Mededeling

Collapse
No announcement yet.

dosearches.com verwijderen?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • dosearches.com verwijderen?

    Hallo Nucia beveiligers/end-users

    Betreft: dosearches.com verwijderen.


    Laats getroffen door deze virus en krijg ik het maar niet weg in firefox en IE.

    Wat heb ik al gedaan:
    Code:
    dosearches.com Verwijderen
    
    Voordat u met de manueel wegruiming dienstorder begint moet u de instellingen van uw browser snelkoppelingen wijzigen. Zorg ervoor dat u deze stappen uitvoeren voor alle bestaande browsers en hun snelkoppelingen:
    
        Met de rechtermuisknop op de browser snelkoppeling en klik op Eigenschappen.
        Klik op het tabblad snelkoppeling en naar Target.
        Verwijder tekst na chrome.exe/firefox.exe of iexplore.exe.
        Klik op OK en Volg de onderstaande stappen.
    
    Verwijderen van Google Chrome:
    
        Openen van de browser, gelijktijdig Tik op Alt + F en selecteer instellingen.
        Onder Op opstarten, Markeer een specifieke pagina of een set pagina’s openen en klik op pagina’s instellen.
        Overschrijven/verwijderen de weergegeven URL en klik op OK om de wijzigingen op te slaan.
        Ga naar uiterlijk, mark Toon Home-knop en klik op wijzigen.
        Herhaal stap 3 als u wilt verwijderen van de ongewenste huisknoop optie.
        Verplaats naar zoeken, Klik op zoekmachines beheren, verwijderen (X) de ongewenste zoekmachine en klik OK.
    
    Verwijder uit Mozilla Firefox:
    
        Start de browser, verplaatsen naar het zoekvak en klik op het pictogram search provider.
        Selecteer Zoekmachines beheren en verwijderen van de ongewenste zoekmachine. Klik op OK.
        Tegelijkertijd Tik op Alt + T en selecteer Opties.
        Klik op het tabblad Algemeen en overschrijven/verwijderen de verstrekte URL. Klik op OK.
    
    Verwijderen van Internet Explorer:
    
        Lanceren IE, gelijktijdig Tik op Alt + T en selecteer Invoegtoepassingen beheren.
        Verplaatsen naar de lijst aan de linkerkant en klik op Search Provider.
        Klikt u op de ongewenste provider, selecteer verwijderen en druk op nauwe.
        Één meer tijd open het menu Extra (Alt + T) en selecteer Internetopties.
        Klik op het tabblad Algemeen en naar introductiepagina.
        Overschrijven/verwijderen de URL en klik op OK.
    Code:
    MBAM gebruikt, maar leverde niks op, alsnog krijg ik het terug te zien op FIREFOX/IE
    CLAMWIN GEBRUIKT, na 2 uur scannen niks opgeleverd
    * Alles is btw in veilige modus uitgevoerd
    Code:
    TFC gebruikt, maar helaas niks wat hielp, alleen dat de temp files van 325mb verwijderd zijn, en dat het een stuk sneller is geworden.

    iemand die me hierbij kan helpen????

  • #2
    Hoi picka24 en welkom op Nucia Security Forum,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub .
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Stap 1:

    Malware scannen en verwijderen....


    Heb je MBAM reeds op je pc staan, moet je niet downloaden uiteraard.

    Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links:
    .
    .
    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
    Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

    Zorg dat er na de installatie een vinkje is geplaatst bij:
    .
    • Update MalwareBytes' Anti-Malware
    • Start MalwareBytes' Anti-Malware
    • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

    .
    Zodra het programma gestart is, ga je naar het tabblad "Instellingen"
    .
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga naar het tabblad "Updates" en Update MBAM.
    • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
      Indien het veel items zijn, kan je in het venster rechtsklikken en "alle items selecteren" kiezen.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    .
    Indien MBAM vraagt om een herstart, doe dit dan ook.
    Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
    In dat geval post je dus de twee logs.

    De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


    Bij problemen!!!
    .
    .
    ___________________________________________________________

    Stap 2:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scan
    • Klik op Clean
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

    Enkel de log na de "clean" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

    ___________________________________________________________

    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

    ___________________________________________________________

    Stap 4:

    Controle op updates...

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.

    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Last edited by Emphyrio; 31-10-13, 14:57.
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Hallo,

      Bedankt voor de reactie, ik heb zelf mBAM gekocht.
      Dus die draait altijd al, alleen ik heb de logs niet meer, omdat die niks meer kon vinden.

      Ik heb nu dit gedraaid:
      Code:
      ***** [ Shortcuts ] *****
      
      Shortcut Found : C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC54026640266&ts=1383169379 )
      Shortcut Found : C:\Users\\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC54026640266&ts=1383169379 )
      Shortcut Found : C:\Users\\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC54026640266&ts=1383169379 )
      
      ***** [ Registry ] *****
      
      Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC54026640266&ts=1383169379
      Key Found : HKLM\Software\Vittalia
      
      ***** [ Browsers ] *****
      
      -\\ Internet Explorer v10.0.9200.16537
      
      Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC54026640266&ts=1383169379
      Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC54026640266&ts=1383169379
      
      -\\ Mozilla Firefox v25.0 (nl)
      
      [ File : C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\q5di0oe0.default\prefs.js ]
      
      
      -\\ Google Chrome v
      
      [ File : C:\Users\\AppData\Local\Google\Chrome\User Data\Default\preferences ]
      
      
      *************************
      
      AdwCleaner[R0].txt - [2479 octets] - [31/10/2013 09:41:09]
      
      ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2539 octets] ##########
      Code:
      DDS (Ver_2012-11-20.01) - NTFS_AMD64 
      Internet Explorer: 10.0.9200.16537
      Run by  at 9:55:42 on 2013-10-31
      Microsoft Windows 8 Pro  6.2.9200.0.1252.31.1043.18.32647.30026 [GMT 1:00]
      .
      AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
      AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      FW: ESET Persoonlijke firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\system32\atiesrxx.exe
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\system32\dwm.exe
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\atieclxx.exe
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Windows\system32\AdminService.exe
      C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
      C:\Windows\system32\dashost.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      S:\Program Files (x86)\TeamViewer\Nieuwe map\TeamViewer_Service.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalServicePeerNet
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskhostex.exe
      C:\Windows\System32\igfxtray.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Program Files\ESET\ESET Smart Security\egui.exe
      C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      C:\Windows\system32\NOTEPAD.EXE
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uSearch Bar = Preserve
      mStart Page = hxxp://www.google.com
      mDefault_Page_URL = hxxp://www.google.com
      mWinlogon: Userinit = userinit.exe,
      BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
      BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
      mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
      IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
      TCP: NameServer = 192.168.1.1
      TCP: Interfaces\{BE8713B9-B944-45BB-97F4-5E4D63370762} : DHCPNameServer = 192.168.1.1
      Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
      Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
      SSODL: WebCheck - <orphaned>
      x64-mStart Page = hxxp://www.google.com
      x64-mDefault_Page_URL = hxxp://www.google.com
      x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
      x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
      x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
      x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
      x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
      x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
      x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
      x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
      x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
      x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
      x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
      x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
      x64-Notify: igfxcui - igfxdev.dll
      x64-SSODL: WebCheck - <orphaned>
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\q5di0oe0.default\
      FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
      FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
      FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
      FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 epfwwfp;epfwwfp;C:\Windows\System32\Drivers\epfwwfp.sys [2013-2-14 58416]
      R1 eamonm;eamonm;C:\Windows\System32\Drivers\eamonm.sys [2013-2-14 213416]
      R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\Drivers\EpfwLWF.sys [2013-1-10 59440]
      R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-8 239616]
      R2 AtherosSvc;AtherosSvc;C:\Windows\System32\AdminService.exe [2013-6-25 208384]
      R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]
      R2 TeamViewer8;TeamViewer 8;S:\Program Files (x86)\TeamViewer\Nieuwe map\TeamViewer_Service.exe [2013-10-30 5087584]
      R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-7-5 129536]
      R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-6-25 565760]
      R3 RTL8168;Realtek 8168 NT-stuurprogramma;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
      R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\Drivers\teamviewervpn.sys [2013-10-30 35112]
      R3 WSDScan;Ondersteuning voor WSD-scan;C:\Windows\System32\Drivers\WSDScan.sys [2013-10-27 23552]
      S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
      S3 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\Drivers\amdkmafd.sys [2012-9-23 21160]
      S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\System32\Drivers\AthDfu.sys [2012-8-22 55336]
      S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\Drivers\athurx.sys [2010-1-5 1847296]
      S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\Drivers\hitmanpro37.sys [2013-10-31 32512]
      S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
      S3 Revoflt;Revoflt;C:\Windows\System32\Drivers\revoflt.sys [2013-10-27 31800]
      S3 vmbusr;Provider van virtuele-machinebus;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
      .
      =============== Created Last 30 ================
      .
      2013-10-31 08:41:05	--------	d-----w-	C:\AdwCleaner
      2013-10-31 00:07:01	--------	d-----w-	C:\Program Files\Enigma Software Group
      2013-10-31 00:06:49	--------	d-----w-	C:\Program Files (x86)\Common Files\Wise Installation Wizard
      2013-10-30 23:59:25	32512	----a-w-	C:\Windows\System32\drivers\hitmanpro37.sys
      2013-10-30 23:39:52	--------	d-----w-	C:\Windows\pss
      2013-10-30 23:22:05	--------	d-----w-	C:\Users\\AppData\Roaming\Malwarebytes
      2013-10-30 23:22:00	--------	d-----w-	C:\ProgramData\Malwarebytes
      2013-10-30 23:20:51	--------	d-----w-	C:\Users\\Nieuwe map
      2013-10-30 22:36:35	--------	d-----w-	C:\Users\\AppData\Roaming\TeamViewer
      2013-10-30 21:54:20	35112	----a-w-	C:\Windows\System32\drivers\teamviewervpn.sys
      2013-10-30 20:03:57	--------	d-----w-	C:\Users\\AppData\Roaming\ESET
      2013-10-30 20:03:57	--------	d-----w-	C:\Users\\AppData\Local\ESET
      2013-10-30 20:03:14	--------	d-----w-	C:\Program Files\ESET
      2013-10-30 18:53:27	10280728	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB4C6DB7-2AB2-4F58-B59F-1AAC5E5521B0}\mpengine.dll
      2013-10-30 08:12:24	--------	d-----w-	C:\Users\\AppData\Local\QuickPar
      2013-10-30 07:24:41	10280728	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
      2013-10-29 23:10:13	--------	d-----w-	C:\Windows\LastGood.Tmp
      2013-10-29 23:10:01	--------	d-----w-	C:\Program Files (x86)\ATI Technologies
      2013-10-29 22:11:20	--------	d-----w-	C:\Users\\AppData\Roaming\Origin
      2013-10-29 22:11:19	--------	d-----w-	C:\Users\\AppData\Local\Origin
      2013-10-29 22:10:56	--------	d-----w-	C:\ProgramData\Origin
      2013-10-29 22:10:56	--------	d-----w-	C:\ProgramData\Electronic Arts
      2013-10-29 00:43:22	--------	d-----r-	C:\Program Files (x86)\Skype
