Hoi Cisca1973 en welkom op Nucia Security Forum,

Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
.

• Log enkel in als beheerder met alle rechten.
• Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
• Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
• Volg aandachtig de instructies die door mij worden gegeven.
• Volg enkel het door mij gegeven advies op
• Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
• Als je iets niet weet of verstaat, vraag het dan even aub.
• Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
• Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
• Zet je emoticons (Smileys) uit als je logs plaatst aub .
• De logs niet als bijlage, noch tussen codetags zetten aub.

.
Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

Stap 1:

Malware scannen en verwijderen....


Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links:

• http://download.bleepingcomputer.com....51.1.1800.exe
• http://www.malwarebytes.org/mbam/program/mbam-setup.exe
• http://www.malwarebytes.org/mbam-download-exe.php
• http://data-cdn.mbamupdates.com/v0/p....51.1.1800.exe

Dubbelklik op mbam-setup.exe om het programma te installeren.

Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

Zorg dat er na de installatie een vinkje is geplaatst bij:

• Update MalwareBytes' Anti-Malware
• Start MalwareBytes' Anti-Malware
• Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Zodra het programma gestart is, ga je naar het tabblad "Instellingen".

• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
• Ga naar het tabblad "Updates" en Update MBAM.
• Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
• Druk vervolgens op "Scannen" om de scan te starten.
• Het scannen kan een tijdje duren, dus wees geduldig.
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Indien MBAM vraagt om een herstart, doe dit dan ook.
Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
In dat geval post je dus de twee logs.

De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


Bij problemen!!!

• Problemen bij het installeren van Malwarebytes' Anti-Malware
• Problemen bij het starten van Malwarebytes' Anti-Malware
• Problemen bij het updaten van Malwarebytes' Anti-Malware

___________________________________________________________

Stap 2:

Controle op slechte toolbars...

Opmerking:Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
Beveiligingssoftware uitschakelen.

Download AdwCleaner by Xplode naar je Bureaublad.

• Sluit alle openstaande vensters
• Start AdwCleaner en klik op Verwijderen
• 
   
• Klik bij AdwCleaner – Information op OK
• Klik bij AdwCleaner – Restart Required op OK

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

Vergeet niet om je "smileys" uit te schakelen.

Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

___________________________________________________________

Stap 3:

Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:

• DDS.com.
• DDS.scr.
• DDS.pif.

DDS is een diagnosetool en maakt gebruik van scripts.
Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.

Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
Beide logfiles sla je op je bureaublad.

Post de inhoud van DDS.txt.

De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

___________________________________________________________

Stap 4:

Controle op updates...

Download Security Check op je bureaublad via hier of hier

Start Security Check
Volg de Instructies in het scherm
Aan het eind verschijnt een log ( checkup.txt )
Plaats de inhoud ervan in je volgende antwoord.

In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
.

• MBAM
• AdwCleaner
• DDS
• checkup.txt

.
Deze logs NIET als bijlage of tussen codetags posten aub.
(Desnoods in meerdere postingen.)

Emphyrio

Beste Emphyrio, dank voor je hulp.
Bij deze eerst de logs van stap 1, de rest ga ik nu doen:

Malwarebytes Anti-Malware 1.75.0.1300


Databaseversie: v2013.07.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
W7 :: W7-PC [administrator]

29-7-2013 22:38:45
mbam-log-2013-07-29 (22-38-45).txt

Scan type: Volledige scan (C:\|D:\|I:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 371335
Verstreken tijd: 59 minuut/minuten, 45 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2
C:\Users\W7\Music\Shared\Mijn documenten\photoshop_cs2_keygen.zip (RiskWare.Tool.CK) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\W7\Music\Shared\Mijn documenten\photoshop_cs2_keygen\photoshop_cs2_keygen.exe (RiskWare.Tool.CK) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

alwarebytes Anti-Malware 1.75.0.1300


Databaseversie: v2013.07.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
W7 :: W7-PC [administrator]

29-7-2013 23:46:30
mbam-log-2013-07-29 (23-46-30).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 219357
Verstreken tijd: 5 minuut/minuten, 51 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

