Mededeling

Collapse
No announcement yet.

Gruwelijke adware-besmetting

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Gruwelijke adware-besmetting

    Hoi, ik heb een tijdje terug al een soortgelijk topic geopend, maar de klachten zijn weer terug dus is de openingspost even relevant; ik heb natuurlijk wel de logjes ververst

    op deze computer is al een tijdje sprake van hardnekkige pop-ups (die niet verdwijnen met AdBlock) en nog vervelender, talloze advertenties in de browser zelf. Op een willekeurige YouTube-pagina zijn bijvoorbeeld op zijn minst 5 venstertjes met irritante advertenties niet van YouTube.

    Het probleem lijkt een programma te zijn dat ''BrowseToSave'' heet, die is verantwoordelijk voor alle in-browseradvertenties. Ik heb al eens eerder gescand met MBAM, en die heeft dit programma toen deels verwijderd, maar er is blijkbaar nog steeds iets van over, want ik krijg nog steeds advertenties. Ik heb de sticky gelezen en de stappen gevolgd, hier zijn de logjes :



    MBAM log:
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.07.27.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16635
    Eeftink :: EEFTINK-LAPTOP [administrator]

    27-7-2013 14:23:09
    mbam-log-2013-07-27 (14-23-09).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 219593
    Verstreken tijd: 12 minuut/minuten, 21 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 4
    C:\Users\Eeftink\AppData\Local\Temp\ICReinstall_setup.exe (PUP.Optional.InstallCore) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Eeftink\Downloads\-.exe (PUP.BundleInstaller.DW) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Eeftink\Downloads\setup.exe (PUP.Optional.InstallCore) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Eeftink\Downloads\SoftonicDownloader_voor_google-chrome-for-business.exe (PUP.Optional.Softonic) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)



    DDS log
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
    Run by Eeftink at 15:07:11 on 2013-07-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1900.276 [GMT 2:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Windows\system32\lxducoms.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\PnkBstrB.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Users\Eeftink\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\Eeftink\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Users\Eeftink\Desktop\antivirus\Defogger.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    uRun: [Google Update] "C:\Users\Eeftink\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\Eeftink\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eeftink\AppData\Roaming\Dropbox\bin\Dropbox.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 213.46.228.196 62.179.104.196
    TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986} : DHCPNameServer = 213.46.228.196 62.179.104.196
    TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\3596475636F6D6342354131483 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\3596475636F6D6F5466673735383 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\550534234323238383533393 : DHCPNameServer = 192.168.192.1
    TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\8656E6B6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\A597F507279667164756F5050505253485 : DHCPNameServer = 192.168.1.254 195.241.77.51 195.241.77.52
    TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\C696E6B6379737 : DHCPNameServer = 213.46.228.196 62.179.104.196
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-5-7 283200]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-11-8 98208]
    R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-1 138400]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-1 76448]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-8 13336]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-8 1817088]
    R2 lxdu_device;lxdu_device;C:\Windows\System32\lxducoms.exe -service --> C:\Windows\System32\lxducoms.exe -service [?]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-21 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-21 701512]
    R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-3-25 5018624]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-1 36000]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-1 298656]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-1 28832]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-1 201376]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-1 55456]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-1 154272]
    R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-1 280224]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-21 25928]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-11-8 335464]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-8 436840]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    .
    =============== Created Last 30 ================
    .
    2013-07-26 17:22:27 -------- d-----w- C:\Users\Eeftink\AppData\Local\{5D206313-B21C-42E6-B112-8E721949E311}
    2013-07-26 14:07:57 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\offreg.dll
    2013-07-26 07:48:42 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\mpengine.dll
    2013-07-19 12:51:49 -------- d-----w- C:\Users\Eeftink\AppData\Local\{DB33E013-B5AB-4E4D-BB9F-D159CE922196}
    2013-07-18 16:32:31 -------- d-----w- C:\Users\Eeftink\AppData\Local\{35099FF3-1816-4645-9364-01D2BA514FB3}
    2013-07-18 16:31:56 -------- d-----w- C:\Users\Eeftink\AppData\Roaming\Lexmark Productivity Studio
    2013-07-11 22:08:39 -------- d-----w- C:\Users\Eeftink\AppData\Roaming\Spotify
    2013-07-10 11:31:39 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
    2013-07-10 11:31:38 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
    2013-07-10 11:31:38 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
    2013-07-10 11:31:38 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
    2013-07-10 11:31:37 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
    2013-07-10 11:31:37 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
    2013-07-10 11:31:37 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
    2013-07-10 11:31:33 624128 ----a-w- C:\Windows\System32\qedit.dll
    2013-07-10 11:31:33 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2013-07-10 11:31:30 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-10 11:31:30 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-10 11:30:41 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-10 11:30:41 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-10 11:30:38 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-07-10 11:30:20 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-07-10 11:30:19 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-07-06 15:47:48 -------- d-----w- C:\Users\Eeftink\AppData\Local\{79683EAC-DEA1-45EF-A6E9-6902B2459949}
    .
    ==================== Find3M ====================
    .
    2013-06-19 20:17:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-19 20:17:46 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-06-19 20:17:46 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-06-12 18:18:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-12 18:18:45 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
    2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
    2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
    2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
    2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 15:09:22,37 ===============



    GMER log:
    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-07-27 15:29:39
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ES2O 298,09GB
    Running: n7hf48u9.exe; Driver: C:\Users\Eeftink\AppData\Local\Temp\axdiikog.sys


