Mededeling

**Emphyrio** · 27-07-13, 15:07

Hoi MetallicA,

Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
.

Log enkel in als beheerder met alle rechten.
Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
Volg aandachtig de instructies die door mij worden gegeven.
Volg enkel het door mij gegeven advies op
Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
Als je iets niet weet of verstaat, vraag het dan even aub.
Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
Zet je emoticons (Smileys) uit als je logs plaatst aub .
De logs niet als bijlage, noch tussen codetags zetten aub.

.
Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

Stap 1:

Malware scannen en verwijderen....

Start MBAM.

Zodra het programma gestart is, ga je naar het tabblad "Instellingen".

Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga naar het tabblad "Updates" en Update MBAM.
Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Indien MBAM vraagt om een herstart, doe dit dan ook.
Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
In dat geval post je dus de twee logs.

De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Bij problemen!!!

___________________________________________________________

Stap 2:

Controle op slechte toolbars...

Opmerking:Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
Beveiligingssoftware uitschakelen.

Download AdwCleaner by Xplode naar je Bureaublad.

Sluit alle openstaande vensters
Start AdwCleaner en klik op Verwijderen
Klik bij AdwCleaner – Information op OK
Klik bij AdwCleaner – Restart Required op OK

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

Vergeet niet om je "smileys" uit te schakelen.

Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

___________________________________________________________

Stap 3:

Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:

DDS is een diagnosetool en maakt gebruik van scripts.
Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.

Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
Beide logfiles sla je op je bureaublad.

Post de inhoud van DDS.txt.

De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

___________________________________________________________

Stap 4:

Controle op updates...

Download Security Check op je bureaublad via hier of hier

Start Security Check
Volg de Instructies in het scherm
Aan het eind verschijnt een log ( checkup.txt )
Plaats de inhoud ervan in je volgende antwoord.

In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
.

MBAM
AdwCleaner
DDS
checkup.txt

.
Deze logs NIET als bijlage of tussen codetags posten aub.
(Desnoods in meerdere postingen.)

Emphyrio

**MetallicA** · 27-07-13, 17:07

Hoi,

hier de logjes:

MBAM:
Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes Cyber Security for Home & Business | Anti-Malware

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with Malwarebytes cyber security solutions.

Databaseversie: v2013.07.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Eeftink :: EEFTINK-LAPTOP [administrator]

27-7-2013 16:12:38
mbam-log-2013-07-27 (16-12-38).txt

Scan type: Volledige scan (C:\|D:\|E:\|F:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 362311
Verstreken tijd: 1 uur/uren, 17 minuut/minuten, 35 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

AdwCleaner :
# AdwCleaner v2.306 - Verslag gemaakt op 27/07/2013 om 17:47:59
# Geactualiseerd op 19/07/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : Eeftink - EEFTINK-LAPTOP
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Eeftink\Desktop\adwcleaner.exe
# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

***** [Register] *****

Sleutel Verwijderd : HKCU\Software\InstallCore
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Sleutel Verwijderd : HKLM\Software\systweak
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v [Onmogelijk de versie te verkrijgen]

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Eeftink\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[R1].txt - [2110 octets] - [27/07/2013 17:46:50]
AdwCleaner[S1].txt - [6094 octets] - [17/06/2013 22:08:33]
AdwCleaner[S2].txt - [2074 octets] - [27/07/2013 17:47:59]

