
                C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
                C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                C:\Program Files\Windows Media Player\wmpnetwk.exe
                C:\Windows\servicing\TrustedInstaller.exe
                C:\Windows\System32\WUDFHost.exe
                C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
                C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
                C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
                C:\Windows\system32\SearchProtocolHost.exe
                C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                C:\Windows\system32\wbem\wmiprvse.exe
                C:\Program Files (x86)\Internet Explorer\iexplore.exe
                C:\Program Files (x86)\Internet Explorer\iexplore.exe
                C:\Windows\system32\sppsvc.exe
                C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                C:\Windows\system32\wbem\wmiprvse.exe
                C:\Windows\system32\SearchProtocolHost.exe
                C:\Windows\system32\SearchFilterHost.exe
                C:\Windows\System32\cscript.exe
                .
                ============== Pseudo HJT Report ===============
                .
                uStart Page = hxxp://www.startpagina.nl/
                uSearch Bar = Preserve
                BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
                BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
                BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
                uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
                uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
                uRun: [Facebook Update] "C:\Users\matjo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
                mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
                mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
                mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                mRun: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
                mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                uPolicies-Explorer: NoDrives = dword:0
                mPolicies-Explorer: NoDrives = dword:0
                mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                mPolicies-System: ConsentPromptBehaviorUser = dword:3
                mPolicies-System: EnableUIADesktopToggle = dword:0
                mPolicies-System: PromptOnSecureDesktop = dword:0
                IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
                IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
                DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
                DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
                DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
                DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
                DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
                DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
                DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
                DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
                DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
                DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldnl-nl.cab
                TCP: NameServer = 192.168.1.1
                TCP: Interfaces\{4A6B1BFE-5453-4C3A-8F79-266621F804CA} : DHCPNameServer = 192.168.1.1
                Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                AppInit_DLLs= c:\progra~3\browse~2\261040~1.25\{c16c1~1\browse~1.dll
                mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
                x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
                x64-Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
                x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
                x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
                x64-IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} - <orphaned>
                x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                .
                ============= SERVICES / DRIVERS ===============
                .
                R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
                R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-1-5 42840]
                R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
                R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-3-14 137144]
                R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2011-1-9 81920]
                R2 GfkLSPService;GfkLSPService;C:\Program Files (x86)\GfKLSPService\GfKLSPService.exe [2010-4-20 2781184]
                R2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-7-28 128000]
                R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-11-17 44312]
                R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
                R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
                R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-9-20 2754984]
                R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-2-1 2314240]
                R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-11-17 240160]
                R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-14 76320]
                R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-11-17 283824]
                R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2011-1-9 2736128]
                R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-17 56344]
                R3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.SYS [2006-12-5 572416]
                S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
                S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
                S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
                S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\Windows\System32\drivers\aabed2.sys [2008-3-20 28672]
                S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-1 48488]
                S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
                S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
                S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2009-12-30 25088]
                S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2010-1-21 18944]
                S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-12 19456]
                S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-5 42328]
                S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-12 57856]
                S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-27 1255736]
                S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
                .
                =============== Created Last 30 ================
                .
                2013-07-19 13:23:11 -------- d-----w- C:\Users\matjo\AppData\Local\{38C92483-FA3D-42D1-BBC0-0079FC24CE5A}
                2013-07-19 13:09:09 -------- d-----w- C:\Users\matjo\AppData\Local\{F7C745C3-6140-43A3-A4E7-DB0556832E66}
                2013-07-19 12:41:45 -------- d-----w- C:\Users\matjo\AppData\Local\Programs
                2013-07-19 10:15:49 -------- d-----w- C:\Users\matjo\AppData\Local\{D09E79BE-C665-481D-A182-5C21FC665363}
                2013-07-18 20:12:16 -------- d-----w- C:\Users\matjo\AppData\Local\{00691ED8-DC11-42AB-B167-6FD65EFFE744}
                2013-07-18 05:44:06 -------- d-----w- C:\Users\matjo\AppData\Local\{CEF29F42-E8E4-4638-9E41-F0EE34A442DA}
                2013-07-17 12:05:56 -------- d-----w- C:\Users\matjo\AppData\Local\{6132A5F4-5104-4C88-BBF9-21C22A6D753D}
                2013-07-16 20:27:34 -------- d-----w- C:\Users\matjo\AppData\Local\{5E784962-562C-4AD3-B9CB-36F21326F49A}
                2013-07-16 18:49:45 -------- d-----w- C:\Users\matjo\AppData\Local\{E9B5E195-DC36-49A9-9B07-FA6542902970}
                2013-07-16 06:41:53 -------- d-----w- C:\Users\matjo\AppData\Local\{51579CDA-9896-45F6-AAD2-1EAED7DFC0CC}
                2013-07-15 11:49:20 -------- d-----w- C:\Users\matjo\AppData\Local\{19E42F8C-7AA6-4308-87E0-AF3897CE5EE4}
                2013-07-14 14:45:44 -------- d-----w- C:\Users\matjo\AppData\Local\{2F26A587-3241-44F3-AEC7-A4BB6B30CF9A}