    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\System32\spoolsv.exe [1276:2888] 0000000051074ba0
    Thread C:\Windows\System32\spoolsv.exe [1276:2900] 000000006508e0e0
    Thread C:\Windows\System32\spoolsv.exe [1276:2912] 000007fef95e10c8
    Thread C:\Windows\System32\spoolsv.exe [1276:2920] 000007fef6dc6144
    Thread C:\Windows\System32\spoolsv.exe [1276:2924] 000007fef8fc5fd0
    Thread C:\Windows\System32\spoolsv.exe [1276:2928] 000007fef95b3438
    Thread C:\Windows\System32\spoolsv.exe [1276:2932] 000007fef8fc63ec
    Thread C:\Windows\System32\spoolsv.exe [1276:2940] 000007fef9625e5c
    Thread C:\Windows\system32\svchost.exe [1632:1776] 000007fef8fc5fd0
    Thread C:\Windows\system32\svchost.exe [1632:1780] 000007fef8fc63ec
    Thread C:\Windows\system32\svchost.exe [1632:2484] 000007fef7288470
    Thread C:\Windows\system32\svchost.exe [1632:2492] 000007fef7292418
    Thread C:\Windows\System32\svchost.exe [1216:2632] 000007fef7169688

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2baf0842
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2baf0842 (not active ControlSet)

    ---- EOF - GMER 2.1 ----

  • #2
    Hoi MetallicA,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub .
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Stap 1:

    Malware scannen en verwijderen....

    Start MBAM.

    Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga naar het tabblad "Updates" en Update MBAM.
    • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    Indien MBAM vraagt om een herstart, doe dit dan ook.
    Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
    In dat geval post je dus de twee logs.

    De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


    Bij problemen!!!

    ___________________________________________________________

    Stap 2:

    Controle op slechte toolbars...

    Opmerking:Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
    Beveiligingssoftware uitschakelen.

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner en klik op Verwijderen

    • KLIK HIER voor een vergroting! 
    • Klik bij AdwCleaner – Information op OK
    • Klik bij AdwCleaner – Restart Required op OK

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

    ___________________________________________________________

    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

    ___________________________________________________________

    Stap 4:

    Controle op updates...

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.

    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Hoi,

      hier de logjes:

      MBAM:
      Malwarebytes Anti-Malware 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2013.07.27.02

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 10.0.9200.16635
      Eeftink :: EEFTINK-LAPTOP [administrator]

      27-7-2013 16:12:38
      mbam-log-2013-07-27 (16-12-38).txt

      Scan type: Volledige scan (C:\|D:\|E:\|F:\|)
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 362311
      Verstreken tijd: 1 uur/uren, 17 minuut/minuten, 35 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerwaarden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerdata gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Mappen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Bestanden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      (einde)


      AdwCleaner :
      # AdwCleaner v2.306 - Verslag gemaakt op 27/07/2013 om 17:47:59
      # Geactualiseerd op 19/07/2013 door Xplode
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Gebruiker : Eeftink - EEFTINK-LAPTOP
      # Opstarten Modus : Normale modus
      # Gelanceerd vanaf : C:\Users\Eeftink\Desktop\adwcleaner.exe
      # Optie [Verwijderen]


      ***** [Diensten] *****


      ***** [Files / Mappen] *****


      ***** [Register] *****

      Sleutel Verwijderd : HKCU\Software\InstallCore
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
      Sleutel Verwijderd : HKLM\Software\systweak
      Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
      Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
      Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

      ***** [Browsers] *****

      -\\ Internet Explorer v10.0.9200.16635

      [OK] Het register bevat geen enkele ongeoorloofde invoer.

      -\\ Mozilla Firefox v [Onmogelijk de versie te verkrijgen]

      -\\ Google Chrome v28.0.1500.72

      File : C:\Users\Eeftink\AppData\Local\Google\Chrome\User Data\Default\Preferences

      [OK] De file bevat geen enkele ongeoorloofde invoer.

      *************************

      AdwCleaner[R1].txt - [2110 octets] - [27/07/2013 17:46:50]
      AdwCleaner[S1].txt - [6094 octets] - [17/06/2013 22:08:33]
      AdwCleaner[S2].txt - [2074 octets] - [27/07/2013 17:47:59]

