Mededeling

Collapse
No announcement yet.

Win7 Start alleen nog met F8 op MBAM geeft 51 meldingen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Win7 Start alleen nog met F8 op MBAM geeft 51 meldingen

    Na opstart van de laptop blijft het scherm zwart alleen de muis cursorverschijnt.
    Met F8 in veilige modus, of met systeem fouten controle start win 7 wel op.
    Na het lezen van verschillende topics,heb ik deze tools al gedownload en installeerd in de deze volgorde.

    Hopende dat iemand me verder kan en wil helpen. met deze informatie.
    B.V.D Patricia


    Stap 1: uitschakelen van emulatiesoftware



    Stap 2: scannen op malware met Malwarebytes Anti-Malware

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.07.30.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16635
    grapjes :: GRAPJES-PC [administrator]

    30-7-2013 13:32:10
    mbam-log-2013-07-30 (13-32-10).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 215983
    Verstreken tijd: 3 minuut/minuten, 19 seconde(n)

    Geheugenprocessen gedetecteerd: 1
    C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr) -> 1412 -> Zal worden verwijderd tijdens het herstarten.

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 15
    HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\wajam.WajamBHO (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SYSTEM\CurrentControlSet\Services\SrvUpdater (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr) -> Data: C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SYSTEM\CurrentControlSet\Services\SrvUpdater|ImagePath (PUP.Optional.SoftwareUpdater.A) -> Data: C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 9
    C:\Program Files (x86)\DealPly (PUP.Optional.DealPly) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\grapjes\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\SoftwareUpdater (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\grapjes\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\grapjes\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 24
    C:\Program Files (x86)\Wajam\IE\priam_bho.dll (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\DealPly\DealPly.crx (PUP.Optional.DealPly) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\DealPly\DealPly.xpi (PUP.Optional.DealPly) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\grapjes\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\SoftwareUpdater\KeyGen.dll (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe.config (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\SoftwareUpdater\config.xml (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\SoftwareUpdater\Interop.Shell32.dll (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\SoftwareUpdater\translations.xml (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\SoftwareUpdater\uninstall.exe (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr) -> Zal worden verwijderd tijdens het herstarten.
    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\grapjes\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)

    Stap 3: maak een DDS-logbestand

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
    Run by grapjes at 13:52:37 on 2013-07-30
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4000.3225 [GMT 2:00]
    .
    AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
    SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe
    D:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.bing.com/search?q={searchTerms}
    uSearch Page = hxxp://www.bing.com/search?q={searchTerms}
    uDefault_Page_URL = hxxp://asus.msn.com
    uDefault_Search_URL = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    mSearch Page = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com
    uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
    uURLSearchHooks: <No Name>: {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Toolbar BHO: {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
    BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
    BHO: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Search Assistant BHO: {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HomeTab: {e18b913b-dd1e-4df9-8985-622ccacee799} - C:\Users\grapjes\AppData\Roaming\HomeTab\HomeTab.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: VideoDownloadConverter: {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
    TB: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
    TB: HomeTab: {e18b913b-dd1e-4df9-8985-622ccacee799} - C:\Users\grapjes\AppData\Roaming\HomeTab\HomeTab.dll
    TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    TB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
    mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
    mRun: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [PSUAMain] "D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
    uPolicies-Explorer: NoDriveAutoRun = dword:0
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {a39a8780-f414-42de-af33-5d1e0b0328c2} - {e18b913b-dd1e-4df9-8985-622ccacee799}
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/Select/asusTek_sys_ctrl3.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{A1082F0E-F703-4BE6-9AA9-1D8C11A6BDF4}\14256573531393544353235433 : DHCPNameServer = 192.168.2.254
    TCP: Interfaces\{F82CDCC4-24FA-463C-B71B-6FD7C7708995} : DHCPNameServer = 212.54.40.25 212.54.35.25
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~3\wincert\win32c~1.dll c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll
    x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
    x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rls=org.mozilla:en-USfficial&client=firefox-a&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\grapjes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-07-01 17:42; [email protected]; C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\extensions\[email protected]
    FF - ExtSQL: 2013-07-13 21:54; [email protected]; C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\extensions\[email protected] com.xpi
    FF - ExtSQL: !HIDDEN! 2013-05-27 19:59; [email protected]_4z.com; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2013-5-7 36584]
    R2 NanoServiceMain;Panda Cloud Antivirus Service;D:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-5-28 140768]
    R2 PSUAService;Panda Product Service;D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-5-28 37344]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-23 130024]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-23 395752]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-5 76912]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-5-15 1838656]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    S1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2013-5-29 91368]
    S1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2013-5-29 122088]
    S1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-5-29 109288]
    S1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2013-5-29 114920]
    S1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2013-5-29 95464]
    S1 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2013-5-29 69864]
    S1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2013-5-29 119016]
    S1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2013-5-29 305896]
    S1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2013-5-29 118504]
    S1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2013-5-29 114920]
    S1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2013-5-29 246504]
    S1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2013-5-29 106216]
    S1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2013-5-28 205544]
    S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-5-15 379520]
    S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
    S2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-17 277120]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
    S2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2013-5-28 168680]
    S2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2013-5-28 122088]
    S2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2013-5-28 124648]
    S2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2013-5-29 137448]
    S2 SkypeUpdate;Skype Updater;D:\software instal\Skype\Updater\Updater.exe [2013-6-21 162408]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-15 2656280]
    S2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-4-20 23552]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-2-12 57856]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-5 317440]
    S3 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2013-5-28 105704]
    S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2013-7-30 58808]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-4 30208]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-29 1255736]
    S4 VideoDownloadConverter_4zService;VideoDownloadConverterService;C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbars vc.exe [2013-5-27 42504]
    .
    =============== Created Last 30 ================
    .
    2013-07-30 11:34:27 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AACE542-017A-49F6-9738-B5FB6EF508CC}\offreg.dll
    2013-07-30 11:25:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-07-30 10:11:45 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-07-30 10:11:41 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AACE542-017A-49F6-9738-B5FB6EF508CC}\mpengine.dll
    2013-07-30 10:08:38 58808 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
    2013-07-28 21:43:31 -------- d-----w- C:\Windows\System32\MRT
    2013-07-28 14:55:12 -------- d-----w- C:\Users\grapjes\AppData\Local\VS Revo Group
    2013-07-28 10:01:40 -------- d-----w- C:\Users\grapjes\AppData\Roaming\temp
    2013-07-28 09:37:28 -------- d-sh--w- C:\aws
    2013-07-28 09:37:18 -------- d-----w- C:\Asus WebStorage
    2013-07-28 08:33:12 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2013-07-28 08:08:57 -------- d-----w- C:\Users\grapjes\AppData\Roaming\Panda Security
    2013-07-28 08:07:38 -------- d-----w- C:\ProgramData\Panda Security
    2013-07-28 00:48:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-28 00:19:19 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
    2013-07-28 00:19:18 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
    2013-07-28 00:19:18 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
    2013-07-28 00:19:17 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
    2013-07-28 00:19:16 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
    2013-07-28 00:00:41 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-07-24 06:41:50 624128 ----a-w- C:\Windows\System32\qedit.dll
    2013-07-24 06:41:50 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2013-07-24 06:23:01 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-07-24 06:22:40 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2013-07-24 06:22:40 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2013-07-24 06:22:39 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-24 06:22:35 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2013-07-24 06:22:35 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2013-07-23 18:20:42 -------- d-----w- C:\Windows\pss
    2013-07-20 18:51:23 -------- d-----w- C:\Users\grapjes\temp
    2013-07-20 18:51:22 -------- d-----w- C:\Users\grapjes\AppData\Roaming\TeamViewer
    2013-07-20 05:44:34 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-19 08:13:17 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
    2013-07-19 08:13:16 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
    2013-07-17 17:43:56 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-14 10:19:49 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-07-02 17:27:23 -------- d-----w- C:\Users\grapjes\SyncFolder
    2013-07-02 16:42:43 -------- d-----w- C:\Program Files (x86)\MyPC Backup
    2013-07-01 15:42:33 -------- d-----w- C:\ProgramData\AskPartnerNetwork
    2013-07-01 15:42:33 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
    2013-07-01 15:42:23 -------- d-----w- C:\ProgramData\APN
    .
    ==================== Find3M ====================
    .
    2013-07-30 11:23:20 380 ----a-w- C:\Users\grapjes\AppData\Roaming\sp_data.sys
    2013-07-28 00:48:18 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-07-28 00:48:18 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-07-28 00:06:59 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-06-14 18:44:34 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-14 18:44:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-29 15:16:45 137448 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
    2013-05-29 03:55:24 246504 ----a-w- C:\Windows\System32\drivers\NNSStrm.sys
    2013-05-29 03:55:24 106216 ----a-w- C:\Windows\System32\drivers\NNStlsc.sys
    2013-05-29 03:55:23 118504 ----a-w- C:\Windows\System32\drivers\NNSPrv.sys
    2013-05-29 03:55:23 114920 ----a-w- C:\Windows\System32\drivers\NNSSmtp.sys
    2013-05-29 03:55:22 69864 ----a-w- C:\Windows\System32\drivers\NNSPihsw.sys
    2013-05-29 03:55:22 305896 ----a-w- C:\Windows\System32\drivers\NNSProt.sys
    2013-05-29 03:55:22 119016 ----a-w- C:\Windows\System32\drivers\NNSPop3.sys
    2013-05-29 03:55:21 95464 ----a-w- C:\Windows\System32\drivers\NNSpicc.sys
    2013-05-29 03:55:21 114920 ----a-w- C:\Windows\System32\drivers\NNSIds.sys
    2013-05-29 03:55:21 109288 ----a-w- C:\Windows\System32\drivers\NNSHttps.sys
    2013-05-29 03:55:20 91368 ----a-w- C:\Windows\System32\drivers\NNSAlpc.sys
    2013-05-29 03:55:20 122088 ----a-w- C:\Windows\System32\drivers\NNSHttp.sys
    2013-05-28 09:25:41 105704 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
    2013-05-28 09:25:40 205544 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
    2013-05-28 09:25:40 124648 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
    2013-05-28 09:25:05 122088 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
    2013-05-28 09:25:04 168680 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
    2013-05-17 03:02:53 1346560 ----a-w- C:\Windows\System32\urlmon(217).dll
    2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript(203).dll
    2013-05-16 22:49:25 9738752 ----a-w- C:\Windows\SysWow64\ieframe(204).dll
    2013-05-16 22:28:40 1104384 ----a-w- C:\Windows\SysWow64\urlmon(222).dll
    2013-05-16 22:17:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil(205).dll
    2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
    2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
    2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
    2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
    2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-05-07 12:29:42 36584 ----a-w- C:\Windows\System32\drivers\NNSNAHSL.sys
    2013-05-06 00:48:20 17408 ----a-w- C:\Windows\Launcher.exe
    2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 13:53:50,35 ===============

    Stap 4: scannen op rootkits met GMER

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-07-30 14:20:14
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 298,09GB
    Running: jof7ymo7.exe; Driver: C:\Users\grapjes\AppData\Local\Temp\kwtirfoc.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800029a3000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 606 fffff800029a302e 17 bytes [CD, 01, 00, 00, 00, 00, 00, ...]

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{F82CDCC4-24FA-463C-B71B-6FD7C7708995}@LeaseObtainedTime 1375184557
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{F82CDCC4-24FA-463C-B71B-6FD7C7708995}@T1 1375186357
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{F82CDCC4-24FA-463C-B71B-6FD7C7708995}@T2 1375187707
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{F82CDCC4-24FA-463C-B71B-6FD7C7708995}@LeaseTerminatesTime 1375188157
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)

    ---- EOF - GMER 2.1 ----

  • #2
    Stap 5 helemaal vergeten

    Stap 5: scannen met AdwCleaner

    # AdwCleaner v2.306 - Verslag gemaakt op 30/07/2013 om 14:50:31
    # Geactualiseerd op 19/07/2013 door Xplode
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Gebruiker : grapjes - GRAPJES-PC
    # Opstarten Modus : Veillige modus met netwerk
    # Gelanceerd vanaf : F:\AdwCleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****

    Gestopt & Verwijdert : VideoDownloadConverter_4zService
    Gestopt & Verwijdert : Yontoo Desktop Updater

    ***** [Files / Mappen] *****

    File Verwijderd : C:\END
    File Verwijderd : C:\Users\grapjes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojcgaoafcmbadjkfdippkdddgkeaipbn_0.localstorage
    File Verwijderd : C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\bprotector_extensions.sql ite
    File Verwijderd : C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\extensions\[email protected] com.xpi
    File Verwijderd : C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\searchplugins\ask-search.xml
    Map Verwijderd : C:\Program Files (x86)\AskPartnerNetwork
    Map Verwijderd : C:\Program Files (x86)\Browser Updater
    Map Verwijderd : C:\Program Files (x86)\FantastiGames
    Map Verwijderd : C:\Program Files (x86)\HomeTab
    Map Verwijderd : C:\Program Files (x86)\Protected Search
    Map Verwijderd : C:\Program Files (x86)\Search Results Toolbar
    Map Verwijderd : C:\Program Files (x86)\VideoDownloadConverter_4z
    Map Verwijderd : C:\Program Files (x86)\Wajam
    Map Verwijderd : C:\Program Files (x86)\Yontoo
    Map Verwijderd : C:\ProgramData\APN
    Map Verwijderd : C:\ProgramData\AskPartnerNetwork
    Map Verwijderd : C:\ProgramData\Babylon
    Map Verwijderd : C:\ProgramData\boost_interprocess
    Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeTab
    Map Verwijderd : C:\Users\grapjes\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Map Verwijderd : C:\Users\grapjes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn
    Map Verwijderd : C:\Users\grapjes\AppData\Local\iac
    Map Verwijderd : C:\Users\grapjes\AppData\Local\Smartbar
    Map Verwijderd : C:\Users\grapjes\AppData\Local\VideoDownloadConverter_4z
    Map Verwijderd : C:\Users\grapjes\AppData\LocalLow\BabylonToolbar
    Map Verwijderd : C:\Users\grapjes\AppData\LocalLow\HomeTab
    Map Verwijderd : C:\Users\grapjes\AppData\LocalLow\iac
    Map Verwijderd : C:\Users\grapjes\AppData\LocalLow\SimplyTech
    Map Verwijderd : C:\Users\grapjes\AppData\LocalLow\VideoDownloadConverter_4z
    Map Verwijderd : C:\Users\grapjes\AppData\Roaming\HomeTab
    Map Verwijderd : C:\Users\grapjes\AppData\Roaming\iWin
    Map Verwijderd : C:\Users\grapjes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
    Map Verwijderd : C:\Users\grapjes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
    Map Verwijderd : C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\extensions\[email protected] DownloadConverter_4z.com
    Map Verwijderd : C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\extensions\[email protected] hopping.com
    Map Verwijderd : C:\Users\grapjes\AppData\Roaming\SimplyTech
    Map Verwijderd : C:\Users\grapjes\AppData\Roaming\Yontoo