                2013-07-13 21:52:18 -------- d-----w- C:\Users\matjo\AppData\Local\{AFA5C79B-5134-49F8-9581-00E31454B371}
                2013-07-13 07:38:56 -------- d-----w- C:\Users\matjo\AppData\Local\{B3506036-0284-47E0-95B9-25BCBF121FD0}
                2013-07-12 11:56:46 -------- d-----w- C:\Users\matjo\AppData\Local\{398AD4E3-1DCB-4523-8B9C-B5834B0FA79B}
                2013-07-12 10:26:16 -------- d-----w- C:\Users\matjo\AppData\Local\{516FE44C-34E9-44AD-8D95-9B54763BE1AE}
                2013-07-11 12:11:03 -------- d-----w- C:\Users\matjo\AppData\Local\{1369B8F8-A4C9-48C9-B3F5-A9D1844F6759}
                2013-07-10 15:21:10 -------- d-----w- C:\Users\matjo\AppData\Local\{2F00D0E4-F3B9-4FBB-BAA1-16D67ACA3409}
                2013-07-09 14:17:08 -------- d-----w- C:\Users\matjo\AppData\Local\{8F774547-3B81-4038-8EF5-95662F0F156A}
                2013-07-09 05:32:29 -------- d-----w- C:\Users\matjo\AppData\Local\{8A57FCDC-8DF9-4A14-A8A1-244D9D51AB46}
                2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
                2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
                2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
                2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
                2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
                2013-07-09 04:08:14 -------- d-----w- C:\Users\matjo\AppData\Local\Apple
                2013-07-09 04:01:58 -------- d-----w- C:\Users\matjo\AppData\Local\{877ADE0C-3DF6-4F77-A28D-E7C3EF30E351}
                2013-07-08 14:14:09 -------- d-----w- C:\Users\matjo\AppData\Local\{DD4D051A-7761-4221-829F-FB4810A9B255}
                2013-07-07 20:33:52 -------- d-----w- C:\Users\matjo\AppData\Local\{EFA80E15-104A-458C-BB25-F59F52E37218}
                2013-07-07 19:52:03 -------- d-----w- C:\Users\matjo\AppData\Local\{A843D0EF-1FDD-494F-A609-659F97BE829A}
                2013-07-07 05:25:44 -------- d-----w- C:\Users\matjo\AppData\Local\{71DACF30-C239-4241-8454-304D6733CCAB}
                2013-07-06 14:43:55 -------- d-----w- C:\Users\matjo\AppData\Local\{2F38AA56-32E4-42F1-83D5-61C00CD817E2}
                2013-07-05 19:22:12 -------- d-----w- C:\Users\matjo\AppData\Local\{A757C577-ED31-4F67-B91C-C6A03A225F69}
                2013-07-05 06:29:57 -------- d-----w- C:\Users\matjo\AppData\Local\{EC3E13FC-E3D0-43E9-9697-964EE500F5C6}
                2013-07-04 18:22:22 -------- d-----w- C:\Users\matjo\AppData\Local\{3F2E309E-CBFA-4F15-BE11-AD573D8B0C0C}
                2013-07-04 05:28:21 -------- d-----w- C:\Users\matjo\AppData\Local\{4501F1B7-994F-4F1C-BEEB-62CD8C83B5B5}
                2013-07-03 10:15:41 -------- d-----w- C:\Users\matjo\AppData\Local\{562BD695-100C-46B2-BD24-75A65FFFEFD8}
                2013-07-02 10:53:00 -------- d-----w- C:\Users\matjo\AppData\Local\{7FAC3438-97FF-44DE-9600-DF2A3524D59B}
                2013-07-02 05:11:07 -------- d-----w- C:\Users\matjo\AppData\Local\NVIDIA
                2013-07-02 04:44:56 -------- d-----w- C:\Users\matjo\AppData\Local\{24C06778-0231-4DE4-A839-4391CCA66025}
                2013-07-01 13:51:49 -------- d-----w- C:\Users\matjo\AppData\Local\{72ADD86B-20E0-44BD-B828-2E1531E5F321}
                2013-06-30 20:54:38 -------- d-----w- C:\Users\matjo\AppData\Local\DM
                2013-06-30 09:29:20 -------- d-----w- C:\Users\matjo\AppData\Local\{45D1E0E6-A826-46FE-9847-75A7447C4B7F}
                2013-06-29 23:02:44 -------- d-----w- C:\Users\matjo\AppData\Local\{BE79C2A6-588C-4A66-B41F-325E53CC3655}
                2013-06-29 08:04:56 -------- d-----w- C:\Users\matjo\AppData\Local\{B080765F-F649-4965-8FF3-DCE0F33B264A}
                2013-06-28 21:13:41 -------- d-----w- C:\Users\matjo\AppData\Local\{2A594F6C-454B-4925-B7E3-4B0056826CAD}
                2013-06-28 18:49:39 -------- d-----w- C:\Program Files (x86)\SpotLite
                2013-06-28 09:12:37 -------- d-----w- C:\Users\matjo\AppData\Roaming\Spotnet
                2013-06-28 09:04:15 -------- d-----w- C:\Users\matjo\AppData\Local\{D8D4257B-4F44-4FA0-9310-9D492B6AC8FC}
                2013-06-28 07:16:11 -------- d-----w- C:\Users\matjo\AppData\Local\{70E5F130-CD64-4F4B-B40C-72AD54281DD2}
                2013-06-27 18:31:50 -------- d-----w- C:\Users\matjo\AppData\Local\{05AD108D-1490-46D4-A323-98CD5BE04A3A}
                2013-06-27 04:34:56 -------- d-----w- C:\Users\matjo\AppData\Local\{E8E1A258-6931-4745-A115-0CB2BB14886D}
                2013-06-26 11:25:35 -------- d-----w- C:\Users\matjo\AppData\Local\{486951F1-CDFF-4286-9D00-718EC2E2C859}
                2013-06-25 18:28:59 -------- d-----w- C:\Users\matjo\AppData\Local\{3AD8CD8B-C0E8-4ADF-96A6-F7A3350EDFC1}
                2013-06-25 05:57:57 -------- d-----w- C:\Users\matjo\AppData\Local\{F9A257AF-EC84-489B-A060-EB23D58580F5}
                2013-06-24 14:08:35 -------- d-----w- C:\Users\matjo\AppData\Local\{C916075B-134E-4171-8668-778DFA0D45A2}
                2013-06-23 18:14:07 -------- d-----w- C:\Users\matjo\AppData\Local\{91283D83-AD56-4596-B231-700F440E04BC}
                2013-06-23 05:46:14 -------- d-----w- C:\Users\matjo\AppData\Local\{D9D17077-63BB-474D-957A-EF5053E9EC45}
                2013-06-22 16:54:17 -------- d-----w- C:\Users\matjo\AppData\Local\{65BE7819-AB88-4C06-9C37-B02237B7C0CD}
                2013-06-21 19:53:17 -------- d-----w- C:\Users\matjo\AppData\Local\{2346E016-65F8-4CF7-9102-0D188B57313F}
                2013-06-21 06:27:51 -------- d-----w- C:\Users\matjo\AppData\Local\{1D8FA95E-FC03-4A8B-AF9E-CE7DC76A4ABF}
                2013-06-21 03:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
                2013-06-20 10:47:22 -------- d-----w- C:\Users\matjo\AppData\Local\{D60E7804-D971-414C-912C-85ADF13AA296}
                .
                ==================== Find3M ====================
                .
                2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
                2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
                2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
                2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
                2013-06-21 10:23:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
                2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
                2013-06-14 03:59:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                2013-06-14 03:59:27 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
                2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll
                2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
                2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
                2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll
                2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
                2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
                2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
                2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
                2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
                2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
                2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
                2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
                2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
                2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
                2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
                2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
                2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
                2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
                2013-05-12 21:42:27 1832224 ----a-w- C:\Windows\System32\nvdispco6432018.dll
                2013-05-12 21:42:27 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432018.dll
                2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
                2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
                2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
                2013-05-01 01:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
                2013-05-01 01:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
                2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
                2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
                2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
                .
                ============= FINISH: 16:25:57,48 ===============