      2013-10-29 00:29:45	--------	d-----w-	C:\Users\\AppData\Roaming\uTorrent
      2013-10-28 19:58:32	315568	----a-w-	C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10222.bin
      2013-10-28 00:22:37	--------	d-----w-	C:\Users\\AppData\Local\Spotnet
      2013-10-28 00:22:05	--------	d-----w-	C:\ProgramData\Spotnet
      2013-10-28 00:22:05	--------	d-----w-	C:\Program Files (x86)\Spotnet
      2013-10-27 22:29:11	--------	d-----w-	C:\Users\\AppData\Local\Macromedia
      2013-10-27 22:27:17	--------	d-----w-	C:\Users\\AppData\Local\Adobe
      2013-10-27 20:17:56	929792	----a-w-	C:\Windows\SysWow64\mfnetsrc.dll
      2013-10-27 20:16:59	76288	----a-w-	C:\Windows\System32\newdev.exe
      2013-10-27 20:16:59	75264	----a-w-	C:\Windows\System32\ndadmin.exe
      2013-10-27 20:16:59	74240	----a-w-	C:\Windows\SysWow64\newdev.exe
      2013-10-27 20:16:59	73728	----a-w-	C:\Windows\SysWow64\ndadmin.exe
      2013-10-27 20:16:59	301568	----a-w-	C:\Windows\System32\newdev.dll
      2013-10-27 20:16:59	275968	----a-w-	C:\Windows\SysWow64\newdev.dll
      2013-10-27 20:10:39	--------	d-----r-	C:\Windows\BrowserChoice
      2013-10-27 20:07:36	278800	------w-	C:\Windows\System32\MpSigStub.exe
      2013-10-27 20:00:27	--------	d-----w-	C:\Windows\System32\MRT
      2013-10-27 19:56:40	--------	d-----w-	C:\Program Files (x86)\Common Files\Steam
      2013-10-27 19:41:59	951808	----a-w-	C:\Windows\System32\Windows.Globalization.dll
      2013-10-27 19:40:59	2767360	----a-w-	C:\Windows\SysWow64\tquery.dll
      2013-10-27 19:39:03	2361344	----a-w-	C:\Windows\System32\msxml6.dll
      2013-10-27 19:39:03	2048	----a-w-	C:\Windows\SysWow64\msxml6r.dll
      2013-10-27 19:39:03	2048	----a-w-	C:\Windows\SysWow64\msxml3r.dll
      2013-10-27 19:39:03	2048	----a-w-	C:\Windows\System32\msxml6r.dll
      2013-10-27 19:39:03	2048	----a-w-	C:\Windows\System32\msxml3r.dll
      2013-10-27 19:39:03	1836032	----a-w-	C:\Windows\System32\msxml3.dll
      2013-10-27 19:39:03	1802240	----a-w-	C:\Windows\SysWow64\msxml6.dll
      2013-10-27 19:39:03	1438720	----a-w-	C:\Windows\SysWow64\msxml3.dll
      2013-10-27 19:28:10	--------	d-----w-	C:\Users\\AppData\Local\ATI
      2013-10-27 19:28:03	--------	d-----w-	C:\Users\\AppData\Roaming\library_dir
      2013-10-27 19:27:01	--------	d-----w-	C:\ProgramData\AMD
      2013-10-27 19:27:01	--------	d-----w-	C:\Program Files (x86)\Common Files\ATI Technologies
      2013-10-27 19:26:37	--------	d-----w-	C:\AMD
      2013-10-27 19:26:21	--------	d-----w-	C:\Program Files\Common Files\ATI Technologies
      2013-10-27 19:26:18	--------	d-----w-	C:\ProgramData\Package Cache
      2013-10-27 19:26:11	--------	d-----w-	C:\Program Files\ATI Technologies
      2013-10-27 19:26:10	--------	d-----w-	C:\Program Files\ATI
      2013-10-27 19:21:57	--------	d-----w-	C:\Users\\AppData\Local\Mozilla
      2013-10-27 19:20:00	--------	d-----w-	C:\Users\\AppData\Local\VS Revo Group
      2013-10-27 19:19:58	31800	----a-w-	C:\Windows\System32\drivers\revoflt.sys
      2013-10-27 19:19:58	--------	d-----w-	C:\ProgramData\VS Revo Group
      2013-10-27 19:17:58	--------	d-----w-	C:\Users\\AppData\Local\Programs
      2013-10-27 19:15:36	--------	d-----w-	C:\Windows\AutoKMS
      2013-10-27 19:15:23	--------	d-----w-	C:\Users\\AppData\Local\Microsoft Toolkit
      2013-10-27 19:14:12	--------	d-----w-	C:\Program Files (x86)\Microsoft SQL Server
      2013-10-27 19:14:00	--------	d-----w-	C:\Windows\PCHEALTH
      2013-10-27 19:14:00	--------	d-----w-	C:\Program Files\Microsoft SQL Server
      2013-10-27 19:13:05	--------	d-----w-	C:\Program Files\Microsoft Analysis Services
      2013-10-27 19:13:05	--------	d-----w-	C:\Program Files (x86)\Microsoft Analysis Services
      2013-10-27 19:13:03	--------	d-----w-	C:\Users\\AppData\Local\Microsoft Help
      2013-10-27 19:08:44	53248	----a-w-	C:\Windows\SysWow64\CSVer.dll
      2013-10-27 19:08:29	--------	d-----w-	C:\Intel
      2013-10-27 19:06:24	--------	d-----w-	C:\Users\\AppData\Local\Google
      2013-10-27 19:06:23	50784	----a-w-	C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
      2013-10-27 19:06:21	17536	----a-w-	C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
      2013-10-27 19:03:19	--------	d-sh--we	C:\ProgramData\Sjablonen
      2013-10-27 19:03:19	--------	d-sh--we	C:\ProgramData\Menu Start
      2013-10-27 19:03:19	--------	d-sh--we	C:\ProgramData\Documenten
      2013-10-27 19:03:19	--------	d-sh--we	C:\ProgramData\Bureaublad
      2013-10-27 19:03:19	--------	d-sh--w-	C:\Recovery
      2013-10-27 19:02:33	0	----a-w-	C:\Windows\ativpsrm.bin
      2013-10-27 19:01:45	--------	d-----w-	C:\Windows\Panther
      2013-10-24 23:04:32	142792	----a-w-	C:\Windows\System32\atiuxp64.dll
      2013-10-24 22:48:12	995342	----a-w-	C:\Windows\SysWow64\amdocl_as32.exe
      2013-10-24 22:48:12	798734	----a-w-	C:\Windows\SysWow64\amdocl_ld32.exe
      2013-10-24 22:48:12	1187342	----a-w-	C:\Windows\System32\amdocl_as64.exe
      2013-10-24 22:48:12	1061902	----a-w-	C:\Windows\System32\amdocl_ld64.exe
      2013-10-24 17:58:42	51200	----a-w-	C:\Windows\System32\kdbsdk64.dll
      2013-10-24 17:53:56	38912	----a-w-	C:\Windows\SysWow64\kdbsdk32.dll
      2013-10-08 14:01:20	156712	----a-w-	C:\Windows\System32\amdhcp64.dll
      2013-10-08 14:01:18	141256	----a-w-	C:\Windows\SysWow64\amdhcp32.dll
      2013-10-08 14:01:14	78432	----a-w-	C:\Windows\System32\atimpc64.dll
      2013-10-08 14:01:12	71704	----a-w-	C:\Windows\SysWow64\atimpc32.dll
      2013-10-08 14:01:08	78432	----a-w-	C:\Windows\System32\amdpcom64.dll
      2013-10-08 14:01:08	71704	----a-w-	C:\Windows\SysWow64\amdpcom32.dll
      2013-10-08 14:01:06	125824	----a-w-	C:\Windows\SysWow64\atiuxpag.dll
      2013-10-08 14:01:04	97984	----a-w-	C:\Windows\SysWow64\atiu9pag.dll
      2013-10-08 14:01:04	114488	----a-w-	C:\Windows\System32\atiu9p64.dll
      2013-10-08 14:01:00	1030128	----a-w-	C:\Windows\SysWow64\aticfx32.dll
      2013-10-08 14:00:52	8215992	----a-w-	C:\Windows\SysWow64\atidxx32.dll
      2013-10-08 14:00:46	6176008	----a-w-	C:\Windows\SysWow64\atiumdva.dll
      2013-10-08 14:00:42	6189416	----a-w-	C:\Windows\SysWow64\atiumdag.dll
      2013-10-08 14:00:36	6767240	----a-w-	C:\Windows\System32\atiumd6a.dll
      2013-10-08 14:00:32	7256496	----a-w-	C:\Windows\System32\atiumd64.dll
      2013-10-08 13:58:42	12534784	----a-w-	C:\Windows\System32\drivers\atikmdag.sys
      2013-10-08 13:39:22	229376	----a-w-	C:\Windows\System32\clinfo.exe
      2013-10-08 13:39:06	98816	----a-w-	C:\Windows\System32\OpenVideo64.dll
      2013-10-08 13:38:58	83456	----a-w-	C:\Windows\SysWow64\OpenVideo.dll
      2013-10-08 13:38:58	127488	----a-w-	C:\Windows\System32\coinst_13.152.1.8.dll
      2013-10-08 13:38:52	86528	----a-w-	C:\Windows\System32\OVDecode64.dll
      2013-10-08 13:38:48	73216	----a-w-	C:\Windows\SysWow64\OVDecode.dll
      2013-10-08 13:38:30	28192256	----a-w-	C:\Windows\System32\amdocl64.dll
      2013-10-08 13:36:22	23761408	----a-w-	C:\Windows\SysWow64\amdocl.dll