Bij deze de logfile van stap 2, nu zonder smileys:

# AdwCleaner v2.306 - Verslag gemaakt op 30/07/2013 om 00:08:38
# Geactualiseerd op 19/07/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : W7 - W7-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\W7\Desktop\adwcleaner.exe
# Optie [Verwijderen]


***** [Diensten] *****

Gestopt & Verwijdert : Web Assistant

***** [Files / Mappen] *****

Map Verwijderd : C:\Program Files (x86)\Conduit
Map Verwijderd : C:\Program Files\Web Assistant
Map Verwijderd : C:\ProgramData\ssafe, seaave
Map Verwijderd : C:\Users\W7\AppData\Local\Conduit
Map Verwijderd : C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Map Verwijderd : C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Map Verwijderd : C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Map Verwijderd : C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojknihllgfakgpjaobeknddloneocbon
Map Verwijderd : C:\Users\W7\AppData\LocalLow\Conduit
Map Verwijderd : C:\Users\W7\AppData\LocalLow\PriceGong
Map Verwijderd : C:\Users\W7\AppData\LocalLow\ssafe, seaave
Map Verwijderd : C:\Users\W7\AppData\Roaming\dvdvideosoftiehelpers
Map Verwijderd : C:\Users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\9dfszpe8.default\CT2865317
Map Verwijderd : C:\Users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\9dfszpe8.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
Map Verwijderd : C:\Users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\9dfszpe8.default\extensions\staged
Map Verwijderd : C:\Users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\9dfszpe8.default\Smartbar

***** [Register] *****

Sleutel Verwijderd : HKCU\Software\APN PIP
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\PriceGong
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\SmartBar
Sleutel Verwijderd : HKCU\Software\AppDataLow\SProtector
Sleutel Verwijderd : HKCU\Software\Conduit
Sleutel Verwijderd : HKCU\Software\IM
Sleutel Verwijderd : HKCU\Software\ImInstaller
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Sleutel Verwijderd : HKLM\Software\AVG Secure Search
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Sleutel Verwijderd : HKLM\Software\Conduit
Sleutel Verwijderd : HKLM\Software\ImInstaller
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Sleutel Verwijderd : HKLM\Software\SProtector
Sleutel Verwijderd : HKLM\Software\Web Assistant
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Sleutel Verwijderd : HKLM\SOFTWARE\Web Assistant
Waarde Verwijderd : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v15.0.1 (nl)

File : C:\Users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\9dfszpe8.default\prefs.js