                Comment


                • #9
                  em hier stap 4 hopelijk nu alles goed begrepen en gedaan

                  Results of screen317's Security Check version 0.99.70
                  Windows 7 Service Pack 1 x64 (UAC is enabled)
                  Internet Explorer 10
                  ``````````````Antivirus/Firewall Check:``````````````
                  ESET NOD32 Antivirus 5.2
                  Antivirus up to date!
                  `````````Anti-malware/Other Utilities Check:`````````
                  Java(TM) 6 Update 35
                  Java version out of Date!
                  Adobe Reader 10.1.7 Adobe Reader out of Date!
                  Google Chrome 27.0.1453.110
                  Google Chrome 27.0.1453.116
                  Google Chrome 28.0.1500.71
                  Google Chrome 28.0.1500.72
                  ````````Process Check: objlist.exe by Laurent````````
                  ESET NOD32 Antivirus egui.exe
                  ESET NOD32 Antivirus ekrn.exe
                  `````````````````System Health check`````````````````
                  Total Fragmentation on Drive C: 0%
                  ````````````````````End of Log``````````````````````

                  Comment


                  • #10
                    Prima


                    Download TFC en sla deze op je Bureaublad op.
                    • Dubbelklik op TFC.exe om het programma te openen.
                    • Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
                    • Klik op de knop Start om het programma te starten.
                    • Als het programma klaar is, dan zal het je computer opnieuw opstarten.
                      Als dit niet gebeurt, start dan je computer handmatig opnieuw op.


                    _____________________________________________________________

                    Download Combofix en plaats het op je bureaublad.

                    KLIK HIER voor een vergroting! 

                    Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                    Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.


                    Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.


                    Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                    Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                    Als Combofix vraagt om een update, dan staat je dit toe.

                    Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                    Deze kan je vinden als C:\combofix.txt.

                    Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                    Emphyrio
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      combofix log