########## EOF - C:\AdwCleaner[S2].txt - [2134 octets] ##########

DDS :
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Eeftink at 17:58:12 on 2013-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1900.230 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\lxducoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Eeftink\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Users\Eeftink\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Google Update] "C:\Users\Eeftink\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Eeftink\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eeftink\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 213.46.228.196 62.179.104.196
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986} : DHCPNameServer = 213.46.228.196 62.179.104.196
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\3596475636F6D6342354131483 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\3596475636F6D6F5466673735383 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\550534234323238383533393 : DHCPNameServer = 192.168.192.1
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\8656E6B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\A597F507279667164756F5050505253485 : DHCPNameServer = 192.168.1.254 195.241.77.51 195.241.77.52
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\C696E6B6379737 : DHCPNameServer = 213.46.228.196 62.179.104.196
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-5-7 283200]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-1 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-1 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-1 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-1 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-1 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-1 154272]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-1 280224]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-21 25928]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-11-8 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-8 436840]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2013-07-27 15:56:29 -------- d-----w- C:\Users\Eeftink\AppData\Local\{E1808EA2-CC04-4496-B197-5DA0E2B8003C}
2013-07-26 17:22:27 -------- d-----w- C:\Users\Eeftink\AppData\Local\{5D206313-B21C-42E6-B112-8E721949E311}
2013-07-26 14:07:57 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\offreg.dll
2013-07-26 07:48:42 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\mpengine.dll
2013-07-19 12:51:49 -------- d-----w- C:\Users\Eeftink\AppData\Local\{DB33E013-B5AB-4E4D-BB9F-D159CE922196}
2013-07-18 16:32:31 -------- d-----w- C:\Users\Eeftink\AppData\Local\{35099FF3-1816-4645-9364-01D2BA514FB3}
2013-07-18 16:31:56 -------- d-----w- C:\Users\Eeftink\AppData\Roaming\Lexmark Productivity Studio
2013-07-11 22:08:39 -------- d-----w- C:\Users\Eeftink\AppData\Roaming\Spotify
2013-07-10 11:31:39 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 11:31:38 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 11:31:38 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 11:31:38 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 11:31:37 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 11:31:37 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 11:31:37 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 11:31:33 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-10 11:31:33 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-10 11:31:30 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-10 11:31:30 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 11:30:41 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 11:30:41 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 11:30:38 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-10 11:30:20 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 11:30:19 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-06 15:47:48 -------- d-----w- C:\Users\Eeftink\AppData\Local\{79683EAC-DEA1-45EF-A6E9-6902B2459949}
.
==================== Find3M ====================
.
2013-06-19 20:17:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 20:17:46 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-19 20:17:46 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-12 18:18:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 18:18:45 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 18:01:41,11 ===============

Security check :
Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.0
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

**Emphyrio** · 27-07-13, 17:10

Download of Update Ccleaner

Start CCleaner op.

Run Ccleaner en klik in de linkse kolom op Opties
Selecteer het tabblad Geavanceerd
Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
Haal het vinkje weg voor Verwijder alleen bestanden in de Prullenbak die ouder zijn dan 24 uur
Selecteer het tabblad Instellingen
Haal het vinkje weg bij "Computer automatisch schoonmaken...."
Klik in de linkse kolom op Cleaner.
Klik dan achtereenvolgens op Analyseer en Schoonmaken.
Klik vervolgens in de linkse kolom op Register
Klik op Scan naar problemen.
Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK

.
Hoe is het nu?

**MetallicA** · 27-07-13, 18:31

Wederom beter, maar nu staan weer op de plaats waar eerst advertenties stonden ''ads not by this site'' dus nog een restant van het programma ''BrowseToSave''

**Emphyrio** · 27-07-13, 18:48

Download TFC en sla deze op je Bureaublad op.

Dubbelklik op TFC.exe om het programma te openen.
Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
Klik op de knop Start om het programma te starten.
Als het programma klaar is, dan zal het je computer opnieuw opstarten.
Als dit niet gebeurt, start dan je computer handmatig opnieuw op.

_____________________________________________________________

Download Combofix en plaats het op je bureaublad.

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Deze kan je vinden als C:\combofix.txt.

Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

Emphyrio

**MetallicA** · 27-07-13, 19:45

Bedankt voor je snelle reacties!