Verwijderd : user_pref("CT2865317.1000234.TWC_TMP_city", "AMERSFOORT");
Verwijderd : user_pref("CT2865317.1000234.TWC_TMP_country", "NL");
Verwijderd : user_pref("CT2865317.1000234.TWC_country", "NETHERLANDS");
Verwijderd : user_pref("CT2865317.1000234.TWC_locId", "NLXX0056");
Verwijderd : user_pref("CT2865317.1000234.TWC_location", "Amersfoort, Netherlands");
Verwijderd : user_pref("CT2865317.1000234.TWC_region", "OT");
Verwijderd : user_pref("CT2865317.1000234.TWC_temp_dis", "c");
Verwijderd : user_pref("CT2865317.1000234.TWC_wind_dis", "kmh");
Verwijderd : user_pref("CT2865317.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"24°C\",\"temperat
Verwijderd : user_pref("CT2865317.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijderd : user_pref("CT2865317.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru
Verwijderd : user_pref("CT2865317.FirstTime", "true");
Verwijderd : user_pref("CT2865317.FirstTimeFF3", "true");
Verwijderd : user_pref("CT2865317.LoginRevertSettingsEnabled", true);
Verwijderd : user_pref("CT2865317.PG_ENABLE", "dHJ1ZQ==");
Verwijderd : user_pref("CT2865317.PG_ENABLE.enc", "dHJ1ZQ==");
Verwijderd : user_pref("CT2865317.RevertSettingsEnabled", true);
Verwijderd : user_pref("CT2865317.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Verwijderd : user_pref("CT2865317.SF_STATUS.enc", "RU5BQkxFRA==");
Verwijderd : user_pref("CT2865317.SF_USER_ID.enc", "Y2lkXzI0NTIwMTMyMzUzMzI2NDUxNjMw");
Verwijderd : user_pref("CT2865317.UserID", "UN67372390139992771");
Verwijderd : user_pref("CT2865317.addressBarTakeOverEnabledInHidden", "true");
Verwijderd : user_pref("CT2865317.autoDisableScopes", -1);
Verwijderd : user_pref("CT2865317.cbfirsttime.enc", "RnJpIE1heSAyNCAyMDEzIDIzOjUzOjM3IEdNVCswMjAw");
Verwijderd : user_pref("CT2865317.defaultSearch", "false");
Verwijderd : user_pref("CT2865317.embeddedsData", "[{\"appId\":\"129363015615338104\",\"apiPermissions\":{\"cross
Verwijderd : user_pref("CT2865317.enableAlerts", "always");
Verwijderd : user_pref("CT2865317.enableFix404ByUser", "FALSE");
Verwijderd : user_pref("CT2865317.enableSearchFromAddressBar", "false");
Verwijderd : user_pref("CT2865317.firstTimeDialogOpened", "true");
Verwijderd : user_pref("CT2865317.fixPageNotFoundError", "true");
Verwijderd : user_pref("CT2865317.fixPageNotFoundErrorByUser", "true");
Verwijderd : user_pref("CT2865317.fixPageNotFoundErrorInHidden", "true");
Verwijderd : user_pref("CT2865317.fixUrls", true);
Verwijderd : user_pref("CT2865317.installDate", "5/2/2013 16:32:24");
Verwijderd : user_pref("CT2865317.installType", "xpe");
Verwijderd : user_pref("CT2865317.isCheckedStartAsHidden", true);
Verwijderd : user_pref("CT2865317.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijderd : user_pref("CT2865317.isFirstTimeToolbarLoading", "false");
Verwijderd : user_pref("CT2865317.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Verwijderd : user_pref("CT2865317.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Verwijderd : user_pref("CT2865317.lastVersion", "10.15.0.562");
Verwijderd : user_pref("CT2865317.mam_gk_appStateReportTime.enc", "MTM3MTQ5Mjc4MjU1MA==");
Verwijderd : user_pref("CT2865317.mam_gk_appState_CouponBuddy.enc", "b24=");
Verwijderd : user_pref("CT2865317.mam_gk_appState_PriceGong.enc", "b24=");
Verwijderd : user_pref("CT2865317.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w
Verwijderd : user_pref("CT2865317.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Verwijderd : user_pref("CT2865317.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGF
Verwijderd : user_pref("CT2865317.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Verwijderd : user_pref("CT2865317.mam_gk_first_time.enc", "MQ==");
Verwijderd : user_pref("CT2865317.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Verwijderd : user_pref("CT2865317.mam_gk_lastLoginTime.enc", "MTM3MTQ5Mjc3OTA1Mg==");
Verwijderd : user_pref("CT2865317.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJCZWxlaWQg
Verwijderd : user_pref("CT2865317.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Verwijderd : user_pref("CT2865317.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd
Verwijderd : user_pref("CT2865317.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd
Verwijderd : user_pref("CT2865317.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd
Verwijderd : user_pref("CT2865317.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd
Verwijderd : user_pref("CT2865317.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd
Verwijderd : user_pref("CT2865317.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Verwijderd : user_pref("CT2865317.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Verwijderd : user_pref("CT2865317.mam_gk_userId.enc", "MmZjNThmYzUtNmVmNS00ZDJjLWJiZWQtOTcxNjlhMTRhZWI4");
Verwijderd : user_pref("CT2865317.mam_gk_user_apps_selection.enc", "");
Verwijderd : user_pref("CT2865317.migrateAppsAndComponents", true);
Verwijderd : user_pref("CT2865317.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%
Verwijderd : user_pref("CT2865317.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Verwijderd : user_pref("CT2865317.openThankYouPage", "true");
Verwijderd : user_pref("CT2865317.openUninstallPage", "false");
Verwijderd : user_pref("CT2865317.price-gong.isManagedApp", "true");
Verwijderd : user_pref("CT2865317.revertSettingsEnabled", "false");
Verwijderd : user_pref("CT2865317.search.searchAppId", "129363015615338104");
Verwijderd : user_pref("CT2865317.search.searchCount", "0");
Verwijderd : user_pref("CT2865317.searchInNewTabEnabledByUser", "false");
Verwijderd : user_pref("CT2865317.searchInNewTabEnabledInHidden", "true");
Verwijderd : user_pref("CT2865317.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijderd : user_pref("CT2865317.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d
Verwijderd : user_pref("CT2865317.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\
Verwijderd : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d
Verwijderd : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin
Verwijderd : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin
Verwijderd : user_pref("CT2865317.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data
Verwijderd : user_pref("CT2865317.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1371492961016");
Verwijderd : user_pref("CT2865317.serviceLayer_services_appsMetadata_lastUpdate", "1371492961027");
Verwijderd : user_pref("CT2865317.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1371492961145");
Verwijderd : user_pref("CT2865317.serviceLayer_services_location_lastUpdate", "1371492962373");
Verwijderd : user_pref("CT2865317.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364815770345");
Verwijderd : user_pref("CT2865317.serviceLayer_services_login_10.14.42.7_lastUpdate", "1363633737159");
Verwijderd : user_pref("CT2865317.serviceLayer_services_login_10.15.0.562_lastUpdate", "1371492960879");
Verwijderd : user_pref("CT2865317.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1371492961262");
Verwijderd : user_pref("CT2865317.serviceLayer_services_searchAPI_lastUpdate", "1371492962364");
Verwijderd : user_pref("CT2865317.serviceLayer_services_serviceMap_lastUpdate", "1371492956594");
Verwijderd : user_pref("CT2865317.serviceLayer_services_toolbarContextMenu_lastUpdate", "1371492961039");
Verwijderd : user_pref("CT2865317.serviceLayer_services_toolbarSettings_lastUpdate", "1371492961615");
Verwijderd : user_pref("CT2865317.serviceLayer_services_translation_lastUpdate", "1371492960979");
Verwijderd : user_pref("CT2865317.settingsINI", true);
Verwijderd : user_pref("CT2865317.shouldFirstTimeDialog", "false");
Verwijderd : user_pref("CT2865317.showToolbarPermission", "false");
Verwijderd : user_pref("CT2865317.smartbar.CTID", "CT2865317");
Verwijderd : user_pref("CT2865317.smartbar.Uninstall", "0");
Verwijderd : user_pref("CT2865317.smartbar.toolbarName", "uTorrentBar_NL ");
Verwijderd : user_pref("CT2865317.startPage", "false");
Verwijderd : user_pref("CT2865317.toolbarBornServerTime", "6-3-2013");
Verwijderd : user_pref("CT2865317.toolbarCurrentServerTime", "17-6-2013");
Verwijderd : user_pref("CT2865317.toolbarLoginClientTime", "Wed Mar 20 2013 00:13:44 GMT+0100");
Verwijderd : user_pref("CT2865317.url_history0001.enc", "aHR0cDovL3d3dy5iZWF1dHlub2xkZXJ3b3VkLm5sLzo6OmNsaWNraGFu
Verwijderd : user_pref("CT2865317_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"
Verwijderd : user_pref("ct2865317.UserID", "UN67372390139992771");
Verwijderd : user_pref("smartbar.machineId", "AEI/NOVHTVV9HTDZBCXJMIKCIWF41XSTI5EPFBJHVCHO20IUOVEFUV2VKXDTLF5D0YO