    ***** [Register] *****

    Data Verwijderd : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
    Data Verwijderd : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
    Data Verwijderd : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~3\Wincert\WIN64C~1.DLL
    Data Verwijderd : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll
    Data Verwijderd : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
    Data Verwijderd : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\wincert\win32c~1.dll
    Sleutel Verwijderd : HKCU\Software\APN DTX
    Sleutel Verwijderd : HKCU\Software\DataMngr
    Sleutel Verwijderd : HKCU\Software\DataMngr_Toolbar
    Sleutel Verwijderd : HKCU\Software\HomeTab
    Sleutel Verwijderd : HKCU\Software\ilivid
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Sleutel Verwijderd : HKCU\Software\SmartBar
    Sleutel Verwijderd : HKCU\Software\Softonic
    Sleutel Verwijderd : HKCU\Software\Wajam
    Sleutel Verwijderd : HKCU\Software\5b6d68ce06ebe41
    Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Sleutel Verwijderd : HKLM\Software\Babylon
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\IESmartBar.BHO
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wtb.Band
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wtb.Band.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wtb.NotificationSource
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Sleutel Verwijderd : HKLM\Software\Conduit
    Sleutel Verwijderd : HKLM\Software\DataMngr
    Sleutel Verwijderd : HKLM\Software\iLividSRTB
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
    Sleutel Verwijderd : HKLM\Software\SoftwareUpdater
    Sleutel Verwijderd : HKLM\Software\systweak
    Sleutel Verwijderd : HKLM\Software\Wajam
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\5b6d68ce06ebe41
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
    Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
    Sleutel Verwijderd : HKLM\SOFTWARE\DataMngr
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Sleutel Verwijderd : HKLM\SOFTWARE\Tarma Installer
    Sleutel Verwijderd : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]
    Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter Search Scope Monitor]
    Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader]
    Waarde Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{377E5D4D-77E5-476A-8716-7E70A9272DA0}]
    Waarde Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Waarde Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Waarde Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
    Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

    ***** [Browsers] *****

    -\\ Internet Explorer v10.0.9200.16635

    Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=42348&tid=3644&ver=2.8&ts=1368050516437&tguid=42348-3644-1368050516437-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q= --> hxxp://www.google.com
    Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=42348&tid=3644&ver=2.8&ts=1368050516437&tguid=42348-3644-1368050516437-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q= --> hxxp://www.google.com
    Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=42348&tid=3644&ver=2.8&ts=1368050516437&tguid=42348-3644-1368050516437-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q= --> hxxp://www.google.com
    Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=42348&tid=3644&ver=2.8&ts=1368050516437&tguid=42348-3644-1368050516437-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q= --> hxxp://www.google.com
    Vervangen : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=42348&st=bs&tid=3644&ver=2.8&ts=1368050516437&tguid=42348-3644-1368050516437-D41D8CD98F00B204E9800998ECF8427E&q=%s --> hxxp://www.google.com
    Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=42348&st=bs&tid=3644&ver=2.8&ts=1368050516437&tguid=42348-3644-1368050516437-D41D8CD98F00B204E9800998ECF8427E&q=%s --> hxxp://www.google.com

    -\\ Mozilla Firefox v22.0 (nl)

    File : C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\prefs.js

    Verwijderd : user_pref("extentions.y2layers.installId", "A450B827-1043-8A8C-A353-BCE87268A6E8");
    Verwijderd : user_pref("extentions.y2layers.installId_backup", "A450B827-1043-8A8C-A353-BCE87268A6E8");

    -\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

    File : C:\Users\grapjes\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Verwijderd [l.1] : urls_to_restore_on_startup ={"instant":{"confirm_dialog_shown":true, "enabled":true}, "sync":{"suppress_start":true}, "default_a

    *************************

    AdwCleaner[R1].txt - [43377 octets] - [30/07/2013 13:49:48]
    AdwCleaner[R2].txt - [43438 octets] - [30/07/2013 14:50:05]
    AdwCleaner[S1].txt - [28602 octets] - [30/07/2013 14:50:31]

    ########## EOF - C:\AdwCleaner[S1].txt - [28663 octets] ##########

    Comment


    • #3
      Hoi P.grap en welkom op Nucia Security Forum,

      Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
      .
      • Log enkel in als beheerder met alle rechten.
      • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
      • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
      • Volg aandachtig de instructies die door mij worden gegeven.
      • Volg enkel het door mij gegeven advies op
      • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
      • Als je iets niet weet of verstaat, vraag het dan even aub.
      • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
      • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
      • Zet je emoticons (Smileys) uit als je logs plaatst aub .
      • De logs niet als bijlage, noch tussen codetags zetten aub.

      .
      Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
      De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

      Stap 1:

      Malware scannen en verwijderen....

      Start MBAM.
      Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
      • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
      • Ga naar het tabblad "Updates" en Update MBAM.
      • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
      • Druk vervolgens op "Scannen" om de scan te starten.
      • Het scannen kan een tijdje duren, dus wees geduldig.
      • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
      • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
      • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

      Indien MBAM vraagt om een herstart, doe dit dan ook.
      Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
      In dat geval post je dus de twee logs.

      De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


      Bij problemen!!!

      ___________________________________________________________

      Stap 2:

      Controle op updates...

      Download Security Check op je bureaublad via hier of hier

      Start Security Check
      Volg de Instructies in het scherm
      Aan het eind verschijnt een log ( checkup.txt )
      Plaats de inhoud ervan in je volgende antwoord.

      In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
      .
      • MBAM
      • checkup.txt
      • DDS

      .
      Deze logs NIET als bijlage of tussen codetags posten aub.
      (Desnoods in meerdere postingen.)

      Emphyrio
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        Hallo als eerste
        Bedankt voor de snelle response. hier zijn de gevraagde logs

        Malwarebytes Anti-Malware 1.75.0.1300
        www.malwarebytes.org

        Databaseversie: v2013.07.30.05

        Windows 7 Service Pack 1 x64 NTFS
        Internet Explorer 10.0.9200.16635
        grapjes :: GRAPJES-PC [administrator]

        30-7-2013 13:32:10
        mbam-log-2013-07-30 (13-32-10).txt

        Scan type: Snelle scan
        Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
        Uitgeschakelde scan opties: P2P
        Objecten gescand: 215983
        Verstreken tijd: 3 minuut/minuten, 19 seconde(n)

        Geheugenprocessen gedetecteerd: 1
        C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr) -> 1412 -> Zal worden verwijderd tijdens het herstarten.

        Geheugenmodulen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registersleutels gedetecteerd: 15
        HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKCR\wajam.WajamBHO (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKLM\SYSTEM\CurrentControlSet\Services\SrvUpdater (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.

        Registerwaarden gedetecteerd: 2
        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr) -> Data: C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE -> Succesvol in quarantaine geplaatst en verwijderd.
        HKLM\SYSTEM\CurrentControlSet\Services\SrvUpdater|ImagePath (PUP.Optional.SoftwareUpdater.A) -> Data: C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe -> Succesvol in quarantaine geplaatst en verwijderd.

        Registerdata gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Mappen gedetecteerd: 9
        C:\Program Files (x86)\DealPly (PUP.Optional.DealPly) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Users\grapjes\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Program Files (x86)\SoftwareUpdater (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Users\grapjes\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Users\grapjes\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.

        Bestanden gedetecteerd: 24
        C:\Program Files (x86)\Wajam\IE\priam_bho.dll (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Program Files (x86)\DealPly\DealPly.crx (PUP.Optional.DealPly) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Program Files (x86)\DealPly\DealPly.xpi (PUP.Optional.DealPly) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Users\grapjes\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Program Files (x86)\SoftwareUpdater\KeyGen.dll (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe.config (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Program Files (x86)\SoftwareUpdater\config.xml (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Program Files (x86)\SoftwareUpdater\Interop.Shell32.dll (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Program Files (x86)\SoftwareUpdater\translations.xml (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Program Files (x86)\SoftwareUpdater\uninstall.exe (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe (PUP.Optional.SoftwareUpdater.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr) -> Zal worden verwijderd tijdens het herstarten.
        C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (PUP.Optional.Wajam) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\Users\grapjes\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.

        (einde)


        Results of screen317's Security Check version 0.99.71
        Windows 7 Service Pack 1 x64 (UAC is enabled)
        Internet Explorer 10
        ``````````````Antivirus/Firewall Check:``````````````
        Panda Cloud Antivirus
        WMI entry may not exist for antivirus; attempting automatic update.
        `````````Anti-malware/Other Utilities Check:`````````
        Java 7 Update 25
        Adobe Flash Player 11.7.700.224
        Adobe Reader 10.1.7 Adobe Reader out of Date!
        Mozilla Firefox (22.0)
        ````````Process Check: objlist.exe by Laurent````````
        Panda Security Panda Cloud Antivirus PSUAService.exe
        Panda Security Panda Cloud Antivirus PSANHost.exe
        Panda Security Panda Cloud Antivirus PSUAMain.exe
        `````````````````System Health check`````````````````
        Total Fragmentation on Drive C: 1%
        ````````````````````End of Log``````````````````````


        DDS (Ver_2012-11-20.01) - NTFS_AMD64
        Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
        Run by grapjes at 17:23:18 on 2013-07-30
        Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4000.2219 [GMT 2:00]
        .
        AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
        SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
        SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
        .
        ============== Running Processes ===============
        .
        C:\Windows\system32\lsm.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch
        C:\Windows\system32\svchost.exe -k RPCSS
        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        C:\Windows\system32\svchost.exe -k LocalService
        C:\Windows\system32\svchost.exe -k netsvcs
        C:\Windows\system32\svchost.exe -k GPSvcGroup
        C:\Windows\system32\svchost.exe -k NetworkService
        C:\Windows\system32\FBAgent.exe
        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
        C:\Windows\System32\spoolsv.exe
        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
        C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
        D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe
        C:\Windows\system32\svchost.exe -k imgsvc
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
        D:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
        C:\Windows\system32\taskhost.exe
        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
        C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Windows\Explorer.EXE
        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
        C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
        C:\Windows\SysWOW64\ACEngSvr.exe
        C:\Windows\system32\taskeng.exe
        C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
        C:\Windows\system32\taskeng.exe
        C:\Program Files\ASUS\P4G\BatteryLife.exe
        C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
        C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
        C:\Windows\AsScrPro.exe
        C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
        C:\Windows\System32\WUDFHost.exe
        C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
        C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
        C:\Windows\WindowsMobile\wmdc.exe
        C:\Windows\System32\igfxtray.exe
        C:\Windows\System32\hkcmd.exe
        C:\Windows\System32\igfxpers.exe
        C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
        C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
        C:\Windows\system32\svchost.exe -k WindowsMobile
        C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
        C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
        C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
        C:\Windows\system32\SearchIndexer.exe
        C:\Program Files\Windows Media Player\wmpnetwk.exe
        C:\Windows\System32\svchost.exe -k LocalServicePeerNet
        C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
        C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSService.exe
        C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
        C:\Windows\System32\svchost.exe -k secsvcs
        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
        C:\Windows\system32\wuauclt.exe
        C:\Windows\system32\svchost.exe -k SDRSVC
        C:\Program Files (x86)\Internet Explorer\IELowutil.exe
        D:\software instal\Mozilla Firefox\firefox.exe
        C:\Windows\system32\svchost.exe -k defragsvc
        C:\Windows\system32\SearchProtocolHost.exe
        C:\Windows\system32\SearchFilterHost.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Windows\System32\cscript.exe
        .
        ============== Pseudo HJT Report ===============
        .
        uSearch Bar = hxxp://www.bing.com/search?q={searchTerms}
        uSearch Page = hxxp://www.bing.com/search?q={searchTerms}
        uDefault_Page_URL = hxxp://asus.msn.com
        uDefault_Search_URL = hxxp://www.google.com
        mSearch Bar = hxxp://www.google.com
        mSearch Page = hxxp://www.google.com
        mDefault_Search_URL = hxxp://www.google.com
        uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
        mWinlogon: Userinit = userinit.exe,
        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
        BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
        BHO: HomeTab: {e18b913b-dd1e-4df9-8985-622ccacee799} -
        TB: VideoDownloadConverter: {48586425-6BB7-4F51-8DC6-38C88E3EBB58} -
        TB: HomeTab: {e18b913b-dd1e-4df9-8985-622ccacee799} -
        TB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} -
        mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
        mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
        mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
        mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
        mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
        mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
        mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
        mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
        mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
        mRun: [PSUAMain] "D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
        StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
        uPolicies-Explorer: NoDriveAutoRun = dword:0
        mPolicies-Explorer: NoActiveDesktop = dword:1
        mPolicies-Explorer: NoActiveDesktopChanges = dword:1
        mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
        mPolicies-System: ConsentPromptBehaviorUser = dword:3
        mPolicies-System: EnableUIADesktopToggle = dword:0
        IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
        IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
        IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
        IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
        IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
        IE: {a39a8780-f414-42de-af33-5d1e0b0328c2} - {e18b913b-dd1e-4df9-8985-622ccacee799}
        DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/Select/asusTek_sys_ctrl3.cab
        DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
        DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
        DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
        DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        TCP: NameServer = 212.54.40.25 212.54.35.25
        TCP: Interfaces\{A1082F0E-F703-4BE6-9AA9-1D8C11A6BDF4}\14256573531393544353235433 : DHCPNameServer = 192.168.2.254
        TCP: Interfaces\{F82CDCC4-24FA-463C-B71B-6FD7C7708995} : DHCPNameServer = 212.54.40.25 212.54.35.25
        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
        Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
        SSODL: WebCheck - <orphaned>
        x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
        x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
        x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
        x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
        x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
        x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
        x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
        x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
        x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
        x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
        x64-Notify: igfxcui - igfxdev.dll
        x64-SSODL: WebCheck - <orphaned>
        .
        ================= FIREFOX ===================
        .
        FF - ProfilePath - C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\
        FF - prefs.js: browser.search.selectedEngine - Google
        FF - prefs.js: browser.startup.homepage - about:home
        FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rls=org.mozilla:en-USfficial&client=firefox-a&q=
        FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
        FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
        FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
        FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
        FF - plugin: C:\Users\grapjes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
        FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
        FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
        FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
        FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
        FF - ExtSQL: 2013-07-01 17:42; [email protected]; C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\extensions\[email protected]
        .
        ============= SERVICES / DRIVERS ===============
        .
        R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
        R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2013-5-29 91368]
        R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2013-5-29 122088]
        R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-5-29 109288]
        R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2013-5-29 114920]
        R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2013-5-7 36584]
        R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2013-5-29 95464]
        R1 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2013-5-29 69864]
        R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2013-5-29 119016]
        R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2013-5-29 305896]
        R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2013-5-29 118504]
        R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2013-5-29 114920]
        R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2013-5-29 246504]
        R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2013-5-29 106216]
        R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2013-5-28 205544]
        R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-5-15 379520]
        R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
        R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-17 277120]
        R2 NanoServiceMain;Panda Cloud Antivirus Service;D:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-5-28 140768]
        R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2013-5-28 168680]
        R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2013-5-28 122088]
        R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2013-5-28 124648]
        R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2013-5-29 137448]
        R2 PSUAService;Panda Product Service;D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-5-28 37344]
        R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-15 2656280]
        R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-23 130024]
        R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-23 395752]
        R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-5 317440]
        R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-5 76912]
        R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-5-15 1838656]
        R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2013-7-30 58808]
        S0 PsBoot;Panda boot driver;C:\Windows\System32\drivers\PsBoot.sys [2013-7-30 37248]
        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
        S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
        S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-30 418376]
        S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-30 701512]
        S2 SkypeUpdate;Skype Updater;D:\software instal\Skype\Updater\Updater.exe [2013-6-21 162408]
        S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
        S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-2-12 57856]
        S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
        S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-30 25928]
        S3 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2013-5-28 105704]
        S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
        S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
        S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]
        S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-4 30208]
        S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-29 1255736]
        .
        =============== Created Last 30 ================
        .
        2013-07-30 13:00:58 37248 ----a-w- C:\Windows\System32\drivers\PsBoot.sys
        2013-07-30 11:34:27 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AACE542-017A-49F6-9738-B5FB6EF508CC}\offreg.dll
        2013-07-30 11:25:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
        2013-07-30 10:11:45 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
        2013-07-30 10:11:41 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AACE542-017A-49F6-9738-B5FB6EF508CC}\mpengine.dll
        2013-07-30 10:08:38 58808 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
        2013-07-28 21:43:31 -------- d-----w- C:\Windows\System32\MRT
        2013-07-28 14:55:12 -------- d-----w- C:\Users\grapjes\AppData\Local\VS Revo Group
        2013-07-28 10:01:40 -------- d-----w- C:\Users\grapjes\AppData\Roaming\temp
        2013-07-28 09:37:28 -------- d-sh--w- C:\aws
        2013-07-28 09:37:18 -------- d-----w- C:\Asus WebStorage
        2013-07-28 08:33:12 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
        2013-07-28 08:08:57 -------- d-----w- C:\Users\grapjes\AppData\Roaming\Panda Security
        2013-07-28 08:07:38 -------- d-----w- C:\ProgramData\Panda Security
        2013-07-28 00:48:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
        2013-07-28 00:19:19 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
        2013-07-28 00:19:18 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
        2013-07-28 00:19:18 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
        2013-07-28 00:19:17 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
        2013-07-28 00:19:16 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
        2013-07-28 00:00:41 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
        2013-07-24 06:41:50 624128 ----a-w- C:\Windows\System32\qedit.dll
        2013-07-24 06:41:50 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
        2013-07-24 06:23:01 3153920 ----a-w- C:\Windows\System32\win32k.sys
        2013-07-24 06:22:40 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
        2013-07-24 06:22:40 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
        2013-07-24 06:22:39 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
        2013-07-24 06:22:35 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
        2013-07-24 06:22:35 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
        2013-07-23 18:20:42 -------- d-----w- C:\Windows\pss
        2013-07-20 18:51:23 -------- d-----w- C:\Users\grapjes\temp
        2013-07-20 18:51:22 -------- d-----w- C:\Users\grapjes\AppData\Roaming\TeamViewer
        2013-07-20 05:44:34 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
        2013-07-19 08:13:17 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
        2013-07-19 08:13:16 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
        2013-07-17 17:43:56 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
        2013-07-14 10:19:49 1643520 ----a-w- C:\Windows\System32\DWrite.dll
        2013-07-02 17:27:23 -------- d-----w- C:\Users\grapjes\SyncFolder
        2013-07-02 16:42:43 -------- d-----w- C:\Program Files (x86)\MyPC Backup
        .
        ==================== Find3M ====================
        .
        2013-07-30 12:54:52 380 ----a-w- C:\Users\grapjes\AppData\Roaming\sp_data.sys
        2013-07-28 00:48:18 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
        2013-07-28 00:48:18 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
        2013-07-28 00:06:59 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
        2013-06-14 18:44:34 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
        2013-06-14 18:44:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
        2013-05-29 15:16:45 137448 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
        2013-05-29 03:55:24 246504 ----a-w- C:\Windows\System32\drivers\NNSStrm.sys
        2013-05-29 03:55:24 106216 ----a-w- C:\Windows\System32\drivers\NNStlsc.sys
        2013-05-29 03:55:23 118504 ----a-w- C:\Windows\System32\drivers\NNSPrv.sys
        2013-05-29 03:55:23 114920 ----a-w- C:\Windows\System32\drivers\NNSSmtp.sys
        2013-05-29 03:55:22 69864 ----a-w- C:\Windows\System32\drivers\NNSPihsw.sys
        2013-05-29 03:55:22 305896 ----a-w- C:\Windows\System32\drivers\NNSProt.sys
        2013-05-29 03:55:22 119016 ----a-w- C:\Windows\System32\drivers\NNSPop3.sys
        2013-05-29 03:55:21 95464 ----a-w- C:\Windows\System32\drivers\NNSpicc.sys
        2013-05-29 03:55:21 114920 ----a-w- C:\Windows\System32\drivers\NNSIds.sys
        2013-05-29 03:55:21 109288 ----a-w- C:\Windows\System32\drivers\NNSHttps.sys
        2013-05-29 03:55:20 91368 ----a-w- C:\Windows\System32\drivers\NNSAlpc.sys
        2013-05-29 03:55:20 122088 ----a-w- C:\Windows\System32\drivers\NNSHttp.sys
        2013-05-28 09:25:41 105704 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
        2013-05-28 09:25:40 205544 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
        2013-05-28 09:25:40 124648 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
        2013-05-28 09:25:05 122088 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
        2013-05-28 09:25:04 168680 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
        2013-05-17 03:02:53 1346560 ----a-w- C:\Windows\System32\urlmon(217).dll
        2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript(203).dll
        2013-05-16 22:49:25 9738752 ----a-w- C:\Windows\SysWow64\ieframe(204).dll
        2013-05-16 22:28:40 1104384 ----a-w- C:\Windows\SysWow64\urlmon(222).dll
        2013-05-16 22:17:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil(205).dll
        2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
        2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
        2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
        2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
        2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
        2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
        2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
        2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
        2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
        2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
        2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
        2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
        2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
        2013-05-07 12:29:42 36584 ----a-w- C:\Windows\System32\drivers\NNSNAHSL.sys
        2013-05-06 00:48:20 17408 ----a-w- C:\Windows\Launcher.exe
        2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
        .
        ============= FINISH: 17:23:45,03 ===============

        Comment


        • #5
          Lees mijn instructies aandachtig door aub.
          Ik had om een VOLLEDIGE scan van MBAM gevraagd, doe dit alsnog.
          Alsook:
          Indien MBAM vraagt om een herstart, doe dit dan ook.
          Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
          In dat geval post je dus de twee logs.
          Dus MBAM log(s) en verse DDS log (in die volgorde aub)
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment


          • #6
            Daar ben ik weer sorry hopelijk heb ik het dit keer juist gedaan goed nieuws de pc start wel normaal op nu
            krijg wel een fout melding

            Er is een probleem opgetreden tijdens het starten van C:/Program Files (x86)\Browser Updater\TBUpdater.dll Kan opgegeven module niet vinden

            Malwarebytes Anti-Malware 1.75.0.1300
            www.malwarebytes.org

            Databaseversie: v2013.07.30.08

            Windows 7 Service Pack 1 x64 NTFS
            Internet Explorer 10.0.9200.16635
            grapjes :: GRAPJES-PC [administrator]

            30-7-2013 18:31:39
            mbam-log-2013-07-30 (18-31-39).txt

            Scan type: Snelle scan
            Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
            Uitgeschakelde scan opties: P2P
            Objecten gescand: 215718
            Verstreken tijd: 3 minuut/minuten, 5 seconde(n)

            Geheugenprocessen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Geheugenmodulen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registersleutels gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registerwaarden gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registerdata gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Mappen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Bestanden gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            (einde)


            Malwarebytes Anti-Malware 1.75.0.1300
            www.malwarebytes.org

            Databaseversie: v2013.07.30.08

            Windows 7 Service Pack 1 x64 NTFS
            Internet Explorer 10.0.9200.16635
            grapjes :: GRAPJES-PC [administrator]

            30-7-2013 18:41:08
            mbam-log-2013-07-30 (18-41-08).txt

            Scan type: Snelle scan
            Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
            Uitgeschakelde scan opties: P2P
            Objecten gescand: 215544
            Verstreken tijd: 4 minuut/minuten, 27 seconde(n)

            Geheugenprocessen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Geheugenmodulen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registersleutels gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registerwaarden gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registerdata gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Mappen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Bestanden gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            (einde)



            DDS (Ver_2012-11-20.01) - NTFS_AMD64
            Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
            Run by grapjes at 18:48:11 on 2013-07-30
            Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4000.2512 [GMT 2:00]
            .
            AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
            SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
            SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
            FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
            .
            ============== Running Processes ===============
            .
            C:\Windows\system32\lsm.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            C:\Windows\system32\svchost.exe -k RPCSS
            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
            C:\Windows\system32\svchost.exe -k LocalService
            C:\Windows\system32\svchost.exe -k netsvcs
            C:\Windows\system32\svchost.exe -k GPSvcGroup
            C:\Windows\system32\svchost.exe -k NetworkService
            C:\Windows\system32\FBAgent.exe
            C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
            C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
            C:\Windows\system32\taskeng.exe
            C:\Windows\System32\spoolsv.exe
            C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
            C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
            C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
            C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
            C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
            C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
            D:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe
            D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe
            C:\Windows\system32\svchost.exe -k imgsvc
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
            C:\Windows\system32\wbem\wmiprvse.exe
            C:\Windows\system32\taskhost.exe
            C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
            C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
            C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
            C:\Windows\system32\Dwm.exe
            C:\Windows\Explorer.EXE
            C:\Windows\system32\wbem\wmiprvse.exe
            C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
            C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
            C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
            C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
            C:\Windows\SysWOW64\ACEngSvr.exe
            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
            C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
            C:\Windows\WindowsMobile\wmdc.exe
            C:\Windows\System32\igfxtray.exe
            C:\Windows\System32\hkcmd.exe
            C:\Windows\System32\igfxpers.exe
            C:\Windows\AsScrPro.exe
            C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
            C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
            C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
            C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
            C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
            C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
            C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
            C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
            D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
            C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
            C:\Windows\system32\SearchIndexer.exe
            C:\Windows\system32\svchost.exe -k WindowsMobile
            C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
            C:\Windows\servicing\TrustedInstaller.exe
            C:\Windows\System32\WUDFHost.exe
            C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
            C:\Program Files\Windows Media Player\wmpnetwk.exe
            C:\Windows\System32\svchost.exe -k LocalServicePeerNet
            C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSService.exe
            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
            C:\Windows\System32\svchost.exe -k secsvcs
            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
            C:\Windows\system32\wuauclt.exe
            C:\Windows\system32\svchost.exe -k SDRSVC
            C:\Windows\system32\notepad.exe
            C:\Windows\system32\notepad.exe
            C:\Windows\system32\SearchProtocolHost.exe
            C:\Windows\system32\SearchFilterHost.exe
            C:\Windows\System32\cscript.exe
            .
            ============== Pseudo HJT Report ===============
            .
            uSearch Bar = hxxp://www.bing.com/search?q={searchTerms}
            uSearch Page = hxxp://www.bing.com/search?q={searchTerms}
            uDefault_Page_URL = hxxp://asus.msn.com
            uDefault_Search_URL = hxxp://www.google.com
            mSearch Bar = hxxp://www.google.com
            mSearch Page = hxxp://www.google.com
            mDefault_Search_URL = hxxp://www.google.com
            uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
            mWinlogon: Userinit = userinit.exe,
            BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
            BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
            BHO: HomeTab: {e18b913b-dd1e-4df9-8985-622ccacee799} -
            TB: VideoDownloadConverter: {48586425-6BB7-4F51-8DC6-38C88E3EBB58} -
            TB: HomeTab: {e18b913b-dd1e-4df9-8985-622ccacee799} -
            TB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} -
            mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
            mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
            mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
            mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
            mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
            mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
            mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
            mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
            mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
            mRun: [PSUAMain] "D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
            StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
            uPolicies-Explorer: NoDriveAutoRun = dword:0
            mPolicies-Explorer: NoActiveDesktop = dword:1
            mPolicies-Explorer: NoActiveDesktopChanges = dword:1
            mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
            mPolicies-System: ConsentPromptBehaviorUser = dword:3
            mPolicies-System: EnableUIADesktopToggle = dword:0
            IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
            IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
            IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
            IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
            IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
            IE: {a39a8780-f414-42de-af33-5d1e0b0328c2} - {e18b913b-dd1e-4df9-8985-622ccacee799}
            DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/Select/asusTek_sys_ctrl3.cab
            DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
            DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
            DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
            DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
            TCP: NameServer = 212.54.40.25 212.54.35.25
            TCP: Interfaces\{A1082F0E-F703-4BE6-9AA9-1D8C11A6BDF4}\14256573531393544353235433 : DHCPNameServer = 192.168.2.254
            TCP: Interfaces\{F82CDCC4-24FA-463C-B71B-6FD7C7708995} : DHCPNameServer = 212.54.40.25 212.54.35.25
            Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
            Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
            SSODL: WebCheck - <orphaned>
            x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
            x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
            x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
            x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
            x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
            x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
            x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
            x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
            x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
            x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
            x64-Notify: igfxcui - igfxdev.dll
            x64-SSODL: WebCheck - <orphaned>
            .
            ================= FIREFOX ===================
            .
            FF - ProfilePath - C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\
            FF - prefs.js: browser.search.selectedEngine - Google
            FF - prefs.js: browser.startup.homepage - about:home
            FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rls=org.mozilla:en-USfficial&client=firefox-a&q=
            FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
            FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
            FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
            FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
            FF - plugin: C:\Users\grapjes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
            FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
            FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
            FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
            FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
            FF - ExtSQL: 2013-07-01 17:42; [email protected]; C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\extensions\[email protected]
            .
            ============= SERVICES / DRIVERS ===============
            .
            R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
            R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2013-5-29 91368]
            R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2013-5-29 122088]
            R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-5-29 109288]
            R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2013-5-29 114920]
            R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2013-5-7 36584]
            R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2013-5-29 95464]
            R1 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2013-5-29 69864]
            R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2013-5-29 119016]
            R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2013-5-29 305896]
            R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2013-5-29 118504]
            R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2013-5-29 114920]
            R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2013-5-29 246504]
            R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2013-5-29 106216]
            R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2013-5-28 205544]
            R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-5-15 379520]
            R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
            R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-17 277120]
            R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-30 418376]
            R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-30 701512]
            R2 NanoServiceMain;Panda Cloud Antivirus Service;D:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-5-28 140768]
            R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2013-5-28 168680]
            R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2013-5-28 122088]
            R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2013-5-28 124648]
            R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2013-5-29 137448]
            R2 PSUAService;Panda Product Service;D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-5-28 37344]
            R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-15 2656280]
            R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-23 130024]
            R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-23 395752]
            R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-5 317440]
            R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-5 76912]
            R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-30 25928]
            R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-5-15 1838656]
            R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2013-7-30 58808]
            S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
            S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
            S2 SkypeUpdate;Skype Updater;D:\software instal\Skype\Updater\Updater.exe [2013-6-21 162408]
            S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
            S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-2-12 57856]
            S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
            S3 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2013-5-28 105704]
            S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
            S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
            S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]
            S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-4 30208]
            S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-29 1255736]
            .
            =============== Created Last 30 ================
            .
            2013-07-30 11:25:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
            2013-07-30 10:11:45 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
            2013-07-30 10:11:41 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AACE542-017A-49F6-9738-B5FB6EF508CC}\mpengine.dll
            2013-07-30 10:08:38 58808 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
            2013-07-28 21:43:31 -------- d-----w- C:\Windows\System32\MRT
            2013-07-28 14:55:12 -------- d-----w- C:\Users\grapjes\AppData\Local\VS Revo Group
            2013-07-28 10:01:40 -------- d-----w- C:\Users\grapjes\AppData\Roaming\temp
            2013-07-28 09:37:28 -------- d-sh--w- C:\aws
            2013-07-28 09:37:18 -------- d-----w- C:\Asus WebStorage
            2013-07-28 08:33:12 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
            2013-07-28 08:08:57 -------- d-----w- C:\Users\grapjes\AppData\Roaming\Panda Security
            2013-07-28 08:07:38 -------- d-----w- C:\ProgramData\Panda Security
            2013-07-28 00:48:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
            2013-07-28 00:19:19 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
            2013-07-28 00:19:18 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
            2013-07-28 00:19:18 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
            2013-07-28 00:19:17 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
            2013-07-28 00:19:16 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
            2013-07-28 00:00:41 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
            2013-07-24 06:41:50 624128 ----a-w- C:\Windows\System32\qedit.dll
            2013-07-24 06:41:50 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
            2013-07-24 06:23:01 3153920 ----a-w- C:\Windows\System32\win32k.sys
            2013-07-24 06:22:40 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
            2013-07-24 06:22:40 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
            2013-07-24 06:22:39 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
            2013-07-24 06:22:35 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
            2013-07-24 06:22:35 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
            2013-07-23 18:20:42 -------- d-----w- C:\Windows\pss
            2013-07-20 18:51:23 -------- d-----w- C:\Users\grapjes\temp
            2013-07-20 18:51:22 -------- d-----w- C:\Users\grapjes\AppData\Roaming\TeamViewer
            2013-07-20 05:44:34 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
            2013-07-19 08:13:17 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
            2013-07-19 08:13:16 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
            2013-07-17 17:43:56 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
            2013-07-14 10:19:49 1643520 ----a-w- C:\Windows\System32\DWrite.dll
            2013-07-02 17:27:23 -------- d-----w- C:\Users\grapjes\SyncFolder
            2013-07-02 16:42:43 -------- d-----w- C:\Program Files (x86)\MyPC Backup
            .
            ==================== Find3M ====================
            .
            2013-07-30 16:38:48 380 ----a-w- C:\Users\grapjes\AppData\Roaming\sp_data.sys
            2013-07-28 00:48:18 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
            2013-07-28 00:48:18 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
            2013-07-28 00:06:59 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
            2013-06-14 18:44:34 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
            2013-06-14 18:44:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
            2013-05-29 15:16:45 137448 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
            2013-05-29 03:55:24 246504 ----a-w- C:\Windows\System32\drivers\NNSStrm.sys
            2013-05-29 03:55:24 106216 ----a-w- C:\Windows\System32\drivers\NNStlsc.sys
            2013-05-29 03:55:23 118504 ----a-w- C:\Windows\System32\drivers\NNSPrv.sys
            2013-05-29 03:55:23 114920 ----a-w- C:\Windows\System32\drivers\NNSSmtp.sys
            2013-05-29 03:55:22 69864 ----a-w- C:\Windows\System32\drivers\NNSPihsw.sys
            2013-05-29 03:55:22 305896 ----a-w- C:\Windows\System32\drivers\NNSProt.sys
            2013-05-29 03:55:22 119016 ----a-w- C:\Windows\System32\drivers\NNSPop3.sys
            2013-05-29 03:55:21 95464 ----a-w- C:\Windows\System32\drivers\NNSpicc.sys
            2013-05-29 03:55:21 114920 ----a-w- C:\Windows\System32\drivers\NNSIds.sys
            2013-05-29 03:55:21 109288 ----a-w- C:\Windows\System32\drivers\NNSHttps.sys
            2013-05-29 03:55:20 91368 ----a-w- C:\Windows\System32\drivers\NNSAlpc.sys
            2013-05-29 03:55:20 122088 ----a-w- C:\Windows\System32\drivers\NNSHttp.sys
            2013-05-28 09:25:41 105704 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
            2013-05-28 09:25:40 205544 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
            2013-05-28 09:25:40 124648 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
            2013-05-28 09:25:05 122088 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
            2013-05-28 09:25:04 168680 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
            2013-05-17 03:02:53 1346560 ----a-w- C:\Windows\System32\urlmon(217).dll
            2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript(203).dll
            2013-05-16 22:49:25 9738752 ----a-w- C:\Windows\SysWow64\ieframe(204).dll
            2013-05-16 22:28:40 1104384 ----a-w- C:\Windows\SysWow64\urlmon(222).dll
            2013-05-16 22:17:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil(205).dll
            2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
            2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
            2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
            2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
            2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
            2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
            2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
            2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
            2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
            2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
            2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
            2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
            2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
            2013-05-07 12:29:42 36584 ----a-w- C:\Windows\System32\drivers\NNSNAHSL.sys
            2013-05-06 00:48:20 17408 ----a-w- C:\Windows\Launcher.exe
            2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
            .
            ============= FINISH: 18:49:20,07 ===============

            Comment


            • #7
              Je hebt me tweemaal een snelle scan gegeven, kan ik aub een VOLLEDIGE scan hebben van MBAM?
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                Wilt u ook weer checkup.txt DDS logs na de volledige scan van MBAM?
                MBA 2x log posten als het programma vraagt om een herstart anders 1x MBA log is dat correct
                Last edited by Emphyrio; 30-07-13, 20:40.

                Comment


                • #9
                  Oorspronkelijk geplaatst door P.grap Bekijk Berichten
                  Wilt u ook weer checkup.txt DDS logs na de volledige scan van MBAM?
                  MBA 2x log posten als het programma vraagt om een herstart anders 1x MBA log is dat correct
                  Volg mijn intructies, ik dacht dat daar alles wel duidelijk uitgelegd werdt.
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    MBAM vroeg niet voor een herstart

                    Malwarebytes Anti-Malware 1.75.0.1300
                    www.malwarebytes.org

                    Databaseversie: v2013.07.30.09

                    Windows 7 Service Pack 1 x64 NTFS
                    Internet Explorer 10.0.9200.16635
                    grapjes :: GRAPJES-PC [administrator]

                    30-7-2013 21:01:47
                    mbam-log-2013-07-30 (21-01-47).txt

                    Scan type: Volledige scan (C:\|D:\|)
                    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
                    Uitgeschakelde scan opties: P2P
                    Objecten gescand: 360912
                    Verstreken tijd: 49 minuut/minuten, 36 seconde(n)

                    Geheugenprocessen gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    Geheugenmodulen gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    Registersleutels gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    Registerwaarden gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    Registerdata gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    Mappen gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    Bestanden gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    (einde)


                    Results of screen317's Security Check version 0.99.71
                    Windows 7 Service Pack 1 x64 (UAC is enabled)
                    Internet Explorer 10
                    ``````````````Antivirus/Firewall Check:``````````````
                    Panda Cloud Antivirus
                    WMI entry may not exist for antivirus; attempting automatic update.
                    `````````Anti-malware/Other Utilities Check:`````````
                    Java 7 Update 25
                    Adobe Flash Player 11.7.700.224
                    Adobe Reader 10.1.7 Adobe Reader out of Date!
                    Mozilla Firefox (22.0)
                    ````````Process Check: objlist.exe by Laurent````````
                    Malwarebytes Anti-Malware mbamservice.exe
                    Malwarebytes Anti-Malware mbamgui.exe
                    Panda Security Panda Cloud Antivirus PSANHost.exe
                    Panda Security Panda Cloud Antivirus PSUAService.exe
                    Panda Security Panda Cloud Antivirus PSUAMain.exe
                    Malwarebytes' Anti-Malware mbamscheduler.exe
                    `````````````````System Health check`````````````````
                    Total Fragmentation on Drive C: 1%
                    ````````````````````End of Log``````````````````````


                    DDS (Ver_2012-11-20.01) - NTFS_AMD64
                    Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
                    Run by grapjes at 22:08:28 on 2013-07-30
                    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4000.2109 [GMT 2:00]
                    .
                    AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
                    SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
                    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                    FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
                    .
                    ============== Running Processes ===============
                    .
                    C:\Windows\system32\lsm.exe
                    C:\Windows\system32\svchost.exe -k DcomLaunch
                    C:\Windows\system32\svchost.exe -k RPCSS
                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                    C:\Windows\system32\svchost.exe -k LocalService
                    C:\Windows\system32\svchost.exe -k netsvcs
                    C:\Windows\system32\svchost.exe -k GPSvcGroup
                    C:\Windows\system32\svchost.exe -k NetworkService
                    C:\Windows\system32\FBAgent.exe
                    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
                    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
                    C:\Windows\System32\spoolsv.exe
                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
                    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
                    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
                    D:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe
                    D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe
                    C:\Windows\system32\svchost.exe -k imgsvc
                    C:\Windows\system32\taskhost.exe
                    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
                    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
                    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
                    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
                    C:\Windows\system32\Dwm.exe
                    C:\Windows\SysWOW64\ACEngSvr.exe
                    C:\Windows\Explorer.EXE
                    C:\Windows\AsScrPro.exe
                    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
                    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                    C:\Windows\system32\wbem\wmiprvse.exe
                    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
                    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
                    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
                    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
                    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
                    C:\Windows\WindowsMobile\wmdc.exe
                    C:\Windows\System32\igfxtray.exe
                    C:\Windows\System32\hkcmd.exe
                    C:\Windows\System32\igfxpers.exe
                    C:\Windows\system32\svchost.exe -k WindowsMobile
                    C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
                    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
                    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
                    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
                    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
                    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                    D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
                    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
                    C:\Windows\system32\SearchIndexer.exe
                    C:\Program Files\Windows Media Player\wmpnetwk.exe
                    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                    C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSService.exe
                    D:\software instal\Mozilla Firefox\firefox.exe
                    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                    C:\Windows\System32\svchost.exe -k secsvcs
                    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                    C:\Windows\system32\wuauclt.exe
                    C:\Windows\system32\svchost.exe -k SDRSVC
                    C:\Windows\system32\taskhost.exe
                    C:\Windows\System32\WUDFHost.exe
                    C:\Windows\system32\igfxsrvc.exe
                    C:\Windows\system32\wbem\wmiprvse.exe
                    C:\Windows\System32\cscript.exe
                    .
                    ============== Pseudo HJT Report ===============
                    .
                    uSearch Bar = hxxp://www.bing.com/search?q={searchTerms}
                    uSearch Page = hxxp://www.bing.com/search?q={searchTerms}
                    uDefault_Page_URL = hxxp://asus.msn.com
                    uDefault_Search_URL = hxxp://www.google.com
                    mSearch Bar = hxxp://www.google.com
                    mSearch Page = hxxp://www.google.com
                    mDefault_Search_URL = hxxp://www.google.com
                    uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
                    mWinlogon: Userinit = userinit.exe,
                    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                    BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                    BHO: HomeTab: {e18b913b-dd1e-4df9-8985-622ccacee799} -
                    TB: VideoDownloadConverter: {48586425-6BB7-4F51-8DC6-38C88E3EBB58} -
                    TB: HomeTab: {e18b913b-dd1e-4df9-8985-622ccacee799} -
                    TB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} -
                    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                    mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
                    mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
                    mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
                    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
                    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
                    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
                    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                    mRun: [PSUAMain] "D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
                    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
                    uPolicies-Explorer: NoDriveAutoRun = dword:0
                    mPolicies-Explorer: NoActiveDesktop = dword:1
                    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
                    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                    mPolicies-System: ConsentPromptBehaviorUser = dword:3
                    mPolicies-System: EnableUIADesktopToggle = dword:0
                    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
                    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
                    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
                    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                    IE: {a39a8780-f414-42de-af33-5d1e0b0328c2} - {e18b913b-dd1e-4df9-8985-622ccacee799}
                    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/Select/asusTek_sys_ctrl3.cab
                    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
                    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
                    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
                    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                    TCP: NameServer = 212.54.40.25 212.54.35.25
                    TCP: Interfaces\{A1082F0E-F703-4BE6-9AA9-1D8C11A6BDF4}\14256573531393544353235433 : DHCPNameServer = 192.168.2.254
                    TCP: Interfaces\{F82CDCC4-24FA-463C-B71B-6FD7C7708995} : DHCPNameServer = 212.54.40.25 212.54.35.25
                    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                    SSODL: WebCheck - <orphaned>
                    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
                    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
                    x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
                    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
                    x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
                    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
                    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
                    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
                    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                    x64-Notify: igfxcui - igfxdev.dll
                    x64-SSODL: WebCheck - <orphaned>
                    .
                    ================= FIREFOX ===================
                    .
                    FF - ProfilePath - C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\
                    FF - prefs.js: browser.search.selectedEngine - Google
                    FF - prefs.js: browser.startup.homepage - about:home
                    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rls=org.mozilla:en-USfficial&client=firefox-a&q=
                    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
                    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
                    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
                    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
                    FF - plugin: C:\Users\grapjes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
                    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
                    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
                    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
                    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
                    FF - ExtSQL: 2013-07-01 17:42; [email protected]; C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\extensions\[email protected]
                    .
                    ============= SERVICES / DRIVERS ===============
                    .
                    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
                    R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2013-5-29 91368]
                    R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2013-5-29 122088]
                    R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-5-29 109288]
                    R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2013-5-29 114920]
                    R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2013-5-7 36584]
                    R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2013-5-29 95464]
                    R1 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2013-5-29 69864]
                    R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2013-5-29 119016]
                    R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2013-5-29 305896]
                    R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2013-5-29 118504]
                    R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2013-5-29 114920]
                    R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2013-5-29 246504]
                    R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2013-5-29 106216]
                    R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2013-5-28 205544]
                    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-5-15 379520]
                    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
                    R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-17 277120]
                    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-30 418376]
                    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-30 701512]
                    R2 NanoServiceMain;Panda Cloud Antivirus Service;D:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-5-28 140768]
                    R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2013-5-28 168680]
                    R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2013-5-28 122088]
                    R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2013-5-28 124648]
                    R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2013-5-29 137448]
                    R2 PSUAService;Panda Product Service;D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-5-28 37344]
                    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-15 2656280]
                    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-23 130024]
                    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-23 395752]
                    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-5 317440]
                    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-5 76912]
                    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-30 25928]
                    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-5-15 1838656]
                    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
                    S2 SkypeUpdate;Skype Updater;D:\software instal\Skype\Updater\Updater.exe [2013-6-21 162408]
                    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
                    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-2-12 57856]
                    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
                    S3 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2013-5-28 105704]
                    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
                    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
                    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]
                    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-4 30208]
                    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-29 1255736]
                    .
                    =============== Created Last 30 ================
                    .
                    2013-07-30 18:55:48 58808 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
                    2013-07-30 11:25:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
                    2013-07-30 10:11:45 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
                    2013-07-30 10:11:41 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AACE542-017A-49F6-9738-B5FB6EF508CC}\mpengine.dll
                    2013-07-28 21:43:31 -------- d-----w- C:\Windows\System32\MRT
                    2013-07-28 14:55:12 -------- d-----w- C:\Users\grapjes\AppData\Local\VS Revo Group
                    2013-07-28 10:01:40 -------- d-----w- C:\Users\grapjes\AppData\Roaming\temp
                    2013-07-28 09:37:28 -------- d-sh--w- C:\aws
                    2013-07-28 09:37:18 -------- d-----w- C:\Asus WebStorage
                    2013-07-28 08:33:12 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
                    2013-07-28 08:08:57 -------- d-----w- C:\Users\grapjes\AppData\Roaming\Panda Security
                    2013-07-28 08:07:38 -------- d-----w- C:\ProgramData\Panda Security
                    2013-07-28 00:48:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                    2013-07-28 00:19:19 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
                    2013-07-28 00:19:18 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
                    2013-07-28 00:19:18 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
                    2013-07-28 00:19:17 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
                    2013-07-28 00:19:16 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
                    2013-07-28 00:00:41 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
                    2013-07-24 06:41:50 624128 ----a-w- C:\Windows\System32\qedit.dll
                    2013-07-24 06:41:50 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
                    2013-07-24 06:23:01 3153920 ----a-w- C:\Windows\System32\win32k.sys
                    2013-07-24 06:22:40 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
                    2013-07-24 06:22:40 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
                    2013-07-24 06:22:39 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
                    2013-07-24 06:22:35 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
                    2013-07-24 06:22:35 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
                    2013-07-23 18:20:42 -------- d-----w- C:\Windows\pss
                    2013-07-20 18:51:23 -------- d-----w- C:\Users\grapjes\temp
                    2013-07-20 18:51:22 -------- d-----w- C:\Users\grapjes\AppData\Roaming\TeamViewer
                    2013-07-20 05:44:34 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
                    2013-07-19 08:13:17 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
                    2013-07-19 08:13:16 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
                    2013-07-17 17:43:56 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
                    2013-07-14 10:19:49 1643520 ----a-w- C:\Windows\System32\DWrite.dll
                    2013-07-02 17:27:23 -------- d-----w- C:\Users\grapjes\SyncFolder
                    2013-07-02 16:42:43 -------- d-----w- C:\Program Files (x86)\MyPC Backup
                    .
                    ==================== Find3M ====================
                    .
                    2013-07-30 18:55:51 380 ----a-w- C:\Users\grapjes\AppData\Roaming\sp_data.sys
                    2013-07-28 00:48:18 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
                    2013-07-28 00:48:18 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
                    2013-07-28 00:06:59 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
                    2013-06-14 18:44:34 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                    2013-06-14 18:44:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                    2013-05-29 15:16:45 137448 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
                    2013-05-29 03:55:24 246504 ----a-w- C:\Windows\System32\drivers\NNSStrm.sys
                    2013-05-29 03:55:24 106216 ----a-w- C:\Windows\System32\drivers\NNStlsc.sys
                    2013-05-29 03:55:23 118504 ----a-w- C:\Windows\System32\drivers\NNSPrv.sys
                    2013-05-29 03:55:23 114920 ----a-w- C:\Windows\System32\drivers\NNSSmtp.sys
                    2013-05-29 03:55:22 69864 ----a-w- C:\Windows\System32\drivers\NNSPihsw.sys
                    2013-05-29 03:55:22 305896 ----a-w- C:\Windows\System32\drivers\NNSProt.sys
                    2013-05-29 03:55:22 119016 ----a-w- C:\Windows\System32\drivers\NNSPop3.sys
                    2013-05-29 03:55:21 95464 ----a-w- C:\Windows\System32\drivers\NNSpicc.sys
                    2013-05-29 03:55:21 114920 ----a-w- C:\Windows\System32\drivers\NNSIds.sys
                    2013-05-29 03:55:21 109288 ----a-w- C:\Windows\System32\drivers\NNSHttps.sys
                    2013-05-29 03:55:20 91368 ----a-w- C:\Windows\System32\drivers\NNSAlpc.sys
                    2013-05-29 03:55:20 122088 ----a-w- C:\Windows\System32\drivers\NNSHttp.sys
                    2013-05-28 09:25:41 105704 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
                    2013-05-28 09:25:40 205544 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
                    2013-05-28 09:25:40 124648 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
                    2013-05-28 09:25:05 122088 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
                    2013-05-28 09:25:04 168680 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
                    2013-05-17 03:02:53 1346560 ----a-w- C:\Windows\System32\urlmon(217).dll
                    2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript(203).dll
                    2013-05-16 22:49:25 9738752 ----a-w- C:\Windows\SysWow64\ieframe(204).dll
                    2013-05-16 22:28:40 1104384 ----a-w- C:\Windows\SysWow64\urlmon(222).dll
                    2013-05-16 22:17:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil(205).dll
                    2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
                    2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
                    2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
                    2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
                    2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
                    2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
                    2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
                    2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
                    2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
                    2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
                    2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
                    2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
                    2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
                    2013-05-07 12:29:42 36584 ----a-w- C:\Windows\System32\drivers\NNSNAHSL.sys
                    2013-05-06 00:48:20 17408 ----a-w- C:\Windows\Launcher.exe
                    2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
                    .
                    ============= FINISH: 22:08:45,99 ===============

                    Comment


                    • #11
                      Download TFC en sla deze op je Bureaublad op.
                      • Dubbelklik op TFC.exe om het programma te openen.
                      • Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
                      • Klik op de knop Start om het programma te starten.
                      • Als het programma klaar is, dan zal het je computer opnieuw opstarten.
                        Als dit niet gebeurt, start dan je computer handmatig opnieuw op.


                      _____________________________________________________________

                      Download Combofix en plaats het op je bureaublad.

                      Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                      Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.


                      Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.


                      Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                      Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                      Als Combofix vraagt om een update, dan staat je dit toe.

                      Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                      Deze kan je vinden als C:\combofix.txt.

                      Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                      * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                      • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                      • Illegal operation attempted on a registry key that has been marked for deletion.
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment


                      • #12
                        ComboFix 13-07-30.03 - grapjes 30-07-2013 22:56:16.1.2 - x64
                        Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4000.2254 [GMT 2:00]
                        Gestart vanuit: c:\users\grapjes\Desktop\werk\ComboFix.exe
                        AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
                        FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
                        SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
                        SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                        .
                        .
                        (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                        .
                        .
                        c:\programdata\FullRemove.exe
                        c:\programdata\Wincert\WIN32C~1.DLL
                        c:\windows\msvcr71.dll
                        .
                        .
                        (((((((((((((((((((( Bestanden Gemaakt van 2013-06-28 to 2013-07-30 ))))))))))))))))))))))))))))))
                        .
                        .
                        2013-07-30 21:02 . 2013-07-30 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
                        2013-07-30 20:37 . 2013-04-29 07:17 58808 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
                        2013-07-30 11:25 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
                        2013-07-30 10:11 . 2013-07-15 01:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AACE542-017A-49F6-9738-B5FB6EF508CC}\mpengine.dll
                        2013-07-28 21:43 . 2013-07-28 21:45 -------- d-----w- c:\windows\system32\MRT
                        2013-07-28 14:55 . 2013-07-28 14:55 -------- d-----w- c:\users\grapjes\AppData\Local\VS Revo Group
                        2013-07-28 09:37 . 2013-07-28 09:37 -------- d-----w- C:\aws
                        2013-07-28 09:37 . 2013-07-28 09:37 -------- d-----w- C:\Asus WebStorage
                        2013-07-28 08:33 . 2013-07-28 20:56 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
                        2013-07-28 08:18 . 2013-07-28 20:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
                        2013-07-28 08:08 . 2013-07-28 20:56 -------- d-----w- c:\users\grapjes\AppData\Roaming\Panda Security
                        2013-07-28 08:07 . 2013-07-28 20:52 -------- d-----w- c:\programdata\Panda Security
                        2013-07-28 00:48 . 2013-07-28 00:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
                        2013-07-28 00:48 . 2013-07-28 20:52 -------- d-----w- c:\program files (x86)\Java
                        2013-07-28 00:19 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
                        2013-07-28 00:19 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
                        2013-07-28 00:19 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
                        2013-07-28 00:19 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
                        2013-07-28 00:19 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
                        2013-07-28 00:00 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
                        2013-07-24 06:41 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
                        2013-07-24 06:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
                        2013-07-24 06:23 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
                        2013-07-24 06:22 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
                        2013-07-24 06:22 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
                        2013-07-24 06:22 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
                        2013-07-24 06:22 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
                        2013-07-24 06:22 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
                        2013-07-20 18:51 . 2013-07-20 18:51 -------- d-----w- c:\users\grapjes\temp
                        2013-07-20 18:51 . 2013-07-20 18:51 -------- d-----w- c:\users\grapjes\AppData\Roaming\TeamViewer
                        2013-07-20 05:44 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
                        2013-07-19 08:13 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
                        2013-07-19 08:13 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
                        2013-07-17 17:43 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
                        2013-07-14 10:19 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
                        2013-07-02 17:27 . 2013-07-02 17:27 -------- d-----w- c:\users\grapjes\SyncFolder
                        2013-07-02 16:42 . 2013-07-23 19:41 -------- d-----w- c:\program files (x86)\MyPC Backup
                        .
                        .
                        .
                        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                        .
                        2013-07-30 20:37 . 2012-10-27 19:09 380 ----a-w- c:\users\grapjes\AppData\Roaming\sp_data.sys
                        2013-07-28 00:48 . 2012-11-12 07:39 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
                        2013-07-28 00:48 . 2012-11-05 20:34 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
                        2013-06-23 22:57 . 2012-11-04 13:45 78277128 ----a-w- c:\windows\system32\MRT.exe
                        2013-06-14 18:44 . 2012-10-28 16:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                        2013-06-14 18:44 . 2012-10-28 16:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                        2013-05-29 15:16 . 2013-05-29 15:16 137448 ----a-w- c:\windows\system32\drivers\PSINProt.sys
                        2013-05-29 03:55 . 2013-05-29 03:55 246504 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
                        2013-05-29 03:55 . 2013-05-29 03:55 106216 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
                        2013-05-29 03:55 . 2013-05-29 03:55 118504 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
                        2013-05-29 03:55 . 2013-05-29 03:55 114920 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
                        2013-05-29 03:55 . 2013-05-29 03:55 69864 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
                        2013-05-29 03:55 . 2013-05-29 03:55 305896 ----a-w- c:\windows\system32\drivers\NNSProt.sys
                        2013-05-29 03:55 . 2013-05-29 03:55 119016 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
                        2013-05-29 03:55 . 2013-05-29 03:55 95464 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
                        2013-05-29 03:55 . 2013-05-29 03:55 114920 ----a-w- c:\windows\system32\drivers\NNSIds.sys
                        2013-05-29 03:55 . 2013-05-29 03:55 109288 ----a-w- c:\windows\system32\drivers\NNSHttps.sys
                        2013-05-29 03:55 . 2013-05-29 03:55 91368 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
                        2013-05-29 03:55 . 2013-05-29 03:55 122088 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
                        2013-05-28 09:25 . 2013-05-28 09:25 105704 ----a-w- c:\windows\system32\drivers\PSINReg.sys
                        2013-05-28 09:25 . 2013-05-28 09:25 205544 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
                        2013-05-28 09:25 . 2013-05-28 09:25 124648 ----a-w- c:\windows\system32\drivers\PSINProc.sys
                        2013-05-28 09:25 . 2013-05-28 09:25 122088 ----a-w- c:\windows\system32\drivers\PSINFile.sys
                        2013-05-28 09:25 . 2013-05-28 09:25 168680 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
                        2013-05-17 03:02 . 2013-06-14 19:30 1346560 ----a-w- c:\windows\system32\urlmon(217).dll
                        2013-05-17 02:56 . 2013-06-14 19:30 599040 ----a-w- c:\windows\system32\vbscript(203).dll
                        2013-05-16 22:49 . 2013-06-14 19:30 9738752 ----a-w- c:\windows\SysWow64\ieframe(204).dll
                        2013-05-16 22:28 . 2013-06-14 19:30 1104384 ----a-w- c:\windows\SysWow64\urlmon(222).dll
                        2013-05-16 22:17 . 2013-06-14 19:30 1796096 ----a-w- c:\windows\SysWow64\iertutil(205).dll
                        2013-05-13 05:51 . 2013-06-14 17:30 184320 ----a-w- c:\windows\system32\cryptsvc.dll
                        2013-05-13 05:51 . 2013-06-14 17:30 1464320 ----a-w- c:\windows\system32\crypt32.dll
                        2013-05-13 05:51 . 2013-06-14 17:30 139776 ----a-w- c:\windows\system32\cryptnet.dll
                        2013-05-13 05:50 . 2013-06-14 17:30 52224 ----a-w- c:\windows\system32\certenc.dll
                        2013-05-13 04:45 . 2013-06-14 17:30 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
                        2013-05-13 04:45 . 2013-06-14 17:30 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
                        2013-05-13 04:45 . 2013-06-14 17:30 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
                        2013-05-13 03:43 . 2013-06-14 17:30 1192448 ----a-w- c:\windows\system32\certutil.exe
                        2013-05-13 03:08 . 2013-06-14 17:30 903168 ----a-w- c:\windows\SysWow64\certutil.exe
                        2013-05-13 03:08 . 2013-06-14 17:30 43008 ----a-w- c:\windows\SysWow64\certenc.dll
                        2013-05-10 06:37 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
                        2013-05-10 05:49 . 2013-06-14 17:30 30720 ----a-w- c:\windows\system32\cryptdlg.dll
                        2013-05-10 03:20 . 2013-06-14 17:30 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
                        2013-05-08 06:39 . 2013-06-14 17:30 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
                        2013-05-07 12:29 . 2013-05-07 12:29 36584 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys
                        2013-05-06 00:48 . 2013-04-20 19:34 17408 ----a-w- c:\windows\Launcher.exe
                        2013-05-02 00:06 . 2013-01-11 18:56 278800 ------w- c:\windows\system32\MpSigStub.exe
                        .
                        .
                        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                        .
                        .
                        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                        REGEDIT4
                        .
                        [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive1]
                        @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
                        [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
                        2013-02-12 17:49 220632 ----a-w- c:\users\grapjes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
                        .
                        [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive2]
                        @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
                        [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
                        2013-02-12 17:49 220632 ----a-w- c:\users\grapjes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
                        .
                        [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive3]
                        @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
                        [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
                        2013-02-12 17:49 220632 ----a-w- c:\users\grapjes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
                        .
                        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                        "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
                        "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
                        "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
                        "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
                        "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
                        "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
                        "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
                        "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
                        "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
                        "PSUAMain"="d:\software instal\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-05-28 32736]
                        .
                        c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                        FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe -d [2012-5-15 12862]
                        .
                        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                        "ConsentPromptBehaviorAdmin"= 5 (0x5)
                        "ConsentPromptBehaviorUser"= 3 (0x3)
                        "EnableUIADesktopToggle"= 0 (0x0)
                        .
                        [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                        "LoadAppInit_DLLs"=1 (0x1)
                        .
                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                        @=""
                        .
                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
                        @="Service"
                        .
                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
                        @="Service"
                        .
                        R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                        R2 SkypeUpdate;Skype Updater;d:\software instal\Skype\Updater\Updater.exe;d:\software instal\Skype\Updater\Updater.exe [x]
                        R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
                        R3 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
                        R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                        R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
                        R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                        R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
                        R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                        S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
                        S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
                        S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
                        S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
                        S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
                        S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
                        S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
                        S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
                        S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
                        S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
                        S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
                        S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
                        S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
                        S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
                        S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
                        S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
                        S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
                        S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
                        S2 NanoServiceMain;Panda Cloud Antivirus Service;d:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe;d:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
                        S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
                        S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
                        S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
                        S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
                        S2 PSUAService;Panda Product Service;d:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe;d:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
                        S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
                        S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
                        S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
                        S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
                        S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
                        S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
                        .
                        .
                        --- Andere Services/Drivers In Geheugen ---
                        .
                        *Deregistered* - PSKMAD
                        .
                        Inhoud van de 'Gedeelde Taken' map
                        .
                        2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
                        - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 18:44]
                        .
                        .
                        --------- X64 Entries -----------
                        .
                        .
                        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
                        @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
                        [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
                        2013-02-12 17:49 244696 ----a-w- c:\users\grapjes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
                        .
                        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
                        @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
                        [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
                        2013-02-12 17:49 244696 ----a-w- c:\users\grapjes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
                        .
                        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
                        @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
                        [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
                        2013-02-12 17:49 244696 ----a-w- c:\users\grapjes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
                        .
                        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_B]
                        @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
                        [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
                        2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
                        .
                        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_O]
                        @="{64174815-8D98-4CE6-8646-4C039977D808}"
                        [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
                        2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
                        .
                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
                        "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
                        "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
                        "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
                        "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
                        "Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-03 416024]
                        .
                        ------- Bijkomende Scan -------
                        .
                        uLocal Page = c:\windows\system32\blank.htm
                        uDefault_Search_URL = hxxp://www.google.com
                        mDefault_Search_URL = hxxp://www.google.com
                        mLocal Page = c:\windows\SysWOW64\blank.htm
                        mSearch Page = hxxp://www.google.com
                        mSearch Bar = hxxp://www.google.com
                        uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
                        IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
                        IE: {{a39a8780-f414-42de-af33-5d1e0b0328c2} - {e18b913b-dd1e-4df9-8985-622ccacee799} - c:\users\grapjes\AppData\Roaming\HomeTab\HomeTab.dll
                        TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
                        DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
                        FF - ProfilePath - c:\users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\
                        FF - prefs.js: browser.search.selectedEngine - Google
                        FF - prefs.js: browser.startup.homepage - about:home
                        FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rls=org.mozilla:en-USfficial&client=firefox-a&q=
                        FF - ExtSQL: 2013-07-01 17:42; [email protected]; c:\users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\extensions\[email protected]
                        .
                        - - - - ORPHANS VERWIJDERD - - - -
                        .
                        BHO-{e18b913b-dd1e-4df9-8985-622ccacee799} - c:\users\grapjes\AppData\Roaming\HomeTab\HomeTab.dll
                        Toolbar-Locked - (no file)
                        Toolbar-{e18b913b-dd1e-4df9-8985-622ccacee799} - c:\users\grapjes\AppData\Roaming\HomeTab\HomeTab.dll
                        Toolbar-{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
                        HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
                        Toolbar-Locked - (no file)
                        HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
                        HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
                        AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
                        AddRemove-Browser Updater_is1 - c:\program files (x86)\Browser Updater\unins000.exe
                        AddRemove-ilividtoolbargaw - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
                        AddRemove-{b34245cb-00a1-4daf-96ef-26857fe21af8}_is1 - c:\program files (x86)\HomeTab\unins000.exe
                        .
                        .
                        .
                        --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                        .
                        [HKEY_USERS\S-1-5-21-2556847505-2109788807-309677588-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
                        @Denied: (2) (LocalSystem)
                        "Progid"="WindowsLiveMail.Email.1"
                        .
                        [HKEY_USERS\S-1-5-21-2556847505-2109788807-309677588-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
                        @Denied: (2) (LocalSystem)
                        "Progid"="WindowsLiveMail.VCard.1"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                        @Denied: (A 2) (Everyone)
                        @="FlashBroker"
                        "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe ,-101"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                        "Enabled"=dword:00000001
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                        @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                        @Denied: (A 2) (Everyone)
                        @="IFlashBroker5"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                        @="{00020424-0000-0000-C000-000000000046}"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                        "Version"="1.0"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                        @Denied: (A 2) (Everyone)
                        @="FlashBroker"
                        "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe ,-101"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                        "Enabled"=dword:00000001
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                        @Denied: (A 2) (Everyone)
                        @="Shockwave Flash Object"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
                        "ThreadingModel"="Apartment"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                        @="0"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                        @="ShockwaveFlash.ShockwaveFlash.11"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                        @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                        @="1.0"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                        @="ShockwaveFlash.ShockwaveFlash"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                        @Denied: (A 2) (Everyone)
                        @="Macromedia Flash Factory Object"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
                        "ThreadingModel"="Apartment"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                        @="FlashFactory.FlashFactory.1"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                        @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                        @="1.0"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                        @="FlashFactory.FlashFactory"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                        @Denied: (A 2) (Everyone)
                        @="IFlashBroker5"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                        @="{00020424-0000-0000-C000-000000000046}"
                        .
                        [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                        "Version"="1.0"
                        .
                        [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
                        "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                        00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
                        .
                        [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
                        @Denied: (Full) (Everyone)
                        .
                        Voltooingstijd: 2013-07-30 23:04:10
                        ComboFix-quarantined-files.txt 2013-07-30 21:04
                        .
                        Pre-Run: 72.733.356.032 bytes beschikbaar
                        Post-Run: 72.443.760.640 bytes beschikbaar
                        .
                        - - End Of File - - 6E7EFB986953A6B699859A9C5970084E
                        D41D8CD98F00B204E9800998ECF8427E


                        DDS (Ver_2012-11-20.01) - NTFS_AMD64
                        Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
                        Run by grapjes at 23:07:06 on 2013-07-30
                        Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4000.2155 [GMT 2:00]
                        .
                        AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
                        SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
                        SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                        FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
                        .
                        ============== Running Processes ===============
                        .
                        C:\Windows\system32\lsm.exe
                        C:\Windows\system32\svchost.exe -k DcomLaunch
                        C:\Windows\system32\svchost.exe -k RPCSS
                        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                        C:\Windows\system32\svchost.exe -k LocalService
                        C:\Windows\system32\svchost.exe -k netsvcs
                        C:\Windows\system32\svchost.exe -k GPSvcGroup
                        C:\Windows\system32\svchost.exe -k NetworkService
                        C:\Windows\system32\FBAgent.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
                        C:\Windows\System32\spoolsv.exe
                        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                        C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
                        D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe
                        C:\Windows\system32\svchost.exe -k imgsvc
                        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                        D:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe
                        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                        C:\Windows\system32\taskhost.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
                        C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
                        C:\Windows\system32\Dwm.exe
                        C:\Windows\Explorer.EXE
                        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                        C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
                        C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
                        C:\Windows\WindowsMobile\wmdc.exe
                        C:\Windows\System32\igfxtray.exe
                        C:\Windows\System32\hkcmd.exe
                        C:\Windows\System32\igfxpers.exe
                        C:\Windows\SysWOW64\ACEngSvr.exe
                        C:\Windows\system32\wbem\wmiprvse.exe
                        C:\Windows\AsScrPro.exe
                        C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
                        C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
                        C:\Windows\system32\svchost.exe -k WindowsMobile
                        C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                        C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                        C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
                        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                        C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
                        D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
                        C:\Windows\system32\SearchIndexer.exe
                        C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
                        C:\Windows\System32\WUDFHost.exe
                        C:\Program Files\Windows Media Player\wmpnetwk.exe
                        C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                        C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSService.exe
                        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                        C:\Windows\System32\svchost.exe -k secsvcs
                        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                        C:\Windows\system32\wuauclt.exe
                        C:\Windows\system32\svchost.exe -k SDRSVC
                        D:\software instal\Mozilla Firefox\firefox.exe
                        D:\software instal\Mozilla Firefox\plugin-container.exe
                        C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
                        C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
                        C:\Windows\system32\wbem\wmiprvse.exe
                        C:\Windows\system32\taskmgr.exe
                        C:\Windows\System32\cscript.exe
                        .
                        ============== Pseudo HJT Report ===============
                        .
                        uDefault_Search_URL = hxxp://www.google.com
                        mSearch Bar = hxxp://www.google.com
                        mSearch Page = hxxp://www.google.com
                        mDefault_Search_URL = hxxp://www.google.com
                        uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
                        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                        BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                        BHO: HomeTab: {e18b913b-dd1e-4df9-8985-622ccacee799} -
                        TB: HomeTab: {e18b913b-dd1e-4df9-8985-622ccacee799} -
                        TB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} -
                        mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                        mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
                        mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
                        mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
                        mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                        mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
                        mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
                        mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
                        mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                        mRun: [PSUAMain] "D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
                        StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
                        uPolicies-Explorer: NoDriveAutoRun = dword:0
                        uPolicies-Explorer: NoDrives = dword:0
                        mPolicies-Explorer: NoDrives = dword:0
                        mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                        mPolicies-System: ConsentPromptBehaviorUser = dword:3
                        mPolicies-System: EnableUIADesktopToggle = dword:0
                        IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
                        IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                        IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
                        IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
                        IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                        IE: {a39a8780-f414-42de-af33-5d1e0b0328c2} - {e18b913b-dd1e-4df9-8985-622ccacee799}
                        DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/Select/asusTek_sys_ctrl3.cab
                        DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
                        DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
                        DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
                        DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                        TCP: NameServer = 212.54.40.25 212.54.35.25
                        TCP: Interfaces\{A1082F0E-F703-4BE6-9AA9-1D8C11A6BDF4}\14256573531393544353235433 : DHCPNameServer = 192.168.2.254
                        TCP: Interfaces\{F82CDCC4-24FA-463C-B71B-6FD7C7708995} : DHCPNameServer = 212.54.40.25 212.54.35.25
                        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                        Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                        SSODL: WebCheck - <orphaned>
                        x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
                        x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
                        x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
                        x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
                        x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
                        x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
                        x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
                        x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
                        x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                        x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                        x64-Notify: igfxcui - igfxdev.dll
                        x64-SSODL: WebCheck - <orphaned>
                        .
                        ================= FIREFOX ===================
                        .
                        FF - ProfilePath - C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\
                        FF - prefs.js: browser.search.selectedEngine - Google
                        FF - prefs.js: browser.startup.homepage - about:home
                        FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rls=org.mozilla:en-USfficial&client=firefox-a&q=
                        FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
                        FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
                        FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
                        FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
                        FF - plugin: C:\Users\grapjes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
                        FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
                        FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
                        FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
                        FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
                        FF - ExtSQL: 2013-07-01 17:42; [email protected]; C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\extensions\[email protected]
                        .
                        ============= SERVICES / DRIVERS ===============
                        .
                        R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
                        R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2013-5-29 91368]
                        R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2013-5-29 122088]
                        R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-5-29 109288]
                        R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2013-5-29 114920]
                        R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2013-5-7 36584]
                        R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2013-5-29 95464]
                        R1 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2013-5-29 69864]
                        R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2013-5-29 119016]
                        R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2013-5-29 305896]
                        R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2013-5-29 118504]
                        R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2013-5-29 114920]
                        R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2013-5-29 246504]
                        R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2013-5-29 106216]
                        R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2013-5-28 205544]
                        R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-5-15 379520]
                        R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
                        R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-17 277120]
                        R2 NanoServiceMain;Panda Cloud Antivirus Service;D:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-5-28 140768]
                        R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2013-5-28 168680]
                        R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2013-5-28 122088]
                        R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2013-5-28 124648]
                        R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2013-5-29 137448]
                        R2 PSUAService;Panda Product Service;D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-5-28 37344]
                        R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-15 2656280]
                        R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-23 130024]
                        R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-23 395752]
                        R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-5 317440]
                        R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-5 76912]
                        R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-5-15 1838656]
                        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                        S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
                        S2 SkypeUpdate;Skype Updater;D:\software instal\Skype\Updater\Updater.exe [2013-6-21 162408]
                        S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
                        S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-2-12 57856]
                        S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
                        S3 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2013-5-28 105704]
                        S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
                        S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
                        S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]
                        S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-4 30208]
                        S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-29 1255736]
                        .
                        =============== Created Last 30 ================
                        .
                        2013-07-30 21:03:16 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AACE542-017A-49F6-9738-B5FB6EF508CC}\offreg.dll
                        2013-07-30 20:55:01 98816 ----a-w- C:\Windows\sed.exe
                        2013-07-30 20:55:01 256000 ----a-w- C:\Windows\PEV.exe
                        2013-07-30 20:55:01 208896 ----a-w- C:\Windows\MBR.exe
                        2013-07-30 20:37:03 58808 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
                        2013-07-30 11:25:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
                        2013-07-30 10:11:45 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
                        2013-07-30 10:11:41 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AACE542-017A-49F6-9738-B5FB6EF508CC}\mpengine.dll
                        2013-07-28 21:43:31 -------- d-----w- C:\Windows\System32\MRT
                        2013-07-28 14:55:12 -------- d-----w- C:\Users\grapjes\AppData\Local\VS Revo Group
                        2013-07-28 10:01:40 -------- d-----w- C:\Users\grapjes\AppData\Roaming\temp
                        2013-07-28 09:37:28 -------- d-----w- C:\aws
                        2013-07-28 09:37:18 -------- d-----w- C:\Asus WebStorage
                        2013-07-28 08:33:12 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
                        2013-07-28 08:08:57 -------- d-----w- C:\Users\grapjes\AppData\Roaming\Panda Security
                        2013-07-28 08:07:38 -------- d-----w- C:\ProgramData\Panda Security
                        2013-07-28 00:48:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                        2013-07-28 00:19:19 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
                        2013-07-28 00:19:18 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
                        2013-07-28 00:19:18 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
                        2013-07-28 00:19:17 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
                        2013-07-28 00:19:16 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
                        2013-07-28 00:00:41 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
                        2013-07-24 06:41:50 624128 ----a-w- C:\Windows\System32\qedit.dll
                        2013-07-24 06:41:50 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
                        2013-07-24 06:23:01 3153920 ----a-w- C:\Windows\System32\win32k.sys
                        2013-07-24 06:22:40 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
                        2013-07-24 06:22:40 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
                        2013-07-24 06:22:39 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
                        2013-07-24 06:22:35 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
                        2013-07-24 06:22:35 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
                        2013-07-23 18:20:42 -------- d-----w- C:\Windows\pss
                        2013-07-20 18:51:23 -------- d-----w- C:\Users\grapjes\temp
                        2013-07-20 18:51:22 -------- d-----w- C:\Users\grapjes\AppData\Roaming\TeamViewer
                        2013-07-20 05:44:34 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
                        2013-07-19 08:13:17 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
                        2013-07-19 08:13:16 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
                        2013-07-17 17:43:56 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
                        2013-07-14 10:19:49 1643520 ----a-w- C:\Windows\System32\DWrite.dll
                        2013-07-02 17:27:23 -------- d-----w- C:\Users\grapjes\SyncFolder
                        2013-07-02 16:42:43 -------- d-----w- C:\Program Files (x86)\MyPC Backup
                        .
                        ==================== Find3M ====================
                        .
                        2013-07-30 20:37:24 380 ----a-w- C:\Users\grapjes\AppData\Roaming\sp_data.sys
                        2013-07-28 00:48:18 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
                        2013-07-28 00:48:18 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
                        2013-07-28 00:06:59 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
                        2013-06-14 18:44:34 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                        2013-06-14 18:44:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                        2013-05-29 15:16:45 137448 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
                        2013-05-29 03:55:24 246504 ----a-w- C:\Windows\System32\drivers\NNSStrm.sys
                        2013-05-29 03:55:24 106216 ----a-w- C:\Windows\System32\drivers\NNStlsc.sys
                        2013-05-29 03:55:23 118504 ----a-w- C:\Windows\System32\drivers\NNSPrv.sys
                        2013-05-29 03:55:23 114920 ----a-w- C:\Windows\System32\drivers\NNSSmtp.sys
                        2013-05-29 03:55:22 69864 ----a-w- C:\Windows\System32\drivers\NNSPihsw.sys
                        2013-05-29 03:55:22 305896 ----a-w- C:\Windows\System32\drivers\NNSProt.sys
                        2013-05-29 03:55:22 119016 ----a-w- C:\Windows\System32\drivers\NNSPop3.sys
                        2013-05-29 03:55:21 95464 ----a-w- C:\Windows\System32\drivers\NNSpicc.sys
                        2013-05-29 03:55:21 114920 ----a-w- C:\Windows\System32\drivers\NNSIds.sys
                        2013-05-29 03:55:21 109288 ----a-w- C:\Windows\System32\drivers\NNSHttps.sys
                        2013-05-29 03:55:20 91368 ----a-w- C:\Windows\System32\drivers\NNSAlpc.sys
                        2013-05-29 03:55:20 122088 ----a-w- C:\Windows\System32\drivers\NNSHttp.sys
                        2013-05-28 09:25:41 105704 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
                        2013-05-28 09:25:40 205544 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
                        2013-05-28 09:25:40 124648 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
                        2013-05-28 09:25:05 122088 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
                        2013-05-28 09:25:04 168680 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
                        2013-05-17 03:02:53 1346560 ----a-w- C:\Windows\System32\urlmon(217).dll
                        2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript(203).dll
                        2013-05-16 22:49:25 9738752 ----a-w- C:\Windows\SysWow64\ieframe(204).dll
                        2013-05-16 22:28:40 1104384 ----a-w- C:\Windows\SysWow64\urlmon(222).dll
                        2013-05-16 22:17:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil(205).dll
                        2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
                        2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
                        2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
                        2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
                        2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
                        2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
                        2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
                        2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
                        2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
                        2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
                        2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
                        2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
                        2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
                        2013-05-07 12:29:42 36584 ----a-w- C:\Windows\System32\drivers\NNSNAHSL.sys
                        2013-05-06 00:48:20 17408 ----a-w- C:\Windows\Launcher.exe
                        2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
                        .
                        ============= FINISH: 23:07:23,05 ===============

                        Comment


                        • #13
                          Schakel je beveiligingssoftware uit.

                          Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

                          Open een kladblokbestand.
                          Kopieer het onderstaande en plak dit in het kladblokbestand.
                          Sla het kladblokbestand op als CFScript.txt
                          Code:
                          KillAll::
                          ClearJavaCache::
                          AtJob::
                          Firefox::
                          FF - ProfilePath - c:\users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\
                          FF - ExtSQL: 2013-07-01 17:42; [email protected]; c:\users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\extensions\[email protected]
                          Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe



                          ComboFix zal opnieuw starten.
                          Als Combofix vraagt om een update, dan staat je dit toe.

                          Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.
                          Maak een nieuwe DDS log en post deze ook.

                          * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                          • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                          • Illegal operation attempted on a registry key that has been marked for deletion.
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            ComboFix 13-07-30.03 - grapjes 30-07-2013 23:26:44.2.2 - x64
                            Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4000.2315 [GMT 2:00]
                            Gestart vanuit: c:\users\grapjes\Desktop\werk\ComboFix.exe
                            gebruikte Opdracht switches :: c:\users\grapjes\Desktop\nucia\Nieuwe map\CFScript.txt
                            AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
                            FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
                            SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
                            SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                            .
                            .
                            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            c:\users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\extensions\[email protected]
                            .
                            .
                            (((((((((((((((((((( Bestanden Gemaakt van 2013-06-28 to 2013-07-30 ))))))))))))))))))))))))))))))
                            .
                            .
                            2013-07-30 20:37 . 2013-04-29 07:17 58808 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
                            2013-07-30 11:25 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
                            2013-07-30 10:11 . 2013-07-15 01:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AACE542-017A-49F6-9738-B5FB6EF508CC}\mpengine.dll
                            2013-07-28 21:43 . 2013-07-28 21:45 -------- d-----w- c:\windows\system32\MRT
                            2013-07-28 14:55 . 2013-07-28 14:55 -------- d-----w- c:\users\grapjes\AppData\Local\VS Revo Group
                            2013-07-28 09:37 . 2013-07-28 09:37 -------- d-----w- C:\aws
                            2013-07-28 09:37 . 2013-07-28 09:37 -------- d-----w- C:\Asus WebStorage
                            2013-07-28 08:33 . 2013-07-28 20:56 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
                            2013-07-28 08:18 . 2013-07-28 20:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
                            2013-07-28 08:08 . 2013-07-28 20:56 -------- d-----w- c:\users\grapjes\AppData\Roaming\Panda Security
                            2013-07-28 08:07 . 2013-07-28 20:52 -------- d-----w- c:\programdata\Panda Security
                            2013-07-28 00:48 . 2013-07-28 00:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
                            2013-07-28 00:48 . 2013-07-28 20:52 -------- d-----w- c:\program files (x86)\Java
                            2013-07-28 00:19 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
                            2013-07-28 00:19 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
                            2013-07-28 00:19 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
                            2013-07-28 00:19 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
                            2013-07-28 00:19 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
                            2013-07-28 00:00 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
                            2013-07-24 06:41 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
                            2013-07-24 06:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
                            2013-07-24 06:23 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
                            2013-07-24 06:22 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
                            2013-07-24 06:22 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
                            2013-07-24 06:22 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
                            2013-07-24 06:22 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
                            2013-07-24 06:22 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
                            2013-07-20 18:51 . 2013-07-20 18:51 -------- d-----w- c:\users\grapjes\temp
                            2013-07-20 18:51 . 2013-07-20 18:51 -------- d-----w- c:\users\grapjes\AppData\Roaming\TeamViewer
                            2013-07-20 05:44 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
                            2013-07-19 08:13 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
                            2013-07-19 08:13 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
                            2013-07-17 17:43 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
                            2013-07-14 10:19 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
                            2013-07-02 17:27 . 2013-07-02 17:27 -------- d-----w- c:\users\grapjes\SyncFolder
                            2013-07-02 16:42 . 2013-07-23 19:41 -------- d-----w- c:\program files (x86)\MyPC Backup
                            .
                            .
                            .
                            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            2013-07-30 21:37 . 2012-10-27 19:09 380 ----a-w- c:\users\grapjes\AppData\Roaming\sp_data.sys
                            2013-07-28 00:48 . 2012-11-12 07:39 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
                            2013-07-28 00:48 . 2012-11-05 20:34 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
                            2013-06-23 22:57 . 2012-11-04 13:45 78277128 ----a-w- c:\windows\system32\MRT.exe
                            2013-06-14 18:44 . 2012-10-28 16:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                            2013-06-14 18:44 . 2012-10-28 16:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                            2013-05-29 15:16 . 2013-05-29 15:16 137448 ----a-w- c:\windows\system32\drivers\PSINProt.sys
                            2013-05-29 03:55 . 2013-05-29 03:55 246504 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
                            2013-05-29 03:55 . 2013-05-29 03:55 106216 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
                            2013-05-29 03:55 . 2013-05-29 03:55 118504 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
                            2013-05-29 03:55 . 2013-05-29 03:55 114920 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
                            2013-05-29 03:55 . 2013-05-29 03:55 69864 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
                            2013-05-29 03:55 . 2013-05-29 03:55 305896 ----a-w- c:\windows\system32\drivers\NNSProt.sys
                            2013-05-29 03:55 . 2013-05-29 03:55 119016 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
                            2013-05-29 03:55 . 2013-05-29 03:55 95464 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
                            2013-05-29 03:55 . 2013-05-29 03:55 114920 ----a-w- c:\windows\system32\drivers\NNSIds.sys
                            2013-05-29 03:55 . 2013-05-29 03:55 109288 ----a-w- c:\windows\system32\drivers\NNSHttps.sys
                            2013-05-29 03:55 . 2013-05-29 03:55 91368 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
                            2013-05-29 03:55 . 2013-05-29 03:55 122088 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
                            2013-05-28 09:25 . 2013-05-28 09:25 105704 ----a-w- c:\windows\system32\drivers\PSINReg.sys
                            2013-05-28 09:25 . 2013-05-28 09:25 205544 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
                            2013-05-28 09:25 . 2013-05-28 09:25 124648 ----a-w- c:\windows\system32\drivers\PSINProc.sys
                            2013-05-28 09:25 . 2013-05-28 09:25 122088 ----a-w- c:\windows\system32\drivers\PSINFile.sys
                            2013-05-28 09:25 . 2013-05-28 09:25 168680 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
                            2013-05-17 03:02 . 2013-06-14 19:30 1346560 ----a-w- c:\windows\system32\urlmon(217).dll
                            2013-05-17 02:56 . 2013-06-14 19:30 599040 ----a-w- c:\windows\system32\vbscript(203).dll
                            2013-05-16 22:49 . 2013-06-14 19:30 9738752 ----a-w- c:\windows\SysWow64\ieframe(204).dll
                            2013-05-16 22:28 . 2013-06-14 19:30 1104384 ----a-w- c:\windows\SysWow64\urlmon(222).dll
                            2013-05-16 22:17 . 2013-06-14 19:30 1796096 ----a-w- c:\windows\SysWow64\iertutil(205).dll
                            2013-05-13 05:51 . 2013-06-14 17:30 184320 ----a-w- c:\windows\system32\cryptsvc.dll
                            2013-05-13 05:51 . 2013-06-14 17:30 1464320 ----a-w- c:\windows\system32\crypt32.dll
                            2013-05-13 05:51 . 2013-06-14 17:30 139776 ----a-w- c:\windows\system32\cryptnet.dll
                            2013-05-13 05:50 . 2013-06-14 17:30 52224 ----a-w- c:\windows\system32\certenc.dll
                            2013-05-13 04:45 . 2013-06-14 17:30 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
                            2013-05-13 04:45 . 2013-06-14 17:30 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
                            2013-05-13 04:45 . 2013-06-14 17:30 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
                            2013-05-13 03:43 . 2013-06-14 17:30 1192448 ----a-w- c:\windows\system32\certutil.exe
                            2013-05-13 03:08 . 2013-06-14 17:30 903168 ----a-w- c:\windows\SysWow64\certutil.exe
                            2013-05-13 03:08 . 2013-06-14 17:30 43008 ----a-w- c:\windows\SysWow64\certenc.dll
                            2013-05-10 06:37 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
                            2013-05-10 05:49 . 2013-06-14 17:30 30720 ----a-w- c:\windows\system32\cryptdlg.dll
                            2013-05-10 03:20 . 2013-06-14 17:30 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
                            2013-05-08 06:39 . 2013-06-14 17:30 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
                            2013-05-07 12:29 . 2013-05-07 12:29 36584 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys
                            2013-05-06 00:48 . 2013-04-20 19:34 17408 ----a-w- c:\windows\Launcher.exe
                            2013-05-02 00:06 . 2013-01-11 18:56 278800 ------w- c:\windows\system32\MpSigStub.exe
                            .
                            .
                            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                            REGEDIT4
                            .
                            [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e18b913b-dd1e-4df9-8985-622ccacee799}]
                            c:\users\grapjes\AppData\Roaming\HomeTab\HomeTab.dll [BU]
                            .
                            [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
                            "{e18b913b-dd1e-4df9-8985-622ccacee799}"= "c:\users\grapjes\AppData\Roaming\HomeTab\HomeTab.dll" [BU]
                            "{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [BU]
                            .
                            [HKEY_CLASSES_ROOT\clsid\{e18b913b-dd1e-4df9-8985-622ccacee799}]
                            [HKEY_CLASSES_ROOT\wtb.Band.1]
                            [HKEY_CLASSES_ROOT\TypeLib\{fe66686d-9c43-4c2c-bb47-b15c4b0bc7f8}]
                            [HKEY_CLASSES_ROOT\wtb.Band]
                            .
                            [HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]
                            .
                            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive1]
                            @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
                            [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
                            2013-02-12 17:49 220632 ----a-w- c:\users\grapjes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive2]
                            @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
                            [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
                            2013-02-12 17:49 220632 ----a-w- c:\users\grapjes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive3]
                            @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
                            [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
                            2013-02-12 17:49 220632 ----a-w- c:\users\grapjes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
                            .
                            [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                            "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
                            "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
                            "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
                            "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
                            "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
                            "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
                            "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
                            "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
                            "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
                            "PSUAMain"="d:\software instal\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-05-28 32736]
                            .
                            c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                            FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe -d [2012-5-15 12862]
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                            "ConsentPromptBehaviorAdmin"= 5 (0x5)
                            "ConsentPromptBehaviorUser"= 3 (0x3)
                            "EnableUIADesktopToggle"= 0 (0x0)
                            .
                            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                            "LoadAppInit_DLLs"=1 (0x1)
                            .
                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                            @=""
                            .
                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
                            @="Service"
                            .
                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
                            @="Service"
                            .
                            R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                            R2 SkypeUpdate;Skype Updater;d:\software instal\Skype\Updater\Updater.exe;d:\software instal\Skype\Updater\Updater.exe [x]
                            R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
                            R3 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
                            R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                            R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
                            R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                            R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
                            R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                            S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
                            S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
                            S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
                            S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
                            S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
                            S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
                            S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
                            S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
                            S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
                            S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
                            S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
                            S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
                            S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
                            S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
                            S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
                            S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
                            S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
                            S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
                            S2 NanoServiceMain;Panda Cloud Antivirus Service;d:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe;d:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
                            S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
                            S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
                            S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
                            S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
                            S2 PSUAService;Panda Product Service;d:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe;d:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
                            S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
                            S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
                            S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
                            S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
                            S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
                            S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
                            S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
                            .
                            .
                            --- Andere Services/Drivers In Geheugen ---
                            .
                            *NewlyCreated* - WS2IFSL
                            .
                            Inhoud van de 'Gedeelde Taken' map
                            .
                            2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
                            - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 18:44]
                            .
                            .
                            --------- X64 Entries -----------
                            .
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
                            @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
                            [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
                            2013-02-12 17:49 244696 ----a-w- c:\users\grapjes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
                            @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
                            [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
                            2013-02-12 17:49 244696 ----a-w- c:\users\grapjes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
                            @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
                            [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
                            2013-02-12 17:49 244696 ----a-w- c:\users\grapjes\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_B]
                            @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
                            [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
                            2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_O]
                            @="{64174815-8D98-4CE6-8646-4C039977D808}"
                            [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
                            2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
                            .
                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
                            "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
                            "SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
                            "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
                            "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
                            "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
                            "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
                            "Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-03 416024]
                            .
                            ------- Bijkomende Scan -------
                            .
                            uLocal Page = c:\windows\system32\blank.htm
                            uDefault_Search_URL = hxxp://www.google.com
                            mDefault_Search_URL = hxxp://www.google.com
                            mLocal Page = c:\windows\SysWOW64\blank.htm
                            mSearch Page = hxxp://www.google.com
                            mSearch Bar = hxxp://www.google.com
                            uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
                            IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
                            IE: {{a39a8780-f414-42de-af33-5d1e0b0328c2} - {e18b913b-dd1e-4df9-8985-622ccacee799} - c:\users\grapjes\AppData\Roaming\HomeTab\HomeTab.dll
                            TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
                            DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
                            FF - ProfilePath - c:\users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\
                            FF - prefs.js: browser.search.selectedEngine - Google
                            FF - prefs.js: browser.startup.homepage - about:home
                            FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rls=org.mozilla:en-USfficial&client=firefox-a&q=
                            FF - ExtSQL: 2013-07-01 17:42; [email protected]; c:\users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\extensions\[email protected]
                            .
                            - - - - ORPHANS VERWIJDERD - - - -
                            .
                            Toolbar-Locked - (no file)
                            AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
                            AddRemove-Browser Updater_is1 - c:\program files (x86)\Browser Updater\unins000.exe
                            AddRemove-ilividtoolbargaw - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
                            AddRemove-{b34245cb-00a1-4daf-96ef-26857fe21af8}_is1 - c:\program files (x86)\HomeTab\unins000.exe
                            .
                            .
                            .
                            --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                            .
                            [HKEY_USERS\S-1-5-21-2556847505-2109788807-309677588-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
                            @Denied: (2) (LocalSystem)
                            "Progid"="WindowsLiveMail.Email.1"
                            .
                            [HKEY_USERS\S-1-5-21-2556847505-2109788807-309677588-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
                            @Denied: (2) (LocalSystem)
                            "Progid"="WindowsLiveMail.VCard.1"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                            @Denied: (A 2) (Everyone)
                            @="FlashBroker"
                            "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe ,-101"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                            "Enabled"=dword:00000001
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                            @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                            @Denied: (A 2) (Everyone)
                            @="IFlashBroker5"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                            @="{00020424-0000-0000-C000-000000000046}"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                            "Version"="1.0"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                            @Denied: (A 2) (Everyone)
                            @="FlashBroker"
                            "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe ,-101"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                            "Enabled"=dword:00000001
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                            @Denied: (A 2) (Everyone)
                            @="Shockwave Flash Object"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
                            "ThreadingModel"="Apartment"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                            @="0"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                            @="ShockwaveFlash.ShockwaveFlash.11"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                            @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                            @="1.0"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                            @="ShockwaveFlash.ShockwaveFlash"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                            @Denied: (A 2) (Everyone)
                            @="Macromedia Flash Factory Object"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
                            "ThreadingModel"="Apartment"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                            @="FlashFactory.FlashFactory.1"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                            @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                            @="1.0"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                            @="FlashFactory.FlashFactory"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                            @Denied: (A 2) (Everyone)
                            @="IFlashBroker5"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                            @="{00020424-0000-0000-C000-000000000046}"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                            "Version"="1.0"
                            .
                            [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
                            "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                            00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
                            .
                            [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
                            @Denied: (Full) (Everyone)
                            .
                            ------------------------ Andere Aktieve Processen ------------------------
                            .
                            c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
                            c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
                            c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                            c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                            c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
                            c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
                            c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
                            c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
                            c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
                            c:\program files (x86)\ASUS\Splendid\ACMON.exe
                            c:\windows\SysWOW64\ACEngSvr.exe
                            c:\windows\AsScrPro.exe
                            c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
                            .
                            **************************************************************************
                            .
                            Voltooingstijd: 2013-07-30 23:41:34 - machine werd herstart
                            ComboFix-quarantined-files.txt 2013-07-30 21:41
                            ComboFix2.txt 2013-07-30 21:04
                            .
                            Pre-Run: 72.509.718.528 bytes beschikbaar
                            Post-Run: 72.438.984.704 bytes beschikbaar
                            .
                            - - End Of File - - 2384B88D94A36007E02D6905D23C1F8E
                            D41D8CD98F00B204E9800998ECF8427E