      2013-10-08 13:34:34	63488	----a-w-	C:\Windows\System32\OpenCL.dll
      2013-10-08 13:34:28	57344	----a-w-	C:\Windows\SysWow64\OpenCL.dll
      2013-10-08 13:17:50	25385984	----a-w-	C:\Windows\System32\atio6axx.dll
      2013-10-08 13:13:44	368640	----a-w-	C:\Windows\System32\atiapfxx.exe
      2013-10-08 13:13:34	62464	----a-w-	C:\Windows\System32\aticalrt64.dll
      2013-10-08 13:13:32	52224	----a-w-	C:\Windows\SysWow64\aticalrt.dll
      2013-10-08 13:13:26	55808	----a-w-	C:\Windows\System32\aticalcl64.dll
      2013-10-08 13:13:24	49152	----a-w-	C:\Windows\SysWow64\aticalcl.dll
      2013-10-08 13:13:08	15716352	----a-w-	C:\Windows\System32\aticaldd64.dll
      2013-10-08 13:09:52	14302208	----a-w-	C:\Windows\SysWow64\aticaldd.dll
      2013-10-08 13:00:30	21400064	----a-w-	C:\Windows\SysWow64\atioglxx.dll
      2013-10-08 12:54:10	442368	----a-w-	C:\Windows\System32\atidemgy.dll
      2013-10-08 12:53:58	26112	----a-w-	C:\Windows\System32\atimuixx.dll
      2013-10-08 12:53:50	576512	----a-w-	C:\Windows\System32\atieclxx.exe
      2013-10-08 12:52:58	239616	----a-w-	C:\Windows\System32\atiesrxx.exe
      2013-10-08 12:51:30	190976	----a-w-	C:\Windows\System32\atitmm64.dll
      2013-10-08 12:29:04	96256	----a-w-	C:\Windows\System32\amdave64.dll
      2013-10-08 12:28:56	90624	----a-w-	C:\Windows\SysWow64\amdave32.dll
      2013-10-08 12:28:42	89088	----a-w-	C:\Windows\System32\atisamu64.dll
      2013-10-08 12:28:36	784384	----a-w-	C:\Windows\System32\atiadlxx.dll
      2013-10-08 12:28:34	80896	----a-w-	C:\Windows\SysWow64\atisamu32.dll
      2013-10-08 12:28:26	594944	----a-w-	C:\Windows\SysWow64\atiadlxy.dll
      2013-10-08 12:28:12	75264	----a-w-	C:\Windows\System32\atig6pxx.dll
      2013-10-08 12:28:08	69632	----a-w-	C:\Windows\SysWow64\atiglpxx.dll
      2013-10-08 12:28:08	69632	----a-w-	C:\Windows\System32\atiglpxx.dll
      2013-10-08 12:28:04	100352	----a-w-	C:\Windows\System32\atig6txx.dll
      2013-10-08 12:27:56	96768	----a-w-	C:\Windows\SysWow64\atigktxx.dll
      2013-10-08 12:27:46	619008	----a-w-	C:\Windows\System32\drivers\atikmpag.sys
      2013-10-08 12:24:54	43520	----a-w-	C:\Windows\System32\drivers\ati2erec.dll
      .
      ==================== Find3M  ====================
      .
      2013-10-08 14:01:02	1237200	----a-w-	C:\Windows\System32\aticfx64.dll
      2013-10-08 14:00:56	9464840	----a-w-	C:\Windows\System32\atidxx64.dll
      2013-10-02 01:38:13	78296	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2013-10-02 01:38:13	694232	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
      2013-09-24 14:54:42	141312	----a-w-	C:\Windows\System32\drivers\amdacpksl.sys
      2013-09-22 23:28:06	1767936	----a-w-	C:\Windows\SysWow64\wininet.dll
      2013-09-22 23:27:49	2876928	----a-w-	C:\Windows\SysWow64\jscript9.dll
      2013-09-22 22:55:10	2241024	----a-w-	C:\Windows\System32\wininet.dll
      2013-09-22 22:54:51	3959296	----a-w-	C:\Windows\System32\jscript9.dll
      2013-09-13 22:36:37	35328	----a-w-	C:\Windows\SysWow64\wuapp.exe
      2013-09-13 22:36:23	84992	----a-w-	C:\Windows\SysWow64\wudriver.dll
      2013-09-13 22:36:23	126976	----a-w-	C:\Windows\SysWow64\wuwebv.dll
      2013-09-13 22:36:14	247296	----a-w-	C:\Windows\SysWow64\ubpm.dll
      2013-09-13 22:34:14	40448	----a-w-	C:\Windows\System32\wuapp.exe
      2013-09-13 22:33:55	252928	----a-w-	C:\Windows\System32\WUSettingsProvider.dll
      2013-09-13 22:33:55	142848	----a-w-	C:\Windows\System32\wuwebv.dll
      2013-09-13 22:33:54	99328	----a-w-	C:\Windows\System32\wudriver.dll
      2013-09-13 22:33:54	1622016	----a-w-	C:\Windows\System32\wucltux.dll
      2013-09-13 22:33:42	328192	----a-w-	C:\Windows\System32\ubpm.dll
      2013-09-13 22:33:39	175104	----a-w-	C:\Windows\System32\storewuauth.dll
      2013-08-30 05:43:40	61784	----a-w-	C:\Windows\System32\drivers\crashdmp.sys
      2013-08-30 05:20:13	1173504	----a-w-	C:\Windows\System32\UIAutomationCore.dll
      2013-08-29 23:48:12	914432	----a-w-	C:\Windows\SysWow64\UIAutomationCore.dll
      2013-08-23 05:11:57	4040192	----a-w-	C:\Windows\System32\win32k.sys
      2013-08-21 06:39:29	465240	----a-w-	C:\Windows\System32\drivers\fvevol.sys
      2013-08-16 05:41:13	58200	----a-w-	C:\Windows\System32\drivers\dam.sys
      2013-08-16 05:39:26	2371728	----a-w-	C:\Windows\System32\WSService.dll
      2013-08-16 05:32:48	209200	----a-w-	C:\Windows\System32\NotificationUI.exe
      2013-08-16 05:22:11	4917760	----a-w-	C:\Windows\System32\sppsvc.exe
      2013-08-16 05:21:43	688640	----a-w-	C:\Windows\System32\WSShared.dll
      2013-08-16 05:21:43	183808	----a-w-	C:\Windows\System32\WSSync.dll
      2013-08-16 05:21:42	204800	----a-w-	C:\Windows\System32\WSClient.dll
      2013-08-16 05:21:42	198656	----a-w-	C:\Windows\System32\Windows.ApplicationModel.Store.dll
      2013-08-16 05:21:42	163840	----a-w-	C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
      2013-08-16 05:21:18	368640	----a-w-	C:\Windows\System32\sppwinob.dll
      2013-08-16 05:21:18	1164288	----a-w-	C:\Windows\System32\sppobjs.dll
      2013-08-16 05:21:12	81408	----a-w-	C:\Windows\System32\setupcln.dll
      2013-08-16 05:21:00	120320	----a-w-	C:\Windows\System32\sppc.dll
      2013-08-16 05:20:30	105984	----a-w-	C:\Windows\System32\WinSetupUI.dll
      2013-08-15 22:43:03	562688	----a-w-	C:\Windows\SysWow64\WSShared.dll
      2013-08-15 22:43:03	159232	----a-w-	C:\Windows\SysWow64\WSSync.dll
      2013-08-15 22:43:02	83968	----a-w-	C:\Windows\SysWow64\OEMLicense.dll
      2013-08-15 22:43:02	167424	----a-w-	C:\Windows\SysWow64\WSClient.dll
      2013-08-15 22:43:02	143872	----a-w-	C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
      2013-08-15 22:43:02	124928	----a-w-	C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
      2013-08-15 22:42:52	76800	----a-w-	C:\Windows\SysWow64\setupcln.dll
      2013-08-15 22:42:47	91648	----a-w-	C:\Windows\SysWow64\sppc.dll
      2013-08-10 06:30:22	151896	----a-w-	C:\Windows\System32\drivers\tpm.sys
      2013-08-10 05:21:51	448512	----a-w-	C:\Windows\System32\SettingSync.dll
      2013-08-10 05:21:51	128512	----a-w-	C:\Windows\System32\SettingSyncInfo.dll
      2013-08-10 05:21:01	817152	----a-w-	C:\Windows\System32\kerberos.dll
      2013-08-10 03:58:51	356352	----a-w-	C:\Windows\SysWow64\SettingSync.dll
      2013-08-10 03:58:09	656896	----a-w-	C:\Windows\SysWow64\kerberos.dll
      2013-08-07 05:15:02	144896	----a-w-	C:\Windows\System32\tssdisai.dll
      2013-08-03 06:40:49	462336	----a-w-	C:\Windows\System32\sysmon.ocx
      2013-08-03 06:40:17	566784	----a-w-	C:\Windows\System32\wvc.dll
      2013-08-03 06:40:01	1374208	----a-w-	C:\Windows\System32\wdc.dll
      2013-08-03 05:14:15	399360	----a-w-	C:\Windows\SysWow64\sysmon.ocx
      2013-08-03 05:13:57	437248	----a-w-	C:\Windows\SysWow64\wvc.dll
      2013-08-03 05:13:43	1245696	----a-w-	C:\Windows\SysWow64\wdc.dll
      .
      ============= FINISH:  9:55:48,63 ===============
      Last edited by picka24; 31-10-13, 10:02.

