Mededeling

**Emphyrio** · 25-07-13, 04:53

Hoi Taranta ,

Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
.

Log enkel in als beheerder met alle rechten.
Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
Volg aandachtig de instructies die door mij worden gegeven.
Volg enkel het door mij gegeven advies op
Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
Als je iets niet weet of verstaat, vraag het dan even aub.
Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
Zet je emoticons (Smileys) uit als je logs plaatst aub .
De logs niet als bijlage, noch tussen codetags zetten aub.

.
Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

Stap 1:

Malware scannen en verwijderen....

Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links:

Dubbelklik op mbam-setup.exe om het programma te installeren.

Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

Zorg dat er na de installatie een vinkje is geplaatst bij:

Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Zodra het programma gestart is, ga je naar het tabblad "Instellingen".

Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga naar het tabblad "Updates" en Update MBAM.
Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Indien MBAM vraagt om een herstart, doe dit dan ook.
Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
In dat geval post je dus de twee logs.

De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Bij problemen!!!

___________________________________________________________

Stap 2:

Controle op slechte toolbars...

Opmerking:Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
Beveiligingssoftware uitschakelen.

Download AdwCleaner by Xplode naar je Bureaublad.

Sluit alle openstaande vensters
Start AdwCleaner en klik op Verwijderen
Klik bij AdwCleaner – Information op OK
Klik bij AdwCleaner – Restart Required op OK

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

Vergeet niet om je "smileys" uit te schakelen.

Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

___________________________________________________________

Stap 3:

Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:

DDS is een diagnosetool en maakt gebruik van scripts.
Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.

Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
Beide logfiles sla je op je bureaublad.

Post de inhoud van DDS.txt.

De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

___________________________________________________________

Stap 4:

Controle op updates...

Download Security Check op je bureaublad via hier of hier

Start Security Check
Volg de Instructies in het scherm
Aan het eind verschijnt een log ( checkup.txt )
Plaats de inhoud ervan in je volgende antwoord.

In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
.

MBAM
AdwCleaner
DDS
checkup.txt

.
Deze logs NIET als bijlage of tussen codetags posten aub.
(Desnoods in meerdere postingen.)

Emphyrio

**Taranta** · 25-07-13, 12:49

Hallo Emphyrio en bedankt voor je hulp,

Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300

Malwarebytes Cyber Security for Home & Business | Anti-Malware

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with our comprehensive cyber security solutions. Free trials available.

Databaseversie: v2013.07.25.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Diana :: DIANA-PC [administrator]

Bescherming: Ingeschakeld

25-7-2013 11:41:40
mbam-log-2013-07-25 (11-41-40).txt

Scan type: Volledige scan (C:\|G:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 366651
Verstreken tijd: 57 minuut/minuten, 48 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

# AdwCleaner v2.306 - Logfile created 07/25/2013 at 12:40:21
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Diana - DIANA-PC
# Boot Mode : Normal
# Running from : C:\Users\Diana\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [652 octets] - [25/07/2013 12:40:21]