                            DDS (Ver_2012-11-20.01) - NTFS_AMD64
                            Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
                            Run by grapjes at 23:54:18 on 2013-07-30
                            Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4000.2292 [GMT 2:00]
                            .
                            AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
                            SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
                            SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                            FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
                            .
                            ============== Running Processes ===============
                            .
                            C:\Windows\system32\lsm.exe
                            C:\Windows\system32\svchost.exe -k DcomLaunch
                            C:\Windows\system32\svchost.exe -k RPCSS
                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                            C:\Windows\system32\svchost.exe -k LocalService
                            C:\Windows\system32\svchost.exe -k netsvcs
                            C:\Windows\system32\svchost.exe -k GPSvcGroup
                            C:\Windows\system32\svchost.exe -k NetworkService
                            C:\Windows\system32\FBAgent.exe
                            C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
                            C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
                            C:\Windows\System32\spoolsv.exe
                            C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                            C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                            C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                            C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
                            D:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe
                            D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe
                            C:\Windows\system32\svchost.exe -k imgsvc
                            C:\Windows\System32\svchost.exe -k secsvcs
                            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                            C:\Windows\system32\wbem\wmiprvse.exe
                            C:\Windows\system32\taskhost.exe
                            C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
                            C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
                            C:\Windows\system32\Dwm.exe
                            C:\Windows\system32\wbem\wmiprvse.exe
                            C:\Windows\Explorer.EXE
                            C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                            C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
                            C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
                            C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
                            C:\Windows\servicing\TrustedInstaller.exe
                            C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
                            C:\Windows\System32\WUDFHost.exe
                            C:\Windows\SysWOW64\ACEngSvr.exe
                            C:\Windows\AsScrPro.exe
                            C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
                            C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
                            C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
                            C:\Windows\WindowsMobile\wmdc.exe
                            C:\Windows\System32\igfxtray.exe
                            C:\Windows\System32\hkcmd.exe
                            C:\Windows\System32\igfxpers.exe
                            C:\Windows\system32\svchost.exe -k WindowsMobile
                            C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
                            C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
                            C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
                            C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                            C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
                            C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
                            C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
                            C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                            D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
                            C:\Windows\system32\SearchIndexer.exe
                            C:\Program Files\Windows Media Player\wmpnetwk.exe
                            C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                            C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSService.exe
                            D:\software instal\Mozilla Firefox\firefox.exe
                            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                            C:\Windows\System32\svchost.exe -k swprv
                            C:\Windows\system32\wuauclt.exe
                            C:\Windows\SysWOW64\NOTEPAD.EXE
                            C:\Windows\SysWOW64\NOTEPAD.EXE
                            C:\Windows\system32\svchost.exe -k SDRSVC
                            C:\Windows\system32\igfxsrvc.exe
                            C:\Windows\System32\cscript.exe
                            .
                            ============== Pseudo HJT Report ===============
                            .
                            uDefault_Search_URL = hxxp://www.google.com
                            mSearch Bar = hxxp://www.google.com
                            mSearch Page = hxxp://www.google.com
                            mDefault_Search_URL = hxxp://www.google.com
                            uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
                            BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                            BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                            BHO: HomeTab: {e18b913b-dd1e-4df9-8985-622ccacee799} -
                            TB: HomeTab: {e18b913b-dd1e-4df9-8985-622ccacee799} -
                            TB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} -
                            mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                            mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
                            mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
                            mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
                            mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                            mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
                            mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
                            mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
                            mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                            mRun: [PSUAMain] "D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
                            StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
                            uPolicies-Explorer: NoDriveAutoRun = dword:0
                            uPolicies-Explorer: NoDrives = dword:0
                            mPolicies-Explorer: NoDrives = dword:0
                            mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                            mPolicies-System: ConsentPromptBehaviorUser = dword:3
                            mPolicies-System: EnableUIADesktopToggle = dword:0
                            IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
                            IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                            IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
                            IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
                            IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                            IE: {a39a8780-f414-42de-af33-5d1e0b0328c2} - {e18b913b-dd1e-4df9-8985-622ccacee799}
                            DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/Select/asusTek_sys_ctrl3.cab
                            DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
                            DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
                            DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
                            DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                            TCP: NameServer = 212.54.40.25 212.54.35.25
                            TCP: Interfaces\{A1082F0E-F703-4BE6-9AA9-1D8C11A6BDF4}\14256573531393544353235433 : DHCPNameServer = 192.168.2.254
                            TCP: Interfaces\{F82CDCC4-24FA-463C-B71B-6FD7C7708995} : DHCPNameServer = 212.54.40.25 212.54.35.25
                            Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                            Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                            SSODL: WebCheck - <orphaned>
                            x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
                            x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
                            x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
                            x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
                            x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
                            x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
                            x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
                            x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
                            x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                            x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                            x64-Notify: igfxcui - igfxdev.dll
                            x64-SSODL: WebCheck - <orphaned>
                            .
                            ================= FIREFOX ===================
                            .
                            FF - ProfilePath - C:\Users\grapjes\AppData\Roaming\Mozilla\Firefox\Profiles\xi4pl1nr.default\
                            FF - prefs.js: browser.search.selectedEngine - Google
                            FF - prefs.js: browser.startup.homepage - about:home
                            FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rls=org.mozilla:en-USfficial&client=firefox-a&q=
                            FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
                            FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
                            FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
                            FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
                            FF - plugin: C:\Users\grapjes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
                            FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
                            FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
                            FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
                            FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
                            .
                            ============= SERVICES / DRIVERS ===============
                            .
                            R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
                            R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2013-5-29 91368]
                            R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2013-5-29 122088]
                            R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-5-29 109288]
                            R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2013-5-29 114920]
                            R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2013-5-7 36584]
                            R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2013-5-29 95464]
                            R1 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2013-5-29 69864]
                            R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2013-5-29 119016]
                            R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2013-5-29 305896]
                            R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2013-5-29 118504]
                            R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2013-5-29 114920]
                            R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2013-5-29 246504]
                            R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2013-5-29 106216]
                            R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2013-5-28 205544]
                            R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-5-15 379520]
                            R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
                            R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-17 277120]
                            R2 NanoServiceMain;Panda Cloud Antivirus Service;D:\software instal\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-5-28 140768]
                            R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2013-5-28 168680]
                            R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2013-5-28 122088]
                            R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2013-5-28 124648]
                            R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2013-5-29 137448]
                            R2 PSUAService;Panda Product Service;D:\software instal\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-5-28 37344]
                            R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-15 2656280]
                            R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-23 130024]
                            R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-23 395752]
                            R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-5 317440]
                            R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-5 76912]
                            R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-5-15 1838656]
                            S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                            S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
                            S2 SkypeUpdate;Skype Updater;D:\software instal\Skype\Updater\Updater.exe [2013-6-21 162408]
                            S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
                            S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-2-12 57856]
                            S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
                            S3 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2013-5-28 105704]
                            S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
                            S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
                            S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]
                            S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-4 30208]
                            S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-29 1255736]
                            .
                            =============== Created Last 30 ================
                            .
                            2013-07-30 21:44:11 58808 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
                            2013-07-30 21:37:18 -------- d-----w- C:\$RECYCLE.BIN
                            2013-07-30 20:55:01 98816 ----a-w- C:\Windows\sed.exe
                            2013-07-30 20:55:01 256000 ----a-w- C:\Windows\PEV.exe
                            2013-07-30 20:55:01 208896 ----a-w- C:\Windows\MBR.exe
                            2013-07-30 11:25:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
                            2013-07-30 10:11:45 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
                            2013-07-30 10:11:41 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AACE542-017A-49F6-9738-B5FB6EF508CC}\mpengine.dll
                            2013-07-28 21:43:31 -------- d-----w- C:\Windows\System32\MRT
                            2013-07-28 14:55:12 -------- d-----w- C:\Users\grapjes\AppData\Local\VS Revo Group
                            2013-07-28 10:01:40 -------- d-----w- C:\Users\grapjes\AppData\Roaming\temp
                            2013-07-28 09:37:28 -------- d-----w- C:\aws
                            2013-07-28 09:37:18 -------- d-----w- C:\Asus WebStorage
                            2013-07-28 08:33:12 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
                            2013-07-28 08:08:57 -------- d-----w- C:\Users\grapjes\AppData\Roaming\Panda Security
                            2013-07-28 08:07:38 -------- d-----w- C:\ProgramData\Panda Security
                            2013-07-28 00:48:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                            2013-07-28 00:19:19 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
                            2013-07-28 00:19:18 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
                            2013-07-28 00:19:18 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
                            2013-07-28 00:19:17 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
                            2013-07-28 00:19:16 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
                            2013-07-28 00:00:41 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
                            2013-07-24 06:41:50 624128 ----a-w- C:\Windows\System32\qedit.dll
                            2013-07-24 06:41:50 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
                            2013-07-24 06:23:01 3153920 ----a-w- C:\Windows\System32\win32k.sys
                            2013-07-24 06:22:40 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
                            2013-07-24 06:22:40 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
                            2013-07-24 06:22:39 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
                            2013-07-24 06:22:35 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
                            2013-07-24 06:22:35 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
                            2013-07-23 18:20:42 -------- d-----w- C:\Windows\pss
                            2013-07-20 18:51:23 -------- d-----w- C:\Users\grapjes\temp
                            2013-07-20 18:51:22 -------- d-----w- C:\Users\grapjes\AppData\Roaming\TeamViewer
                            2013-07-20 05:44:34 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
                            2013-07-19 08:13:17 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
                            2013-07-19 08:13:16 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
                            2013-07-17 17:43:56 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
                            2013-07-14 10:19:49 1643520 ----a-w- C:\Windows\System32\DWrite.dll
                            2013-07-02 17:27:23 -------- d-----w- C:\Users\grapjes\SyncFolder
                            2013-07-02 16:42:43 -------- d-----w- C:\Program Files (x86)\MyPC Backup
                            .
                            ==================== Find3M ====================
                            .
                            2013-07-30 21:44:32 380 ----a-w- C:\Users\grapjes\AppData\Roaming\sp_data.sys
                            2013-07-28 00:48:18 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
                            2013-07-28 00:48:18 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
                            2013-07-28 00:06:59 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
                            2013-06-14 18:44:34 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                            2013-06-14 18:44:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                            2013-05-29 15:16:45 137448 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
                            2013-05-29 03:55:24 246504 ----a-w- C:\Windows\System32\drivers\NNSStrm.sys
                            2013-05-29 03:55:24 106216 ----a-w- C:\Windows\System32\drivers\NNStlsc.sys
                            2013-05-29 03:55:23 118504 ----a-w- C:\Windows\System32\drivers\NNSPrv.sys
                            2013-05-29 03:55:23 114920 ----a-w- C:\Windows\System32\drivers\NNSSmtp.sys
                            2013-05-29 03:55:22 69864 ----a-w- C:\Windows\System32\drivers\NNSPihsw.sys
                            2013-05-29 03:55:22 305896 ----a-w- C:\Windows\System32\drivers\NNSProt.sys
                            2013-05-29 03:55:22 119016 ----a-w- C:\Windows\System32\drivers\NNSPop3.sys
                            2013-05-29 03:55:21 95464 ----a-w- C:\Windows\System32\drivers\NNSpicc.sys
                            2013-05-29 03:55:21 114920 ----a-w- C:\Windows\System32\drivers\NNSIds.sys
                            2013-05-29 03:55:21 109288 ----a-w- C:\Windows\System32\drivers\NNSHttps.sys
                            2013-05-29 03:55:20 91368 ----a-w- C:\Windows\System32\drivers\NNSAlpc.sys
                            2013-05-29 03:55:20 122088 ----a-w- C:\Windows\System32\drivers\NNSHttp.sys
                            2013-05-28 09:25:41 105704 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
                            2013-05-28 09:25:40 205544 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
                            2013-05-28 09:25:40 124648 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
                            2013-05-28 09:25:05 122088 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
                            2013-05-28 09:25:04 168680 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
                            2013-05-17 03:02:53 1346560 ----a-w- C:\Windows\System32\urlmon(217).dll
                            2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript(203).dll
                            2013-05-16 22:49:25 9738752 ----a-w- C:\Windows\SysWow64\ieframe(204).dll
                            2013-05-16 22:28:40 1104384 ----a-w- C:\Windows\SysWow64\urlmon(222).dll
                            2013-05-16 22:17:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil(205).dll
                            2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
                            2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
                            2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
                            2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
                            2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
                            2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
                            2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
                            2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
                            2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
                            2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
                            2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
                            2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
                            2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
                            2013-05-07 12:29:42 36584 ----a-w- C:\Windows\System32\drivers\NNSNAHSL.sys
                            2013-05-06 00:48:20 17408 ----a-w- C:\Windows\Launcher.exe
                            2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
                            .
                            ============= FINISH: 23:54:34,74 ===============

                            Comment


                            • #15
                              Mooi zo

                              Zijn er nog problemen?
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X