      ########## EOF - C:\AdwCleaner[S2].txt - [2134 octets] ##########



      DDS :
      DDS (Ver_2012-11-20.01) - NTFS_AMD64
      Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
      Run by Eeftink at 17:58:12 on 2013-07-27
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1900.230 [GMT 2:00]
      .
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
      C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
      C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
      C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
      C:\Windows\system32\lxducoms.exe
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
      C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
      C:\Windows\SysWOW64\PnkBstrA.exe
      C:\Windows\SysWOW64\PnkBstrB.exe
      C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Windows\System32\svchost.exe -k secsvcs
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Windows\system32\svchost.exe -k bthsvcs
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Windows\servicing\TrustedInstaller.exe
      C:\Windows\system32\taskhost.exe
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\System32\igfxtray.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Users\Eeftink\AppData\Roaming\Dropbox\bin\Dropbox.exe
      C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
      C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
      C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
      C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
      C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
      C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
      C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
      C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
      C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
      C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      C:\Windows\system32\sppsvc.exe
      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\system32\taskmgr.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.google.com
      BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
      BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
      BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
      BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
      uRun: [Google Update] "C:\Users\Eeftink\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
      mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      StartupFolder: C:\Users\Eeftink\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eeftink\AppData\Roaming\Dropbox\bin\Dropbox.exe
      uPolicies-Explorer: NoDrives = dword:0
      mPolicies-Explorer: NoDrives = dword:0
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableUIADesktopToggle = dword:0
      IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
      IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
      IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
      DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      TCP: NameServer = 213.46.228.196 62.179.104.196
      TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986} : DHCPNameServer = 213.46.228.196 62.179.104.196
      TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\3596475636F6D6342354131483 : DHCPNameServer = 192.168.0.1
      TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\3596475636F6D6F5466673735383 : DHCPNameServer = 192.168.0.1
      TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\550534234323238383533393 : DHCPNameServer = 192.168.192.1
      TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\8656E6B6 : DHCPNameServer = 192.168.1.1
      TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\A597F507279667164756F5050505253485 : DHCPNameServer = 192.168.1.254 195.241.77.51 195.241.77.52
      TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\C696E6B6379737 : DHCPNameServer = 213.46.228.196 62.179.104.196
      Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
      Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      SSODL: WebCheck - <orphaned>
      SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
      x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
      x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
      x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
      x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
      x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
      x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
      x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
      x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
      x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
      x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
      x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
      x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
      x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
      x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
      x64-Notify: igfxcui - igfxdev.dll
      x64-SSODL: WebCheck - <orphaned>
      .
      ============= SERVICES / DRIVERS ===============
      .
      R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-5-7 283200]
      R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-1 36000]
      R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-1 298656]
      R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-1 28832]
      R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-1 201376]
      R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-1 55456]
      R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-1 154272]
      R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-1 280224]
      R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
      R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-21 25928]
      R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-11-8 335464]
      R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-8 436840]
      S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
      S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
      S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
      S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
      .
      =============== Created Last 30 ================
      .
      2013-07-27 15:56:29 -------- d-----w- C:\Users\Eeftink\AppData\Local\{E1808EA2-CC04-4496-B197-5DA0E2B8003C}
      2013-07-26 17:22:27 -------- d-----w- C:\Users\Eeftink\AppData\Local\{5D206313-B21C-42E6-B112-8E721949E311}
      2013-07-26 14:07:57 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\offreg.dll
      2013-07-26 07:48:42 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\mpengine.dll
      2013-07-19 12:51:49 -------- d-----w- C:\Users\Eeftink\AppData\Local\{DB33E013-B5AB-4E4D-BB9F-D159CE922196}
      2013-07-18 16:32:31 -------- d-----w- C:\Users\Eeftink\AppData\Local\{35099FF3-1816-4645-9364-01D2BA514FB3}
      2013-07-18 16:31:56 -------- d-----w- C:\Users\Eeftink\AppData\Roaming\Lexmark Productivity Studio
      2013-07-11 22:08:39 -------- d-----w- C:\Users\Eeftink\AppData\Roaming\Spotify
      2013-07-10 11:31:39 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
      2013-07-10 11:31:38 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
      2013-07-10 11:31:38 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
      2013-07-10 11:31:38 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
      2013-07-10 11:31:37 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
      2013-07-10 11:31:37 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
      2013-07-10 11:31:37 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
      2013-07-10 11:31:33 624128 ----a-w- C:\Windows\System32\qedit.dll
      2013-07-10 11:31:33 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
      2013-07-10 11:31:30 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
      2013-07-10 11:31:30 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
      2013-07-10 11:30:41 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
      2013-07-10 11:30:41 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
      2013-07-10 11:30:38 3153920 ----a-w- C:\Windows\System32\win32k.sys
      2013-07-10 11:30:20 1643520 ----a-w- C:\Windows\System32\DWrite.dll
      2013-07-10 11:30:19 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
      2013-07-06 15:47:48 -------- d-----w- C:\Users\Eeftink\AppData\Local\{79683EAC-DEA1-45EF-A6E9-6902B2459949}
      .
      ==================== Find3M ====================
      .
      2013-06-19 20:17:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
      2013-06-19 20:17:46 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
      2013-06-19 20:17:46 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
      2013-06-12 18:18:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2013-06-12 18:18:45 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
      2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
      2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
      2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
      2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
      2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
      2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
      2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
      2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
      2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
      2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
      2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
      2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
      2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
      2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
      2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
      2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
      2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
      2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
      2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
      2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
      2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
      2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
      2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
      .
      ============= FINISH: 18:01:41,11 ===============



      Security check :
      Results of screen317's Security Check version 0.99.71
      Windows 7 Service Pack 1 x64 (UAC is enabled)
      Internet Explorer 10
      ``````````````Antivirus/Firewall Check:``````````````
      WMI entry may not exist for antivirus; attempting automatic update.
      `````````Anti-malware/Other Utilities Check:`````````
      JavaFX 2.1.0
      Java 7 Update 25
      Adobe Flash Player 11.7.700.224
      Adobe Reader XI
      Google Chrome 28.0.1500.71
      Google Chrome 28.0.1500.72
      ````````Process Check: objlist.exe by Laurent````````
      Malwarebytes Anti-Malware mbamservice.exe
      Malwarebytes Anti-Malware mbamgui.exe
      Malwarebytes' Anti-Malware mbamscheduler.exe
      `````````````````System Health check`````````````````
      Total Fragmentation on Drive C: 0%
      ````````````````````End of Log``````````````````````

      Comment


      • #4
        Download of Update Ccleaner

        Start CCleaner op.
        • Run Ccleaner en klik in de linkse kolom op Opties
        • Selecteer het tabblad Geavanceerd
        • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
        • Haal het vinkje weg voor Verwijder alleen bestanden in de Prullenbak die ouder zijn dan 24 uur
        • Selecteer het tabblad Instellingen
        • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
        • Klik in de linkse kolom op Cleaner.
        • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
        • Klik vervolgens in de linkse kolom op Register
        • Klik op Scan naar problemen.
        • Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK

        .
        Hoe is het nu?
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Wederom beter, maar nu staan weer op de plaats waar eerst advertenties stonden ''ads not by this site'' dus nog een restant van het programma ''BrowseToSave''

          Comment


          • #6
            Download TFC en sla deze op je Bureaublad op.
            • Dubbelklik op TFC.exe om het programma te openen.
            • Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
            • Klik op de knop Start om het programma te starten.
            • Als het programma klaar is, dan zal het je computer opnieuw opstarten.
              Als dit niet gebeurt, start dan je computer handmatig opnieuw op.


            _____________________________________________________________

            Download Combofix en plaats het op je bureaublad.

            Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
            Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.


            Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.


            Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
            Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

            Als Combofix vraagt om een update, dan staat je dit toe.

            Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
            Deze kan je vinden als C:\combofix.txt.

            Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

            Emphyrio
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              Bedankt voor je snelle reacties!