########## EOF - C:\AdwCleaner[R1].txt - [711 octets] ##########

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Diana at 12:41:49 on 2013-07-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1787.820 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
G:\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
G:\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
G:\Malwarebytes' Anti-Malware\mbamscheduler.exe
G:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
G:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PLFSetI.exe
G:\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - G:\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - G:\Avast\aswWebRepIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast] "G:\Avast\avastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{0F642EF0-90EA-4FAE-B783-D1D9375945F1} : DHCPNameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{79395291-EB9D-4E5B-AC2C-1E7D4FCA3E90} : DHCPNameServer = 62.179.104.196 213.46.228.196
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - G:\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Nieuwe map (2)\Java\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Nieuwe map (2)\Java\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - G:\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-30 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-30 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-6-30 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-6-30 378944]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-6-30 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-6-30 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-6-30 80816]
R2 avast! Antivirus;avast! Antivirus;G:\Avast\AvastSvc.exe [2013-6-30 46808]
R2 MBAMScheduler;MBAMScheduler;G:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-25 418376]
R2 MBAMService;MBAMService;G:\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-25 701512]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-6-30 116752]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-25 25928]
R3 SbieDrv;SbieDrv;G:\Sandboxie\SbieDrv.sys [2013-7-8 199384]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-6-30 38528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-30 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-21 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-30 1255736]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2013-07-25 00:42:52 -------- d-----w- C:\Users\Diana\AppData\Roaming\Malwarebytes
2013-07-25 00:42:41 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-25 00:42:39 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-25 00:42:26 -------- d-----w- C:\Users\Diana\AppData\Local\Programs
2013-07-23 10:21:49 -------- d-----w- C:\Users\Diana\AppData\Roaming\Remere's Map Editor
2013-07-21 15:22:02 -------- d-----w- C:\ProgramData\Caphyon
2013-07-21 14:59:08 -------- d-----w- C:\ProgramData\Package Cache
2013-07-21 14:57:59 238088 ----a-w- C:\Windows\SysWow64\xactengine3_1.dll
2013-07-21 14:54:14 -------- d-----w- C:\Windows\SysWow64\directx
2013-07-21 14:51:46 -------- d-----w- C:\Users\Diana\AppData\Roaming\AetherNet
2013-07-21 14:10:57 -------- d-----w- C:\Windows\System32\SPReview
2013-07-21 14:10:13 -------- d-----w- C:\Windows\System32\EventProviders
2013-07-21 14:01:24 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2013-07-21 14:01:23 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2013-07-21 14:01:14 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2013-07-21 14:01:07 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-07-21 14:01:07 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-21 14:01:06 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-07-21 14:01:05 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2013-07-21 13:59:59 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2013-07-21 13:58:59 378880 ----a-w- C:\Windows\System32\msinfo32.exe
2013-07-21 13:57:59 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-21 13:56:59 73216 ----a-w- C:\Windows\System32\unimdmat.dll
2013-07-21 13:55:59 8192 ----a-w- C:\Windows\System32\KBDTUF.DLL
2013-07-21 13:54:58 399872 ----a-w- C:\Windows\System32\dpx.dll
2013-07-21 13:54:58 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2013-07-21 13:54:36 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2013-07-21 13:54:29 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2013-07-21 13:52:06 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2013-07-19 14:35:59 -------- d-----w- C:\Users\Diana\AppData\Roaming\Ableton
2013-07-19 14:33:47 -------- d-----w- C:\Program Files (x86)\Common Files\Propellerhead Software
2013-07-19 00:21:20 51712 ----a-w- C:\Windows\AutosetFrequency.exe
2013-07-19 00:21:20 214400 ----a-w- C:\Windows\SysWow64\snpropwp.dll
2013-07-19 00:21:20 206208 ----a-w- C:\Windows\PLFSetI.exe
2013-07-19 00:21:07 -------- d-----w- C:\Program Files (x86)\VideoWebCamera
2013-07-16 19:07:33 -------- d-----r- C:\Sandbox
2013-07-15 23:46:08 -------- d-----w- C:\Users\Diana\AppData\Roaming\uTorrent
2013-07-15 18:08:18 -------- d-----w- C:\Users\Diana\AppData\Roaming\.minecraft
2013-07-15 18:06:44 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-07-15 18:06:44 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-07-15 18:06:28 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-09 17:29:52 -------- d--h--w- C:\ProgramData\CanonIJMIG
2013-07-09 17:28:59 -------- d--h--w- C:\ProgramData\CanonIJScan
2013-07-05 20:26:26 -------- d--h--w- C:\ProgramData\CanonIJEGV
2013-07-05 20:24:55 320000 ----a-w- C:\Windows\SysWow64\CNC_B8L.dll
2013-07-05 20:24:55 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2013-07-05 20:24:55 103424 ----a-w- C:\Windows\SysWow64\CNC_B8U.dll
2013-07-05 20:21:54 -------- d-----w- C:\Program Files\Common Files\CANON
2013-07-05 20:21:41 -------- d-----w- C:\ProgramData\CanonIJWSpt
2013-07-05 20:14:48 -------- d-----w- C:\Program Files\Canon
2013-07-05 20:13:34 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDB8.DLL
2013-07-05 20:13:34 100352 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPB8.DLL
2013-07-05 20:13:19 363520 ----a-w- C:\Windows\System32\CNC_B8L.dll
2013-07-05 20:13:19 287744 ----a-w- C:\Windows\System32\CNC_B8C.dll
2013-07-05 20:13:19 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2013-07-05 20:13:19 106496 ----a-w- C:\Windows\System32\CNC_B8I.dll
2013-07-05 20:12:48 389120 ----a-w- C:\Windows\System32\CNMLMB8.DLL
2013-07-05 20:12:13 39424 ----a-w- C:\Windows\System32\CNMN6UI.DLL
2013-07-05 20:12:13 359936 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
2013-07-05 20:12:13 -------- d-----w- C:\Windows\System32\STRING
2013-07-05 20:10:58 -------- d--h--w- C:\ProgramData\CanonIJETV
2013-07-05 20:10:31 -------- d-----w- C:\Program Files (x86)\Canon
2013-07-01 14:29:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-01 14:29:18 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-01 14:28:37 -------- d-----w- C:\Users\Diana\AppData\Local\Adobe
2013-06-30 23:59:38 -------- d-----w- C:\Windows\Panther
2013-06-30 22:21:13 -------- d-----w- C:\Program Files\CCleaner
2013-06-30 22:12:43 2229608 ----a-w- C:\Windows\System32\drivers\athrx.sys
2013-06-30 22:12:43 2229608 ----a-w- C:\Windows\System32\athrx.sys
2013-06-30 22:12:43 -------- d-----w- C:\Program Files (x86)\Atheros
2013-06-30 21:43:17 -------- d-----w- C:\Windows\SysWow64\Wat
2013-06-30 21:43:17 -------- d-----w- C:\Windows\System32\Wat
2013-06-30 21:24:06 2560 ----a-w- C:\Windows\System32\drivers\nl-NL\wdf01000.sys.mui
2013-06-30 21:24:05 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-06-30 21:24:04 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-06-30 21:24:04 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-06-30 21:24:04 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-06-30 21:20:47 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-06-30 21:20:46 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-06-30 21:20:44 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-06-30 21:20:44 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-06-30 21:20:41 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-06-30 21:20:40 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-06-30 21:20:40 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-06-30 21:03:18 902656 ----a-w- C:\Windows\System32\d2d1.dll
2013-06-30 21:03:17 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-06-30 21:03:16 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2013-06-30 21:03:13 220160 ----a-w- C:\Windows\System32\wintrust.dll
2013-06-30 21:03:13 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-06-30 21:00:15 -------- d-----w- C:\Windows\System32\appmgmt
2013-06-30 20:53:31 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-06-30 20:53:31 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-06-30 20:53:31 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-06-30 20:53:29 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-06-30 20:53:29 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-06-30 20:53:29 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-06-30 20:41:27 -------- d-----w- C:\Windows\SysWow64\nl
2013-06-30 20:41:27 -------- d-----w- C:\Windows\SysWow64\0413
2013-06-30 20:41:27 -------- d-----w- C:\Windows\nl-NL
2013-06-30 20:41:08 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2013-06-30 20:41:08 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\nl-NL
2013-06-30 20:41:08 -------- d-----w- C:\Windows\SysWow64\drivers\nl-NL
2013-06-30 20:41:05 -------- d-----w- C:\Windows\SysWow64\wbem\nl-NL
2013-06-30 20:41:02 -------- d-----w- C:\Windows\System32\nl
2013-06-30 20:41:02 -------- d-----w- C:\Windows\System32\0413
2013-06-30 20:40:39 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2013-06-30 20:40:39 -------- d-----w- C:\Windows\System32\drivers\nl-NL
2013-06-30 20:40:27 -------- d-----w- C:\Windows\System32\wbem\nl-NL
2013-06-30 19:11:58 5632 ----a-w- C:\Windows\System32\drivers\nl-NL\ndiscap.sys.mui
2013-06-30 18:51:24 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-06-30 18:51:24 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-06-30 18:51:24 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-06-30 18:51:23 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-06-30 18:51:23 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-06-30 18:51:22 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-06-30 18:44:14 515584 ----a-w- C:\Windows\System32\timedate.cpl
2013-06-30 18:44:14 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2013-06-30 18:44:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2013-06-30 18:44:04 296960 ----a-w- C:\Windows\System32\rstrui.exe
2013-06-30 18:44:03 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2013-06-30 18:42:41 142336 ----a-w- C:\Windows\System32\poqexec.exe
2013-06-30 18:42:40 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-06-30 18:42:36 2871808 ----a-w- C:\Windows\explorer.exe
2013-06-30 18:42:34 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-06-30 18:40:56 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-06-30 18:40:56 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-06-30 18:40:56 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-06-30 18:40:55 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-06-30 18:40:54 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-06-30 18:39:42 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-06-30 18:39:41 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-06-30 18:39:35 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-06-30 18:39:34 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-06-30 18:39:07 33792 ----a-w- C:\Windows\System32\profprov.dll
2013-06-30 18:39:07 209920 ----a-w- C:\Windows\System32\profsvc.dll
2013-06-30 18:39:03 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2013-06-30 18:39:01 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-06-30 18:39:00 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-06-30 18:37:44 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-06-30 18:37:41 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-06-30 18:35:32 605552 ----a-w- C:\Windows\System32\winload.exe
2013-06-30 18:35:31 642944 ----a-w- C:\Windows\System32\winload.efi
2013-06-30 18:35:31 518672 ----a-w- C:\Windows\System32\winresume.exe
2013-06-30 18:35:30 566208 ----a-w- C:\Windows\System32\winresume.efi
2013-06-30 18:35:29 20352 ----a-w- C:\Windows\System32\kdusb.dll
2013-06-30 18:35:29 19328 ----a-w- C:\Windows\System32\kd1394.dll
2013-06-30 18:35:29 17792 ----a-w- C:\Windows\System32\kdcom.dll
2013-06-30 18:35:28 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2013-06-30 18:34:01 31232 ----a-w- C:\Windows\System32\prevhost.exe
2013-06-30 18:34:00 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2013-06-30 18:29:49 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-06-30 18:29:47 67072 ----a-w- C:\Windows\splwow64.exe
2013-06-30 18:27:38 -------- d-----w- C:\Users\Diana\AppData\Roaming\Windows Live Writer
2013-06-30 18:27:38 -------- d-----w- C:\Users\Diana\AppData\Local\Windows Live Writer
2013-06-30 17:35:00 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2013-06-30 17:34:58 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-06-30 17:31:32 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2013-06-30 17:31:32 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-06-30 17:31:32 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-06-30 17:29:17 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2013-06-30 17:29:08 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2013-06-30 17:29:00 1118720 ----a-w- C:\Windows\System32\sbe.dll
2013-06-30 17:26:50 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-06-30 17:25:56 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-30 17:25:55 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-06-30 17:25:54 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-06-30 17:25:32 162816 ----a-w- C:\Windows\System32\rdpudd.dll
2013-06-30 17:25:32 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2013-06-30 17:25:31 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-06-30 17:25:31 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2013-06-30 17:25:19 395776 ----a-w- C:\Windows\System32\webio.dll
2013-06-30 17:25:17 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2013-06-30 17:25:05 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-06-30 17:23:18 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-06-30 17:23:17 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-06-30 17:23:07 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2013-06-30 17:23:06 288256 ----a-w- C:\Windows\System32\MSNP.ax
2013-06-30 17:23:05 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2013-06-30 17:23:04 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2013-06-30 17:23:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2013-06-30 17:23:01 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2013-06-30 17:23:00 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2013-06-30 17:23:00 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2013-06-30 17:21:56 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-06-30 17:20:41 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-06-30 17:20:40 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-06-30 17:20:39 3072 ----a-w- C:\Windows\System32\dpnaddr.dll
2013-06-30 17:20:39 2560 ----a-w- C:\Windows\SysWow64\dpnaddr.dll
2013-06-30 17:20:35 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2013-06-30 17:20:16 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2013-06-30 17:20:12 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-06-30 17:20:10 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-06-30 17:20:08 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-06-30 17:20:04 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-06-30 17:20:03 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-06-30 17:00:10 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2013-06-30 17:00:09 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2013-06-30 17:00:07 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2013-06-30 17:00:06 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2013-06-30 17:00:05 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2013-06-30 17:00:05 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2013-06-30 17:00:03 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2013-06-30 17:00:00 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2013-06-30 16:59:59 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2013-06-30 16:59:59 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2013-06-30 16:59:58 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2013-06-30 16:59:58 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2013-06-30 16:59:55 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2013-06-30 16:59:38 77312 ----a-w- C:\Windows\System32\packager.dll
2013-06-30 16:59:38 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-06-30 16:59:16 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-06-30 16:59:13 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-06-30 16:58:44 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-30 16:58:39 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-06-30 16:58:34 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-06-30 16:58:28 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-06-30 16:58:28 112640 ----a-w- C:\Windows\System32\smss.exe
2013-06-30 16:58:26 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-06-30 16:56:17 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-06-30 16:56:14 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-06-30 16:56:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-06-30 16:42:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-06-30 16:41:49 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-06-30 16:41:37 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-06-30 16:41:37 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-06-30 16:14:23 -------- d-----w- C:\Windows\PCHEALTH
2013-06-30 16:13:27 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38305BDA-257D-4BEF-9CBD-CE66C875AE11}\mpengine.dll
2013-06-30 16:13:25 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-06-30 16:05:47 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-06-30 16:05:44 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-06-30 16:05:43 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-06-30 16:05:42 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-06-30 16:05:34 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-06-30 16:04:10 41664 ----a-w- C:\Windows\avastSS.scr
2013-06-30 16:02:07 -------- d-----w- C:\ProgramData\AVAST Software
2013-06-30 16:01:36 889416 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\18ea83851ce75ab01\dotNetFx40_Full_setup.exe
2013-06-30 16:01:32 -------- d-----w- C:\Users\Diana\AppData\Local\Windows Live
2013-06-30 16:01:13 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2013-06-30 15:56:39 -------- d-----w- C:\Users\Diana\AppData\Local\Google
2013-06-30 15:56:22 -------- d-----w- C:\Users\Diana\AppData\Local\Deployment
2013-06-30 15:56:22 -------- d-----w- C:\Users\Diana\AppData\Local\Apps
2013-06-30 15:52:52 -------- d-----w- C:\ProgramData\Atheros
2013-06-30 15:51:49 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2013-06-30 15:51:48 -------- d-----w- C:\Program Files\Broadcom
2013-06-30 15:34:50 -------- d-----w- C:\Users\Diana\AppData\Local\Diagnostics
2013-06-30 15:20:29 0 ----a-w- C:\Windows\ativpsrm.bin
2013-06-30 15:19:24 38528 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2013-06-30 15:18:00 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-06-30 15:15:44 -------- d-sh--w- C:\Windows\Installer
2013-06-30 15:15:31 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe
2013-06-30 14:06:42 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2013-07-21 14:30:27 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-07-21 14:30:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-05-19 10:54:27 97176 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll
.
============= FINISH: 12:43:13,37 ===============

Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
mbamscheduler.exe
AvastSvc.exe
AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

**Emphyrio** · 25-07-13, 13:41

Dat ziet er reeds goed uit.

We gaan even dieper analyzeren.....

Download TFC en sla deze op je Bureaublad op.

Dubbelklik op TFC.exe om het programma te openen.
Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
Klik op de knop Start om het programma te starten.
Als het programma klaar is, dan zal het je computer opnieuw opstarten.
Als dit niet gebeurt, start dan je computer handmatig opnieuw op.

_____________________________________________________________

Download Combofix en plaats het op je bureaublad.

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Deze kan je vinden als C:\combofix.txt.

Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

Emphyrio

**Taranta** · 25-07-13, 22:30

Bij deze!

ComboFix 13-07-25.02 - Diana 25-07-2013 21:56:09.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1787.913 [GMT 2:00]
Running from: C:\Users\Diana\Desktop\maps\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

Infected copy of C:\Windows\SysWow64\Version.dll was found and disinfected
Restored copy from - C:\ComboFix\HarddiskVolumeShadowCopy3_!Windows!SysWOW64!version.dll

((((((((((((((((((((((((( Files Created from 2013-06-25 to 2013-07-25 )))))))))))))))))))))))))))))))

2013-07-25 20:05:16 . 2013-07-25 20:05:16 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-07-25 00:42:41 . 2013-07-25 00:42:41 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-25 00:42:39 . 2013-04-04 12:50:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-07-21 15:22:02 . 2013-07-21 15:22:02 -------- d-----w- C:\ProgramData\Caphyon
2013-07-21 14:59:08 . 2013-07-21 14:59:09 -------- d-----w- C:\ProgramData\Package Cache
2013-07-21 14:57:59 . 2008-05-30 12:18:52 238088 ----a-w- C:\Windows\SysWow64\xactengine3_1.dll
2013-07-21 14:10:57 . 2013-07-21 14:10:57 -------- d-----w- C:\Windows\system32\SPReview
2013-07-21 14:10:13 . 2013-07-21 14:10:14 -------- d-----w- C:\Windows\system32\EventProviders
2013-07-21 14:01:24 . 2010-11-05 01:57:12 48976 ----a-w- C:\Windows\system32\netfxperf.dll
2013-07-21 14:01:23 . 2010-11-05 01:57:10 1942856 ----a-w- C:\Windows\system32\dfshim.dll
2013-07-21 14:01:22 . 2010-11-20 13:27:02 8988160 ----a-w- C:\Windows\system32\mshtml.dll
2013-07-21 14:01:14 . 2010-11-05 01:58:18 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2013-07-21 14:01:07 . 2010-11-20 13:27:27 12288 ----a-w- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-21 14:01:07 . 2010-11-20 11:07:05 59392 ----a-w- C:\Windows\system32\drivers\TsUsbFlt.sys
2013-07-21 14:01:06 . 2010-11-20 13:26:01 1838080 ----a-w- C:\Windows\system32\d3d10warp.dll
2013-07-21 14:01:05 . 2010-11-20 13:27:23 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2013-07-21 14:01:03 . 2010-11-20 13:26:33 12260864 ----a-w- C:\Windows\system32\ieframe.dll
2013-07-21 13:59:59 . 2010-11-20 13:27:26 244736 ----a-w- C:\Windows\system32\sqmapi.dll
2013-07-21 13:58:59 . 2010-11-20 13:24:58 378880 ----a-w- C:\Windows\system32\msinfo32.exe
2013-07-21 13:57:59 . 2010-11-20 13:27:23 624128 ----a-w- C:\Windows\system32\qedit.dll
2013-07-21 13:56:59 . 2010-11-20 13:27:27 73216 ----a-w- C:\Windows\system32\unimdmat.dll
2013-07-21 13:55:59 . 2010-11-20 13:02:33 8192 ----a-w- C:\Windows\system32\KBDTUF.DLL
2013-07-21 13:54:58 . 2010-11-20 13:26:07 399872 ----a-w- C:\Windows\system32\dpx.dll
2013-07-21 13:54:58 . 2010-11-20 12:21:35 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2013-07-21 13:54:36 . 2010-11-20 12:21:34 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2013-07-21 13:54:29 . 2010-11-20 12:19:02 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2013-07-21 13:52:06 . 2010-11-20 13:27:27 529408 ----a-w- C:\Windows\system32\wbemcomn.dll
2013-07-19 14:33:47 . 2013-07-19 14:33:48 -------- d-----w- C:\Program Files (x86)\Common Files\Propellerhead Software
2013-07-19 00:21:20 . 2010-06-09 16:54:22 206208 ----a-w- C:\Windows\PLFSetI.exe
2013-07-19 00:21:20 . 2010-06-01 14:39:42 214400 ----a-w- C:\Windows\SysWow64\snpropwp.dll
2013-07-19 00:21:20 . 2010-02-12 13:33:38 51712 ----a-w- C:\Windows\AutosetFrequency.exe
2013-07-19 00:21:07 . 2013-07-19 00:21:17 -------- d-----w- C:\Program Files (x86)\VideoWebCamera
2013-07-16 19:07:33 . 2013-07-16 19:07:33 -------- d-----r- C:\Sandbox
2013-07-15 18:06:44 . 2013-07-15 18:06:14 312232 ----a-w- C:\Windows\system32\javaws.exe
2013-07-15 18:06:44 . 2013-07-15 18:06:09 972712 ----a-w- C:\Windows\system32\deployJava1.dll
2013-07-15 18:06:44 . 2013-07-15 18:06:09 1093032 ----a-w- C:\Windows\system32\npDeployJava1.dll
2013-07-15 18:06:28 . 2013-07-15 18:06:20 108968 ----a-w- C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-15 18:06:28 . 2013-07-15 18:06:13 189352 ----a-w- C:\Windows\system32\javaw.exe
2013-07-15 18:06:28 . 2013-07-15 18:06:12 188840 ----a-w- C:\Windows\system32\java.exe
2013-07-15 16:38:02 . 2013-07-15 16:38:02 -------- d-----w- C:\Program Files\Google
2013-07-15 16:36:45 . 2013-07-15 16:37:08 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe
2013-07-09 17:29:52 . 2013-07-11 11:52:14 -------- d--h--w- C:\ProgramData\CanonIJMIG
2013-07-09 17:28:59 . 2013-07-09 17:31:15 -------- d--h--w- C:\ProgramData\CanonIJScan
2013-07-05 20:26:26 . 2013-07-05 20:26:26 -------- d--h--w- C:\ProgramData\CanonIJEGV
2013-07-05 20:24:55 . 2012-02-08 14:34:06 320000 ----a-w- C:\Windows\SysWow64\CNC_B8L.dll
2013-07-05 20:24:55 . 2012-01-16 12:21:40 103424 ----a-w- C:\Windows\SysWow64\CNC_B8U.dll
2013-07-05 20:24:55 . 2008-08-25 16:02:28 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2013-07-05 20:21:54 . 2013-07-05 20:21:54 -------- d-----w- C:\Program Files\Common Files\CANON
2013-07-05 20:21:41 . 2013-07-05 20:21:41 -------- d-----w- C:\ProgramData\CanonIJWSpt
2013-07-05 20:14:48 . 2013-07-05 20:14:48 -------- d-----w- C:\Program Files\Canon
2013-07-05 20:13:41 . 2013-07-05 20:13:41 -------- d--h--w- C:\ProgramData\CanonBJ
2013-07-05 20:13:34 . 2012-03-26 03:00:00 30208 ----a-w- C:\Windows\system32\Spool\prtprocs\x64\CNMPDB8.DLL
2013-07-05 20:13:34 . 2012-03-26 03:00:00 100352 ----a-w- C:\Windows\system32\Spool\prtprocs\x64\CNMPPB8.DLL
2013-07-05 20:13:25 . 2013-07-05 20:13:25 -------- d--h--w- C:\Windows\system32\CanonIJ Uninstaller Information
2013-07-05 20:13:19 . 2012-02-08 14:36:04 363520 ----a-w- C:\Windows\system32\CNC_B8L.dll
2013-07-05 20:13:19 . 2012-01-16 12:21:22 287744 ----a-w- C:\Windows\system32\CNC_B8C.dll
2013-07-05 20:13:19 . 2012-01-16 12:20:50 106496 ----a-w- C:\Windows\system32\CNC_B8I.dll
2013-07-05 20:13:19 . 2008-08-25 16:02:54 17920 ----a-w- C:\Windows\system32\CNHMCA6.dll
2013-07-05 20:12:48 . 2012-03-26 03:00:00 389120 ----a-w- C:\Windows\system32\CNMLMB8.DLL
2013-07-05 20:12:13 . 2013-07-05 20:12:14 -------- d-----w- C:\Windows\system32\STRING