                      ComboFix 13-07-18.04 - matjo 19-07-2013 16:49:16.5.4 - x64
                      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2318 [GMT 2:00]
                      Gestart vanuit: c:\users\matjo\Desktop\ComboFix.exe
                      AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
                      SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
                      SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                      .
                      .
                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      c:\users\matjo\AppData\Roaming\Tairw
                      c:\users\matjo\AppData\Roaming\Tairw\zydoo.neu
                      c:\windows\wininit.ini
                      .
                      .
                      (((((((((((((((((((( Bestanden Gemaakt van 2013-06-19 to 2013-07-19 ))))))))))))))))))))))))))))))
                      .
                      .
                      2013-07-19 14:53 . 2013-07-19 14:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
                      2013-07-19 14:53 . 2013-07-19 14:53 -------- d-----w- c:\users\UpdatusUser.matjo-PC.000\AppData\Local\temp
                      2013-07-19 14:53 . 2013-07-19 14:53 -------- d-----w- c:\users\Public\AppData\Local\temp
                      2013-07-19 14:53 . 2013-07-19 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp
                      2013-07-19 12:41 . 2013-07-19 12:41 -------- d-----w- c:\users\matjo\AppData\Local\Programs
                      2013-07-10 04:19 . 2013-07-10 04:19 -------- d-----w- c:\users\matjo\AppData\Roaming\Apple Computer
                      2013-07-09 04:09 . 2013-07-09 04:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
                      2013-07-09 04:09 . 2013-07-09 04:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
                      2013-07-09 04:09 . 2013-07-09 04:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
                      2013-07-09 04:09 . 2013-07-09 04:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
                      2013-07-09 04:09 . 2013-07-09 04:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
                      2013-07-09 04:09 . 2013-07-09 04:09 -------- d-----w- c:\programdata\Apple Computer
                      2013-07-09 04:08 . 2013-07-09 04:08 -------- d-----w- c:\program files (x86)\Common Files\Apple
                      2013-07-09 04:08 . 2013-07-09 04:08 -------- d-----w- c:\users\matjo\AppData\Local\Apple
                      2013-07-09 04:08 . 2013-07-09 04:08 -------- d-----w- c:\programdata\Apple
                      2013-07-09 04:08 . 2013-07-09 04:08 -------- d-----w- c:\program files (x86)\Apple Software Update
                      2013-07-02 05:18 . 2013-07-02 05:18 -------- d-----w- c:\program files (x86)\AGEIA Technologies
                      2013-07-02 05:11 . 2013-07-02 05:11 -------- d-----w- c:\users\matjo\AppData\Local\NVIDIA
                      2013-06-30 20:54 . 2013-06-30 20:55 -------- d-----w- c:\users\matjo\AppData\Local\DM
                      2013-06-28 18:49 . 2013-06-28 19:03 -------- d-----w- c:\program files (x86)\SpotLite
                      2013-06-28 09:12 . 2013-06-28 09:12 -------- d-----w- c:\users\matjo\AppData\Roaming\Spotnet
                      2013-06-21 03:16 . 2013-06-21 03:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
                      .
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2013-06-21 12:06 . 2013-05-24 07:30 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll
                      2013-06-21 12:06 . 2013-05-24 07:30 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll
                      2013-06-21 12:06 . 2012-10-10 20:23 2936208 ----a-w- c:\windows\system32\nvapi64.dll
                      2013-06-21 12:06 . 2012-10-10 20:23 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll
                      2013-06-21 12:06 . 2012-09-13 18:49 61216 ----a-w- c:\windows\system32\OpenCL.dll
                      2013-06-21 12:06 . 2012-09-13 18:49 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
                      2013-06-21 10:23 . 2012-09-13 18:50 6496544 ----a-w- c:\windows\system32\nvcpl.dll
                      2013-06-21 10:23 . 2012-09-13 18:50 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
                      2013-06-21 10:23 . 2012-09-13 18:50 884512 ----a-w- c:\windows\system32\nvvsvc.exe
                      2013-06-21 10:23 . 2012-09-13 18:50 63776 ----a-w- c:\windows\system32\nvshext.dll
                      2013-06-21 10:23 . 2012-09-13 18:50 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
                      2013-06-21 10:23 . 2012-09-13 18:50 237856 ----a-w- c:\windows\system32\nvmctray.dll
                      2013-06-14 03:59 . 2013-06-03 04:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                      2013-06-14 03:59 . 2013-06-03 04:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                      2013-06-12 15:40 . 2010-03-26 19:32 75825640 ----a-w- c:\windows\system32\MRT.exe
                      2013-05-17 04:05 . 2013-06-12 15:42 17824768 ----a-w- c:\windows\system32\mshtml.dll
                      2013-05-17 03:27 . 2013-06-12 15:42 10926080 ----a-w- c:\windows\system32\ieframe.dll
                      2013-05-17 03:09 . 2013-06-12 15:42 2312704 ----a-w- c:\windows\system32\jscript9.dll
                      2013-05-17 03:02 . 2013-06-12 15:42 1346560 ----a-w- c:\windows\system32\urlmon.dll
                      2013-05-17 03:02 . 2013-06-12 15:42 1392128 ----a-w- c:\windows\system32\wininet.dll
                      2013-05-17 03:01 . 2013-06-12 15:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
                      2013-05-17 03:00 . 2013-06-12 15:42 237056 ----a-w- c:\windows\system32\url.dll
                      2013-05-17 02:58 . 2013-06-12 15:42 85504 ----a-w- c:\windows\system32\jsproxy.dll
                      2013-05-17 02:56 . 2013-06-12 15:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
                      2013-05-17 02:56 . 2013-06-12 15:42 599040 ----a-w- c:\windows\system32\vbscript.dll
                      2013-05-17 02:55 . 2013-06-12 15:42 816640 ----a-w- c:\windows\system32\jscript.dll
                      2013-05-17 02:54 . 2013-06-12 15:42 729088 ----a-w- c:\windows\system32\msfeeds.dll
                      2013-05-17 02:53 . 2013-06-12 15:42 2147840 ----a-w- c:\windows\system32\iertutil.dll
                      2013-05-17 02:51 . 2013-06-12 15:42 96768 ----a-w- c:\windows\system32\mshtmled.dll
                      2013-05-17 02:51 . 2013-06-12 15:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
                      2013-05-17 02:46 . 2013-06-12 15:42 248320 ----a-w- c:\windows\system32\ieui.dll
                      2013-05-16 22:39 . 2013-06-12 15:42 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
                      2013-05-16 22:28 . 2013-06-12 15:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
                      2013-05-16 22:27 . 2013-06-12 15:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
                      2013-05-16 22:21 . 2013-06-12 15:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
                      2013-05-16 22:20 . 2013-06-12 15:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
                      2013-05-16 22:16 . 2013-06-12 15:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
                      2013-05-13 05:51 . 2013-06-12 05:09 184320 ----a-w- c:\windows\system32\cryptsvc.dll
                      2013-05-13 05:51 . 2013-06-12 05:09 1464320 ----a-w- c:\windows\system32\crypt32.dll
                      2013-05-13 05:51 . 2013-06-12 05:09 139776 ----a-w- c:\windows\system32\cryptnet.dll
                      2013-05-13 05:50 . 2013-06-12 05:09 52224 ----a-w- c:\windows\system32\certenc.dll
                      2013-05-13 04:45 . 2013-06-12 05:09 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
                      2013-05-13 04:45 . 2013-06-12 05:09 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
                      2013-05-13 04:45 . 2013-06-12 05:09 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
                      2013-05-13 03:43 . 2013-06-12 05:09 1192448 ----a-w- c:\windows\system32\certutil.exe
                      2013-05-13 03:08 . 2013-06-12 05:09 903168 ----a-w- c:\windows\SysWow64\certutil.exe
                      2013-05-13 03:08 . 2013-06-12 05:09 43008 ----a-w- c:\windows\SysWow64\certenc.dll
                      2013-05-12 21:42 . 2013-05-24 07:30 1832224 ----a-w- c:\windows\system32\nvdispco6432018.dll
                      2013-05-12 21:42 . 2013-05-24 07:30 1511712 ----a-w- c:\windows\system32\nvdispgenco6432018.dll
                      2013-05-10 05:49 . 2013-06-12 05:09 30720 ----a-w- c:\windows\system32\cryptdlg.dll
                      2013-05-10 03:20 . 2013-06-12 05:09 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
                      2013-05-08 06:39 . 2013-06-12 05:09 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
                      2013-05-03 07:02 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
                      2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
                      2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
                      2013-04-26 05:51 . 2013-06-12 05:09 751104 ----a-w- c:\windows\system32\win32spl.dll
                      2013-04-26 04:55 . 2013-06-12 05:09 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
                      2013-04-25 23:30 . 2013-06-12 05:09 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                      REGEDIT4
                      .
                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-05 3077528]
                      "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
                      "Facebook Update"="c:\users\matjo\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-20 138096]
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                      "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
                      "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2013-01-23 802304]
                      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