              Combofix log :
              ComboFix 13-07-27.01 - Eeftink 27-07-2013 20:06:41.2.2 - x64
              Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1900.940 [GMT 2:00]
              Gestart vanuit: c:\users\Eeftink\Desktop\ComboFix.exe
              SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              .
              .
              (((((((((((((((((((( Bestanden Gemaakt van 2013-06-27 to 2013-07-27 ))))))))))))))))))))))))))))))
              .
              .
              2013-07-27 18:17 . 2013-07-27 18:17 -------- d-----w- c:\users\Public\AppData\Local\temp
              2013-07-27 18:17 . 2013-07-27 18:17 -------- d-----w- c:\users\Default\AppData\Local\temp
              2013-07-26 14:07 . 2013-07-27 18:08 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\offreg.dll
              2013-07-26 07:48 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\mpengine.dll
              2013-07-20 08:30 . 2013-07-20 08:30 -------- d-----w- c:\program files (x86)\Common Files\Adobe
              2013-07-18 16:31 . 2013-07-18 16:31 -------- d-----w- c:\users\Eeftink\AppData\Roaming\Lexmark Productivity Studio
              2013-07-11 22:08 . 2013-07-11 22:24 -------- d-----w- c:\users\Eeftink\AppData\Roaming\Spotify
              2013-07-10 11:31 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
              2013-07-10 11:31 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
              2013-07-10 11:31 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
              2013-07-10 11:31 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
              2013-07-10 11:31 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
              2013-07-10 11:31 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
              2013-07-10 11:31 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
              2013-07-10 11:31 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
              2013-07-10 11:31 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
              2013-07-10 11:31 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
              2013-07-10 11:31 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
              2013-07-10 11:30 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
              2013-07-10 11:30 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
              2013-07-10 11:30 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
              2013-07-10 11:30 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
              2013-07-10 11:30 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
              .
              .
              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2013-07-11 09:43 . 2012-01-15 13:56 78185248 ----a-w- c:\windows\system32\MRT.exe
              2013-06-19 20:17 . 2013-06-19 20:18 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
              2013-06-19 20:17 . 2012-06-07 12:50 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
              2013-06-19 20:17 . 2011-04-23 16:50 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
              2013-06-12 18:18 . 2012-03-31 06:42 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
              2013-06-12 18:18 . 2012-01-14 07:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
              2013-05-28 22:21 . 2013-05-28 22:21 97280 ----a-w- c:\windows\system32\mshtmled.dll
              2013-05-28 22:21 . 2013-05-28 22:21 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
              2013-05-28 22:21 . 2013-05-28 22:21 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
              2013-05-28 22:21 . 2013-05-28 22:21 81408 ----a-w- c:\windows\system32\icardie.dll
              2013-05-28 22:21 . 2013-05-28 22:21 762368 ----a-w- c:\windows\system32\ieapfltr.dll
              2013-05-28 22:21 . 2013-05-28 22:21 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
              2013-05-28 22:21 . 2013-05-28 22:21 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
              2013-05-28 22:21 . 2013-05-28 22:21 62976 ----a-w- c:\windows\system32\pngfilt.dll
              2013-05-28 22:21 . 2013-05-28 22:21 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
              2013-05-28 22:21 . 2013-05-28 22:21 599552 ----a-w- c:\windows\system32\vbscript.dll
              2013-05-28 22:21 . 2013-05-28 22:21 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
              2013-05-28 22:21 . 2013-05-28 22:21 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
              2013-05-28 22:21 . 2013-05-28 22:21 51200 ----a-w- c:\windows\system32\imgutil.dll
              2013-05-28 22:21 . 2013-05-28 22:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
              2013-05-28 22:21 . 2013-05-28 22:21 452096 ----a-w- c:\windows\system32\dxtmsft.dll
              2013-05-28 22:21 . 2013-05-28 22:21 441856 ----a-w- c:\windows\system32\html.iec
              2013-05-28 22:21 . 2013-05-28 22:21 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
              2013-05-28 22:21 . 2013-05-28 22:21 361984 ----a-w- c:\windows\SysWow64\html.iec
              2013-05-28 22:21 . 2013-05-28 22:21 281600 ----a-w- c:\windows\system32\dxtrans.dll
              2013-05-28 22:21 . 2013-05-28 22:21 27648 ----a-w- c:\windows\system32\licmgr10.dll
              2013-05-28 22:21 . 2013-05-28 22:21 270848 ----a-w- c:\windows\system32\iedkcs32.dll
              2013-05-28 22:21 . 2013-05-28 22:21 247296 ----a-w- c:\windows\system32\webcheck.dll
              2013-05-28 22:21 . 2013-05-28 22:21 235008 ----a-w- c:\windows\system32\url.dll
              2013-05-28 22:21 . 2013-05-28 22:21 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
              2013-05-28 22:21 . 2013-05-28 22:21 226304 ----a-w- c:\windows\system32\elshyph.dll
              2013-05-28 22:21 . 2013-05-28 22:21 216064 ----a-w- c:\windows\system32\msls31.dll
              2013-05-28 22:21 . 2013-05-28 22:21 197120 ----a-w- c:\windows\system32\msrating.dll
              2013-05-28 22:21 . 2013-05-28 22:21 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
              2013-05-28 22:21 . 2013-05-28 22:21 173568 ----a-w- c:\windows\system32\ieUnatt.exe
              2013-05-28 22:21 . 2013-05-28 22:21 167424 ----a-w- c:\windows\system32\iexpress.exe
              2013-05-28 22:21 . 2013-05-28 22:21 158720 ----a-w- c:\windows\SysWow64\msls31.dll
              2013-05-28 22:21 . 2013-05-28 22:21 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
              2013-05-28 22:21 . 2013-05-28 22:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
              2013-05-28 22:21 . 2013-05-28 22:21 149504 ----a-w- c:\windows\system32\occache.dll
              2013-05-28 22:21 . 2013-05-28 22:21 144896 ----a-w- c:\windows\system32\wextract.exe
              2013-05-28 22:21 . 2013-05-28 22:21 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
              2013-05-28 22:21 . 2013-05-28 22:21 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
              2013-05-28 22:21 . 2013-05-28 22:21 138752 ----a-w- c:\windows\SysWow64\wextract.exe
              2013-05-28 22:21 . 2013-05-28 22:21 13824 ----a-w- c:\windows\system32\mshta.exe
              2013-05-28 22:21 . 2013-05-28 22:21 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
              2013-05-28 22:21 . 2013-05-28 22:21 136192 ----a-w- c:\windows\system32\iepeers.dll
              2013-05-28 22:21 . 2013-05-28 22:21 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
              2013-05-28 22:21 . 2013-05-28 22:21 12800 ----a-w- c:\windows\SysWow64\mshta.exe
              2013-05-28 22:21 . 2013-05-28 22:21 12800 ----a-w- c:\windows\system32\msfeedssync.exe
              2013-05-28 22:21 . 2013-05-28 22:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
              2013-05-28 22:21 . 2013-05-28 22:21 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
              2013-05-28 22:21 . 2013-05-28 22:21 102912 ----a-w- c:\windows\system32\inseng.dll
              2013-05-28 22:21 . 2013-05-28 22:21 77312 ----a-w- c:\windows\system32\tdc.ocx
              2013-05-28 22:21 . 2013-05-28 22:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
              2013-05-14 03:31 . 2012-01-11 20:43 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
              2013-05-13 05:51 . 2013-06-12 08:11 184320 ----a-w- c:\windows\system32\cryptsvc.dll
              2013-05-13 05:51 . 2013-06-12 08:11 1464320 ----a-w- c:\windows\system32\crypt32.dll
              2013-05-13 05:51 . 2013-06-12 08:11 139776 ----a-w- c:\windows\system32\cryptnet.dll
              2013-05-13 05:50 . 2013-06-12 08:11 52224 ----a-w- c:\windows\system32\certenc.dll
              2013-05-13 04:45 . 2013-06-12 08:11 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
              2013-05-13 04:45 . 2013-06-12 08:11 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
              2013-05-13 04:45 . 2013-06-12 08:11 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
              2013-05-13 03:43 . 2013-06-12 08:11 1192448 ----a-w- c:\windows\system32\certutil.exe
              2013-05-13 03:08 . 2013-06-12 08:11 903168 ----a-w- c:\windows\SysWow64\certutil.exe
              2013-05-13 03:08 . 2013-06-12 08:11 43008 ----a-w- c:\windows\SysWow64\certenc.dll
              2013-05-10 05:49 . 2013-06-12 08:11 30720 ----a-w- c:\windows\system32\cryptdlg.dll
              2013-05-10 03:20 . 2013-06-12 08:11 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
              2013-05-08 06:39 . 2013-06-12 08:11 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
              2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
              .
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
              REGEDIT4
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
              @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
              [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
              2013-05-25 00:36 130736 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
              @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
              [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
              2013-05-25 00:36 130736 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
              @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
              [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
              2013-05-25 00:36 130736 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
              "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
              "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
              "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
              "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
              .
              c:\users\Eeftink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
              Dropbox.lnk - c:\users\Eeftink\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
              "ConsentPromptBehaviorAdmin"= 5 (0x5)
              "ConsentPromptBehaviorUser"= 3 (0x3)
              "EnableUIADesktopToggle"= 0 (0x0)
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
              "LoadAppInit_DLLs"=1 (0x1)
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
              "midi2"=wdmaud.drv
              .