2013-07-05 20:12:13 . 2012-03-28 17:01:05 39424 ----a-w- C:\Windows\system32\CNMN6UI.DLL
2013-07-05 20:12:13 . 2012-03-28 17:01:00 359936 ----a-w- C:\Windows\system32\CNMN6PPM.DLL
2013-07-05 20:10:58 . 2013-07-05 20:10:58 -------- d--h--w- C:\ProgramData\CanonIJETV
2013-07-05 20:10:31 . 2013-07-05 20:25:02 -------- d-----w- C:\Program Files (x86)\Canon
2013-07-01 14:29:18 . 2013-07-01 14:29:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-01 14:29:18 . 2013-07-01 14:29:18 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-01 14:29:17 . 2013-07-01 14:29:17 -------- d-----w- C:\Windows\SysWow64\Macromed
2013-07-01 14:29:13 . 2013-07-01 14:29:13 -------- d-----w- C:\Windows\system32\Macromed
2013-06-30 23:59:38 . 2013-07-21 19:20:36 -------- d-----w- C:\Windows\Panther
2013-06-30 22:21:13 . 2013-06-30 22:21:23 -------- d-----w- C:\Program Files\CCleaner
2013-06-30 22:12:43 . 2013-06-30 22:12:43 -------- d-----w- C:\Program Files (x86)\Atheros
2013-06-30 22:12:43 . 2010-05-11 16:11:40 2229608 ----a-w- C:\Windows\system32\drivers\athrx.sys
2013-06-30 22:12:43 . 2010-05-11 16:11:40 2229608 ----a-w- C:\Windows\system32\athrx.sys
2013-06-30 21:43:17 . 2013-06-30 21:43:17 -------- d-----w- C:\Windows\SysWow64\Wat
2013-06-30 21:43:17 . 2013-06-30 21:43:17 -------- d-----w- C:\Windows\system32\Wat
2013-06-30 21:24:05 . 2012-07-26 04:47:34 2560 ----a-w- C:\Windows\system32\drivers\en-US\wdf01000.sys.mui
2013-06-30 21:24:04 . 2012-07-26 04:55:47 785512 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys
2013-06-30 21:24:04 . 2012-07-26 04:55:47 54376 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys
2013-06-30 21:24:04 . 2012-07-26 02:36:08 9728 ----a-w- C:\Windows\system32\Wdfres.dll
2013-06-30 21:20:47 . 2012-07-26 02:26:06 198656 ----a-w- C:\Windows\system32\drivers\WUDFRd.sys
2013-06-30 21:20:46 . 2012-07-26 02:26:45 87040 ----a-w- C:\Windows\system32\drivers\WUDFPf.sys
2013-06-30 21:20:44 . 2012-07-26 03:08:14 84992 ----a-w- C:\Windows\system32\WUDFSvc.dll
2013-06-30 21:20:44 . 2012-07-26 03:08:14 194048 ----a-w- C:\Windows\system32\WUDFPlatform.dll
2013-06-30 21:20:41 . 2012-07-26 03:08:14 45056 ----a-w- C:\Windows\system32\WUDFCoinstaller.dll
2013-06-30 21:20:40 . 2012-07-26 03:08:53 229888 ----a-w- C:\Windows\system32\WUDFHost.exe
2013-06-30 21:20:40 . 2012-07-26 03:08:14 744448 ----a-w- C:\Windows\system32\WUDFx.dll
2013-06-30 21:03:18 . 2011-02-19 12:04:17 902656 ----a-w- C:\Windows\system32\d2d1.dll
2013-06-30 21:03:17 . 2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-06-30 21:03:16 . 2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\system32\FntCache.dll
2013-06-30 21:03:13 . 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\system32\wintrust.dll
2013-06-30 21:03:13 . 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-06-30 21:00:15 . 2013-06-30 21:00:15 -------- d-----w- C:\Windows\system32\appmgmt
2013-06-30 20:53:31 . 2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-06-30 20:53:31 . 2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-06-30 20:53:31 . 2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-06-30 20:53:29 . 2013-02-15 06:08:40 44032 ----a-w- C:\Windows\system32\tsgqec.dll
2013-06-30 20:53:29 . 2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\system32\mstscax.dll
2013-06-30 20:53:29 . 2013-02-15 06:02:26 158720 ----a-w- C:\Windows\system32\aaclient.dll
2013-06-30 20:41:27 . 2013-06-30 20:41:27 -------- d-----w- C:\Windows\SysWow64\nl
2013-06-30 20:41:27 . 2013-06-30 20:41:27 -------- d-----w- C:\Windows\SysWow64\0413
2013-06-30 20:41:27 . 2013-06-30 20:41:27 -------- d-----w- C:\Windows\nl-NL
2013-06-30 20:41:08 . 2013-06-30 20:41:08 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2013-06-30 20:41:08 . 2013-06-30 20:41:08 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\nl-NL
2013-06-30 20:41:08 . 2013-06-30 20:41:08 -------- d-----w- C:\Windows\SysWow64\drivers\nl-NL
2013-06-30 20:41:05 . 2013-07-21 14:36:42 -------- d-----w- C:\Windows\SysWow64\wbem\nl-NL
2013-06-30 20:41:02 . 2013-06-30 20:41:02 -------- d-----w- C:\Windows\system32\nl
2013-06-30 20:41:02 . 2013-06-30 20:41:02 -------- d-----w- C:\Windows\system32\0413
2013-06-30 20:40:39 . 2013-07-21 14:36:20 -------- d-----w- C:\Windows\system32\drivers\nl-NL
2013-06-30 20:40:39 . 2013-06-30 20:40:39 -------- d-----w- C:\Windows\system32\drivers\UMDF\nl-NL
2013-06-30 20:40:27 . 2013-07-21 14:36:20 -------- d-----w- C:\Windows\system32\wbem\nl-NL
2013-06-30 19:12:32 . 2009-07-13 16:55:16 3584 ----a-w- C:\Windows\system32\Spool\prtprocs\x64\nl-NL\LXKPTPRC.DLL.mui
2013-06-30 18:51:24 . 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\system32\atmlib.dll
2013-06-30 18:51:24 . 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-06-30 18:51:24 . 2010-09-30 06:47:59 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-06-30 18:51:23 . 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\system32\atmfd.dll
2013-06-30 18:51:23 . 2010-09-30 10:41:58 100864 ----a-w- C:\Windows\system32\fontsub.dll
2013-06-30 18:51:22 . 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-06-30 18:44:14 . 2011-12-30 06:26:08 515584 ----a-w- C:\Windows\system32\timedate.cpl
2013-06-30 18:44:14 . 2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2013-06-30 18:44:09 . 2011-06-16 05:49:32 199680 ----a-w- C:\Windows\system32\xmllite.dll
2013-06-30 18:44:04 . 2012-05-05 08:36:55 503808 ----a-w- C:\Windows\system32\srcore.dll
2013-06-30 18:44:04 . 2010-11-20 13:25:07 296960 ----a-w- C:\Windows\system32\rstrui.exe
2013-06-30 18:44:03 . 2012-05-05 07:46:52 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2013-06-30 18:42:41 . 2011-04-09 06:58:56 142336 ----a-w- C:\Windows\system32\poqexec.exe
2013-06-30 18:42:40 . 2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-07-21 14:30:27 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll
2013-07-21 14:30:27 . 2009-07-14 02:36:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-06-30 16:14:12 . 2012-07-17 12:37:10 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-19 10:54:27 . 2013-05-19 10:54:27 97176 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 09:06:44 98304]
"avast"="G:\Avast\avastUI.exe" [2013-05-09 08:58:30 4858968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys;C:\Windows\SYSNATIVE\drivers\synth3 dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys;C:\Windows\SYSNATIVE\drivers\aswMonFlt .sys [x]
S2 MBAMScheduler;MBAMScheduler;G:\Malwarebytes' Anti-Malware\mbamscheduler.exe;G:\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;G:\Malwarebytes' Anti-Malware\mbamservice.exe;G:\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys;C:\Windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.s ys [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 08:26:22 1173456 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2013-07-25 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30 15:56:44 . 2013-06-30 15:56:44]

2013-07-25 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30 15:56:44 . 2013-06-30 15:56:44]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58:09 133840 ----a-w- G:\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 16:02:52 10920552]
"PLFSetI"="C:\Windows\PLFSetI.exe" [2010-06-09 16:54:22 206208]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKU-Default-RunOnce-SPReview - C:\Windows\System32\SPReview\SPReview.exe

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Diana at 22:21:43 on 2013-07-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1787.688 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
G:\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\atibtmon.exe
G:\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
G:\Malwarebytes' Anti-Malware\mbamscheduler.exe
G:\Malwarebytes' Anti-Malware\mbamservice.exe
G:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\SearchIndexer.exe
G:\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - G:\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - G:\Avast\aswWebRepIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast] "G:\Avast\avastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{0F642EF0-90EA-4FAE-B783-D1D9375945F1} : DHCPNameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{79395291-EB9D-4E5B-AC2C-1E7D4FCA3E90} : DHCPNameServer = 62.179.104.196 213.46.228.196
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - G:\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Nieuwe map (2)\Java\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Nieuwe map (2)\Java\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - G:\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-30 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-30 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-6-30 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-6-30 378944]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-6-30 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-6-30 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-6-30 80816]
R2 avast! Antivirus;avast! Antivirus;G:\Avast\AvastSvc.exe [2013-6-30 46808]
R2 MBAMScheduler;MBAMScheduler;G:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-25 418376]
R2 MBAMService;MBAMService;G:\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-25 701512]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-6-30 116752]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-25 25928]
R3 SbieDrv;SbieDrv;G:\Sandboxie\SbieDrv.sys [2013-7-8 199384]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-6-30 38528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-30 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-21 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-30 1255736]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2013-07-25 20:20:59 -------- d-sh--w- C:\$RECYCLE.BIN
2013-07-25 19:54:12 98816 ----a-w- C:\Windows\sed.exe
2013-07-25 19:54:12 256000 ----a-w- C:\Windows\PEV.exe
2013-07-25 19:54:12 208896 ----a-w- C:\Windows\MBR.exe
2013-07-25 19:53:58 -------- d-----w- C:\ComboFix
2013-07-25 00:42:52 -------- d-----w- C:\Users\Diana\AppData\Roaming\Malwarebytes
2013-07-25 00:42:41 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-25 00:42:39 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-25 00:42:26 -------- d-----w- C:\Users\Diana\AppData\Local\Programs
2013-07-23 10:21:49 -------- d-----w- C:\Users\Diana\AppData\Roaming\Remere's Map Editor
2013-07-21 15:22:02 -------- d-----w- C:\ProgramData\Caphyon
2013-07-21 14:59:08 -------- d-----w- C:\ProgramData\Package Cache
2013-07-21 14:57:59 238088 ----a-w- C:\Windows\SysWow64\xactengine3_1.dll
2013-07-21 14:54:14 -------- d-----w- C:\Windows\SysWow64\directx
2013-07-21 14:51:46 -------- d-----w- C:\Users\Diana\AppData\Roaming\AetherNet
2013-07-21 14:10:57 -------- d-----w- C:\Windows\System32\SPReview
2013-07-21 14:10:13 -------- d-----w- C:\Windows\System32\EventProviders
2013-07-21 14:01:24 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2013-07-21 14:01:23 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2013-07-21 14:01:14 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2013-07-21 14:01:07 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-07-21 14:01:07 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-21 14:01:06 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-07-21 14:01:05 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2013-07-21 13:59:59 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2013-07-21 13:58:59 378880 ----a-w- C:\Windows\System32\msinfo32.exe
2013-07-21 13:57:59 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-21 13:56:59 73216 ----a-w- C:\Windows\System32\unimdmat.dll
2013-07-21 13:55:59 8192 ----a-w- C:\Windows\System32\KBDTUF.DLL
2013-07-21 13:54:58 399872 ----a-w- C:\Windows\System32\dpx.dll
2013-07-21 13:54:58 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2013-07-21 13:54:36 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2013-07-21 13:54:29 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2013-07-21 13:52:06 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2013-07-19 14:35:59 -------- d-----w- C:\Users\Diana\AppData\Roaming\Ableton
2013-07-19 14:33:47 -------- d-----w- C:\Program Files (x86)\Common Files\Propellerhead Software
2013-07-19 00:21:20 51712 ----a-w- C:\Windows\AutosetFrequency.exe
2013-07-19 00:21:20 214400 ----a-w- C:\Windows\SysWow64\snpropwp.dll
2013-07-19 00:21:20 206208 ----a-w- C:\Windows\PLFSetI.exe
2013-07-19 00:21:07 -------- d-----w- C:\Program Files (x86)\VideoWebCamera
2013-07-16 19:07:33 -------- d-----r- C:\Sandbox
2013-07-15 23:46:08 -------- d-----w- C:\Users\Diana\AppData\Roaming\uTorrent
2013-07-15 18:08:18 -------- d-----w- C:\Users\Diana\AppData\Roaming\.minecraft
2013-07-15 18:06:44 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-07-15 18:06:44 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-07-15 18:06:28 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-09 17:29:52 -------- d--h--w- C:\ProgramData\CanonIJMIG
2013-07-09 17:28:59 -------- d--h--w- C:\ProgramData\CanonIJScan
2013-07-05 20:26:26 -------- d--h--w- C:\ProgramData\CanonIJEGV
2013-07-05 20:24:55 320000 ----a-w- C:\Windows\SysWow64\CNC_B8L.dll
2013-07-05 20:24:55 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2013-07-05 20:24:55 103424 ----a-w- C:\Windows\SysWow64\CNC_B8U.dll
2013-07-05 20:21:54 -------- d-----w- C:\Program Files\Common Files\CANON
2013-07-05 20:21:41 -------- d-----w- C:\ProgramData\CanonIJWSpt
2013-07-05 20:14:48 -------- d-----w- C:\Program Files\Canon
2013-07-05 20:13:34 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDB8.DLL
2013-07-05 20:13:34 100352 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPB8.DLL
2013-07-05 20:13:19 363520 ----a-w- C:\Windows\System32\CNC_B8L.dll
2013-07-05 20:13:19 287744 ----a-w- C:\Windows\System32\CNC_B8C.dll
2013-07-05 20:13:19 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2013-07-05 20:13:19 106496 ----a-w- C:\Windows\System32\CNC_B8I.dll
2013-07-05 20:12:48 389120 ----a-w- C:\Windows\System32\CNMLMB8.DLL
2013-07-05 20:12:13 39424 ----a-w- C:\Windows\System32\CNMN6UI.DLL
2013-07-05 20:12:13 359936 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
2013-07-05 20:12:13 -------- d-----w- C:\Windows\System32\STRING
2013-07-05 20:10:58 -------- d--h--w- C:\ProgramData\CanonIJETV
2013-07-05 20:10:31 -------- d-----w- C:\Program Files (x86)\Canon
2013-07-01 14:29:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-01 14:29:18 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-01 14:28:37 -------- d-----w- C:\Users\Diana\AppData\Local\Adobe
2013-06-30 23:59:38 -------- d-----w- C:\Windows\Panther
2013-06-30 22:21:13 -------- d-----w- C:\Program Files\CCleaner
2013-06-30 22:12:43 2229608 ----a-w- C:\Windows\System32\drivers\athrx.sys
2013-06-30 22:12:43 2229608 ----a-w- C:\Windows\System32\athrx.sys
2013-06-30 22:12:43 -------- d-----w- C:\Program Files (x86)\Atheros
2013-06-30 21:43:17 -------- d-----w- C:\Windows\SysWow64\Wat
2013-06-30 21:43:17 -------- d-----w- C:\Windows\System32\Wat
2013-06-30 21:24:06 2560 ----a-w- C:\Windows\System32\drivers\nl-NL\wdf01000.sys.mui
2013-06-30 21:24:05 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-06-30 21:24:04 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-06-30 21:24:04 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-06-30 21:24:04 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-06-30 21:20:47 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-06-30 21:20:46 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-06-30 21:20:44 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-06-30 21:20:44 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-06-30 21:20:41 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-06-30 21:20:40 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-06-30 21:20:40 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-06-30 21:03:18 902656 ----a-w- C:\Windows\System32\d2d1.dll
2013-06-30 21:03:17 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-06-30 21:03:16 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2013-06-30 21:03:13 220160 ----a-w- C:\Windows\System32\wintrust.dll
2013-06-30 21:03:13 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-06-30 21:00:15 -------- d-----w- C:\Windows\System32\appmgmt
2013-06-30 20:53:31 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-06-30 20:53:31 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-06-30 20:53:31 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-06-30 20:53:29 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-06-30 20:53:29 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-06-30 20:53:29 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-06-30 20:41:27 -------- d-----w- C:\Windows\SysWow64\nl
2013-06-30 20:41:27 -------- d-----w- C:\Windows\SysWow64\0413
2013-06-30 20:41:27 -------- d-----w- C:\Windows\nl-NL
2013-06-30 20:41:08 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2013-06-30 20:41:08 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\nl-NL
2013-06-30 20:41:08 -------- d-----w- C:\Windows\SysWow64\drivers\nl-NL
2013-06-30 20:41:05 -------- d-----w- C:\Windows\SysWow64\wbem\nl-NL
2013-06-30 20:41:02 -------- d-----w- C:\Windows\System32\nl
2013-06-30 20:41:02 -------- d-----w- C:\Windows\System32\0413
2013-06-30 20:40:39 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL
2013-06-30 20:40:39 -------- d-----w- C:\Windows\System32\drivers\nl-NL
2013-06-30 20:40:27 -------- d-----w- C:\Windows\System32\wbem\nl-NL
2013-06-30 19:11:58 5632 ----a-w- C:\Windows\System32\drivers\nl-NL\ndiscap.sys.mui
2013-06-30 18:51:24 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-06-30 18:51:24 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-06-30 18:51:24 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-06-30 18:51:23 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-06-30 18:51:23 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-06-30 18:51:22 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-06-30 18:44:14 515584 ----a-w- C:\Windows\System32\timedate.cpl
2013-06-30 18:44:14 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2013-06-30 18:44:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2013-06-30 18:44:04 296960 ----a-w- C:\Windows\System32\rstrui.exe
2013-06-30 18:44:03 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2013-06-30 18:42:41 142336 ----a-w- C:\Windows\System32\poqexec.exe
2013-06-30 18:42:40 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-06-30 18:42:36 2871808 ----a-w- C:\Windows\explorer.exe
2013-06-30 18:42:34 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-06-30 18:40:56 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-06-30 18:40:56 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-06-30 18:40:56 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-06-30 18:40:55 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-06-30 18:40:54 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-06-30 18:39:42 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-06-30 18:39:41 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-06-30 18:39:35 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-06-30 18:39:34 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-06-30 18:39:07 33792 ----a-w- C:\Windows\System32\profprov.dll
2013-06-30 18:39:07 209920 ----a-w- C:\Windows\System32\profsvc.dll
2013-06-30 18:39:03 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2013-06-30 18:39:01 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-06-30 18:39:00 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-06-30 18:37:44 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-06-30 18:37:41 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-06-30 18:35:32 605552 ----a-w- C:\Windows\System32\winload.exe
2013-06-30 18:35:31 642944 ----a-w- C:\Windows\System32\winload.efi
2013-06-30 18:35:31 518672 ----a-w- C:\Windows\System32\winresume.exe
2013-06-30 18:35:30 566208 ----a-w- C:\Windows\System32\winresume.efi
2013-06-30 18:35:29 20352 ----a-w- C:\Windows\System32\kdusb.dll
2013-06-30 18:35:29 19328 ----a-w- C:\Windows\System32\kd1394.dll
2013-06-30 18:35:29 17792 ----a-w- C:\Windows\System32\kdcom.dll
2013-06-30 18:35:28 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2013-06-30 18:34:01 31232 ----a-w- C:\Windows\System32\prevhost.exe
2013-06-30 18:34:00 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2013-06-30 18:29:49 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-06-30 18:29:47 67072 ----a-w- C:\Windows\splwow64.exe
2013-06-30 18:27:38 -------- d-----w- C:\Users\Diana\AppData\Roaming\Windows Live Writer
2013-06-30 18:27:38 -------- d-----w- C:\Users\Diana\AppData\Local\Windows Live Writer
2013-06-30 17:35:00 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2013-06-30 17:34:58 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-06-30 17:31:32 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2013-06-30 17:31:32 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2013-06-30 17:31:32 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2013-06-30 17:29:17 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2013-06-30 17:29:08 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2013-06-30 17:29:00 1118720 ----a-w- C:\Windows\System32\sbe.dll
2013-06-30 17:26:50 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-06-30 17:25:56 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-30 17:25:55 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-06-30 17:25:54 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-06-30 17:25:32 162816 ----a-w- C:\Windows\System32\rdpudd.dll
2013-06-30 17:25:32 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2013-06-30 17:25:31 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-06-30 17:25:31 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2013-06-30 17:25:19 395776 ----a-w- C:\Windows\System32\webio.dll
2013-06-30 17:25:17 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2013-06-30 17:25:05 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-06-30 17:23:18 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-06-30 17:23:17 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-06-30 17:23:07 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2013-06-30 17:23:06 288256 ----a-w- C:\Windows\System32\MSNP.ax
2013-06-30 17:23:05 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2013-06-30 17:23:04 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2013-06-30 17:23:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2013-06-30 17:23:01 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2013-06-30 17:23:00 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2013-06-30 17:23:00 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2013-06-30 17:21:56 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-06-30 17:20:41 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-06-30 17:20:40 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-06-30 17:20:39 3072 ----a-w- C:\Windows\System32\dpnaddr.dll
2013-06-30 17:20:39 2560 ----a-w- C:\Windows\SysWow64\dpnaddr.dll
2013-06-30 17:20:35 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2013-06-30 17:20:16 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2013-06-30 17:20:12 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-06-30 17:20:10 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-06-30 17:20:08 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-06-30 17:20:04 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-06-30 17:20:03 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-06-30 17:00:10 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2013-06-30 17:00:09 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2013-06-30 17:00:07 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2013-06-30 17:00:06 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2013-06-30 17:00:05 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2013-06-30 17:00:05 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2013-06-30 17:00:03 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2013-06-30 17:00:00 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2013-06-30 16:59:59 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2013-06-30 16:59:59 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2013-06-30 16:59:58 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2013-06-30 16:59:58 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2013-06-30 16:59:55 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2013-06-30 16:59:38 77312 ----a-w- C:\Windows\System32\packager.dll
2013-06-30 16:59:38 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-06-30 16:59:16 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-06-30 16:59:13 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-06-30 16:58:44 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-30 16:58:39 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-06-30 16:58:34 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-06-30 16:58:28 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-06-30 16:58:28 112640 ----a-w- C:\Windows\System32\smss.exe
2013-06-30 16:58:26 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-06-30 16:56:17 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-06-30 16:56:14 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-06-30 16:56:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-06-30 16:42:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-06-30 16:41:49 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-06-30 16:41:37 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-06-30 16:41:37 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-06-30 16:14:23 -------- d-----w- C:\Windows\PCHEALTH
2013-06-30 16:13:27 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38305BDA-257D-4BEF-9CBD-CE66C875AE11}\mpengine.dll
2013-06-30 16:13:25 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-06-30 16:05:47 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-06-30 16:05:44 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-06-30 16:05:43 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-06-30 16:05:42 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-06-30 16:05:34 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-06-30 16:04:10 41664 ----a-w- C:\Windows\avastSS.scr
2013-06-30 16:02:07 -------- d-----w- C:\ProgramData\AVAST Software
2013-06-30 16:01:36 889416 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\18ea83851ce75ab01\dotNetFx40_Full_setup.exe
2013-06-30 16:01:32 -------- d-----w- C:\Users\Diana\AppData\Local\Windows Live
2013-06-30 16:01:13 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2013-06-30 15:56:39 -------- d-----w- C:\Users\Diana\AppData\Local\Google
2013-06-30 15:56:22 -------- d-----w- C:\Users\Diana\AppData\Local\Deployment
2013-06-30 15:56:22 -------- d-----w- C:\Users\Diana\AppData\Local\Apps
2013-06-30 15:52:52 -------- d-----w- C:\ProgramData\Atheros
2013-06-30 15:51:49 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2013-06-30 15:51:48 -------- d-----w- C:\Program Files\Broadcom
2013-06-30 15:34:50 -------- d-----w- C:\Users\Diana\AppData\Local\Diagnostics
2013-06-30 15:20:29 0 ----a-w- C:\Windows\ativpsrm.bin
2013-06-30 15:19:24 38528 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2013-06-30 15:18:00 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-06-30 15:15:44 -------- d-sh--w- C:\Windows\Installer
2013-06-30 15:15:31 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe
2013-06-30 14:06:42 -------- d-----w- C:\Recovery
.
==================== Find3M ====================
.
2013-07-21 14:30:27 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-07-21 14:30:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-05-19 10:54:27 97176 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll
.
============= FINISH: 22:23:27,14 ===============

**Emphyrio** · 25-07-13, 22:45

Hoe is het nu?

**Taranta** · 25-07-13, 23:27

De laptop werkte opzich prima maar ik ben blij dat ik toch even om hulp gevraagd heb, want ik heb gezien dat er wel wat gevonden was.

Tot zo ver ziet het er allemaal vertrouwd uit dus als je niets meer op te merken hebt dan ben ik je zeer dankbaar!!

**Emphyrio** · 26-07-13, 10:50

Mooi zo

We gaan Combofix verwijderen....

Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

ComboFix /Uninstall

Zorg ervoor dat er dus een spatie is tussen Combofix en /
Daarna klik je op Enter.

Klik op de afbeelding om te vergroten....

1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

4) Allerlei tips en hints kan je hier raadplegen.

Ik zet het topic op opgelost.

Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden
naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
Dit is gedaan om het forum netjes en overzichtelijk te houden.

Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

Emphyrio

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden,
herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
gaat verborgen bestanden en systeembestanden terug verbergen
en reset je Systeemherstel opnieuw.

Download OTC.exe (by OldTimer) naar je bureaublad.
(Dus : Opslaan, "Door je mappen bladeren" klikken, in de linkerkolom je bureaublad selecteren en "opslaan" klikken)
.

Klik vervolgens met je rechtermuisknop op OTC.exe en kies voor Run as Administrator
(Nederlands: Uitvoeren als Administrator) om het programma te starten.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil,
mag je dit toestaan, het programma heeft die connectie nodig.
OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

.
Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.

Mededeling

Hulp nodig met internet (youtube) virus (trj)

Hulp nodig met internet (youtube) virus (trj)

Comment

Comment

Comment

Comment

Comment

Comment

Comment