Mededeling

Collapse
No announcement yet.

Virus op pc o.a. Babylon/Delta search toolbar

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virus op pc o.a. Babylon/Delta search toolbar

    Hallo,

    Ik heb sinds kort een paar virussen op mijn pc, zoals Babylon, Tarma Installer en een Delta Search toolbar die ik er niet af krijg.

    Met MBAM een scan gemaakt die 50 gedetecteerde bestanden aangaf. Zijn nu in quarantaine geplaatst en daar verwijderd maar ongetwijfeld nog aanwezig op de pc.

    Bij deze iig de logfiles van MBAM, DDS en GMER.

    Alvast bedankt voor de hulp!


    Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.08.21.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16660
    eigenaar :: EIGENAAR-PC [administrator]

    Bescherming: Uitgeschakeld

    21-8-2013 15:08:28
    mbam-log-2013-08-21 (15-08-28).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 242524
    Verstreken tijd: 2 minuut/minuten, 45 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 3
    HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 1
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 18
    C:\Users\eigenaar\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\eigenaar\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\eigenaar\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\DealPlyLive (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{68F250EA-9638-4DCF-96C4-D68CC340EC48} (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{68F250EA-9638-4DCF-96C4-D68CC340EC48}\Cache (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\eigenaar\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\eigenaar\AppData\Roaming\OpenCandy\1145B04C5E6542D4B582B53D1893E626 (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\eigenaar\AppData\Roaming\OpenCandy\OpenCandy_1145B04C5E6542D4B582B53D1893E626 (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 28
    C:\ProgramData\Tarma Installer\{68F250EA-9638-4DCF-96C4-D68CC340EC48}\A86207CA0123E3DC._bu (PUP.Optional.OptChrome.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\eigenaar\Downloads\iLividSetup-r343-n-bc.exe (PUP.Optional.Bandoo) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\eigenaar\Downloads\SoftonicDownloader_voor_windows-movie-maker-2012.exe (PUP.Optional.Softonic) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\eigenaar\Downloads\winamp563_full_emusic-7plus_nl-nl.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Roel\Downloads\Breaking_Bad_-_Seizoen_4_NL_SUBS (1).exe (PUP.Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Roel\Downloads\Breaking_Bad_-_Seizoen_4_NL_SUBS.exe (PUP.Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Roel\Downloads\iLividSetup (1).exe (PUP.Optional.Bandoo) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Roel\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Roel\Downloads\SoftonicDownloader_voor_audacity.exe (PUP.Optional.Softonic) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Roel\Downloads\VideoPerformerSetup.exe (PUP.Optional.InstallBrain) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\eigenaar\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\eigenaar\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{68F250EA-9638-4DCF-96C4-D68CC340EC48}\Setup.dat (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{68F250EA-9638-4DCF-96C4-D68CC340EC48}\Setup.exe (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{68F250EA-9638-4DCF-96C4-D68CC340EC48}\Setup.ico (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{68F250EA-9638-4DCF-96C4-D68CC340EC48}\_Setup.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{68F250EA-9638-4DCF-96C4-D68CC340EC48}\_Setupx.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\eigenaar\AppData\Roaming\OpenCandy\1145B04C5E6542D4B582B53D1893E626\driverscannerNL.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.21.2
    Run by eigenaar at 15:26:48 on 2013-08-21
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3838.2231 [GMT 2:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    uURLSearchHooks: {2d8d9acc-f6d7-4362-8876-a275ca929591} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    TCP: NameServer = 62.179.104.196 213.46.228.196
    TCP: Interfaces\{4846F724-B214-466F-ABC9-0916F4710250} : DHCPNameServer = 62.179.104.196 213.46.228.196
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-6 45856]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-20 202752]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-21 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-21 701512]
    R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-14 1643184]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-21 25928]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-11 452200]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-6-11 1349232]
    S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
    S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-8-13 57840]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-5 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-08-21 13:07:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-08-13 16:28:53 -------- d-----w- C:\Windows\en
    2013-08-13 16:28:30 -------- d-----w- C:\Windows\nl
    2013-08-13 16:28:17 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2013-08-13 16:27:35 57840 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
    2013-08-13 16:27:27 -------- d-----w- C:\Windows\PCHEALTH
    2013-08-13 16:26:53 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
    2013-08-13 16:26:53 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
    2013-08-13 16:26:53 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
    2013-08-13 16:26:53 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
    2013-08-13 16:26:52 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
    2013-08-13 16:26:52 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
    2013-08-13 16:26:52 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
    2013-08-13 16:26:52 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
    2013-08-13 16:12:43 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2013-08-13 16:12:43 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2013-08-13 16:12:22 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
    2013-08-13 16:12:22 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
    2013-08-13 16:10:06 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2013-08-08 18:47:46 -------- d-----w- C:\Users\eigenaar\Qtrax
    2013-08-08 18:44:28 -------- d-----w- C:\Program Files (x86)\MyPC Backup
    2013-08-08 18:44:05 -------- d-----w- C:\Windows\SysWow64\Extensions
    2013-08-08 18:44:04 -------- d-----w- C:\Windows\SysWow64\searchplugins
    2013-08-08 18:43:59 -------- d-----w- C:\Users\eigenaar\AppData\Local\DealPlyLive
    2013-08-08 18:43:53 -------- d-----w- C:\Users\eigenaar\AppData\Roaming\Systweak
    2013-08-08 18:43:52 20312 ----a-w- C:\Windows\System32\roboot64.exe
    2013-08-08 18:43:50 -------- d-----w- C:\Users\eigenaar\AppData\Local\Programs
    2013-08-08 18:43:47 -------- d-----w- C:\Users\eigenaar\AppData\Roaming\DSite
    2013-08-08 18:43:46 -------- d-----w- C:\Program Files (x86)\DealPly
    .
    ==================== Find3M ====================
    .
    2013-08-20 20:23:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-20 20:23:19 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-08-14 16:16:31 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
    2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
    2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
    2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
    2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
    2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    .
    ============= FINISH: 15:27:09,77 ===============