      Comment


      • #4
        Wil je de instructies lezen én uitvoeren aub.
        De logs volgens de opgelegde volgorde maken en posten
        Niet met codetags werken.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          ADWCleaner
          ***** [ Shortcuts ] *****

          Shortcut Found : C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC54026640266&ts=1383169379 )
          Shortcut Found : C:\Users\\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC54026640266&ts=1383169379 )
          Shortcut Found : C:\Users\\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC54026640266&ts=1383169379 )

          ***** [ Registry ] *****

          Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=sc&from=vit&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC54026640266&ts=1383169379
          Key Found : HKLM\Software\Vittalia

          ***** [ Browsers ] *****

          -\\ Internet Explorer v10.0.9200.16537

          Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC54026640266&ts=1383169379
          Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.dosearches.com/?utm_source=b&utm_medium=vit&utm_campaign=eXQ&utm_content=hp&from=vit&uid=WDCXWD1002FAEX-00Z3A0_WD-WCATRC54026640266&ts=1383169379

          -\\ Mozilla Firefox v25.0 (nl)

          [ File : C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\q5di0oe0.default\prefs.js ]


          -\\ Google Chrome v

          [ File : C:\Users\\AppData\Local\Google\Chrome\User Data\Default\preferences ]


          *************************

          AdwCleaner[R0].txt - [2479 octets] - [31/10/2013 09:41:09]

          ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2539 octets] ##########

          DDS
          DDS (Ver_2012-11-20.01) - NTFS_AMD64
          Internet Explorer: 10.0.9200.16537
          Run by at 9:55:42 on 2013-10-31
          Microsoft Windows 8 Pro 6.2.9200.0.1252.31.1043.18.32647.30026 [GMT 1:00]
          .
          AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
          AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
          SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          FW: ESET Persoonlijke firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
          .
          ============== Running Processes ===============
          .
          C:\Windows\system32\svchost.exe -k DcomLaunch
          C:\Windows\system32\svchost.exe -k RPCSS
          C:\Windows\system32\atiesrxx.exe
          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
          C:\Windows\system32\dwm.exe
          C:\Windows\system32\svchost.exe -k netsvcs
          C:\Windows\system32\svchost.exe -k LocalService
          C:\Windows\system32\atieclxx.exe
          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
          C:\Windows\system32\svchost.exe -k NetworkService
          C:\Windows\System32\spoolsv.exe
          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
          C:\Windows\system32\AdminService.exe
          C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
          C:\Windows\system32\dashost.exe
          C:\Windows\system32\svchost.exe -k imgsvc
          S:\Program Files (x86)\TeamViewer\Nieuwe map\TeamViewer_Service.exe
          C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
          C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
          C:\Windows\System32\svchost.exe -k LocalServicePeerNet
          C:\Windows\system32\wbem\wmiprvse.exe
          C:\Windows\system32\SearchIndexer.exe
          C:\Program Files\Windows Media Player\wmpnetwk.exe
          C:\Windows\Explorer.EXE
          C:\Windows\system32\taskhostex.exe
          C:\Windows\System32\igfxtray.exe
          C:\Windows\System32\hkcmd.exe
          C:\Windows\System32\igfxpers.exe
          C:\Program Files\ESET\ESET Smart Security\egui.exe
          C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
          C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
          C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
          C:\Program Files (x86)\Mozilla Firefox\firefox.exe
          C:\Windows\system32\NOTEPAD.EXE
          C:\Windows\system32\SearchProtocolHost.exe
          C:\Windows\system32\SearchFilterHost.exe
          C:\Windows\system32\wbem\wmiprvse.exe
          C:\Windows\System32\cscript.exe
          .
          ============== Pseudo HJT Report ===============
          .
          uSearch Bar = Preserve
          mStart Page = hxxp://www.google.com
          mDefault_Page_URL = hxxp://www.google.com
          mWinlogon: Userinit = userinit.exe,
          BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
          BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
          BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
          mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
          mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
          IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
          IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
          IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
          TCP: NameServer = 192.168.1.1
          TCP: Interfaces\{BE8713B9-B944-45BB-97F4-5E4D63370762} : DHCPNameServer = 192.168.1.1
          Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
          Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
          Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
          SSODL: WebCheck - <orphaned>
          x64-mStart Page = hxxp://www.google.com
          x64-mDefault_Page_URL = hxxp://www.google.com
          x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
          x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
          x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
          x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
          x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
          x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
          x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
          x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
          x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
          x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
          x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
          x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
          x64-Notify: igfxcui - igfxdev.dll
          x64-SSODL: WebCheck - <orphaned>
          .
          ================= FIREFOX ===================
          .
          FF - ProfilePath - C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\q5di0oe0.default\
          FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
          FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
          FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
          FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
          .
          ============= SERVICES / DRIVERS ===============
          .
          R0 epfwwfp;epfwwfp;C:\Windows\System32\Drivers\epfwwfp.sys [2013-2-14 58416]
          R1 eamonm;eamonm;C:\Windows\System32\Drivers\eamonm.sys [2013-2-14 213416]
          R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\Drivers\EpfwLWF.sys [2013-1-10 59440]
          R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-8 239616]
          R2 AtherosSvc;AtherosSvc;C:\Windows\System32\AdminService.exe [2013-6-25 208384]
          R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]
          R2 TeamViewer8;TeamViewer 8;S:\Program Files (x86)\TeamViewer\Nieuwe map\TeamViewer_Service.exe [2013-10-30 5087584]
          R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-7-5 129536]
          R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-6-25 565760]
          R3 RTL8168;Realtek 8168 NT-stuurprogramma;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
          R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\Drivers\teamviewervpn.sys [2013-10-30 35112]
          R3 WSDScan;Ondersteuning voor WSD-scan;C:\Windows\System32\Drivers\WSDScan.sys [2013-10-27 23552]
          S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
          S3 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\Drivers\amdkmafd.sys [2012-9-23 21160]
          S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\System32\Drivers\AthDfu.sys [2012-8-22 55336]
          S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\Drivers\athurx.sys [2010-1-5 1847296]
          S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\Drivers\hitmanpro37.sys [2013-10-31 32512]
          S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
          S3 Revoflt;Revoflt;C:\Windows\System32\Drivers\revoflt.sys [2013-10-27 31800]
          S3 vmbusr;Provider van virtuele-machinebus;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
          .
          =============== Created Last 30 ================
          .
          2013-10-31 08:41:05 -------- d-----w- C:\AdwCleaner
          2013-10-31 00:07:01 -------- d-----w- C:\Program Files\Enigma Software Group
          2013-10-31 00:06:49 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
          2013-10-30 23:59:25 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
          2013-10-30 23:39:52 -------- d-----w- C:\Windows\pss
          2013-10-30 23:22:05 -------- d-----w- C:\Users\\AppData\Roaming\Malwarebytes
          2013-10-30 23:22:00 -------- d-----w- C:\ProgramData\Malwarebytes
          2013-10-30 23:20:51 -------- d-----w- C:\Users\\Nieuwe map
          2013-10-30 22:36:35 -------- d-----w- C:\Users\\AppData\Roaming\TeamViewer
          2013-10-30 21:54:20 35112 ----a-w- C:\Windows\System32\drivers\teamviewervpn.sys
          2013-10-30 20:03:57 -------- d-----w- C:\Users\\AppData\Roaming\ESET
          2013-10-30 20:03:57 -------- d-----w- C:\Users\\AppData\Local\ESET
          2013-10-30 20:03:14 -------- d-----w- C:\Program Files\ESET
          2013-10-30 18:53:27 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB4C6DB7-2AB2-4F58-B59F-1AAC5E5521B0}\mpengine.dll
          2013-10-30 08:12:24 -------- d-----w- C:\Users\\AppData\Local\QuickPar
          2013-10-30 07:24:41 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
          2013-10-29 23:10:13 -------- d-----w- C:\Windows\LastGood.Tmp
          2013-10-29 23:10:01 -------- d-----w- C:\Program Files (x86)\ATI Technologies
          2013-10-29 22:11:20 -------- d-----w- C:\Users\\AppData\Roaming\Origin
          2013-10-29 22:11:19 -------- d-----w- C:\Users\\AppData\Local\Origin
          2013-10-29 22:10:56 -------- d-----w- C:\ProgramData\Origin
          2013-10-29 22:10:56 -------- d-----w- C:\ProgramData\Electronic Arts
          2013-10-29 00:43:22 -------- d-----r- C:\Program Files (x86)\Skype
          2013-10-29 00:29:45 -------- d-----w- C:\Users\\AppData\Roaming\uTorrent
          2013-10-28 19:58:32 315568 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10222.bin
          2013-10-28 00:22:37 -------- d-----w- C:\Users\\AppData\Local\Spotnet
          2013-10-28 00:22:05 -------- d-----w- C:\ProgramData\Spotnet
          2013-10-28 00:22:05 -------- d-----w- C:\Program Files (x86)\Spotnet
          2013-10-27 22:29:11 -------- d-----w- C:\Users\\AppData\Local\Macromedia
          2013-10-27 22:27:17 -------- d-----w- C:\Users\\AppData\Local\Adobe
          2013-10-27 20:17:56 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll
          2013-10-27 20:16:59 76288 ----a-w- C:\Windows\System32\newdev.exe
          2013-10-27 20:16:59 75264 ----a-w- C:\Windows\System32\ndadmin.exe
          2013-10-27 20:16:59 74240 ----a-w- C:\Windows\SysWow64\newdev.exe
          2013-10-27 20:16:59 73728 ----a-w- C:\Windows\SysWow64\ndadmin.exe
          2013-10-27 20:16:59 301568 ----a-w- C:\Windows\System32\newdev.dll
          2013-10-27 20:16:59 275968 ----a-w- C:\Windows\SysWow64\newdev.dll
          2013-10-27 20:10:39 -------- d-----r- C:\Windows\BrowserChoice
          2013-10-27 20:07:36 278800 ------w- C:\Windows\System32\MpSigStub.exe
          2013-10-27 20:00:27 -------- d-----w- C:\Windows\System32\MRT
          2013-10-27 19:56:40 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
          2013-10-27 19:41:59 951808 ----a-w- C:\Windows\System32\Windows.Globalization.dll
          2013-10-27 19:40:59 2767360 ----a-w- C:\Windows\SysWow64\tquery.dll
          2013-10-27 19:39:03 2361344 ----a-w- C:\Windows\System32\msxml6.dll
          2013-10-27 19:39:03 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
          2013-10-27 19:39:03 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
          2013-10-27 19:39:03 2048 ----a-w- C:\Windows\System32\msxml6r.dll
          2013-10-27 19:39:03 2048 ----a-w- C:\Windows\System32\msxml3r.dll
          2013-10-27 19:39:03 1836032 ----a-w- C:\Windows\System32\msxml3.dll
          2013-10-27 19:39:03 1802240 ----a-w- C:\Windows\SysWow64\msxml6.dll
          2013-10-27 19:39:03 1438720 ----a-w- C:\Windows\SysWow64\msxml3.dll
          2013-10-27 19:28:10 -------- d-----w- C:\Users\\AppData\Local\ATI
          2013-10-27 19:28:03 -------- d-----w- C:\Users\\AppData\Roaming\library_dir
          2013-10-27 19:27:01 -------- d-----w- C:\ProgramData\AMD
          2013-10-27 19:27:01 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
          2013-10-27 19:26:37 -------- d-----w- C:\AMD
          2013-10-27 19:26:21 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
          2013-10-27 19:26:18 -------- d-----w- C:\ProgramData\Package Cache
          2013-10-27 19:26:11 -------- d-----w- C:\Program Files\ATI Technologies
          2013-10-27 19:26:10 -------- d-----w- C:\Program Files\ATI
          2013-10-27 19:21:57 -------- d-----w- C:\Users\\AppData\Local\Mozilla
          2013-10-27 19:20:00 -------- d-----w- C:\Users\\AppData\Local\VS Revo Group
          2013-10-27 19:19:58 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
          2013-10-27 19:19:58 -------- d-----w- C:\ProgramData\VS Revo Group
          2013-10-27 19:17:58 -------- d-----w- C:\Users\\AppData\Local\Programs
          2013-10-27 19:15:36 -------- d-----w- C:\Windows\AutoKMS
          2013-10-27 19:15:23 -------- d-----w- C:\Users\\AppData\Local\Microsoft Toolkit
          2013-10-27 19:14:12 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
          2013-10-27 19:14:00 -------- d-----w- C:\Windows\PCHEALTH
          2013-10-27 19:14:00 -------- d-----w- C:\Program Files\Microsoft SQL Server
          2013-10-27 19:13:05 -------- d-----w- C:\Program Files\Microsoft Analysis Services
          2013-10-27 19:13:05 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
          2013-10-27 19:13:03 -------- d-----w- C:\Users\\AppData\Local\Microsoft Help
          2013-10-27 19:08:44 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
          2013-10-27 19:08:29 -------- d-----w- C:\Intel
          2013-10-27 19:06:24 -------- d-----w- C:\Users\\AppData\Local\Google
          2013-10-27 19:06:23 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
          2013-10-27 19:06:21 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
          2013-10-27 19:03:19 -------- d-sh--we C:\ProgramData\Sjablonen
          2013-10-27 19:03:19 -------- d-sh--we C:\ProgramData\Menu Start
          2013-10-27 19:03:19 -------- d-sh--we C:\ProgramData\Documenten
          2013-10-27 19:03:19 -------- d-sh--we C:\ProgramData\Bureaublad
          2013-10-27 19:03:19 -------- d-sh--w- C:\Recovery
          2013-10-27 19:02:33 0 ----a-w- C:\Windows\ativpsrm.bin
          2013-10-27 19:01:45 -------- d-----w- C:\Windows\Panther
          2013-10-24 23:04:32 142792 ----a-w- C:\Windows\System32\atiuxp64.dll
          2013-10-24 22:48:12 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
          2013-10-24 22:48:12 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
          2013-10-24 22:48:12 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
          2013-10-24 22:48:12 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
          2013-10-24 17:58:42 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
          2013-10-24 17:53:56 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
          2013-10-08 14:01:20 156712 ----a-w- C:\Windows\System32\amdhcp64.dll
          2013-10-08 14:01:18 141256 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
          2013-10-08 14:01:14 78432 ----a-w- C:\Windows\System32\atimpc64.dll
          2013-10-08 14:01:12 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
          2013-10-08 14:01:08 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
          2013-10-08 14:01:08 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
          2013-10-08 14:01:06 125824 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
          2013-10-08 14:01:04 97984 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
          2013-10-08 14:01:04 114488 ----a-w- C:\Windows\System32\atiu9p64.dll
          2013-10-08 14:01:00 1030128 ----a-w- C:\Windows\SysWow64\aticfx32.dll
          2013-10-08 14:00:52 8215992 ----a-w- C:\Windows\SysWow64\atidxx32.dll
          2013-10-08 14:00:46 6176008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
          2013-10-08 14:00:42 6189416 ----a-w- C:\Windows\SysWow64\atiumdag.dll
          2013-10-08 14:00:36 6767240 ----a-w- C:\Windows\System32\atiumd6a.dll
          2013-10-08 14:00:32 7256496 ----a-w- C:\Windows\System32\atiumd64.dll
          2013-10-08 13:58:42 12534784 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
          2013-10-08 13:39:22 229376 ----a-w- C:\Windows\System32\clinfo.exe
          2013-10-08 13:39:06 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
          2013-10-08 13:38:58 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
          2013-10-08 13:38:58 127488 ----a-w- C:\Windows\System32\coinst_13.152.1.8.dll
          2013-10-08 13:38:52 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
          2013-10-08 13:38:48 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
          2013-10-08 13:38:30 28192256 ----a-w- C:\Windows\System32\amdocl64.dll
          2013-10-08 13:36:22 23761408 ----a-w- C:\Windows\SysWow64\amdocl.dll
          2013-10-08 13:34:34 63488 ----a-w- C:\Windows\System32\OpenCL.dll
          2013-10-08 13:34:28 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
          2013-10-08 13:17:50 25385984 ----a-w- C:\Windows\System32\atio6axx.dll
          2013-10-08 13:13:44 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
          2013-10-08 13:13:34 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
          2013-10-08 13:13:32 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
          2013-10-08 13:13:26 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
          2013-10-08 13:13:24 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
          2013-10-08 13:13:08 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
          2013-10-08 13:09:52 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
          2013-10-08 13:00:30 21400064 ----a-w- C:\Windows\SysWow64\atioglxx.dll
          2013-10-08 12:54:10 442368 ----a-w- C:\Windows\System32\atidemgy.dll
          2013-10-08 12:53:58 26112 ----a-w- C:\Windows\System32\atimuixx.dll
          2013-10-08 12:53:50 576512 ----a-w- C:\Windows\System32\atieclxx.exe
          2013-10-08 12:52:58 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
          2013-10-08 12:51:30 190976 ----a-w- C:\Windows\System32\atitmm64.dll
          2013-10-08 12:29:04 96256 ----a-w- C:\Windows\System32\amdave64.dll
          2013-10-08 12:28:56 90624 ----a-w- C:\Windows\SysWow64\amdave32.dll
          2013-10-08 12:28:42 89088 ----a-w- C:\Windows\System32\atisamu64.dll
          2013-10-08 12:28:36 784384 ----a-w- C:\Windows\System32\atiadlxx.dll
          2013-10-08 12:28:34 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
          2013-10-08 12:28:26 594944 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
          2013-10-08 12:28:12 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
          2013-10-08 12:28:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
          2013-10-08 12:28:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
          2013-10-08 12:28:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll
          2013-10-08 12:27:56 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
          2013-10-08 12:27:46 619008 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
          2013-10-08 12:24:54 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
          .
          ==================== Find3M ====================
          .
          2013-10-08 14:01:02 1237200 ----a-w- C:\Windows\System32\aticfx64.dll
          2013-10-08 14:00:56 9464840 ----a-w- C:\Windows\System32\atidxx64.dll
          2013-10-02 01:38:13 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
          2013-10-02 01:38:13 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
          2013-09-24 14:54:42 141312 ----a-w- C:\Windows\System32\drivers\amdacpksl.sys
          2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
          2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
          2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
          2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
          2013-09-13 22:36:37 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
          2013-09-13 22:36:23 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
          2013-09-13 22:36:23 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
          2013-09-13 22:36:14 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
          2013-09-13 22:34:14 40448 ----a-w- C:\Windows\System32\wuapp.exe
          2013-09-13 22:33:55 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
          2013-09-13 22:33:55 142848 ----a-w- C:\Windows\System32\wuwebv.dll
          2013-09-13 22:33:54 99328 ----a-w- C:\Windows\System32\wudriver.dll
          2013-09-13 22:33:54 1622016 ----a-w- C:\Windows\System32\wucltux.dll
          2013-09-13 22:33:42 328192 ----a-w- C:\Windows\System32\ubpm.dll
          2013-09-13 22:33:39 175104 ----a-w- C:\Windows\System32\storewuauth.dll
          2013-08-30 05:43:40 61784 ----a-w- C:\Windows\System32\drivers\crashdmp.sys
          2013-08-30 05:20:13 1173504 ----a-w- C:\Windows\System32\UIAutomationCore.dll
          2013-08-29 23:48:12 914432 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
          2013-08-23 05:11:57 4040192 ----a-w- C:\Windows\System32\win32k.sys
          2013-08-21 06:39:29 465240 ----a-w- C:\Windows\System32\drivers\fvevol.sys
          2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys
          2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll
          2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe
          2013-08-16 05:22:11 4917760 ----a-w- C:\Windows\System32\sppsvc.exe
          2013-08-16 05:21:43 688640 ----a-w- C:\Windows\System32\WSShared.dll
          2013-08-16 05:21:43 183808 ----a-w- C:\Windows\System32\WSSync.dll
          2013-08-16 05:21:42 204800 ----a-w- C:\Windows\System32\WSClient.dll
          2013-08-16 05:21:42 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
          2013-08-16 05:21:42 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
          2013-08-16 05:21:18 368640 ----a-w- C:\Windows\System32\sppwinob.dll
          2013-08-16 05:21:18 1164288 ----a-w- C:\Windows\System32\sppobjs.dll
          2013-08-16 05:21:12 81408 ----a-w- C:\Windows\System32\setupcln.dll
          2013-08-16 05:21:00 120320 ----a-w- C:\Windows\System32\sppc.dll
          2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll
          2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll
          2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll
          2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll
          2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll
          2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
          2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
          2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll
          2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll
          2013-08-10 06:30:22 151896 ----a-w- C:\Windows\System32\drivers\tpm.sys
          2013-08-10 05:21:51 448512 ----a-w- C:\Windows\System32\SettingSync.dll
          2013-08-10 05:21:51 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll
          2013-08-10 05:21:01 817152 ----a-w- C:\Windows\System32\kerberos.dll
          2013-08-10 03:58:51 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll
          2013-08-10 03:58:09 656896 ----a-w- C:\Windows\SysWow64\kerberos.dll
          2013-08-07 05:15:02 144896 ----a-w- C:\Windows\System32\tssdisai.dll
          2013-08-03 06:40:49 462336 ----a-w- C:\Windows\System32\sysmon.ocx
          2013-08-03 06:40:17 566784 ----a-w- C:\Windows\System32\wvc.dll
          2013-08-03 06:40:01 1374208 ----a-w- C:\Windows\System32\wdc.dll
          2013-08-03 05:14:15 399360 ----a-w- C:\Windows\SysWow64\sysmon.ocx
          2013-08-03 05:13:57 437248 ----a-w- C:\Windows\SysWow64\wvc.dll
          2013-08-03 05:13:43 1245696 ----a-w- C:\Windows\SysWow64\wdc.dll
          .
          ============= FINISH: 9:55:48,63 ===============


          Ik heb nu zonder codes gebruikt, hopelijk werkt het nu beter......

          Comment


          • #6
            Wilt ge aub mijn instructies lezen en uitvoeren wat er staat aub? (derde maal gevraagd)
            Als ge dat gedaan hebt, kan ik verder.
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              Hallo,

              of ik lees er overheen dan?
              Wat moet ik doen.

              Enige wat ik kan vinden is.
              De MBAM log geven, maar die heb ik niet meer.
              En dan de overige 2 of zie ik het verkeerd, kan aan mij liggen...

              Comment


              • #8
                Oorspronkelijk geplaatst door picka24 Bekijk Berichten
                Hallo,

                of ik lees er overheen dan?
                Wat moet ik doen.

                Enige wat ik kan vinden is.
                De MBAM log geven, maar die heb ik niet meer.
                En dan de overige 2 of zie ik het verkeerd, kan aan mij liggen...
                Voor mij is het duidelijk dat je er tot driemaal toe overheen leest.
                De instructies zijn nochthans duidelijk.
                Lees ze nog maar eens en voer uit wat er staat aub. Niets meer, maar ook niets minder
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Bij gebrek aan feedback zet ik dit topic op opgelost.

                  Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                  Dit is gedaan om het forum netjes en overzichtelijk te houden.

                  Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een direct bericht met verzoek om heropening.


                  Emphyrio
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X