              R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
              R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
              R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
              R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
              R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
              R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
              R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
              R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNX T6.SYS [x]
              R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
              R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\dr ivers\TsUsbGD.sys [x]
              R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
              S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
              S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
              S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
              S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
              S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
              S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
              S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
              S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
              S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
              S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe;c:\windows\SYSNATIVE\lxducoms.exe [x]
              S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
              S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
              S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
              S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
              S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
              S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
              S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
              S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
              S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
              S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
              S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
              S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
              S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
              S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
              S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
              .
              .
              Inhoud van de 'Gedeelde Taken' map
              .
              2013-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
              - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 18:18]
              .
              2013-07-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-97582374-1526495322-1023689900-1000Core.job
              - c:\users\Eeftink\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-16 03:42]
              .
              2013-07-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-97582374-1526495322-1023689900-1000UA.job
              - c:\users\Eeftink\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-16 03:42]
              .
              2013-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 11:50]
              .
              2013-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 11:50]
              .
              2013-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97582374-1526495322-1023689900-1000Core.job
              - c:\users\Eeftink\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 14:10]
              .
              2013-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97582374-1526495322-1023689900-1000UA.job
              - c:\users\Eeftink\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 14:10]
              .
              2013-07-12 c:\windows\Tasks\HPCeeScheduleForEeftink.job
              - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
              .
              .
              --------- X64 Entries -----------
              .
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
              @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
              [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
              2013-05-25 00:36 164016 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
              @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
              [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
              2013-05-25 00:36 164016 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
              @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
              [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
              2013-05-25 00:36 164016 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
              @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
              [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
              2013-05-25 00:36 164016 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 167960]
              "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 391704]
              "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 418328]
              "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
              "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
              "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
              .
              ------- Bijkomende Scan -------
              .
              uStart Page = hxxp://www.google.com
              uLocal Page = c:\windows\system32\blank.htm
              mLocal Page = c:\windows\SysWOW64\blank.htm
              IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
              TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
              .
              - - - - ORPHANS VERWIJDERD - - - -
              .
              HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
              AddRemove-{585C7255-C954-564B-0DD7-7026E3EE052D} - c:\progra~3\INSTAL~1\{2CDF3~1\Setup.exe
              AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
              .
              .
              .
              --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
              .
              [HKEY_USERS\S-1-5-21-97582374-1526495322-1023689900-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
              @DACL=(02 0000)
              "{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,3b,1b,d4,e1,05,
              91,3e,5f,b8,01,9e,17,52,f4,1d,9a,c0,33
              "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c3,25,
              8c,3d,1d,d3,00,96,da,12,3c,74,4d,22,d3
              "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,17,dd,
              c7,7a,f5,37,09,a4,62,df,7d,c3,80,c9,bc
              "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,80,01,
              6a,cf,87,40,0c,ae,fd,97,82,f3,9c,6c,56
              "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,4f,95,
              b2,63,7f,b8,04,97,6d,b2,af,87,5f,05,82
              "{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,8f,9d,
              84,12,15,b1,03,81,c1,9f,de,69,ad,3c,a9
              "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,c0,f9,
              32,7b,09,f5,00,ac,a0,57,33,fa,47,20,2e
              "{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,2c,38,
              51,81,38,16,0d,88,e3,be,83,07,70,38,60
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe ,-101"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
              @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker5"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe ,-101"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Shockwave Flash Object"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
              @="0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
              @="ShockwaveFlash.ShockwaveFlash.11"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="ShockwaveFlash.ShockwaveFlash"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Macromedia Flash Factory Object"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
              @="FlashFactory.FlashFactory.1"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="FlashFactory.FlashFactory"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker5"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2798162~31bf3856ad364e35~amd64~~6.1.1.5]
              @DACL=(02 0000)
              "ApplicabilityState"=dword:00000070
              "CurrentState"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2804579~31bf3856ad364e35~amd64~~6.1.1.0]
              @DACL=(02 0000)
              "ApplicabilityState"=dword:00000070
              "CurrentState"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2813956~31bf3856ad364e35~amd64~~6.1.1.0]
              @DACL=(02 0000)
              "ApplicabilityState"=dword:00000070
              "CurrentState"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2818604~31bf3856ad364e35~amd64~~6.1.1.0]
              @DACL=(02 0000)
              "ApplicabilityState"=dword:00000070
              "CurrentState"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2820197~31bf3856ad364e35~amd64~~6.1.1.1]
              @DACL=(02 0000)
              "ApplicabilityState"=dword:00000070
              "CurrentState"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2820331~31bf3856ad364e35~amd64~~6.1.1.1]
              @DACL=(02 0000)
              "ApplicabilityState"=dword:00000070
              "CurrentState"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2829361~31bf3856ad364e35~amd64~~6.1.1.3]
              @DACL=(02 0000)
              "ApplicabilityState"=dword:00000070
              "CurrentState"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2829530~31bf3856ad364e35~amd64~~9.4.1.0]
              @DACL=(02 0000)
              "ApplicabilityState"=dword:00000070
              "CurrentState"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2830290~31bf3856ad364e35~amd64~~6.1.1.2]
              @DACL=(02 0000)
              "ApplicabilityState"=dword:00000070
              "CurrentState"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2835174~31bf3856ad364e35~amd64~~6.1.1.0]
              @DACL=(02 0000)
              "ApplicabilityState"=dword:00000000
              "CurrentState"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2847204~31bf3856ad364e35~amd64~~6.1.1.0]
              @DACL=(02 0000)
              "ApplicabilityState"=dword:00000050
              "CurrentState"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2847204~31bf3856ad364e35~amd64~~9.4.1.0]
              @DACL=(02 0000)
              "ApplicabilityState"=dword:00000070
              "CurrentState"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
              @Denied: (Full) (Everyone)
              .
              Voltooingstijd: 2013-07-27 20:29:12
              ComboFix-quarantined-files.txt 2013-07-27 18:29
              ComboFix2.txt 2013-05-21 11:03
              .
              Pre-Run: 37.626.556.416 bytes beschikbaar
              Post-Run: 39.205.306.368 bytes beschikbaar
              .
              - - End Of File - - 0771D1AAF43C56FD706DFD9BB6B91465
              D41D8CD98F00B204E9800998ECF8427E




              DDS log :
              DDS (Ver_2012-11-20.01) - NTFS_AMD64
              Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
              Run by Eeftink at 20:41:56 on 2013-07-27
              Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1900.784 [GMT 2:00]
              .
              SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              .
              ============== Running Processes ===============
              .
              C:\Windows\system32\lsm.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch
              C:\Windows\system32\svchost.exe -k RPCSS
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
              C:\Windows\system32\svchost.exe -k LocalService
              C:\Windows\system32\svchost.exe -k netsvcs
              C:\Windows\system32\svchost.exe -k NetworkService
              C:\Windows\System32\spoolsv.exe
              C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
              C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
              C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
              C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
              C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
              C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
              C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
              C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
              C:\Windows\system32\lxducoms.exe
              C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
              C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
              C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
              C:\Windows\SysWOW64\PnkBstrA.exe
              C:\Windows\SysWOW64\PnkBstrB.exe
              C:\Windows\system32\svchost.exe -k imgsvc
              C:\Windows\System32\svchost.exe -k secsvcs
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
              C:\Windows\system32\svchost.exe -k bthsvcs
              C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
              C:\Windows\system32\taskhost.exe
              C:\Windows\system32\Dwm.exe
              C:\Windows\Explorer.EXE
              C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
              C:\Windows\System32\igfxtray.exe
              C:\Windows\System32\hkcmd.exe
              C:\Windows\System32\igfxpers.exe
              C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
              C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
              C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
              C:\Windows\system32\SearchIndexer.exe
              C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
              C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
              C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
              C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
              C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
              C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
              C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
              C:\Windows\system32\notepad.exe
              C:\Windows\system32\SearchProtocolHost.exe
              C:\Windows\system32\SearchFilterHost.exe
              C:\Windows\System32\cscript.exe
              .
              ============== Pseudo HJT Report ===============
              .
              uStart Page = hxxp://www.google.com
              BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
              BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
              BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
              BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
              BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
              mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
              mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
              mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
              mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
              StartupFolder: C:\Users\Eeftink\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eeftink\AppData\Roaming\Dropbox\bin\Dropbox.exe
              uPolicies-Explorer: NoDrives = dword:0
              mPolicies-Explorer: NoDrives = dword:0
              mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
              mPolicies-System: ConsentPromptBehaviorUser = dword:3
              mPolicies-System: EnableUIADesktopToggle = dword:0
              IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
              IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
              IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
              IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
              IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
              DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
              DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
              DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
              DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
              TCP: NameServer = 213.46.228.196 62.179.104.196
              TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986} : DHCPNameServer = 213.46.228.196 62.179.104.196
              TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\3596475636F6D6342354131483 : DHCPNameServer = 192.168.0.1
              TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\3596475636F6D6F5466673735383 : DHCPNameServer = 192.168.0.1
              TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\550534234323238383533393 : DHCPNameServer = 192.168.192.1
              TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\8656E6B6 : DHCPNameServer = 192.168.1.1
              TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\A597F507279667164756F5050505253485 : DHCPNameServer = 192.168.1.254 195.241.77.51 195.241.77.52
              TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\C696E6B6379737 : DHCPNameServer = 213.46.228.196 62.179.104.196
              Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
              Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
              Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
              Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
              SSODL: WebCheck - <orphaned>
              SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
              x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
              x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
              x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
              x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
              x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
              x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
              x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
              x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
              x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
              x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
              x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
              x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
              x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
              x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
              x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
              x64-Notify: igfxcui - igfxdev.dll
              x64-SSODL: WebCheck - <orphaned>
              .
              ============= SERVICES / DRIVERS ===============
              .
              R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-5-7 283200]
              R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-11-8 98208]
              R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-1 138400]
              R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-1 76448]
              R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
              R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
              R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
              R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-8 13336]
              R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-8 1817088]
              R2 lxdu_device;lxdu_device;C:\Windows\System32\lxducoms.exe -service --> C:\Windows\System32\lxducoms.exe -service [?]
              R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-21 418376]
              R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-21 701512]
              R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-3-25 5018624]
              R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-8 2656280]
              R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-1 36000]
              R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-1 298656]
              R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-1 28832]
              R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-1 201376]
              R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-1 55456]
              R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-1 154272]
              R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-1 280224]
              R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
              R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-21 25928]
              R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-11-8 335464]
              R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-8 436840]
              S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
              S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
              S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
              S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
              S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
              S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
              S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
              S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
              S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
              S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
              S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-8 1255736]
              .
              =============== Created Last 30 ================
              .
              2013-07-27 18:04:27 -------- d-----w- C:\ComboFix
              2013-07-27 15:56:29 -------- d-----w- C:\Users\Eeftink\AppData\Local\{E1808EA2-CC04-4496-B197-5DA0E2B8003C}
              2013-07-26 17:22:27 -------- d-----w- C:\Users\Eeftink\AppData\Local\{5D206313-B21C-42E6-B112-8E721949E311}
              2013-07-26 14:07:57 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\offreg.dll
              2013-07-26 07:48:42 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\mpengine.dll
              2013-07-19 12:51:49 -------- d-----w- C:\Users\Eeftink\AppData\Local\{DB33E013-B5AB-4E4D-BB9F-D159CE922196}
              2013-07-18 16:32:31 -------- d-----w- C:\Users\Eeftink\AppData\Local\{35099FF3-1816-4645-9364-01D2BA514FB3}
              2013-07-18 16:31:56 -------- d-----w- C:\Users\Eeftink\AppData\Roaming\Lexmark Productivity Studio
              2013-07-11 22:08:39 -------- d-----w- C:\Users\Eeftink\AppData\Roaming\Spotify
              2013-07-10 11:31:39 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
              2013-07-10 11:31:38 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
              2013-07-10 11:31:38 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
              2013-07-10 11:31:38 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
              2013-07-10 11:31:37 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
              2013-07-10 11:31:37 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
              2013-07-10 11:31:37 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
              2013-07-10 11:31:33 624128 ----a-w- C:\Windows\System32\qedit.dll
              2013-07-10 11:31:33 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
              2013-07-10 11:31:30 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
              2013-07-10 11:31:30 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
              2013-07-10 11:30:41 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
              2013-07-10 11:30:41 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
              2013-07-10 11:30:38 3153920 ----a-w- C:\Windows\System32\win32k.sys
              2013-07-10 11:30:20 1643520 ----a-w- C:\Windows\System32\DWrite.dll
              2013-07-10 11:30:19 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
              2013-07-06 15:47:48 -------- d-----w- C:\Users\Eeftink\AppData\Local\{79683EAC-DEA1-45EF-A6E9-6902B2459949}
              .
              ==================== Find3M ====================
              .
              2013-06-19 20:17:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
              2013-06-19 20:17:46 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
              2013-06-19 20:17:46 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
              2013-06-12 18:18:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
              2013-06-12 18:18:45 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
              2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
              2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
              2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
              2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
              2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
              2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
              2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
              2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
              2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
              2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
              2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
              2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
              2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
              2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
              2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
              2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
              2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
              2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
              2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
              2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
              2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
              2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
              2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
              2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
              2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
              2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
              .
              ============= FINISH: 20:42:10,44 ===============