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-08-21 15:40:08
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST2000DM001-9YN164 rev.CC4C 1863,02GB
    Running: 5df9l0u2.exe; Driver: C:\Users\eigenaar\AppData\Local\Temp\awldqkow.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76]
    .text ... * 2
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76]
    .text ... * 2
    ? C:\Windows\system32\mssprxy.dll [4668] entry point in ".rdata" section 00000000725b71e6
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007752f9b1 7 bytes {MOV EDX, 0x715a28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007752fbf5 7 bytes {MOV EDX, 0x715a68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007752fc25 7 bytes {MOV EDX, 0x7159a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007752fc3d 7 bytes {MOV EDX, 0x715928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007752fc55 7 bytes {MOV EDX, 0x715b28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007752fc85 7 bytes {MOV EDX, 0x715b68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007752fd05 7 bytes {MOV EDX, 0x715ae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007752fd1d 7 bytes {MOV EDX, 0x715aa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007752fd69 7 bytes {MOV EDX, 0x715868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007752fe61 7 bytes {MOV EDX, 0x7158a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000775300b9 7 bytes {MOV EDX, 0x715828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000775310c5 7 bytes {MOV EDX, 0x7159e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007753113d 7 bytes {MOV EDX, 0x715968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077531341 7 bytes {MOV EDX, 0x7158e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007752f9b1 7 bytes {MOV EDX, 0xe94a28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007752fbf5 7 bytes {MOV EDX, 0xe94a68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007752fc25 7 bytes {MOV EDX, 0xe949a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007752fc3d 7 bytes {MOV EDX, 0xe94928; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007752fc55 7 bytes {MOV EDX, 0xe94b28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007752fc85 7 bytes {MOV EDX, 0xe94b68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007752fd05 7 bytes {MOV EDX, 0xe94ae8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007752fd1d 7 bytes {MOV EDX, 0xe94aa8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007752fd69 7 bytes {MOV EDX, 0xe94868; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007752fe61 7 bytes {MOV EDX, 0xe948a8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000775300b9 7 bytes {MOV EDX, 0xe94828; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000775310c5 7 bytes {MOV EDX, 0xe949e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007753113d 7 bytes {MOV EDX, 0xe94968; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077531341 7 bytes {MOV EDX, 0xe948e8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007752f9b1 7 bytes {MOV EDX, 0x7c6e28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007752fbf5 7 bytes {MOV EDX, 0x7c6e68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007752fc25 7 bytes {MOV EDX, 0x7c6da8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007752fc3d 7 bytes {MOV EDX, 0x7c6d28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007752fc55 7 bytes {MOV EDX, 0x7c6f28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007752fc85 7 bytes {MOV EDX, 0x7c6f68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007752fd05 7 bytes {MOV EDX, 0x7c6ee8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007752fd1d 7 bytes {MOV EDX, 0x7c6ea8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007752fd69 7 bytes {MOV EDX, 0x7c6c68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007752fe61 7 bytes {MOV EDX, 0x7c6ca8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000775300b9 7 bytes {MOV EDX, 0x7c6c28; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000775310c5 7 bytes {MOV EDX, 0x7c6de8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007753113d 7 bytes {MOV EDX, 0x7c6d68; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077531341 7 bytes {MOV EDX, 0x7c6ce8; JMP RDX}
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76]
    .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1552:920] 000007fefb952a7c
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1552:2972] 000007feee30d618
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1552:344] 000007feee30d618
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1552:3576] 000007fef9ae5124