Combofix log :
ComboFix 13-07-27.01 - Eeftink 27-07-2013 20:06:41.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1900.940 [GMT 2:00]
Gestart vanuit: c:\users\Eeftink\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-06-27 to 2013-07-27 ))))))))))))))))))))))))))))))
.
.
2013-07-27 18:17 . 2013-07-27 18:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-27 18:17 . 2013-07-27 18:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-26 14:07 . 2013-07-27 18:08 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\offreg.dll
2013-07-26 07:48 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\mpengine.dll
2013-07-20 08:30 . 2013-07-20 08:30 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-07-18 16:31 . 2013-07-18 16:31 -------- d-----w- c:\users\Eeftink\AppData\Roaming\Lexmark Productivity Studio
2013-07-11 22:08 . 2013-07-11 22:24 -------- d-----w- c:\users\Eeftink\AppData\Roaming\Spotify
2013-07-10 11:31 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 11:31 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 11:31 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 11:31 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 11:31 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 11:31 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 11:31 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 11:31 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 11:31 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 11:31 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 11:31 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 11:30 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 11:30 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 11:30 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 11:30 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 11:30 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 09:43 . 2012-01-15 13:56 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-19 20:17 . 2013-06-19 20:18 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 20:17 . 2012-06-07 12:50 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-19 20:17 . 2011-04-23 16:50 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 18:18 . 2012-03-31 06:42 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 18:18 . 2012-01-14 07:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-28 22:21 . 2013-05-28 22:21 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-28 22:21 . 2013-05-28 22:21 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-28 22:21 . 2013-05-28 22:21 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-28 22:21 . 2013-05-28 22:21 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-28 22:21 . 2013-05-28 22:21 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-28 22:21 . 2013-05-28 22:21 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-28 22:21 . 2013-05-28 22:21 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-28 22:21 . 2013-05-28 22:21 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-28 22:21 . 2013-05-28 22:21 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-28 22:21 . 2013-05-28 22:21 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-28 22:21 . 2013-05-28 22:21 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-28 22:21 . 2013-05-28 22:21 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-28 22:21 . 2013-05-28 22:21 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-28 22:21 . 2013-05-28 22:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-28 22:21 . 2013-05-28 22:21 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-28 22:21 . 2013-05-28 22:21 441856 ----a-w- c:\windows\system32\html.iec
2013-05-28 22:21 . 2013-05-28 22:21 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-28 22:21 . 2013-05-28 22:21 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-28 22:21 . 2013-05-28 22:21 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-28 22:21 . 2013-05-28 22:21 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-28 22:21 . 2013-05-28 22:21 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-28 22:21 . 2013-05-28 22:21 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-28 22:21 . 2013-05-28 22:21 235008 ----a-w- c:\windows\system32\url.dll
2013-05-28 22:21 . 2013-05-28 22:21 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-28 22:21 . 2013-05-28 22:21 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-28 22:21 . 2013-05-28 22:21 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-28 22:21 . 2013-05-28 22:21 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-28 22:21 . 2013-05-28 22:21 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-28 22:21 . 2013-05-28 22:21 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-28 22:21 . 2013-05-28 22:21 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-28 22:21 . 2013-05-28 22:21 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-28 22:21 . 2013-05-28 22:21 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-28 22:21 . 2013-05-28 22:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-28 22:21 . 2013-05-28 22:21 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-28 22:21 . 2013-05-28 22:21 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-28 22:21 . 2013-05-28 22:21 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-28 22:21 . 2013-05-28 22:21 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-28 22:21 . 2013-05-28 22:21 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-28 22:21 . 2013-05-28 22:21 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-28 22:21 . 2013-05-28 22:21 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-28 22:21 . 2013-05-28 22:21 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-28 22:21 . 2013-05-28 22:21 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-28 22:21 . 2013-05-28 22:21 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-28 22:21 . 2013-05-28 22:21 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-28 22:21 . 2013-05-28 22:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-28 22:21 . 2013-05-28 22:21 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-28 22:21 . 2013-05-28 22:21 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-28 22:21 . 2013-05-28 22:21 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-28 22:21 . 2013-05-28 22:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-14 03:31 . 2012-01-11 20:43 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 08:11 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 08:11 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 08:11 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 08:11 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 08:11 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 08:11 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 08:11 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 08:11 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 08:11 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 08:11 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 08:11 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 08:11 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 08:11 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Eeftink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Eeftink\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNX T6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\dr ivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe;c:\windows\SYSNATIVE\lxducoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2013-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 18:18]
.
2013-07-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-97582374-1526495322-1023689900-1000Core.job
- c:\users\Eeftink\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-16 03:42]
.
2013-07-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-97582374-1526495322-1023689900-1000UA.job
- c:\users\Eeftink\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-16 03:42]
.
2013-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 11:50]
.
2013-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-25 11:50]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97582374-1526495322-1023689900-1000Core.job
- c:\users\Eeftink\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 14:10]
.
2013-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-97582374-1526495322-1023689900-1000UA.job
- c:\users\Eeftink\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 14:10]
.
2013-07-12 c:\windows\Tasks\HPCeeScheduleForEeftink.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Eeftink\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 418328]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{585C7255-C954-564B-0DD7-7026E3EE052D} - c:\progra~3\INSTAL~1\{2CDF3~1\Setup.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-97582374-1526495322-1023689900-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,3b,1b,d4,e1,05,
91,3e,5f,b8,01,9e,17,52,f4,1d,9a,c0,33
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c3,25,
8c,3d,1d,d3,00,96,da,12,3c,74,4d,22,d3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,17,dd,
c7,7a,f5,37,09,a4,62,df,7d,c3,80,c9,bc
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,80,01,
6a,cf,87,40,0c,ae,fd,97,82,f3,9c,6c,56
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,4f,95,
b2,63,7f,b8,04,97,6d,b2,af,87,5f,05,82
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,8f,9d,
84,12,15,b1,03,81,c1,9f,de,69,ad,3c,a9
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,c0,f9,
32,7b,09,f5,00,ac,a0,57,33,fa,47,20,2e
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,2c,38,
51,81,38,16,0d,88,e3,be,83,07,70,38,60
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2798162~31bf3856ad364e35~amd64~~6.1.1.5]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2804579~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2813956~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2818604~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2820197~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2820331~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2829361~31bf3856ad364e35~amd64~~6.1.1.3]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2829530~31bf3856ad364e35~amd64~~9.4.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2830290~31bf3856ad364e35~amd64~~6.1.1.2]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2835174~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000000
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2847204~31bf3856ad364e35~amd64~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000050
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2847204~31bf3856ad364e35~amd64~~9.4.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-07-27 20:29:12
ComboFix-quarantined-files.txt 2013-07-27 18:29
ComboFix2.txt 2013-05-21 11:03
.
Pre-Run: 37.626.556.416 bytes beschikbaar
Post-Run: 39.205.306.368 bytes beschikbaar
.
- - End Of File - - 0771D1AAF43C56FD706DFD9BB6B91465
D41D8CD98F00B204E9800998ECF8427E