-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

File : C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[S1].txt - [15803 octets] - [30/07/2013 00:08:38]

########## EOF - C:\AdwCleaner[S1].txt - [15864 octets] ##########

Stap 3, de inhoud van DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16496 BrowserJavaVersion: 10.7.2
Run by W7 at 0:29:20 on 2013-07-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3710.2221 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.kpnvandaag.nl/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {95324e44-4b0a-47a9-8f77-9c6415e51c29} - <orphaned>
uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{07000A18-84FE-46C8-A63A-1B674A90AE3D} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{07000A18-84FE-46C8-A63A-1B674A90AE3D}\4656D696261627472756E637 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{2F5A9128-446E-442F-A03F-4561886BBD03} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{3F0889FA-47E8-4C10-89FE-06F4BA4A4385} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{66037489-544E-44FD-BD37-3521170040A0} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{66037489-544E-44FD-BD37-3521170040A0}\4586F6D637F6E6332433832454 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{66037489-544E-44FD-BD37-3521170040A0}\4656D696261627472756E637 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{7ED53C43-E5FA-41C6-8DD8-A48799B8F482} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{D2902558-8DCF-431F-B636-ACA9D99D7D05} : DHCPNameServer = 192.168.2.254
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {60677965-AB8B-464F-9B04-4BA871A2F17F} - hxxps://tobias.edutopics.nl/Main_Financien/Reserved.ReportViewerWebPart.axd?ReportSession=znijmcytnzju4sqrzibmzruc&ControlID=bb86c5221a0d4bcf83 fd8f52e5b58427&Culture=1043&UICulture=1043&ReportStack=1&OpType=PrintCab&Arch=X64
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-10-1 302120]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2010-11-1 38144]
R2 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2010-11-1 62080]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-10 13592]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-7-12 171176]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-17 2984832]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-10 2656536]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-17 344680]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-4-3 58536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2009-11-16 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2009-11-16 42192]
S3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-10 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-10 208896]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-12 1255736]
.
=============== Created Last 30 ================
.
2013-07-22 23:07:37 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-22 23:07:37 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-22 23:07:37 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-22 23:07:37 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-22 23:07:37 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-22 23:07:37 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-22 23:07:37 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-22 23:07:31 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-22 23:07:31 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-22 23:06:54 1545728 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-22 23:06:54 1077760 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-22 20:40:23 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-22 20:40:23 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-22 20:40:23 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-22 20:40:22 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-22 20:40:22 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-22 20:39:21 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-22 20:39:21 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-22 20:39:06 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-22 20:20:56 -------- d--h--w- C:\$AVG
2013-07-17 09:26:33 -------- d-----w- C:\Program Files (x86)\RoosRoos Loon 2013
2013-07-09 13:40:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-03 07:56:26 -------- d-----w- C:\Program Files (x86)\SafeSaver
2013-07-03 07:54:58 -------- d-----w- C:\ProgramData\StarApp
2013-07-03 07:54:11 -------- d-----w- C:\ProgramData\InstallMate
.
==================== Find3M ====================
.
2013-07-23 21:24:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-23 21:24:44 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-29 05:43:16 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-29 05:35:44 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-29 05:34:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-29 05:29:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-29 05:29:02 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-29 05:25:09 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-29 01:50:14 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 0:29:59,43 ===============

En nu stap 4, Checkup.txt:

Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 22
Java(TM) 6 Update 32
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox 15.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

De volgende tools mag je eerst updaten, hoe je dit precies doet staat aangegeven in de links:
.

• Java
• Adobe Reader (Vergeet niet om de gratis Google Tool Bar uit te vinken voor je installeert !)
  
  

.
Je PC herstarten hierna.

---

Update je Firefox.

---

Download of Update Ccleaner

Start CCleaner op.

• Run Ccleaner en klik in de linkse kolom op Opties
• Selecteer het tabblad Geavanceerd
• Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
• Haal het vinkje weg voor Verwijder alleen bestanden in de Prullenbak die ouder zijn dan 24 uur
• Selecteer het tabblad Instellingen
• Haal het vinkje weg bij "Computer automatisch schoonmaken...."
• Klik in de linkse kolom op Cleaner.
• Klik dan achtereenvolgens op Analyseer en Schoonmaken.
• Klik vervolgens in de linkse kolom op Register
• Klik op Scan naar problemen.
• Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK

---

Plaatst een verse log van Security Check.