    ---- EOF - GMER 2.1 ----

  • #2
    Hoi opgezwolle,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub .
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Oorspronkelijk geplaatst door opgezwolle Bekijk Berichten
    Hallo,

    Ik heb sinds kort een paar virussen op mijn pc, zoals Babylon, Tarma Installer en een Delta Search toolbar die ik er niet af krijg.
    Dat zijn geen virussen maar ongewenste toolbars


    Stap 1:

    Malware scannen en verwijderen....

    Start MBAM.
    Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga naar het tabblad "Updates" en Update MBAM.
    • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    Indien MBAM vraagt om een herstart, doe dit dan ook.
    Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
    In dat geval post je dus de twee logs.

    De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


    Bij problemen!!!

    ___________________________________________________________

    Stap 2:

    Controle op slechte toolbars...

    Opmerking:Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
    Beveiligingssoftware uitschakelen.

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner en klik op Verwijderen

    • KLIK HIER voor een vergroting! 
    • Klik bij AdwCleaner – Information op OK
    • Klik bij AdwCleaner – Restart Required op OK

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

    ___________________________________________________________

    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

    ___________________________________________________________

    Stap 4:

    Controle op updates...

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.

    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Bij deze in twee etappes de logfiles:

      Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2013.08.21.04

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 10.0.9200.16660
      eigenaar :: EIGENAAR-PC [administrator]

      Bescherming: Ingeschakeld

      21-8-2013 16:50:14
      mbam-log-2013-08-21 (16-50-14).txt

      Scan type: Volledige scan (C:\|D:\|)
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 377005
      Verstreken tijd: 28 minuut/minuten, 23 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerwaarden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerdata gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Mappen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Bestanden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      (einde)

      Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2013.08.21.04

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 10.0.9200.16660
      eigenaar :: EIGENAAR-PC [administrator]

      Bescherming: Ingeschakeld

      21-8-2013 17:22:36
      mbam-log-2013-08-21 (17-22-36).txt

      Scan type: Snelle scan
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 242596
      Verstreken tijd: 2 minuut/minuten, 47 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerwaarden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerdata gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Mappen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Bestanden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      (einde)

      # AdwCleaner v3.000 - Report created 21/08/2013 at 17:46:36
      # Updated 20/08/2013 by Xplode
      # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Username : eigenaar - EIGENAAR-PC
      # Running from : C:\Users\eigenaar\Downloads\adwcleaner (1).exe
      # Option : Clean

      ***** [ Services ] *****


      ***** [ Files / Folders ] *****

      Folder Deleted : C:\Users\Roel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

      ***** [ Shortcuts ] *****


      ***** [ Registry ] *****


      ***** [ Browsers ] *****

      -\\ Internet Explorer v10.0.9200.16660


      -\\ Mozilla Firefox v

      -\\ Google Chrome v28.0.1500.95

      [ File : C:\Users\eigenaar\AppData\Local\Google\Chrome\User Data\Default\preferences ]

      Deleted : icon_url
      Deleted : search_url
      Deleted : keyword

      *************************

      AdwCleaner[R0].txt - [11297 octets] - [21/08/2013 17:29:11]
      AdwCleaner[R1].txt - [1101 octets] - [21/08/2013 17:45:35]
      AdwCleaner[S0].txt - [10717 octets] - [21/08/2013 17:33:06]
      AdwCleaner[S1].txt - [1031 octets] - [21/08/2013 17:46:36]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1091 octets] ##########

      Comment


      • #4
        En de rest:

        DDS (Ver_2012-11-20.01) - NTFS_AMD64
        Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.21.2
        Run by eigenaar at 17:38:30 on 2013-08-21
        Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3838.2056 [GMT 2:00]
        .
        AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
        SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
        .
        ============== Running Processes ===============
        .
        C:\Windows\system32\lsm.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch
        C:\Windows\system32\svchost.exe -k RPCSS
        C:\Windows\system32\atiesrxx.exe
        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        C:\Windows\system32\svchost.exe -k LocalService
        C:\Windows\system32\svchost.exe -k netsvcs
        C:\Windows\system32\svchost.exe -k NetworkService
        C:\Windows\system32\atieclxx.exe
        C:\Windows\System32\spoolsv.exe
        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
        C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
        C:\Windows\system32\svchost.exe -k imgsvc
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
        C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
        C:\Windows\system32\taskhost.exe
        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\Explorer.EXE
        C:\Program Files\Windows Sidebar\sidebar.exe
        C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
        C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
        C:\Windows\system32\taskeng.exe
        C:\Windows\system32\taskeng.exe
        C:\Windows\system32\SearchIndexer.exe
        C:\Program Files\Windows Media Player\wmpnetwk.exe
        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        C:\Windows\System32\svchost.exe -k LocalServicePeerNet
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
        C:\Windows\system32\sppsvc.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Windows\system32\wuauclt.exe
        C:\Windows\servicing\TrustedInstaller.exe
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Windows\system32\SearchProtocolHost.exe
        C:\Windows\system32\SearchFilterHost.exe
        C:\Windows\System32\cscript.exe
        .
        ============== Pseudo HJT Report ===============
        .
        uStart Page = hxxp://www.google.nl/
        uURLSearchHooks: {2d8d9acc-f6d7-4362-8876-a275ca929591} - <orphaned>
        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
        BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
        TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
        TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
        uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
        uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
        mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
        mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
        mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
        mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
        uPolicies-Explorer: NoDrives = dword:0
        mPolicies-Explorer: NoDrives = dword:0
        mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
        mPolicies-System: ConsentPromptBehaviorUser = dword:3
        mPolicies-System: EnableUIADesktopToggle = dword:0
        IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
        TCP: NameServer = 62.179.104.196 213.46.228.196
        TCP: Interfaces\{4846F724-B214-466F-ABC9-0916F4710250} : DHCPNameServer = 62.179.104.196 213.46.228.196
        Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
        Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
        SSODL: WebCheck - <orphaned>
        mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
        x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
        x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
        x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
        x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
        .
        ============= SERVICES / DRIVERS ===============
        .
        R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
        R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
        R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
        R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
        R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
        R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
        R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-6 45856]
        R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-20 202752]
        R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-21 418376]
        R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-21 701512]
        R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
        R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
        R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-21 25928]
        R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-11 452200]
        R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-6-11 1349232]
        S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
        S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
        S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
        S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
        S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [?]
        S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-8-13 57840]
        S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
        S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
        S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
        S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
        S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-5 1255736]
        .
        =============== Created Last 30 ================
        .
        2013-08-21 15:26:44 -------- d-----w- C:\AdwCleaner
        2013-08-21 13:07:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
        2013-08-13 16:28:53 -------- d-----w- C:\Windows\en
        2013-08-13 16:28:30 -------- d-----w- C:\Windows\nl
        2013-08-13 16:28:17 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
        2013-08-13 16:27:35 57840 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
        2013-08-13 16:27:27 -------- d-----w- C:\Windows\PCHEALTH
        2013-08-13 16:26:53 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
        2013-08-13 16:26:53 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
        2013-08-13 16:26:53 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
        2013-08-13 16:26:53 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
        2013-08-13 16:26:52 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
        2013-08-13 16:26:52 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
        2013-08-13 16:26:52 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
        2013-08-13 16:26:52 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
        2013-08-13 16:12:43 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
        2013-08-13 16:12:43 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
        2013-08-13 16:12:22 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
        2013-08-13 16:12:22 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
        2013-08-13 16:10:06 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
        2013-08-08 18:47:46 -------- d-----w- C:\Users\eigenaar\Qtrax
        2013-08-08 18:44:05 -------- d-----w- C:\Windows\SysWow64\Extensions
        2013-08-08 18:44:04 -------- d-----w- C:\Windows\SysWow64\searchplugins
        2013-08-08 18:43:50 -------- d-----w- C:\Users\eigenaar\AppData\Local\Programs
        .
        ==================== Find3M ====================
        .
        2013-08-20 20:23:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
        2013-08-20 20:23:19 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
        2013-08-14 16:16:31 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
        2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
        2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
        2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
        2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
        2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
        2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
        2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
        2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
        2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
        2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
        2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
        2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
        2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
        2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
        2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
        2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
        2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
        2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
        2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
        2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
        2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
        2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
        2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
        2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
        2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
        2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
        2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
        2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
        2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
        2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
        2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
        2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
        2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
        2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
        2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
        2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
        2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
        2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
        2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
        2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
        2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
        2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
        2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
        .
        ============= FINISH: 17:38:58,11 ===============

        Results of screen317's Security Check version 0.99.72
        Windows 7 Service Pack 1 x64 (UAC is enabled)
        Internet Explorer 10
        ``````````````Antivirus/Firewall Check:``````````````
        AVG AntiVirus Free Edition 2013
        Antivirus up to date! (On Access scanning disabled!)
        `````````Anti-malware/Other Utilities Check:`````````
        Java 7 Update 21
        Java version out of Date!
        Adobe Reader XI
        Google Chrome 28.0.1500.72
        Google Chrome 28.0.1500.95
        ````````Process Check: objlist.exe by Laurent````````
        Malwarebytes Anti-Malware mbamservice.exe
        Malwarebytes Anti-Malware mbamgui.exe
        Malwarebytes Anti-Malware mbam.exe
        Malwarebytes' Anti-Malware mbamscheduler.exe
        `````````````````System Health check`````````````````
        Total Fragmentation on Drive C: 0%
        ````````````````````End of Log``````````````````````

        Comment


        • #5
          Deze mag je verwijderen van je pc: Java 7 Update 21
          PC herstarten herna.


          Download TFC en sla deze op je Bureaublad op.
          • Dubbelklik op TFC.exe om het programma te openen.
          • Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
          • Klik op de knop Start om het programma te starten.
          • Als het programma klaar is, dan zal het je computer opnieuw opstarten.
            Als dit niet gebeurt, start dan je computer handmatig opnieuw op.


          _____________________________________________________________

          Download Combofix en plaats het op je bureaublad.

          Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
          Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.


          Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.


          Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
          Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

          Als Combofix vraagt om een update, dan staat je dit toe.

          Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
          Deze kan je vinden als C:\combofix.txt.

          Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

          * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
          • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
          • Illegal operation attempted on a registry key that has been marked for deletion.
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment


          • #6
            Bij deze! Is alles weer in orde nu?


            ComboFix 13-08-21.01 - eigenaar 21-08-2013 23:10:59.4.2 - x64
            Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3838.2405 [GMT 2:00]
            Gestart vanuit: c:\users\eigenaar\Downloads\ComboFix.exe
            AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
            SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
            SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
            .
            .
            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            C:\torrent.exe
            .
            .
            (((((((((((((((((((( Bestanden Gemaakt van 2013-07-21 to 2013-08-21 ))))))))))))))))))))))))))))))
            .
            .
            2013-08-21 21:14 . 2013-08-21 21:14 -------- d-----w- c:\users\Roel\AppData\Local\temp
            2013-08-21 21:14 . 2013-08-21 21:14 -------- d-----w- c:\users\Public\AppData\Local\temp
            2013-08-21 21:14 . 2013-08-21 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
            2013-08-21 15:26 . 2013-08-21 15:46 -------- d-----w- C:\AdwCleaner
            2013-08-21 13:07 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
            2013-08-21 12:51 . 2013-08-21 12:51 -------- d-----w- c:\users\Roel\AppData\Roaming\TuneUp Software
            2013-08-13 16:28 . 2013-08-13 16:28 -------- d-----w- c:\windows\en
            2013-08-13 16:28 . 2013-08-13 16:28 -------- d-----w- c:\windows\nl
            2013-08-13 16:28 . 2013-08-13 16:28 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
            2013-08-13 16:27 . 2013-02-05 20:06 57840 ----a-w- c:\windows\system32\drivers\fssfltr.sys
            2013-08-13 16:27 . 2013-08-13 16:27 -------- d-----w- c:\program files\Windows Live
            2013-08-13 16:27 . 2013-08-13 16:27 -------- d-----w- c:\windows\PCHEALTH
            2013-08-13 16:27 . 2013-08-13 16:28 -------- d-----w- c:\program files (x86)\Windows Live
            2013-08-13 16:26 . 2010-06-02 02:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
            2013-08-13 16:26 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
            2013-08-13 16:26 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
            2013-08-13 16:26 . 2010-06-02 02:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
            2013-08-13 16:26 . 2010-05-26 09:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
            2013-08-13 16:26 . 2010-05-26 09:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
            2013-08-13 16:26 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
            2013-08-13 16:26 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
            2013-08-13 16:12 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
            2013-08-13 16:12 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
            2013-08-13 16:12 . 2006-11-29 11:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
            2013-08-13 16:12 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
            2013-08-13 16:11 . 2013-08-13 16:11 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
            2013-08-13 16:11 . 2013-08-13 16:11 -------- d-----r- c:\users\eigenaar\SkyDrive
            2013-08-13 16:11 . 2013-08-13 16:11 -------- d-----w- c:\programdata\Microsoft SkyDrive
            2013-08-13 16:11 . 2013-08-13 16:30 -------- d-----w- c:\users\eigenaar\AppData\Local\Windows Live
            2013-08-13 16:10 . 2013-08-13 16:10 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
            2013-08-13 14:04 . 2013-08-13 17:38 -------- d-----w- c:\users\eigenaar\AppData\Roaming\Audacity
            2013-08-08 18:47 . 2013-08-08 18:47 -------- d-----w- c:\users\eigenaar\Qtrax
            2013-08-08 18:44 . 2013-08-08 18:44 -------- d-----w- c:\windows\SysWow64\Extensions
            2013-08-08 18:44 . 2013-08-08 18:44 -------- d-----w- c:\windows\SysWow64\searchplugins
            2013-08-08 18:43 . 2013-08-08 18:43 -------- d-----w- c:\users\eigenaar\AppData\Local\Programs
            .
            .
            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2013-08-20 20:23 . 2012-11-06 16:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
            2013-08-20 20:23 . 2012-11-06 16:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
            2013-08-14 16:16 . 2012-11-06 15:39 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
            2013-08-13 16:27 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
            2013-07-09 04:45 . 2013-08-14 16:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
            2013-06-11 16:14 . 2013-06-11 16:14 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
            2013-06-11 16:14 . 2013-06-11 16:14 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
            2013-06-05 03:34 . 2013-07-16 18:47 3153920 ----a-w- c:\windows\system32\win32k.sys
            2013-06-04 06:00 . 2013-07-16 18:47 624128 ----a-w- c:\windows\system32\qedit.dll
            2013-06-04 04:53 . 2013-07-16 18:47 509440 ----a-w- c:\windows\SysWow64\qedit.dll
            .
            .
            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
            REGEDIT4
            .
            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive1]
            @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
            [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
            2013-08-13 16:13 222832 ----a-w- c:\users\eigenaar\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
            .
            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive2]
            @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
            [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
            2013-08-13 16:13 222832 ----a-w- c:\users\eigenaar\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
            .
            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive3]
            @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
            [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
            2013-08-13 16:13 222832 ----a-w- c:\users\eigenaar\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
            .
            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
            "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-04 39408]
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
            "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-12-17 2489456]
            "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 98304]
            "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
            "ConsentPromptBehaviorAdmin"= 5 (0x5)
            "ConsentPromptBehaviorUser"= 3 (0x3)
            "EnableUIADesktopToggle"= 0 (0x0)
            .
            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
            "LoadAppInit_DLLs"=1 (0x1)
            .
            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
            "aux1"=wdmaud.drv
            .
            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
            "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
            "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
            .
            R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
            R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
            R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
            R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
            R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
            R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
            R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
            R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
            R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
            S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
            S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
            S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
            S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
            S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS \avgidsdrivera.sys [x]
            S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
            S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
            S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
            S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
            S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
            S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
            S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
            S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
            S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
            S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
            .
            .
            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
            2013-08-01 20:47 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
            .
            Inhoud van de 'Gedeelde Taken' map
            .
            2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
            - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-06 20:23]
            .
            2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
            - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-04 21:12]
            .
            2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
            - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-04 21:12]
            .
            .
            --------- X64 Entries -----------
            .
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
            @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
            [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
            2013-08-13 16:13 261744 ----a-w- c:\users\eigenaar\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
            @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
            [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
            2013-08-13 16:13 261744 ----a-w- c:\users\eigenaar\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
            @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
            [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
            2013-08-13 16:13 261744 ----a-w- c:\users\eigenaar\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
            .
            ------- Bijkomende Scan -------
            .
            uLocal Page = c:\windows\system32\blank.htm
            uStart Page = hxxp://www.google.nl/
            mLocal Page = c:\windows\SysWOW64\blank.htm
            uInternet Settings,ProxyOverride = *.local
            TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
            .
            - - - - ORPHANS VERWIJDERD - - - -
            .
            URLSearchHooks-{2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file)
            HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
            .
            .
            .
            --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
            .
            [HKEY_USERS\S-1-5-21-2411744380-2957005395-3141800515-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
            @Denied: (2) (LocalSystem)
            "Progid"="WindowsLiveMail.Email.1"
            .
            [HKEY_USERS\S-1-5-21-2411744380-2957005395-3141800515-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
            @Denied: (2) (LocalSystem)
            "Progid"="WindowsLiveMail.VCard.1"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
            @Denied: (A 2) (Everyone)
            @="FlashBroker"
            "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
            "Enabled"=dword:00000001
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
            @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
            @Denied: (A 2) (Everyone)
            @="IFlashBroker5"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
            @="{00020424-0000-0000-C000-000000000046}"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            "Version"="1.0"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
            @Denied: (A 2) (Everyone)
            @="FlashBroker"
            "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
            "Enabled"=dword:00000001
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
            @Denied: (A 2) (Everyone)
            @="Shockwave Flash Object"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
            "ThreadingModel"="Apartment"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
            @="0"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
            @="ShockwaveFlash.ShockwaveFlash.11"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
            @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
            @="1.0"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
            @="ShockwaveFlash.ShockwaveFlash"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
            @Denied: (A 2) (Everyone)
            @="Macromedia Flash Factory Object"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
            "ThreadingModel"="Apartment"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
            @="FlashFactory.FlashFactory.1"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
            @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
            @="1.0"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
            @="FlashFactory.FlashFactory"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
            @Denied: (A 2) (Everyone)
            @="IFlashBroker5"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
            @="{00020424-0000-0000-C000-000000000046}"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            "Version"="1.0"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
            @="?????????????????? v1"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
            @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
            @="?????????????????? v2"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
            @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
            "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
            00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
            .
            [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
            @Denied: (Full) (Everyone)
            .
            Voltooingstijd: 2013-08-21 23:16:20
            ComboFix-quarantined-files.txt 2013-08-21 21:16
            ComboFix2.txt 2012-10-02 19:15
            .
            Pre-Run: 187.981.582.336 bytes beschikbaar
            Post-Run: 187.501.772.800 bytes beschikbaar
            .
            - - End Of File - - 678369C224578A3C82EF33061F5139DA
            A36C5E4F47E84449FF07ED3517B43A31


            DDS (Ver_2012-11-20.01) - NTFS_AMD64
            Internet Explorer: 10.0.9200.16660
            Run by eigenaar at 23:18:13 on 2013-08-21
            Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3838.2301 [GMT 2:00]
            .
            AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
            SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
            SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
            .
            ============== Running Processes ===============
            .
            C:\Windows\system32\lsm.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            C:\Windows\system32\svchost.exe -k RPCSS
            C:\Windows\system32\atiesrxx.exe
            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
            C:\Windows\system32\svchost.exe -k LocalService
            C:\Windows\system32\svchost.exe -k netsvcs
            C:\Windows\system32\atieclxx.exe
            C:\Windows\system32\svchost.exe -k NetworkService
            C:\Windows\System32\spoolsv.exe
            C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
            C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
            C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
            C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
            C:\Windows\system32\svchost.exe -k imgsvc
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
            C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
            C:\Windows\system32\taskhost.exe
            C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
            C:\Windows\system32\Dwm.exe
            C:\Program Files\Windows Sidebar\sidebar.exe
            C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
            C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
            C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
            C:\Windows\system32\SearchIndexer.exe
            C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
            C:\Program Files\Windows Media Player\wmpnetwk.exe
            C:\Windows\System32\svchost.exe -k LocalServicePeerNet
            C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            C:\Windows\servicing\TrustedInstaller.exe
            C:\Windows\system32\wuauclt.exe
            C:\Windows\system32\notepad.exe
            C:\Windows\explorer.exe
            C:\Windows\system32\SearchProtocolHost.exe
            C:\Windows\system32\SearchFilterHost.exe
            C:\Windows\system32\wbem\wmiprvse.exe
            C:\Windows\System32\cscript.exe
            .
            ============== Pseudo HJT Report ===============
            .
            uStart Page = hxxp://www.google.nl/
            BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
            TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
            TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
            uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
            uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
            mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
            mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
            mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
            uPolicies-Explorer: NoDrives = dword:0
            mPolicies-Explorer: NoDrives = dword:0
            mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
            mPolicies-System: ConsentPromptBehaviorUser = dword:3
            mPolicies-System: EnableUIADesktopToggle = dword:0
            IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
            TCP: NameServer = 62.179.104.196 213.46.228.196
            TCP: Interfaces\{4846F724-B214-466F-ABC9-0916F4710250} : DHCPNameServer = 62.179.104.196 213.46.228.196
            Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
            Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
            SSODL: WebCheck - <orphaned>
            mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
            x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
            x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
            x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
            x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
            .
            ============= SERVICES / DRIVERS ===============
            .
            R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
            R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
            R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
            R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
            R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
            R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
            R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-6 45856]
            R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-20 202752]
            R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-21 418376]
            R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-21 701512]
            R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
            R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
            R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-21 25928]
            R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-11 452200]
            R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-6-11 1349232]
            S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
            S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
            S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
            S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
            S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
            S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [?]
            S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-8-13 57840]
            S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
            S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
            S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
            S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
            S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-5 1255736]
            .
            =============== Created Last 30 ================
            .
            2013-08-21 21:16:26 -------- d-sh--w- C:\$RECYCLE.BIN
            2013-08-21 21:09:36 98816 ----a-w- C:\Windows\sed.exe
            2013-08-21 21:09:36 256000 ----a-w- C:\Windows\PEV.exe
            2013-08-21 21:09:36 208896 ----a-w- C:\Windows\MBR.exe
            2013-08-21 15:26:44 -------- d-----w- C:\AdwCleaner
            2013-08-21 13:07:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
            2013-08-13 16:28:53 -------- d-----w- C:\Windows\en
            2013-08-13 16:28:30 -------- d-----w- C:\Windows\nl
            2013-08-13 16:28:17 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
            2013-08-13 16:27:35 57840 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
            2013-08-13 16:27:27 -------- d-----w- C:\Windows\PCHEALTH
            2013-08-13 16:26:53 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
            2013-08-13 16:26:53 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
            2013-08-13 16:26:53 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
            2013-08-13 16:26:53 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
            2013-08-13 16:26:52 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
            2013-08-13 16:26:52 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
            2013-08-13 16:26:52 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
            2013-08-13 16:26:52 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
            2013-08-13 16:12:43 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
            2013-08-13 16:12:43 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
            2013-08-13 16:12:22 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
            2013-08-13 16:12:22 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
            2013-08-13 16:10:06 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
            2013-08-08 18:47:46 -------- d-----w- C:\Users\eigenaar\Qtrax
            2013-08-08 18:44:05 -------- d-----w- C:\Windows\SysWow64\Extensions
            2013-08-08 18:44:04 -------- d-----w- C:\Windows\SysWow64\searchplugins
            2013-08-08 18:43:50 -------- d-----w- C:\Users\eigenaar\AppData\Local\Programs
            .
            ==================== Find3M ====================
            .
            2013-08-20 20:23:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
            2013-08-20 20:23:19 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
            2013-08-14 16:16:31 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
            2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
            2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
            2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
            2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
            2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
            2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
            2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
            2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
            2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
            2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
            2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
            2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
            2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
            2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
            2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
            2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
            2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
            2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
            2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
            2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
            2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
            2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
            2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
            2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
            2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
            2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
            2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
            2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
            2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
            2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
            2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
            2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
            2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
            2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
            2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
            2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
            2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
            2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
            2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
            2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
            2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
            2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
            2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
            .
            ============= FINISH: 23:18:22,18 ===============