DDS log :
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Eeftink at 20:41:56 on 2013-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1900.784 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\lxducoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Eeftink\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eeftink\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 213.46.228.196 62.179.104.196
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986} : DHCPNameServer = 213.46.228.196 62.179.104.196
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\3596475636F6D6342354131483 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\3596475636F6D6F5466673735383 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\550534234323238383533393 : DHCPNameServer = 192.168.192.1
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\8656E6B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\A597F507279667164756F5050505253485 : DHCPNameServer = 192.168.1.254 195.241.77.51 195.241.77.52
TCP: Interfaces\{D1830E4F-4D3B-49A0-BDBD-1D3FDE316986}\C696E6B6379737 : DHCPNameServer = 213.46.228.196 62.179.104.196
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-5-7 283200]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-11-8 98208]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-1 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-1 76448]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-8 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-8 1817088]
R2 lxdu_device;lxdu_device;C:\Windows\System32\lxducoms.exe -service --> C:\Windows\System32\lxducoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-21 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-21 701512]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-3-25 5018624]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-8 2656280]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-1 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-1 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-1 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-1 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-1 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-1 154272]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-1 280224]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-21 25928]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-11-8 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-8 436840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-8 1255736]
.
=============== Created Last 30 ================
.
2013-07-27 18:04:27 -------- d-----w- C:\ComboFix
2013-07-27 15:56:29 -------- d-----w- C:\Users\Eeftink\AppData\Local\{E1808EA2-CC04-4496-B197-5DA0E2B8003C}
2013-07-26 17:22:27 -------- d-----w- C:\Users\Eeftink\AppData\Local\{5D206313-B21C-42E6-B112-8E721949E311}
2013-07-26 14:07:57 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\offreg.dll
2013-07-26 07:48:42 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C4A5A10-34EC-4B08-860D-0386B0071A71}\mpengine.dll
2013-07-19 12:51:49 -------- d-----w- C:\Users\Eeftink\AppData\Local\{DB33E013-B5AB-4E4D-BB9F-D159CE922196}
2013-07-18 16:32:31 -------- d-----w- C:\Users\Eeftink\AppData\Local\{35099FF3-1816-4645-9364-01D2BA514FB3}
2013-07-18 16:31:56 -------- d-----w- C:\Users\Eeftink\AppData\Roaming\Lexmark Productivity Studio
2013-07-11 22:08:39 -------- d-----w- C:\Users\Eeftink\AppData\Roaming\Spotify
2013-07-10 11:31:39 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 11:31:38 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 11:31:38 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 11:31:38 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 11:31:37 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 11:31:37 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 11:31:37 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 11:31:33 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-10 11:31:33 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-10 11:31:30 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-10 11:31:30 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 11:30:41 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 11:30:41 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 11:30:38 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-10 11:30:20 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 11:30:19 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-06 15:47:48 -------- d-----w- C:\Users\Eeftink\AppData\Local\{79683EAC-DEA1-45EF-A6E9-6902B2459949}
.
==================== Find3M ====================
.
2013-06-19 20:17:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 20:17:46 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-19 20:17:46 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-12 18:18:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 18:18:45 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 20:42:10,44 ===============