Wilt het lukken?

Ja zeker, had wat problemen met het updaten van Mozilla, maar het is gelukt, ben nu bij de volgende stap: CCleaner

Mooi zo

Hier de verse Security Check, al begrijp ik niet dat Adobe Reader niet up to date is.

Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

Post eens een verse DDS log en post de ATTACHED.txt als bijlage.

De laatste Adobe is 11.0.3
Je moet wel eerst 11.0.0 installeren en daarna deze upgraden naar 11.0.3.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16496 BrowserJavaVersion: 10.25.2
Run by W7 at 9:48:02 on 2013-07-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3710.1962 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.kpnvandaag.nl/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {95324e44-4b0a-47a9-8f77-9c6415e51c29} - <orphaned>
uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{07000A18-84FE-46C8-A63A-1B674A90AE3D} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{07000A18-84FE-46C8-A63A-1B674A90AE3D}\4656D696261627472756E637 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{2F5A9128-446E-442F-A03F-4561886BBD03} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{3F0889FA-47E8-4C10-89FE-06F4BA4A4385} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{66037489-544E-44FD-BD37-3521170040A0} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{66037489-544E-44FD-BD37-3521170040A0}\4586F6D637F6E6332433832454 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{66037489-544E-44FD-BD37-3521170040A0}\4656D696261627472756E637 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{7ED53C43-E5FA-41C6-8DD8-A48799B8F482} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{D2902558-8DCF-431F-B636-ACA9D99D7D05} : DHCPNameServer = 192.168.2.254
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {60677965-AB8B-464F-9B04-4BA871A2F17F} - hxxps://tobias.edutopics.nl/Main_Financien/Reserved.ReportViewerWebPart.axd?ReportSession=znijmcytnzju4sqrzibmzruc&ControlID=bb86c5221a0d4bcf83 fd8f52e5b58427&Culture=1043&UICulture=1043&ReportStack=1&OpType=PrintCab&Arch=X64
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\jbee1n07.default-1375229200611\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\W7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\Picasa3\npPicasa3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-10-1 302120]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2010-11-1 38144]
R2 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2010-11-1 62080]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-17 344680]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-4-3 58536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2009-11-16 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2009-11-16 42192]
S3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-10 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-10 208896]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2013-07-30 23:31:33 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-30 23:25:01 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-22 23:07:37 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-22 23:07:37 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-22 23:07:37 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-22 23:07:37 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-22 23:07:37 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-22 23:07:37 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-22 23:07:37 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-22 23:07:31 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-22 23:07:31 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-22 23:06:54 1545728 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-22 23:06:54 1077760 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-22 20:40:23 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-22 20:40:23 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-22 20:40:23 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-22 20:40:22 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-22 20:40:22 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-22 20:39:21 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-22 20:39:21 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-22 20:39:06 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-22 20:20:56 -------- d--h--w- C:\$AVG
2013-07-19 23:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-19 23:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-19 23:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-19 23:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-17 09:26:33 -------- d-----w- C:\Program Files (x86)\RoosRoos Loon 2013
2013-07-09 23:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-07-09 13:40:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-03 07:56:26 -------- d-----w- C:\Program Files (x86)\SafeSaver
2013-07-03 07:54:58 -------- d-----w- C:\ProgramData\StarApp
2013-07-03 07:54:11 -------- d-----w- C:\ProgramData\InstallMate
.
==================== Find3M ====================
.
2013-07-30 23:31:22 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-07-30 23:31:22 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-07-30 23:24:49 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-07-30 23:24:49 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-23 21:24:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-23 21:24:44 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-30 23:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-05-29 05:43:16 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-29 05:35:44 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-29 05:34:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-29 05:29:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-29 05:29:02 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-29 05:25:09 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-29 01:50:14 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 9:49:58,71 ===============



attach.txt

Prima



Download TFC en sla deze op je Bureaublad op.

• Dubbelklik op TFC.exe om het programma te openen.
• Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
• Klik op de knop Start om het programma te starten.
• Als het programma klaar is, dan zal het je computer opnieuw opstarten.
  Als dit niet gebeurt, start dan je computer handmatig opnieuw op.

_____________________________________________________________

Download Combofix en plaats het op je bureaublad.

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.


Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Deze kan je vinden als C:\combofix.txt.

Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

* OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.

• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
• Illegal operation attempted on a registry key that has been marked for deletion.

ComboFix 13-07-31.02 - W7 31-07-2013 21:45:26.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3710.2512 [GMT 2:00]
Gestart vanuit: c:\users\W7\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\W7\AppData\Roaming\Okupav
c:\users\W7\AppData\Roaming\Okupav\qyefa.syh
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-06-28 to 2013-07-31 ))))))))))))))))))))))))))))))
.
.
2013-07-31 19:54 . 2013-07-31 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-30 23:31 . 2013-07-30 23:31 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-30 23:31 . 2013-07-30 23:31 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-30 23:31 . 2013-07-30 23:31 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-30 23:31 . 2013-07-30 23:31 188840 ----a-w- c:\windows\system32\java.exe
2013-07-30 23:25 . 2013-07-30 23:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-07-30 23:25 . 2013-07-30 23:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-30 23:24 . 2013-07-30 23:24 -------- d-----w- c:\program files (x86)\Java
2013-07-22 23:07 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-22 23:07 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-22 23:07 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-22 23:07 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-22 23:07 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-22 23:07 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-22 23:07 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-22 23:07 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-22 23:07 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-22 23:06 . 2013-04-10 05:45 1545728 ----a-w- c:\windows\system32\DWrite.dll
2013-07-22 23:06 . 2013-04-10 05:02 1077760 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-22 20:40 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-22 20:40 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-22 20:40 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-22 20:40 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-22 20:40 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-22 20:39 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-22 20:39 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-22 20:39 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-22 20:20 . 2013-07-31 07:03 -------- d-----w- C:\$AVG
2013-07-19 23:51 . 2013-07-19 23:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-19 23:50 . 2013-07-19 23:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-19 23:50 . 2013-07-19 23:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-19 23:50 . 2013-07-19 23:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-17 09:26 . 2013-07-17 09:26 -------- d-----w- c:\program files (x86)\RoosRoos Loon 2013
2013-07-09 23:32 . 2013-07-09 23:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-09 13:40 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-03 08:14 . 2013-07-03 08:51 -------- d-----w- c:\users\W7\AppData\Roaming\Audacity
2013-07-03 07:56 . 2013-07-09 14:15 -------- d-----w- c:\program files (x86)\SafeSaver
2013-07-03 07:54 . 2013-07-03 07:54 -------- d-----w- c:\programdata\StarApp
2013-07-03 07:54 . 2013-07-03 07:56 -------- d-----w- c:\programdata\InstallMate
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-30 23:31 . 2012-10-01 10:46 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-30 23:31 . 2012-10-01 10:46 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-30 23:24 . 2012-06-01 06:54 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-30 23:24 . 2011-12-17 09:48 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-23 21:24 . 2012-06-25 12:03 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-23 21:24 . 2011-12-17 09:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-22 20:54 . 2011-07-12 14:57 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-30 23:45 . 2013-06-30 23:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-05-17 04:50 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2013-03-08 367016]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\dr ivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys;c:\windows\SYSNATIVE\drivers\mv91xx.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS \avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S2 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2013-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 21:24]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-18 10:17]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-18 10:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.kpnvandaag.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\jbee1n07.default-1375229200611\
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{95324e44-4b0a-47a9-8f77-9c6415e51c29} - (no file)
URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-634450995-3655590467-1663320118-1000\Software\SecuROM\License information*]
"datasecu"=hex:79,20,af,54,6b,6f,6b,34,b7,47,8f,f2,ad,e3,82,3a,ef,36,27,d8,ab,
44,7d,72,4e,3d,99,b2,70,33,5d,c2,50,f5,44,e7,11,a9,4a,ad,ca,cf,4a,c8,a1,de,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-07-31 21:57:59
ComboFix-quarantined-files.txt 2013-07-31 19:57
.
Pre-Run: 147.089.068.032 bytes beschikbaar
Post-Run: 146.930.507.776 bytes beschikbaar
.
- - End Of File - - 6E12853F08DAB19E7B673CF97C2D0C98
A36C5E4F47E84449FF07ED3517B43A31


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16496 BrowserJavaVersion: 10.25.2
Run by W7 at 22:02:06 on 2013-07-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3710.2231 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.kpnvandaag.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{07000A18-84FE-46C8-A63A-1B674A90AE3D} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{07000A18-84FE-46C8-A63A-1B674A90AE3D}\4656D696261627472756E637 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{2F5A9128-446E-442F-A03F-4561886BBD03} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{3F0889FA-47E8-4C10-89FE-06F4BA4A4385} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{66037489-544E-44FD-BD37-3521170040A0} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{66037489-544E-44FD-BD37-3521170040A0}\4586F6D637F6E6332433832454 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{66037489-544E-44FD-BD37-3521170040A0}\4656D696261627472756E637 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{7ED53C43-E5FA-41C6-8DD8-A48799B8F482} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{D2902558-8DCF-431F-B636-ACA9D99D7D05} : DHCPNameServer = 192.168.2.254
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {60677965-AB8B-464F-9B04-4BA871A2F17F} - hxxps://tobias.edutopics.nl/Main_Financien/Reserved.ReportViewerWebPart.axd?ReportSession=znijmcytnzju4sqrzibmzruc&ControlID=bb86c5221a0d4bcf83 fd8f52e5b58427&Culture=1043&UICulture=1043&ReportStack=1&OpType=PrintCab&Arch=X64
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\jbee1n07.default-1375229200611\
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-10-1 302120]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2010-11-1 38144]
R2 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2010-11-1 62080]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-10 13592]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-7-12 171176]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-17 2984832]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-10 2656536]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-17 344680]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-4-3 58536]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2009-11-16 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2009-11-16 42192]
S3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-10 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-10 208896]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-12 1255736]
.
=============== Created Last 30 ================
.
2013-07-31 19:23:51 98816 ----a-w- C:\Windows\sed.exe
2013-07-31 19:23:51 256000 ----a-w- C:\Windows\PEV.exe
2013-07-31 19:23:51 208896 ----a-w- C:\Windows\MBR.exe
2013-07-30 23:31:33 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-30 23:25:01 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-22 23:07:37 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-22 23:07:37 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-22 23:07:37 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-22 23:07:37 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-22 23:07:37 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-22 23:07:37 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-22 23:07:37 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-22 23:07:31 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-22 23:07:31 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-22 23:06:54 1545728 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-22 23:06:54 1077760 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-22 20:40:23 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-22 20:40:23 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-22 20:40:23 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-22 20:40:22 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-22 20:40:22 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-22 20:39:21 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-22 20:39:21 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-22 20:39:06 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-22 20:20:56 -------- d-----w- C:\$AVG
2013-07-19 23:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-19 23:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-19 23:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-19 23:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-17 09:26:33 -------- d-----w- C:\Program Files (x86)\RoosRoos Loon 2013
2013-07-09 23:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-07-09 13:40:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-03 07:56:26 -------- d-----w- C:\Program Files (x86)\SafeSaver
2013-07-03 07:54:58 -------- d-----w- C:\ProgramData\StarApp
2013-07-03 07:54:11 -------- d-----w- C:\ProgramData\InstallMate
.
==================== Find3M ====================
.
2013-07-30 23:31:22 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-07-30 23:31:22 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-07-30 23:24:49 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-07-30 23:24:49 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-23 21:24:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-23 21:24:44 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-30 23:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-05-29 05:43:16 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-29 05:35:44 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-29 05:34:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-29 05:29:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-29 05:29:02 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-29 05:25:09 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-29 01:50:14 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 22:02:28,04 ===============