            Comment


            • #7
              Zijn er nog problemen?
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                Nee, alles werkt weer perfect! Thx!!!!!!

                Comment


                • #9
                  Mooi zo

                  Dan gaan we nu Combofix verwijderen....


                  Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                  ComboFix /Uninstall

                  Zorg ervoor dat er dus een spatie is tussen Combofix en /
                  Daarna klik je op Enter.


                  Klik op de afbeelding om te vergroten....


                  Dit zal Combofix verwijderen+gerelateerde mappen en bestanden,
                  herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
                  gaat verborgen bestanden en systeembestanden terug verbergen
                  en reset je Systeemherstel opnieuw.



                  Download of Update Ccleaner

                  Start CCleaner op.
                  • Run Ccleaner en klik in de linkse kolom op Opties
                  • Selecteer het tabblad Geavanceerd
                  • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                  • Haal het vinkje weg voor Verwijder alleen bestanden in de Prullenbak die ouder zijn dan 24 uur
                  • Selecteer het tabblad Instellingen
                  • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                  • Klik in de linkse kolom op Cleaner.
                  • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                  • Klik vervolgens in de linkse kolom op Register
                  • Klik op Scan naar problemen.
                  • Als er fouten gevonden worden klik je op Herstel geselecteerde problemen
                  • Hier kan de vraag verschijnen of je je register wil backuppen.Antwoord met Ja en OK



                  Download Delfix by Xplode naar het bureaublad.

                  Dubbelklik op Delfix.exe om de tool te starten.
                  Vink de volgende items aan:
                  • Activate UAC
                  • Remove disinfection tools
                  • Create registry backup
                  • Purge System Restore
                  • Reset system settings

                  Klik op "Run" en wacht geduldig tot de tool gereed is.
                  Wanneer de tool gereed is wordt er een logbestand aangemaakt.
                  Deze moet je niet plaatsen..


                  1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                  2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                  Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                  3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                  4) Allerlei tips en hints kan je hier raadplegen.


                  Ik zet het topic op opgelost.

                  Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden
                  naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                  Dit is gedaan om het forum netjes en overzichtelijk te houden.

                  Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                  Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                  Emphyrio
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    Top! Heb de laatste stappen opgevolgd en alles is nu verwijderd. Opgelost dus!

                    Comment


                    • #11
                      Graag gedaan
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X