                      "MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2013-05-07 128000]
                      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
                      "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                      "ConsentPromptBehaviorAdmin"= 5 (0x5)
                      "ConsentPromptBehaviorUser"= 3 (0x3)
                      "EnableUIADesktopToggle"= 0 (0x0)
                      "PromptOnSecureDesktop"= 0 (0x0)
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                      "LoadAppInit_DLLs"=1 (0x1)
                      .
                      R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
                      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                      R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys;c:\windows\SYSNATIVE\DRIVERS\aabed2.sys [x]
                      R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys;c:\windows\SYSNATIVE\DRIVERS\ManyCam_x64.sys [x]
                      R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys;c:\windows\SYSNATIVE\drivers\ccdcmbox64.sys [x]
                      R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys;c:\windows\SYSNATIVE\drivers\ccdcmbx64.sys [x]
                      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                      R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
                      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                      R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
                      S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\s ptd.sys [x]
                      S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
                      S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
                      S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
                      S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
                      S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
                      S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x]
                      S2 GfkLSPService;GfkLSPService;c:\program files (x86)\GfKLSPService\GfKLSPService.exe;c:\program files (x86)\GfKLSPService\GfKLSPService.exe [x]
                      S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [x]
                      S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [x]
                      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
                      S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
                      S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
                      S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
                      S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4De tection.exe [x]
                      S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
                      S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x]
                      S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
                      S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
                      .
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                      2013-06-29 12:02 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
                      .
                      Inhoud van de 'Gedeelde Taken' map
                      .
                      2013-07-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4233861332-571955857-3087514218-1001Core.job
                      - c:\users\matjo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-20 17:01]
                      .
                      2013-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4233861332-571955857-3087514218-1001UA.job
                      - c:\users\matjo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-20 17:01]
                      .
                      2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-14 06:24]
                      .
                      2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-14 06:24]
                      .
                      .
                      --------- X64 Entries -----------
                      .
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
                      "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-21 8115744]
                      "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
                      "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
                      "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
                      .
                      ------- Bijkomende Scan -------
                      .
                      uLocal Page = c:\windows\system32\blank.htm
                      uStart Page = hxxp://www.startpagina.nl/
                      mLocal Page = c:\windows\SysWOW64\blank.htm
                      TCP: DhcpNameServer = 192.168.1.1
                      .
                      - - - - ORPHANS VERWIJDERD - - - -
                      .
                      Toolbar-Locked - (no file)
                      ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
                      ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
                      ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
                      HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
                      ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
                      ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
                      ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
                      AddRemove-Big City Adventure - Sydney Deluxe - d:\games\Big City Adventure - Sydney
                      .
                      .
                      .
                      --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                      .
                      [HKEY_USERS\S-1-5-21-4233861332-571955857-3087514218-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CE25CB4-BCB9-8C44-CCE2-082F5ABFBB7D}*]
                      "hadlgnhkblepcjgi"=hex:69,61,6f,6a,61,70,67,70,65,64,68,6d,6d,6e,6c,67,69,70,
                      00,77
                      "iabbmkahlgenhclelg"=hex:63,61,6b,6a,6e,6f,00,00
                      "iafkkhleohiioilggl"=hex:69,61,6f,6a,61,70,67,70,65,64,68,6d,6d,6e,6c,67,69,70,
                      00,77
                      "dbfkddealaogoebjpollibngmeghdkgdknlaaepm"=hex:68,61,6f,61,6f,6c,6c,68,68,70,
                      6a,69,6b,65,6e,69,00,00
                      "jbfkddealaogoebjpollhcjjdggnikbnjldeeaphfkpapgjoebpe"=hex:68,61,6f,61,6f,6c,
                      6c,68,68,70,6a,69,6b,65,6e,69,00,00
                      "dbfkddealaogoebjpollfbmiaijelfdfbpinbnal"=hex:62,61,64,6e,00,00
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                      @Denied: (A 2) (Everyone)
                      @="FlashBroker"
                      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe ,-101"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                      "Enabled"=dword:00000001
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                      @Denied: (A 2) (Everyone)
                      @="IFlashBroker5"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                      @="{00020424-0000-0000-C000-000000000046}"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      "Version"="1.0"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                      @Denied: (A 2) (Everyone)
                      @="FlashBroker"
                      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe ,-101"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                      "Enabled"=dword:00000001
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                      @Denied: (A 2) (Everyone)
                      @="Shockwave Flash Object"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
                      "ThreadingModel"="Apartment"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                      @="0"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                      @="ShockwaveFlash.ShockwaveFlash.11"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                      @="1.0"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                      @="ShockwaveFlash.ShockwaveFlash"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                      @Denied: (A 2) (Everyone)
                      @="Macromedia Flash Factory Object"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
                      "ThreadingModel"="Apartment"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                      @="FlashFactory.FlashFactory.1"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                      @="1.0"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                      @="FlashFactory.FlashFactory"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                      @Denied: (A 2) (Everyone)
                      @="IFlashBroker5"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                      @="{00020424-0000-0000-C000-000000000046}"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      "Version"="1.0"
                      .
                      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
                      @Denied: (A) (Users)
                      @Denied: (A) (Everyone)
                      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                      "BlindDial"=dword:00000000
                      .
                      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
                      @Denied: (Full) (Everyone)
                      .
                      Voltooingstijd: 2013-07-19 16:55:27
                      ComboFix-quarantined-files.txt 2013-07-19 14:55
                      .
                      Pre-Run: 160.417.325.056 bytes beschikbaar
                      Post-Run: 160.102.346.752 bytes beschikbaar
                      .
                      - - End Of File - - A1155A3AF668E3A7C81753CA65675172
                      A36C5E4F47E84449FF07ED3517B43A31

                      Comment


                      • #12
                        dds log

                        DDS (Ver_2012-11-20.01) - NTFS_AMD64
                        Internet Explorer: 9.0.8112.16490
                        Run by matjo at 16:56:13 on 2013-07-19
                        Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2453 [GMT 2:00]
                        .
                        AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
                        SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
                        SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                        .
                        ============== Running Processes ===============
                        .
                        C:\Windows\system32\lsm.exe
                        C:\Windows\system32\svchost.exe -k DcomLaunch
                        C:\Windows\system32\nvvsvc.exe
                        C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
                        C:\Windows\system32\svchost.exe -k RPCSS
                        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                        C:\Windows\system32\svchost.exe -k LocalService
                        C:\Windows\system32\svchost.exe -k netsvcs
                        C:\Windows\system32\svchost.exe -k GPSvcGroup
                        C:\Windows\system32\svchost.exe -k NetworkService
                        C:\Windows\System32\spoolsv.exe
                        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                        C:\Windows\system32\taskeng.exe
                        C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                        C:\Windows\system32\nvvsvc.exe
                        C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
                        C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
                        C:\Program Files (x86)\GfKLSPService\GfKLSPService.exe
                        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                        C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
                        C:\Windows\system32\taskhost.exe
                        C:\Windows\system32\Dwm.exe
                        C:\Windows\Explorer.EXE
                        C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
                        C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
                        C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
                        C:\Windows\system32\svchost.exe -k imgsvc
                        C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
                        C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
                        C:\OEM\USBDECTION\USBS3S4Detection.exe
                        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
                        C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                        C:\Windows\PixArt\Pac207\Monitor.exe
                        C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
                        C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
                        C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
                        C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
                        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
                        C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                        C:\Windows\system32\SearchIndexer.exe
                        C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
                        C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                        C:\Windows\servicing\TrustedInstaller.exe
                        C:\Windows\System32\WUDFHost.exe
                        C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                        C:\Program Files\Windows Media Player\wmpnetwk.exe
                        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                        C:\Windows\system32\SearchProtocolHost.exe
                        C:\Windows\system32\SearchFilterHost.exe
                        C:\Windows\system32\wbem\wmiprvse.exe
                        C:\Windows\System32\cscript.exe
                        .
                        ============== Pseudo HJT Report ===============
                        .
                        uStart Page = hxxp://www.startpagina.nl/
                        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
                        BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
                        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
                        uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
                        uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
                        uRun: [Facebook Update] "C:\Users\matjo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
                        mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
                        mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
                        mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                        mRun: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
                        mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                        mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                        uPolicies-Explorer: NoDrives = dword:0
                        mPolicies-Explorer: NoDrives = dword:0
                        mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                        mPolicies-System: ConsentPromptBehaviorUser = dword:3
                        mPolicies-System: EnableUIADesktopToggle = dword:0
                        mPolicies-System: PromptOnSecureDesktop = dword:0
                        IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
                        IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                        IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                        DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
                        DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
                        DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                        DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
                        DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
                        DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
                        DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
                        DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                        DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
                        DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                        DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
                        DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
                        DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
                        DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldnl-nl.cab
                        TCP: NameServer = 192.168.1.1
                        TCP: Interfaces\{4A6B1BFE-5453-4C3A-8F79-266621F804CA} : DHCPNameServer = 192.168.1.1
                        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                        Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                        mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                        x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
                        x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
                        x64-Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
                        x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
                        x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
                        x64-IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} - <orphaned>
                        x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                        x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                        .
                        ============= SERVICES / DRIVERS ===============
                        .
                        R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
                        R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-1-5 42840]
                        R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
                        R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-3-14 137144]
                        R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2011-1-9 81920]
                        R2 GfkLSPService;GfkLSPService;C:\Program Files (x86)\GfKLSPService\GfKLSPService.exe [2010-4-20 2781184]
                        R2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-7-28 128000]
                        R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-11-17 44312]
                        R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
                        R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
                        R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-9-20 2754984]
                        R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-2-1 2314240]
                        R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-11-17 240160]
                        R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-14 76320]
                        R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-11-17 283824]
                        R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2011-1-9 2736128]
                        R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-17 56344]
                        R3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.SYS [2006-12-5 572416]
                        S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
                        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                        S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
                        S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
                        S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\Windows\System32\drivers\aabed2.sys [2008-3-20 28672]
                        S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-1 48488]
                        S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
                        S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
                        S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2009-12-30 25088]
                        S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2010-1-21 18944]
                        S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-12 19456]
                        S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-5 42328]
                        S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-12 57856]
                        S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-27 1255736]
                        S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
                        .
                        =============== Created Last 30 ================
                        .
                        2013-07-19 14:44:58 98816 ----a-w- C:\Windows\sed.exe
                        2013-07-19 14:44:58 256000 ----a-w- C:\Windows\PEV.exe
                        2013-07-19 14:44:58 208896 ----a-w- C:\Windows\MBR.exe
                        2013-07-19 13:23:11 -------- d-----w- C:\Users\matjo\AppData\Local\{38C92483-FA3D-42D1-BBC0-0079FC24CE5A}
                        2013-07-19 13:09:09 -------- d-----w- C:\Users\matjo\AppData\Local\{F7C745C3-6140-43A3-A4E7-DB0556832E66}
                        2013-07-19 12:41:45 -------- d-----w- C:\Users\matjo\AppData\Local\Programs
                        2013-07-19 10:15:49 -------- d-----w- C:\Users\matjo\AppData\Local\{D09E79BE-C665-481D-A182-5C21FC665363}
                        2013-07-18 20:12:16 -------- d-----w- C:\Users\matjo\AppData\Local\{00691ED8-DC11-42AB-B167-6FD65EFFE744}
                        2013-07-18 05:44:06 -------- d-----w- C:\Users\matjo\AppData\Local\{CEF29F42-E8E4-4638-9E41-F0EE34A442DA}
                        2013-07-17 12:05:56 -------- d-----w- C:\Users\matjo\AppData\Local\{6132A5F4-5104-4C88-BBF9-21C22A6D753D}
                        2013-07-16 20:27:34 -------- d-----w- C:\Users\matjo\AppData\Local\{5E784962-562C-4AD3-B9CB-36F21326F49A}
                        2013-07-16 18:49:45 -------- d-----w- C:\Users\matjo\AppData\Local\{E9B5E195-DC36-49A9-9B07-FA6542902970}
                        2013-07-16 06:41:53 -------- d-----w- C:\Users\matjo\AppData\Local\{51579CDA-9896-45F6-AAD2-1EAED7DFC0CC}
                        2013-07-15 11:49:20 -------- d-----w- C:\Users\matjo\AppData\Local\{19E42F8C-7AA6-4308-87E0-AF3897CE5EE4}
                        2013-07-14 14:45:44 -------- d-----w- C:\Users\matjo\AppData\Local\{2F26A587-3241-44F3-AEC7-A4BB6B30CF9A}
                        2013-07-13 21:52:18 -------- d-----w- C:\Users\matjo\AppData\Local\{AFA5C79B-5134-49F8-9581-00E31454B371}
                        2013-07-13 07:38:56 -------- d-----w- C:\Users\matjo\AppData\Local\{B3506036-0284-47E0-95B9-25BCBF121FD0}
                        2013-07-12 11:56:46 -------- d-----w- C:\Users\matjo\AppData\Local\{398AD4E3-1DCB-4523-8B9C-B5834B0FA79B}
                        2013-07-12 10:26:16 -------- d-----w- C:\Users\matjo\AppData\Local\{516FE44C-34E9-44AD-8D95-9B54763BE1AE}
                        2013-07-11 12:11:03 -------- d-----w- C:\Users\matjo\AppData\Local\{1369B8F8-A4C9-48C9-B3F5-A9D1844F6759}
                        2013-07-10 15:21:10 -------- d-----w- C:\Users\matjo\AppData\Local\{2F00D0E4-F3B9-4FBB-BAA1-16D67ACA3409}
                        2013-07-09 14:17:08 -------- d-----w- C:\Users\matjo\AppData\Local\{8F774547-3B81-4038-8EF5-95662F0F156A}
                        2013-07-09 05:32:29 -------- d-----w- C:\Users\matjo\AppData\Local\{8A57FCDC-8DF9-4A14-A8A1-244D9D51AB46}
                        2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
                        2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
                        2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
                        2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
                        2013-07-09 04:09:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
                        2013-07-09 04:08:14 -------- d-----w- C:\Users\matjo\AppData\Local\Apple
                        2013-07-09 04:01:58 -------- d-----w- C:\Users\matjo\AppData\Local\{877ADE0C-3DF6-4F77-A28D-E7C3EF30E351}
                        2013-07-08 14:14:09 -------- d-----w- C:\Users\matjo\AppData\Local\{DD4D051A-7761-4221-829F-FB4810A9B255}
                        2013-07-07 20:33:52 -------- d-----w- C:\Users\matjo\AppData\Local\{EFA80E15-104A-458C-BB25-F59F52E37218}
                        2013-07-07 19:52:03 -------- d-----w- C:\Users\matjo\AppData\Local\{A843D0EF-1FDD-494F-A609-659F97BE829A}
                        2013-07-07 05:25:44 -------- d-----w- C:\Users\matjo\AppData\Local\{71DACF30-C239-4241-8454-304D6733CCAB}
                        2013-07-06 14:43:55 -------- d-----w- C:\Users\matjo\AppData\Local\{2F38AA56-32E4-42F1-83D5-61C00CD817E2}
                        2013-07-05 19:22:12 -------- d-----w- C:\Users\matjo\AppData\Local\{A757C577-ED31-4F67-B91C-C6A03A225F69}
                        2013-07-05 06:29:57 -------- d-----w- C:\Users\matjo\AppData\Local\{EC3E13FC-E3D0-43E9-9697-964EE500F5C6}
                        2013-07-04 18:22:22 -------- d-----w- C:\Users\matjo\AppData\Local\{3F2E309E-CBFA-4F15-BE11-AD573D8B0C0C}
                        2013-07-04 05:28:21 -------- d-----w- C:\Users\matjo\AppData\Local\{4501F1B7-994F-4F1C-BEEB-62CD8C83B5B5}
                        2013-07-03 10:15:41 -------- d-----w- C:\Users\matjo\AppData\Local\{562BD695-100C-46B2-BD24-75A65FFFEFD8}
                        2013-07-02 10:53:00 -------- d-----w- C:\Users\matjo\AppData\Local\{7FAC3438-97FF-44DE-9600-DF2A3524D59B}
                        2013-07-02 05:11:07 -------- d-----w- C:\Users\matjo\AppData\Local\NVIDIA
                        2013-07-02 04:44:56 -------- d-----w- C:\Users\matjo\AppData\Local\{24C06778-0231-4DE4-A839-4391CCA66025}
                        2013-07-01 13:51:49 -------- d-----w- C:\Users\matjo\AppData\Local\{72ADD86B-20E0-44BD-B828-2E1531E5F321}
                        2013-06-30 20:54:38 -------- d-----w- C:\Users\matjo\AppData\Local\DM
                        2013-06-30 09:29:20 -------- d-----w- C:\Users\matjo\AppData\Local\{45D1E0E6-A826-46FE-9847-75A7447C4B7F}
                        2013-06-29 23:02:44 -------- d-----w- C:\Users\matjo\AppData\Local\{BE79C2A6-588C-4A66-B41F-325E53CC3655}
                        2013-06-29 08:04:56 -------- d-----w- C:\Users\matjo\AppData\Local\{B080765F-F649-4965-8FF3-DCE0F33B264A}
                        2013-06-28 21:13:41 -------- d-----w- C:\Users\matjo\AppData\Local\{2A594F6C-454B-4925-B7E3-4B0056826CAD}
                        2013-06-28 18:49:39 -------- d-----w- C:\Program Files (x86)\SpotLite
                        2013-06-28 09:12:37 -------- d-----w- C:\Users\matjo\AppData\Roaming\Spotnet
                        2013-06-28 09:04:15 -------- d-----w- C:\Users\matjo\AppData\Local\{D8D4257B-4F44-4FA0-9310-9D492B6AC8FC}
                        2013-06-28 07:16:11 -------- d-----w- C:\Users\matjo\AppData\Local\{70E5F130-CD64-4F4B-B40C-72AD54281DD2}
                        2013-06-27 18:31:50 -------- d-----w- C:\Users\matjo\AppData\Local\{05AD108D-1490-46D4-A323-98CD5BE04A3A}
                        2013-06-27 04:34:56 -------- d-----w- C:\Users\matjo\AppData\Local\{E8E1A258-6931-4745-A115-0CB2BB14886D}
                        2013-06-26 11:25:35 -------- d-----w- C:\Users\matjo\AppData\Local\{486951F1-CDFF-4286-9D00-718EC2E2C859}
                        2013-06-25 18:28:59 -------- d-----w- C:\Users\matjo\AppData\Local\{3AD8CD8B-C0E8-4ADF-96A6-F7A3350EDFC1}
                        2013-06-25 05:57:57 -------- d-----w- C:\Users\matjo\AppData\Local\{F9A257AF-EC84-489B-A060-EB23D58580F5}
                        2013-06-24 14:08:35 -------- d-----w- C:\Users\matjo\AppData\Local\{C916075B-134E-4171-8668-778DFA0D45A2}
                        2013-06-23 18:14:07 -------- d-----w- C:\Users\matjo\AppData\Local\{91283D83-AD56-4596-B231-700F440E04BC}
                        2013-06-23 05:46:14 -------- d-----w- C:\Users\matjo\AppData\Local\{D9D17077-63BB-474D-957A-EF5053E9EC45}
                        2013-06-22 16:54:17 -------- d-----w- C:\Users\matjo\AppData\Local\{65BE7819-AB88-4C06-9C37-B02237B7C0CD}
                        2013-06-21 19:53:17 -------- d-----w- C:\Users\matjo\AppData\Local\{2346E016-65F8-4CF7-9102-0D188B57313F}
                        2013-06-21 06:27:51 -------- d-----w- C:\Users\matjo\AppData\Local\{1D8FA95E-FC03-4A8B-AF9E-CE7DC76A4ABF}
                        2013-06-21 03:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
                        2013-06-20 10:47:22 -------- d-----w- C:\Users\matjo\AppData\Local\{D60E7804-D971-414C-912C-85ADF13AA296}
                        .
                        ==================== Find3M ====================
                        .
                        2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
                        2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
                        2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
                        2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
                        2013-06-21 10:23:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
                        2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
                        2013-06-14 03:59:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                        2013-06-14 03:59:27 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                        2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
                        2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll
                        2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
                        2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
                        2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll
                        2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
                        2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
                        2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
                        2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                        2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                        2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
                        2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                        2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
                        2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
                        2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
                        2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
                        2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
                        2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
                        2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
                        2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
                        2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
                        2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
                        2013-05-12 21:42:27 1832224 ----a-w- C:\Windows\System32\nvdispco6432018.dll
                        2013-05-12 21:42:27 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432018.dll
                        2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
                        2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
                        2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
                        2013-05-01 01:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
                        2013-05-01 01:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
                        2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
                        2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
                        2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
                        .
                        ============= FINISH: 16:56:20,46 ===============

                        Comment


                        • #13
                          Mooi zo, dit ziet er reeds stukken beter uit

                          Nog ergens last van?
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            heb het politie scherm vanaf de start iedergeval niet meer gezien

                            Comment


                            • #15
                              Prima, dan gaan we nu Combofix verwijderen en afsluiten...

                              Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                              ComboFix /Uninstall

                              Zorg ervoor dat er dus een spatie is tussen Combofix en /
                              Daarna klik je op Enter.


                              Klik op de afbeelding om te vergroten....


                              Dit zal Combofix verwijderen+gerelateerde mappen en bestanden,
                              herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
                              gaat verborgen bestanden en systeembestanden terug verbergen
                              en reset je Systeemherstel opnieuw.



                              Download OTC.exe (by OldTimer) naar je bureaublad.
                              (Dus : Opslaan, "Door je mappen bladeren" klikken, in de linkerkolom je bureaublad selecteren en "opslaan" klikken)
                              • Klik vervolgens met je rechtermuisknop op OTC.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
                              • Klik nu op de knop "CleanUp!"
                              • Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil,
                                mag je dit toestaan, het programma heeft die connectie nodig.
                              • OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.


                              Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.


                              De volgende tools mag je eerst updaten, hoe je dit precies doet staat aangegeven in de links:
                              .
                              .
                              Je PC herstarten hierna.


                              Download of Update Ccleaner

                              Start CCleaner op.
                              • Run Ccleaner en klik in de linkse kolom op Opties
                              • Selecteer het tabblad Geavanceerd
                              • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                              • Haal het vinkje weg voor Verwijder alleen bestanden in de Prullenbak die ouder zijn dan 24 uur
                              • Selecteer het tabblad Instellingen
                              • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                              • Klik in de linkse kolom op Cleaner.
                              • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                              • Klik vervolgens in de linkse kolom op Register
                              • Klik op Scan naar problemen.
                              • Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK



                              1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                              2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                              Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                              3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                              4) Allerlei tips en hints kan je hier raadplegen.


                              Ik zet het topic op opgelost.

                              Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden
                              naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                              Dit is gedaan om het forum netjes en overzichtelijk te houden.

                              Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                              Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                              Emphyrio
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X