**Emphyrio** · 27-07-13, 19:59

Mooi zo.

Download Rogue Killer naar je bureaublad.

x64 versie
.

Start het tool en wacht tot de scanning is afgelopen.
Klik op "Scan" en wacht tot de scan ten einde is.
Klik op "Verwijderen".
Klik op "Rapport" en post deze in je volgende posting.

**MetallicA** · 27-07-13, 20:23

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestart vanuit : Normale modus
Gebruiker : Eeftink [Administrator rechten]
Modus : Verwijder -- Datum : 07/27/2013 21:21:44
| ARK || FAK || MBR |

¤¤¤ Kwaadaardige processen : 0 ¤¤¤

¤¤¤ Register verwijzingen : 4 ¤¤¤
[HJ POL] HKLM\

\System : DisableRegistryTools (0) -> Verwijderd
[HJ POL] HKLM\

\Wow6432Node\

\System : DisableRegistryTools (0) -> [0x2] Het systeem kan het opgegeven bestand niet vinden.
[HJ DESK] HKLM\

\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> VERVANGEN (0)
[HJ DESK] HKLM\

\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> VERVANGEN (0)

¤¤¤ geplande taken : 5 ¤¤¤
[V2][SUSP PATH] {66571DA2-251E-480B-B7AD-D002C2B6B838} : "c:\users\eeftink\appdata\local\google\chrome\application\chrome.exe" - hxxp://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsProgressBar [x][x] -> Verwijderd
[V2][SUSP PATH] {78E107A0-C88C-45B6-A45D-2CF5BCEB8FC3} : "c:\users\eeftink\appdata\local\google\chrome\application\chrome.exe" - hxxp://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsProgressBar [x][x] -> Verwijderd
[V2][SUSP PATH] {90FC26E3-EA0F-4E3F-8F0F-BA2B0BE63AA4} : "c:\users\eeftink\appdata\local\google\chrome\application\chrome.exe" - hxxp://ui.skype.com/ui/0/6.0.0.126/nl/abandoninstall?page=tsProgressBar [x][x] -> Verwijderd
[V2][SUSP PATH] {9E4713FD-76F6-4DDC-8F15-C4C1AECBED14} : "c:\users\eeftink\appdata\local\google\chrome\application\chrome.exe" - hxxp://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsProgressBar [x][x] -> Verwijderd
[V2][SUSP PATH] {CFE2DDA3-33C3-45E2-84AF-74AD3D267015} : "c:\users\eeftink\appdata\local\google\chrome\application\chrome.exe" - hxxp://ui.skype.com/ui/0/6.3.73.105.457/nl/abandoninstall?page=tsProgressBar [x][x] -> Verwijderd