              Comment


              • #8
                Mooi zo.

                Download Rogue Killer naar je bureaublad.

                x64 versie
                .
                • Start het tool en wacht tot de scanning is afgelopen.
                • Klik op "Scan" en wacht tot de scan ten einde is.
                • Klik op "Verwijderen".
                • Klik op "Rapport" en post deze in je volgende posting.
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
                  mail : tigzyRK<at>gmail<dot>com
                  Feedback : http://www.adlice.com/forum/
                  Website : http://www.adlice.com/softwares/roguekiller/
                  Blog : http://tigzyrk.blogspot.com/

                  besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
                  Gestart vanuit : Normale modus
                  Gebruiker : Eeftink [Administrator rechten]
                  Modus : Verwijder -- Datum : 07/27/2013 21:21:44
                  | ARK || FAK || MBR |

                  ¤¤¤ Kwaadaardige processen : 0 ¤¤¤

                  ¤¤¤ Register verwijzingen : 4 ¤¤¤
                  [HJ POL] HKLM\\System : DisableRegistryTools (0) -> Verwijderd
                  [HJ POL] HKLM\\Wow6432Node\\System : DisableRegistryTools (0) -> [0x2] Het systeem kan het opgegeven bestand niet vinden.
                  [HJ DESK] HKLM\\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> VERVANGEN (0)
                  [HJ DESK] HKLM\\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> VERVANGEN (0)

                  ¤¤¤ geplande taken : 5 ¤¤¤
                  [V2][SUSP PATH] {66571DA2-251E-480B-B7AD-D002C2B6B838} : "c:\users\eeftink\appdata\local\google\chrome\application\chrome.exe" - hxxp://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsProgressBar [x][x] -> Verwijderd
                  [V2][SUSP PATH] {78E107A0-C88C-45B6-A45D-2CF5BCEB8FC3} : "c:\users\eeftink\appdata\local\google\chrome\application\chrome.exe" - hxxp://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsProgressBar [x][x] -> Verwijderd
                  [V2][SUSP PATH] {90FC26E3-EA0F-4E3F-8F0F-BA2B0BE63AA4} : "c:\users\eeftink\appdata\local\google\chrome\application\chrome.exe" - hxxp://ui.skype.com/ui/0/6.0.0.126/nl/abandoninstall?page=tsProgressBar [x][x] -> Verwijderd
                  [V2][SUSP PATH] {9E4713FD-76F6-4DDC-8F15-C4C1AECBED14} : "c:\users\eeftink\appdata\local\google\chrome\application\chrome.exe" - hxxp://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsProgressBar [x][x] -> Verwijderd
                  [V2][SUSP PATH] {CFE2DDA3-33C3-45E2-84AF-74AD3D267015} : "c:\users\eeftink\appdata\local\google\chrome\application\chrome.exe" - hxxp://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsProgressBar [x][x] -> Verwijderd

                  ¤¤¤ Startup Entries : 0 ¤¤¤

                  ¤¤¤ webbrowsers : 0 ¤¤¤

                  ¤¤¤ Speciale Files / Folders: ¤¤¤

                  ¤¤¤ Driver : [Niet geladen 0x0] ¤¤¤

                  ¤¤¤ Externe Hives: ¤¤¤

                  ¤¤¤ Infectie : ¤¤¤

                  ¤¤¤ HOSTS Bestand: ¤¤¤
                  --> %SystemRoot%\System32\drivers\etc\hosts


                  127.0.0.1 localhost


                  ¤¤¤ MBR Controle: ¤¤¤

                  +++++ PhysicalDrive0: Hitachi HTS543232A7A384 +++++
                  --- User ---
                  [MBR] 193ed3981c8037dd98f4b055869b4127
                  [BSP] b22c4675cd5f10784d59d69a8e6181d6 : Windows 7/8 MBR Code
                  Partition table:
                  0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
                  1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 289745 Mo
                  2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 593807360 | Size: 15196 Mo
                  3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
                  User = LL1 ... OK!
                  User = LL2 ... OK!

                  Gereed : << RKreport[0]_D_07272013_212144.txt >>
                  RKreport[0]_S_07272013_212047.txt

                  Comment


                  • #10
                    OK, dat ziet er al goed uit

                    Ik wil nog even naar resten zoeken......


                    Download SystemLook.exe x64 en plaats het bestand op het Bureaublad.
                    Dubbelklik SystemLook.exe om het programma te starten.
                    In het venster dat opent kopieer je onderstaande code:

                    Code:
                    :filefind
                    *2save
                    *usave
                    :folderfind
                    *2save
                    *usave
                    :regfind
                    *2save
                    *usave
                    Klik op de knop "Look" om de scan te activeren.

                    Als de scan klaar is opent een tekstbestand (SystemLook.txt).
                    Post de inhoud van dit bestand.
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      SystemLook 30.07.11 by jpshortstuff
                      Log created at 21:41 on 27/07/2013 by Eeftink
                      Administrator - Elevation successful

                      ========== filefind ==========

                      Searching for "*2save"
                      No files found.

                      Searching for "*usave"
                      No files found.

                      ========== folderfind ==========

                      Searching for "*2save"
                      No folders found.

                      Searching for "*usave"
                      No folders found.

                      ========== regfind ==========

                      Searching for "*2save"
                      No data found.

                      Searching for "*usave"
                      No data found.

                      -= EOF =-

                      Comment


                      • #12
                        Prima

                        Voor we overgaan tot opruiming, zijn er nog problemen?
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Als alles ok is, mag je het volgende utvoeren:

                          Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                          ComboFix /Uninstall

                          Zorg ervoor dat er dus een spatie is tussen Combofix en /
                          Daarna klik je op Enter.


                          Klik op de afbeelding om te vergroten....


                          Dit zal Combofix verwijderen+gerelateerde mappen en bestanden,
                          herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
                          gaat verborgen bestanden en systeembestanden terug verbergen
                          en reset je Systeemherstel opnieuw.



                          Download OTC.exe (by OldTimer) naar je bureaublad.
                          (Dus : Opslaan, "Door je mappen bladeren" klikken, in de linkerkolom je bureaublad selecteren en "opslaan" klikken)
                          .
                          • Klik vervolgens met je rechtermuisknop op OTC.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
                          • Klik nu op de knop "CleanUp!"
                          • Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil,
                            mag je dit toestaan, het programma heeft die connectie nodig.
                          • OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

                          .
                          Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.


                          OPMERKING: Installeer een goede (gratis) Antivirustool.
                          Defender is echt niet voldoende.
                          Mijn persoonlijke voorkeur gaat uit naar Avira Free Antivirus 2012 http://www.avira.com/nl/download-sta...free-antivirus
                          Last edited by Emphyrio; 28-07-13, 13:08.
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            Alles lijkt ok te zijn, maar in de browsers staat nog stééds ''ads not by this site''. Wat een hardnekkige troep! Moet ik dan toch ComboFix uninstallen etc. ?

                            Comment


                            • #15
                              Combofix mag je uninstallen.

                              Kan je eens een printscreen posten van die melding aub?
                              Hier vind je een handleiding om screenshots te maken en toe te voegen >>KLIK<<
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X