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ webbrowsers : 0 ¤¤¤

¤¤¤ Speciale Files / Folders: ¤¤¤

¤¤¤ Driver : [Niet geladen 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infectie : ¤¤¤

¤¤¤ HOSTS Bestand: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Controle: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543232A7A384 +++++
--- User ---
[MBR] 193ed3981c8037dd98f4b055869b4127
[BSP] b22c4675cd5f10784d59d69a8e6181d6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 289745 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 593807360 | Size: 15196 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Gereed : << RKreport[0]_D_07272013_212144.txt >>
RKreport[0]_S_07272013_212047.txt

**Emphyrio** · 27-07-13, 20:33

OK, dat ziet er al goed uit

Ik wil nog even naar resten zoeken......

Download SystemLook.exe x64 en plaats het bestand op het Bureaublad.
Dubbelklik SystemLook.exe om het programma te starten.
In het venster dat opent kopieer je onderstaande code:

Code:

:filefind
*2save
*usave
:folderfind
*2save
*usave
:regfind
*2save
*usave

Klik op de knop "Look" om de scan te activeren.

Als de scan klaar is opent een tekstbestand (SystemLook.txt).
Post de inhoud van dit bestand.

**MetallicA** · 27-07-13, 20:46

SystemLook 30.07.11 by jpshortstuff
Log created at 21:41 on 27/07/2013 by Eeftink
Administrator - Elevation successful

========== filefind ==========

Searching for "*2save"
No files found.

Searching for "*usave"
No files found.

========== folderfind ==========

Searching for "*2save"
No folders found.

Searching for "*usave"
No folders found.

========== regfind ==========

Searching for "*2save"
No data found.

Searching for "*usave"
No data found.

-= EOF =-

**Emphyrio** · 27-07-13, 20:48

Prima

Voor we overgaan tot opruiming, zijn er nog problemen?

**Emphyrio** · 27-07-13, 21:17

Als alles ok is, mag je het volgende utvoeren:

Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

ComboFix /Uninstall

Zorg ervoor dat er dus een spatie is tussen Combofix en /
Daarna klik je op Enter.

Klik op de afbeelding om te vergroten....

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden,
herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
gaat verborgen bestanden en systeembestanden terug verbergen
en reset je Systeemherstel opnieuw.

Download OTC.exe (by OldTimer) naar je bureaublad.
(Dus : Opslaan, "Door je mappen bladeren" klikken, in de linkerkolom je bureaublad selecteren en "opslaan" klikken)
.

Klik vervolgens met je rechtermuisknop op OTC.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
Klik nu op de knop "CleanUp!"
Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil,
mag je dit toestaan, het programma heeft die connectie nodig.
OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

.
Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.

OPMERKING: Installeer een goede (gratis) Antivirustool.
Defender is echt niet voldoende.
Mijn persoonlijke voorkeur gaat uit naar Avira Free Antivirus 2012 http://www.avira.com/nl/download-sta...free-antivirus

**MetallicA** · 28-07-13, 10:21

Alles lijkt ok te zijn, maar in de browsers staat nog stééds ''ads not by this site''. Wat een hardnekkige troep! Moet ik dan toch ComboFix uninstallen etc. ?

**Emphyrio** · 28-07-13, 11:56

Combofix mag je uninstallen.

Kan je eens een printscreen posten van die melding aub?
Hier vind je een handleiding om screenshots te maken en toe te voegen >>KLIK<<

Mededeling

Gruwelijke adware-besmetting

Gruwelijke adware-besmetting

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment