Mededeling

Collapse
No announcement yet.

Advanced system protector

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Advanced system protector

    Hallo,
    sedert een week heb ik last van veelvuldige popups met de melding dat "Advanced system protector" geïnfecteerde files heeft gevonden.
    Het programma staat niet tussen de geïnstalleerde programma's op m'n PC en ook niet bij opstarten in de msconfig.
    Wat me ook opvalt is dat ik dit steeds heb bij het gebruiken van Firefox. Wanneer ik google Chrome gebruik heb ik geen last van die popups. Maar firefox is dus m'n standaard browser en die wil ik graag blijven gebruiken. Ik heb de laatste dagen ook gemerkt als firefox blijft openstaan dat de memory use van firefox stijgt tot meer dan 1000 MB en dus begint vast te lopen.

    Dit is een laptop van m'n werk en ik heb geen rechten om defogger te installeren. Ook niet als ik kies voor "run as administrator". De rest van de stappen is wel gelukt. Alvast bedankt voor de moeite !

    1) Anti-malware heeft niets gevonden, hieronder de log :

    Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.11.30.03

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16736
    HenkA :: PC-HENKA [administrator]

    Bescherming: Uitgeschakeld

    30/11/2013 11:07:57
    mbam-log-2013-11-30 (11-07-57).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 230946
    Verstreken tijd: 6 minuut/minuten, 48 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    2) DDS logbestand :

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.45.2
    Run by HenkA at 11:36:35 on 2013-11-30
    Microsoft Windows 8 Pro 6.2.9200.0.1252.32.1033.18.3958.2538 [GMT 1:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Windows\system32\BtwRSupportService.exe
    C:\Windows\system32\dashost.exe
    C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\taskhostex.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Classic Shell\ClassicStartMenu.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
    C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Google\Google Talk\googletalk.exe
    C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://intranet.transics.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
    TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    uRun: [Lync] "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
    mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
    mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
    StartupFolder: C:\Users\henka\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://transics-mon3:4343/officescan/console/html/ClientInstall/WinNTChk.cab
    DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://transics-mon3:4343/officescan/console/html/ClientInstall/setupini.cab
    DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://transics-mon3:4343/officescan/console/html/ClientInstall/setup.cab
    DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://transics-mon3:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sslhq.transics.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 195.130.131.133 195.130.130.5
    TCP: Interfaces\{1D7D32D9-BA5C-4D80-94FB-2DA02F4ABE83} : DHCPNameServer = 195.130.131.133 195.130.130.5
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
    x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 193.67.165.96 tx-social-test.transics.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\henka\AppData\Roaming\Mozilla\Firefox\Profiles\9h7cjww5.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=34&r=2013/02/20&hid=740632495&lg=EN&cc=BE&l=1&q=
    FF - prefs.js: browser.search.selectedEngine - Conduit Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
    FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=34&r=2013/02/20&hid=740632495&lg=EN&cc=BE&l=1&q=
    FF - component: C:\Users\henka\AppData\Roaming\Mozilla\Firefox\Profiles\kvmetz24.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\Windows\System32\BtwRSupportService.exe [2011-12-15 2246184]
    R2 rimspci;rimspci;C:\Windows\System32\Drivers\rimspe64.sys [2013-11-4 61952]
    R2 risdpcie;risdpcie;C:\Windows\System32\Drivers\risdpe64.sys [2013-11-4 79360]
    R2 rixdpcie;rixdpcie;C:\Windows\System32\Drivers\rixdpe64.sys [2013-11-4 55808]
    R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2012-7-17 344864]
    R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2012-7-17 42272]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\Drivers\HECIx64.sys [2009-9-17 56344]
    R3 yukonw8;NDIS6.3 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\Drivers\yk63x64.sys [2012-10-2 295792]
    RUnknown szkg5;szkg5; [x]
    S3 bluekey;Transics TX-MAX Key;C:\Windows\System32\Drivers\bluekeyusb64.sys [2013-11-6 55872]
    S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2012-7-25 5632]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-11-22 25928]
    S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
    SUnknown is3srv;is3srv; [x]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-11-26 14:37:59 -------- d-----w- C:\Program Files (x86)\Transics
    2013-11-25 21:10:50 -------- d-----w- C:\Users\henka\AppData\Local\ElevatedDiagnostics
    2013-11-24 11:55:32 280752 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
    2013-11-23 19:10:18 -------- d-----w- C:\Program Files\Enigma Software Group
    2013-11-23 19:09:21 -------- d-----w- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
    2013-11-23 19:09:16 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2013-11-22 18:35:29 -------- d-----w- C:\Users\henka\AppData\Roaming\Malwarebytes
    2013-11-22 18:35:14 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-11-22 18:35:12 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-11-22 18:35:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-11-22 18:35:00 -------- d-----w- C:\Users\henka\AppData\Local\Programs
    2013-11-22 15:31:00 447320 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
    2013-11-22 15:31:00 285016 ----a-w- C:\Windows\System32\drivers\spaceport.sys
    2013-11-22 15:28:09 2062848 ----a-w- C:\Windows\System32\d3d11.dll
    2013-11-22 15:28:08 1711616 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-11-22 15:23:49 2304512 ----a-w- C:\Windows\System32\authui.dll
    2013-11-22 15:23:49 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-11-20 12:09:59 -------- d-----w- C:\TimeWriterV4
    2013-11-20 10:53:58 -------- d-----w- C:\TimeWriterV5
    2013-11-18 10:09:41 -------- d-----w- C:\Users\henka\AppData\Local\IsolatedStorage
    2013-11-08 07:01:28 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2013-11-07 20:31:35 -------- d-----w- C:\Users\henka\AppData\Roaming\uTorrent
    2013-11-06 14:39:01 598016 ----a-w- C:\Windows\SysWow64\sqliteodbc2008.dll
    2013-11-06 14:38:56 -------- d-----w- C:\Windows\SysWow64\SQLite2008Pro
    2013-11-06 14:38:56 -------- d-----w- C:\Program Files (x86)\Osen Kusnadi
    2013-11-06 11:05:32 55872 ----a-w- C:\Windows\System32\drivers\bluekeyusb64.sys
    2013-11-05 20:26:08 -------- d-----w- C:\Users\henka\AppData\Roaming\ClassicShell
    2013-11-05 20:24:41 -------- d-----w- C:\Program Files\Classic Shell
    2013-11-05 15:56:35 186880 ----a-w- C:\Windows\POWERPRN.DLL
    2013-11-05 15:56:32 147456 ----a-w- C:\Windows\DLLTRACE.DLL
    2013-11-05 15:56:30 319488 ----a-w- C:\Windows\SCard32.dll
    2013-11-05 15:54:24 -------- d-----w- C:\ProgramData\SQL Anywhere 10
    2013-11-05 15:39:07 -------- d-----w- C:\Users\henka\sybase
    2013-11-05 15:38:47 -------- d-----w- C:\ProgramData\Sybase Central 5.0.0
    2013-11-05 15:36:40 44544 ------w- C:\Windows\SysWow64\msxml4a.dll
    2013-11-05 15:35:42 -------- d-----w- C:\Program Files\SQL Anywhere 10
    2013-11-05 15:34:11 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2013-11-05 15:34:11 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
    2013-11-05 15:34:10 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2013-11-05 15:34:10 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2013-11-05 15:34:10 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2013-11-05 15:34:10 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2013-11-05 15:34:10 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2013-11-05 15:34:02 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2013-11-05 15:34:01 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2013-11-05 14:26:58 -------- d-----w- C:\TISNEW
    2013-11-05 13:50:31 -------- d-----w- C:\Users\henka\AppData\Local\Macromedia
    2013-11-05 12:54:53 -------- d-----w- C:\ProgramData\Brother
    2013-11-05 12:12:56 -------- d-----w- C:\Users\henka\AppData\Roaming\OpenVPN Technologies
    2013-11-05 12:12:56 -------- d-----w- C:\Users\henka\AppData\Local\OpenVPN Technologies
    2013-11-05 09:59:06 -------- d-----w- C:\Users\henka\AppData\Local\Transics
    2013-11-05 09:24:59 -------- d-----w- C:\Users\henka\AppData\Local\Microsoft_Corporation
    2013-11-05 09:13:46 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2013-11-05 09:13:35 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2013-11-05 09:13:31 -------- d-----w- C:\Windows\SysWow64\1033
    2013-11-05 09:13:31 -------- d-----w- C:\Windows\System32\1033
    2013-11-05 09:05:02 -------- d-----w- C:\Program Files\Microsoft SQL Server
    2013-11-05 08:50:58 -------- d-----r- C:\TXconnect
    2013-11-05 08:28:06 -------- d-----w- C:\Program Files (x86)\visionapp
    2013-11-05 08:19:04 -------- d-----w- C:\Training
    2013-11-05 08:18:49 -------- d-----w- C:\Tools
    2013-11-05 07:59:45 -------- d-----w- C:\Users\henka\AppData\Local\Deployment
    2013-11-05 07:36:26 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
    2013-11-05 07:36:23 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
    2013-11-04 17:43:51 -------- d-----w- C:\Windows\Panther
    2013-11-04 16:34:33 -------- d-----w- C:\Users\henka\AppData\Local\FrontRange_Solutions_Inc
    2013-11-04 16:34:14 -------- d-----w- C:\Temp
    2013-11-04 16:33:53 -------- d-----w- C:\sqlserver
    2013-11-04 16:33:39 -------- d-----r- C:\Sourcesafe
    2013-11-04 16:33:29 -------- d-----w- C:\sky.app
    2013-11-04 16:32:14 -------- d-----w- C:\SKY
    2013-11-04 16:31:50 -------- d-----w- C:\Shared
    2013-11-04 16:23:41 -------- d-----w- C:\SD_Operations
    2013-11-04 16:11:32 -------- d-----w- C:\Users\henka\AppData\Local\Google
    2013-11-04 15:16:24 -------- d-----w- C:\Users\henka\AppData\Local\Mozilla
    2013-11-04 15:16:14 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2013-11-04 15:11:39 -------- d-----w- C:\Programs
    2013-11-04 15:03:49 -------- d-----w- C:\Personal
    2013-11-04 15:02:01 -------- d-----w- C:\Installaties
    2013-11-04 15:01:33 -------- d-----w- C:\History
    2013-11-04 15:00:59 -------- d-----w- C:\Foto's
    2013-11-04 14:58:55 -------- d-----r- C:\EXPORT
    2013-11-04 14:53:45 -------- d-----w- C:\Documents
    2013-11-04 14:53:34 -------- d-----w- C:\Database & planning
    2013-11-04 14:53:14 -------- d-----r- C:\Buggit
    2013-11-04 13:21:14 -------- d-----w- C:\Users\henka\AppData\Local\DataRecommendation
    2013-11-04 13:21:08 -------- d-----w- C:\Users\henka\AppData\Roaming\DataRecommendations
    2013-11-04 13:18:47 -------- d-----w- C:\Program Files\Microsoft Dynamics AX
    2013-11-04 13:18:39 -------- d-----w- C:\Program Files (x86)\Microsoft Dynamics AX
    2013-11-04 13:12:26 -------- d-----w- C:\Users\henka\AppData\Local\ITSMAppStorage
    2013-11-04 13:09:53 -------- d-----w- C:\ProgramData\FrontRange Solutions USA Inc
    2013-11-04 13:09:53 -------- d-----w- C:\Program Files (x86)\FrontRange Solutions
    2013-11-04 13:09:53 -------- d-----w- C:\Program Files (x86)\Common Files\Outlook Security Manager
    2013-11-04 12:19:57 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2013-11-04 12:19:56 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2013-11-04 12:11:43 -------- d-----r- C:\Windows\BrowserChoice
    2013-11-04 12:05:13 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2013-11-04 12:01:33 94208 ----a-w- C:\Windows\System32\synceng.dll
    2013-11-04 12:01:33 72192 ----a-w- C:\Windows\SysWow64\synceng.dll
    2013-11-04 11:55:46 74240 ----a-w- C:\Program Files\Windows Defender\MsMpCom.dll
    2013-11-04 11:52:54 81408 ----a-w- C:\Windows\System32\setupcln.dll
    2013-11-04 11:51:11 652288 ----a-w- C:\Windows\System32\comctl32.dll
    2013-11-04 11:51:11 541696 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2013-11-04 11:47:15 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
    2013-11-04 11:47:15 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
    2013-11-04 11:47:15 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
    2013-11-04 11:47:14 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2013-11-04 11:47:14 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2013-11-04 11:47:14 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2013-11-04 11:47:14 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2013-11-04 11:42:59 -------- d-----w- C:\Windows\System32\MRT
    2013-11-04 11:36:56 656896 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2013-11-04 11:34:55 77312 ----a-w- C:\Windows\System32\openfiles.exe
    2013-11-04 11:31:36 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll
    2013-11-04 11:31:36 677888 ----a-w- C:\Windows\System32\mfnetcore.dll
    2013-11-04 11:31:36 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll
    2013-11-04 11:31:36 568832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll
    2013-11-04 11:31:36 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
    2013-11-04 11:31:36 1172992 ----a-w- C:\Windows\System32\mfnetsrc.dll
    2013-11-04 11:19:54 27880 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
    2013-11-04 11:11:18 566784 ----a-w- C:\Windows\System32\wvc.dll
    2013-11-04 11:11:18 462336 ----a-w- C:\Windows\System32\sysmon.ocx
    2013-11-04 11:11:18 437248 ----a-w- C:\Windows\SysWow64\wvc.dll
    2013-11-04 11:11:18 399360 ----a-w- C:\Windows\SysWow64\sysmon.ocx
    2013-11-04 11:11:18 1374208 ----a-w- C:\Windows\System32\wdc.dll
    2013-11-04 11:11:18 1245696 ----a-w- C:\Windows\SysWow64\wdc.dll
    2013-11-04 11:08:59 1184256 ----a-w- C:\Windows\System32\Display.dll
    2013-11-04 11:08:59 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
    2013-11-04 11:07:02 1150160 ----a-w- C:\Windows\SysWow64\ole32.dll
    2013-11-04 11:07:00 560640 ----a-w- C:\Windows\System32\drivers\afd.sys
    2013-11-04 11:03:30 3265256 ----a-w- C:\Windows\System32\drivers\evbda.sys
    2013-11-04 11:02:59 634880 ----a-w- C:\Windows\System32\apphelp.dll
    2013-11-04 11:01:38 301568 ----a-w- C:\Windows\System32\newdev.dll
    2013-11-04 11:01:38 275968 ----a-w- C:\Windows\SysWow64\newdev.dll
    2013-11-04 11:01:37 76288 ----a-w- C:\Windows\System32\newdev.exe
    2013-11-04 11:01:37 75264 ----a-w- C:\Windows\System32\ndadmin.exe
    2013-11-04 11:01:37 74240 ----a-w- C:\Windows\SysWow64\newdev.exe
    2013-11-04 11:01:37 73728 ----a-w- C:\Windows\SysWow64\ndadmin.exe
    2013-11-04 10:35:26 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-11-04 10:35:26 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-11-04 10:01:43 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
    2013-11-04 10:01:43 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
    2013-11-04 09:57:56 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2013-11-04 09:57:56 54488 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2013-11-04 09:57:04 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
    2013-11-04 09:57:04 32768 ----a-w- C:\Windows\System32\drivers\hidparse.sys
    2013-11-04 09:57:04 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys
    2013-11-04 09:57:04 25600 ----a-w- C:\Windows\System32\drivers\usbprint.sys
    2013-11-04 09:56:47 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
    2013-11-04 09:56:46 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
    2013-11-04 09:54:15 99328 ----a-w- C:\Windows\System32\drivers\usbcir.sys
    2013-11-04 09:54:15 210560 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
    2013-11-04 09:54:15 121984 ----a-w- C:\Windows\System32\drivers\USBAUDIO.sys
    2013-11-04 09:49:43 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2013-11-04 09:49:43 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll
    2013-11-04 09:46:54 141312 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-11-04 09:46:54 1255936 ----a-w- C:\Windows\System32\certutil.exe
    2013-11-04 09:46:54 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-11-04 09:46:54 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-11-04 09:46:46 589896 ----a-w- C:\Windows\SysWow64\dsNcSmartCardProv.dll
    2013-11-04 09:46:45 421448 ----a-w- C:\Windows\SysWow64\dsNcCredProv.dll
    2013-11-04 09:46:40 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-11-04 09:46:09 -------- d-----w- C:\Program Files (x86)\Juniper Networks
    2013-11-04 09:44:33 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2013-11-04 09:44:33 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-11-04 09:44:26 595968 ----a-w- C:\Windows\System32\qedit.dll
    2013-11-04 09:44:26 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
    2013-11-04 09:42:59 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll
    2013-11-04 09:42:59 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
    2013-11-04 09:42:56 1838080 ----a-w- C:\Windows\System32\DWrite.dll
    2013-11-04 09:42:56 1421312 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-11-04 09:42:03 79192 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2013-11-04 09:42:03 623448 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2013-11-04 09:42:03 498008 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2013-11-04 09:42:03 32256 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2013-11-04 09:42:03 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2013-11-04 09:42:03 21848 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2013-11-04 09:42:03 120832 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-11-04 09:41:51 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-11-04 09:41:24 70144 ----a-w- C:\Windows\System32\appinfo.dll
    2013-11-04 09:41:24 112872 ----a-w- C:\Windows\System32\consent.exe
    2013-11-04 09:39:57 888320 ----a-w- C:\Windows\System32\autochk.exe
    2013-11-04 09:39:57 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
    2013-11-04 09:39:57 542208 ----a-w- C:\Windows\System32\untfs.dll
    2013-11-04 09:39:57 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
    2013-11-04 09:39:53 733184 ----a-w- C:\Windows\System32\win32spl.dll
    2013-11-04 09:38:37 -------- d-----w- C:\Windows\System32\appmgmt
    2013-11-04 09:38:08 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2013-11-04 09:38:08 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2013-11-04 09:38:05 98304 ----a-w- C:\Windows\System32\apprepsync.dll
    2013-11-04 09:38:05 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll
    2013-11-04 09:38:05 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll
    2013-11-04 09:38:05 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-11-04 09:38:05 337408 ----a-w- C:\Windows\System32\wintrust.dll
    2013-11-04 09:38:05 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2013-11-04 09:38:05 1889280 ----a-w- C:\Windows\System32\crypt32.dll
    2013-11-04 09:38:05 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-11-04 09:38:05 124416 ----a-w- C:\Windows\System32\apprepapi.dll
    2013-11-04 09:36:48 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2013-11-04 09:33:57 1558912 ----a-w- C:\Program Files\Windows Defender\DbgHelp.dll
    2013-11-04 09:30:27 -------- d-----w- C:\ProgramData\Oracle
    2013-11-04 09:30:19 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-11-04 09:29:01 -------- d-----w- C:\Program Files (x86)\MSECache
    2013-11-04 09:28:41 -------- d-----w- C:\Users\henka\AppData\Local\Apps
    2013-11-04 09:25:01 -------- d-----w- C:\Windows\PCHEALTH
    2013-11-04 09:25:01 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
    2013-11-04 09:23:32 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2013-11-04 09:22:56 -------- d-----w- C:\Users\henka\AppData\Local\Microsoft Help
    2013-11-04 09:21:52 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
    2013-11-04 09:21:45 -------- d-----w- C:\Intel
    2013-11-04 09:21:11 -------- d-----w- C:\Program Files\Validity Sensors
    2013-11-04 09:20:09 -------- d-----w- C:\Program Files (x86)\Foxit Software
    2013-11-04 09:18:35 -------- d-----w- C:\Program Files (x86)\Tim Heuer
    2013-11-04 09:17:18 -------- d-----w- C:\Windows\System32\log
    2013-11-04 09:16:41 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2013-11-04 09:15:40 -------- d-----w- C:\Program Files (x86)\vnc
    2013-11-04 09:15:24 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
    2013-11-04 09:15:09 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
    2013-11-04 09:15:09 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
    2013-11-04 09:15:09 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
    2013-11-04 09:15:06 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
    2013-11-04 09:15:06 -------- d-----w- C:\Program Files (x86)\PDFCreator
    2013-11-04 09:14:43 -------- d-----w- C:\Program Files (x86)\FileZilla
    2013-11-04 09:13:44 -------- d-----w- C:\Users\henka\AppData\Local\Diagnostics
    2013-11-04 09:12:23 -------- d-----w- C:\Users\henka\AppData\Roaming\hpqlog
    2013-11-04 09:12:04 -------- d-----r- C:\Users\henka\Searches
    2013-11-04 09:12:04 -------- d-----r- C:\Users\henka\Contacts
    2013-11-04 09:07:12 90112 ----a-w- C:\Windows\System32\snymsico.dll
    2013-11-04 09:07:12 79360 ----a-w- C:\Windows\System32\drivers\risdpe64.sys
    2013-11-04 09:07:12 61952 ----a-w- C:\Windows\System32\drivers\rimspe64.sys
    2013-11-04 09:07:12 55808 ----a-w- C:\Windows\System32\drivers\rixdpe64.sys
    2013-11-04 09:07:12 196608 ----a-w- C:\Windows\System32\RiSDIcon.dll
    2013-11-04 09:07:12 188416 ----a-w- C:\Windows\System32\RiMMCIcon.dll
    2013-11-04 09:07:12 172032 ----a-w- C:\Windows\System32\rixdicon.dll
    2013-11-04 09:07:12 114688 ----a-w- C:\Windows\SysWow64\RicohMediadriverVer.dll
    2013-11-04 09:06:35 -------- d-----w- C:\swsetup
    2013-11-04 08:56:59 -------- d-----w- C:\Program Files\Windows Identity Foundation
    2013-11-04 08:56:40 -------- d-----w- C:\Program Files\Synaptics
    2013-11-04 08:52:12 -------- d-----w- C:\Windows\wlansvc
    2013-11-04 08:51:49 1166440 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
    2013-11-04 08:51:48 35400 ----a-w- C:\Windows\System32\TsWpfWrp.exe
    2013-11-04 08:51:47 35400 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
    2013-11-04 08:51:45 778856 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
    2013-11-04 08:48:23 -------- d-----w- C:\ProgramData\PRICache
    2013-11-04 08:44:52 0 ----a-w- C:\Windows\ativpsrm.bin
    .
    ==================== Find3M ====================
    .
    2013-10-20 16:47:24 329216 ----a-w- C:\Windows\System32\StartMenuHelper64.dll
    2013-10-20 16:46:56 268288 ----a-w- C:\Windows\SysWow64\StartMenuHelper32.dll
    2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
    2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
    2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-10-08 22:30:32 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2013-10-08 22:30:17 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2013-10-08 22:30:17 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2013-10-08 22:28:11 40448 ----a-w- C:\Windows\System32\wuapp.exe
    2013-10-08 22:27:56 99328 ----a-w- C:\Windows\System32\wudriver.dll
    2013-10-08 22:27:56 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
    2013-10-08 22:27:56 1622016 ----a-w- C:\Windows\System32\wucltux.dll
    2013-10-08 22:27:56 142848 ----a-w- C:\Windows\System32\wuwebv.dll
    2013-10-08 22:27:45 175104 ----a-w- C:\Windows\System32\storewuauth.dll
    2013-09-28 05:48:00 778752 ----a-w- C:\Windows\System32\oleaut32.dll
    2013-09-28 03:58:44 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2013-09-24 22:18:27 288768 ----a-w- C:\Windows\System32\drivers\portcls.sys
    2013-09-19 07:32:10 1455448 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-09-13 22:36:14 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
    2013-09-13 22:33:42 328192 ----a-w- C:\Windows\System32\ubpm.dll
    .
    ============= FINISH: 12:24:09,40 ===============

    3) GMER :

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-11-30 13:29:29
    Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000046 Hitachi_HTS725032A9A364 rev.PC3OCH0A 298,09GB
    Running: cfmgzu5r.exe; Driver: C:\Users\henka\AppData\Local\Temp\uxdcapow.sys


    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\system32\svchost.exe [984:4868] 000007f98ca65c38
    Thread C:\Windows\system32\svchost.exe [984:5624] 000007f9901510f0
    Thread C:\Windows\system32\svchost.exe [984:3688] 000007f98a7977b0
    Thread C:\Windows\system32\svchost.exe [984:4440] 000007f98a7977b0
    Thread C:\Windows\system32\svchost.exe [984:6124] 000007f98a7977b0
    Thread C:\Windows\system32\svchost.exe [984:7184] 000007f97c036b14
    Thread C:\Windows\system32\svchost.exe [984:6036] 000007f97c036b14
    Thread C:\Windows\system32\svchost.exe [984:392] 000007f97c036b14
    Thread C:\Windows\system32\svchost.exe [984:7264] 000007f9907e16b0
    Thread C:\Windows\System32\svchost.exe [1064:6136] 000007f98e711d44
    Thread C:\Windows\System32\svchost.exe [1064:2992] 000007f98e7122c4
    Thread C:\Windows\System32\svchost.exe [1064:8756] 000007f986f2a2b0
    Thread C:\Windows\System32\svchost.exe [1064:5592] 000007f990613c88
    Thread C:\Windows\system32\svchost.exe [1468:2096] 000007f98a7224e8
    Thread C:\Windows\system32\svchost.exe [1468:2116] 000007f98a6c1544
    Thread C:\Windows\system32\svchost.exe [1468:2192] 000007f98a6a55dc
    Thread C:\Windows\system32\svchost.exe [1468:3632] 000007f98b8c4910
    Thread C:\Windows\system32\svchost.exe [1468:5420] 000007f98b8c1044
    Thread C:\Windows\system32\csrss.exe [6404:2444] fffff960009905e8

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\[email protected] -2041447220

    ---- EOF - GMER 2.1 ----

  • #2
    Hoi roadie en welkom op Nucia Security Forum,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub .
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.


    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scan
    • Klik op Clean
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

    Enkel de log na de "clean" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

    ___________________________________________________________

    Controle op updates...

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.

    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • AdwCleaner
    • Een verse DDS log
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Last edited by Emphyrio; 01-12-13, 17:43.
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Hey Emphyrio, bedankt voor de hulp reeds. Hieronder de logs.

      1) ADW Cleaner

      # AdwCleaner v3.014 - Report created 01/12/2013 at 20:04:06
      # Updated 01/12/2013 by Xplode
      # Operating System : Windows 8 Pro (64 bits)
      # Username : HenkA - PC-HENKA
      # Running from : C:\Users\henka\Downloads\adwcleaner.exe
      # Option : Clean

      ***** [ Services ] *****


      ***** [ Files / Folders ] *****

      Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
      File Deleted : C:\Users\henka\AppData\Roaming\Mozilla\Firefox\Profiles\9h7cjww5.default\searchplugins\ask-search.xml
      File Deleted : C:\Users\henka\AppData\Roaming\Mozilla\Firefox\Profiles\9h7cjww5.default\searchplugins\conduit-search.xml

      ***** [ Shortcuts ] *****


      ***** [ Registry ] *****

      Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
      Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

      ***** [ Browsers ] *****

      -\\ Internet Explorer v10.0.9200.16537


      -\\ Mozilla Firefox v25.0.1 (nl)

      [ File : C:\Users\henka\AppData\Roaming\Mozilla\Firefox\Profiles\9h7cjww5.default\prefs.js ]

      Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
      Line Deleted : user_pref("aol_toolbar.default.search.check", false);
      Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
      Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
      Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
      Line Deleted : user_pref("browser.search.defaultthis.engineName", "WebSearch");
      Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=34&r=2013/02/20&hid=740632495&lg=EN&cc=BE&l=1&q=");
      Line Deleted : user_pref("browser.search.order.1", "WebSearch");
      Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
      Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
      Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
      Line Deleted : user_pref("extensions.51252cfaca6d9.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.c om'.indexOf(window.self.location.hostname)>-1) return;}c
      Line Deleted : user_pref("[email protected]_5a.com.install-event-fired", true);
      Line Deleted : user_pref("[email protected]_5a.com.install-event-fired", true);
      Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
      Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
      Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
      Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=2912_2&babsrc=NT_ss&mntrId=2806ba6400000000000000ff5065ff05");
      Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Search the web (Babylon)");
      Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
      Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.babylon.com/?affID=110819&tt=2912_2&babsrc=KW_ss&mntrId=2806ba6400000000000000ff5065ff05&q=");
      Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Search the web (Babylon)");
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=29980FD8-59B6-403A-8569-513478F1B4BC&n=77ee610b&ptnrS=HJxdm060YYbe");
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.lastGuardTime", -270650968);
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.numGuards", 1);
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2012111115");
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "HJxdm060YYbe");
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "");
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "29980FD8-59B6-403A-8569-513478F1B4BC");
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1352643811518");
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
      Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "gangnam style");
      Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=B06A844F-6F6E-48B4-8701-6CB079AC7BB6&n=77ee1228&ptnrS=GRxdm057YYbe&si=73190");
      Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.hp.enabled", false);
      Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.hp.user.defined", true);
      Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.initialized", true);
      Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.contextKey", "");
      Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.installDate", "2012090920");
      Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.partnerId", "GRxdm057YYbe");
      Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.partnerSubId", "73190");
      Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.success", true);
      Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.toolbarId", "B06A844F-6F6E-48B4-8701-6CB079AC7BB6");
      Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.lastActivePing", "1347216541883");
      Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.tab.date", "1347216541345");
      Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.weather.location", "10001");
      Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
      Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "[email protected]");
      Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
      Line Deleted : user_pref("extensions.toolbar.mindspark.sa.enabled", true);
      Line Deleted : user_pref("extensions.toolbar.mindspark.sa.owner", "[email protected]");
      Line Deleted : user_pref("extensions.toolbar.mindspark.tab.enabled", true);
      Line Deleted : user_pref("[email protected]", true);
      Line Deleted : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=34&r=2013/02/20&hid=740632495&lg=EN&cc=BE&l=1&q=");
      Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
      Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
      Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.pu-results.info/?pid=34&r=2013/02/20&hid=740632495&lg=EN&cc=BE");
      Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.pu-results.info/?pid=34&r=2013/02/20&hid=740632495&lg=EN&cc=BE&l=1&q=");
      Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
      Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
      Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
      Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

      [ File : C:\Users\henka\AppData\Roaming\Mozilla\Firefox\Profiles\cckv0ky6.default\prefs.js ]

      Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPD6649B4C-B3A6-4230-B250-D0178328FA51");

      -\\ Google Chrome v31.0.1650.57

      [ File : C:\Users\henka\AppData\Local\Google\Chrome\User Data\Default\preferences ]


      [ File : C:\Users\henka\AppData\Local\Google\Chrome\User Data\Default\preferences ]


      *************************

      AdwCleaner[R0].txt - [9226 octets] - [01/12/2013 20:03:13]
      AdwCleaner[S0].txt - [9198 octets] - [01/12/2013 20:04:06]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9258 octets] ##########

      2) DDS log

      DDS (Ver_2012-11-20.01) - NTFS_AMD64
      Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.45.2
      Run by HenkA at 20:14:18 on 2013-12-01
      Microsoft Windows 8 Pro 6.2.9200.0.1252.32.1033.18.3958.2559 [GMT 1:00]
      .
      AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\dwm.exe
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\Hpservice.exe
      C:\Windows\system32\vcsFPService.exe
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Windows\System32\svchost.exe -k NetworkService
      C:\Windows\system32\BtwRSupportService.exe
      C:\Windows\system32\dashost.exe
      C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
      C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
      C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
      C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
      C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalServicePeerNet
      C:\Windows\system32\taskhostex.exe
      C:\Windows\system32\taskhost.exe
      C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
      C:\Windows\Explorer.EXE
      C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
      C:\Program Files\Classic Shell\ClassicStartMenu.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\system32\NOTEPAD.EXE
      C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
      C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\Google\Google Talk\googletalk.exe
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe
      C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Windows\system32\svchost.exe -k defragsvc
      C:\Windows\SysWOW64\notepad.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxps://intranet.transics.com
      mWinlogon: Userinit = userinit.exe,
      BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
      BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
      BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
      BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
      TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
      uRun: [Lync] "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
      mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
      mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
      mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
      StartupFolder: C:\Users\henka\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
      IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
      IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
      IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
      IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
      DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://transics-mon3:4343/officescan/console/html/ClientInstall/WinNTChk.cab
      DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://transics-mon3:4343/officescan/console/html/ClientInstall/setupini.cab
      DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://transics-mon3:4343/officescan/console/html/ClientInstall/setup.cab
      DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://transics-mon3:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
      DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sslhq.transics.com/dana-cached/sc/JuniperSetupClient.cab
      TCP: NameServer = 195.130.131.133 195.130.130.5
      TCP: Interfaces\{1D7D32D9-BA5C-4D80-94FB-2DA02F4ABE83} : DHCPNameServer = 195.130.131.133 195.130.130.5
      Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
      Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
      SSODL: WebCheck - <orphaned>
      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
      x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
      x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
      x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
      x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
      x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
      x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
      x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
      x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
      x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
      x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
      x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
      x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
      x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
      x64-SSODL: WebCheck - <orphaned>
      Hosts: 193.67.165.96 tx-social-test.transics.com
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\henka\AppData\Roaming\Mozilla\Firefox\Profiles\cckv0ky6.default\
      FF - prefs.js: browser.startup.homepage - about:home
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
      FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
      FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
      .
      ============= SERVICES / DRIVERS ===============
      .
      R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\Windows\System32\BtwRSupportService.exe [2011-12-15 2246184]
      R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-5-16 197536]
      R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-6-20 523680]
      R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
      R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-22 418376]
      R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-22 701512]
      R2 rimspci;rimspci;C:\Windows\System32\Drivers\rimspe64.sys [2013-11-4 61952]
      R2 risdpcie;risdpcie;C:\Windows\System32\Drivers\risdpe64.sys [2013-11-4 79360]
      R2 rixdpcie;rixdpcie;C:\Windows\System32\Drivers\rixdpe64.sys [2013-11-4 55808]
      R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2012-7-17 344864]
      R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2012-7-17 42272]
      R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-11-4 2320920]
      R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-18 2045232]
      R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\Drivers\HECIx64.sys [2009-9-17 56344]
      R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-11-22 25928]
      R3 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2009-7-15 917768]
      R3 yukonw8;NDIS6.3 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\Drivers\yk63x64.sys [2012-10-2 295792]
      S3 bluekey;Transics TX-MAX Key;C:\Windows\System32\Drivers\bluekeyusb64.sys [2013-11-6 55872]
      S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2012-7-25 5632]
      S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
      .
      =============== File Associations ===============
      .
      FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
      .
      =============== Created Last 30 ================
      .
      2013-12-01 19:02:55 -------- d-----w- C:\AdwCleaner
      2013-11-27 11:08:34 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
      2013-11-27 11:08:33 723968 ----a-w- C:\Windows\System32\BFE.DLL
      2013-11-27 11:08:33 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
      2013-11-27 11:08:26 576512 ----a-w- C:\Windows\System32\drivers\afd.sys
      2013-11-27 11:08:17 1300992 ----a-w- C:\Windows\System32\gdi32.dll
      2013-11-27 11:08:17 1022976 ----a-w- C:\Windows\SysWow64\gdi32.dll
      2013-11-27 11:07:29 1890816 ----a-w- C:\Windows\System32\crypt32.dll
      2013-11-27 11:07:29 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll
      2013-11-27 11:04:42 419328 ----a-w- C:\Windows\System32\schannel.dll
      2013-11-27 11:04:42 323072 ----a-w- C:\Windows\SysWow64\schannel.dll
      2013-11-26 14:37:59 -------- d-----w- C:\Program Files (x86)\Transics
      2013-11-25 21:10:50 -------- d-----w- C:\Users\henka\AppData\Local\ElevatedDiagnostics
      2013-11-24 11:55:32 280752 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
      2013-11-23 19:10:18 -------- d-----w- C:\Program Files\Enigma Software Group
      2013-11-23 19:09:21 -------- d-----w- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
      2013-11-23 19:09:16 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
      2013-11-22 18:35:29 -------- d-----w- C:\Users\henka\AppData\Roaming\Malwarebytes
      2013-11-22 18:35:14 -------- d-----w- C:\ProgramData\Malwarebytes
      2013-11-22 18:35:12 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2013-11-22 18:35:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
      2013-11-22 18:35:00 -------- d-----w- C:\Users\henka\AppData\Local\Programs
      2013-11-22 15:31:00 447320 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
      2013-11-22 15:31:00 285016 ----a-w- C:\Windows\System32\drivers\spaceport.sys
      2013-11-22 15:28:09 2062848 ----a-w- C:\Windows\System32\d3d11.dll
      2013-11-22 15:28:08 1711616 ----a-w- C:\Windows\SysWow64\d3d11.dll
      2013-11-22 15:23:49 2304512 ----a-w- C:\Windows\System32\authui.dll
      2013-11-22 15:23:49 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
      2013-11-20 12:09:59 -------- d-----w- C:\TimeWriterV4
      2013-11-20 10:53:58 -------- d-----w- C:\TimeWriterV5
      2013-11-18 10:09:41 -------- d-----w- C:\Users\henka\AppData\Local\IsolatedStorage
      2013-11-08 07:01:28 -------- d-----w- C:\Program Files (x86)\VideoLAN
      2013-11-07 20:31:35 -------- d-----w- C:\Users\henka\AppData\Roaming\uTorrent
      2013-11-06 14:39:01 598016 ----a-w- C:\Windows\SysWow64\sqliteodbc2008.dll
      2013-11-06 14:38:56 -------- d-----w- C:\Windows\SysWow64\SQLite2008Pro
      2013-11-06 14:38:56 -------- d-----w- C:\Program Files (x86)\Osen Kusnadi
      2013-11-06 11:05:32 55872 ----a-w- C:\Windows\System32\drivers\bluekeyusb64.sys
      2013-11-05 20:26:08 -------- d-----w- C:\Users\henka\AppData\Roaming\ClassicShell
      2013-11-05 20:24:41 -------- d-----w- C:\Program Files\Classic Shell
      2013-11-05 15:56:35 186880 ----a-w- C:\Windows\POWERPRN.DLL
      2013-11-05 15:56:32 147456 ----a-w- C:\Windows\DLLTRACE.DLL
      2013-11-05 15:56:30 319488 ----a-w- C:\Windows\SCard32.dll
      2013-11-05 15:54:24 -------- d-----w- C:\ProgramData\SQL Anywhere 10
      2013-11-05 15:39:07 -------- d-----w- C:\Users\henka\sybase
      2013-11-05 15:38:47 -------- d-----w- C:\ProgramData\Sybase Central 5.0.0
      2013-11-05 15:36:40 44544 ------w- C:\Windows\SysWow64\msxml4a.dll
      2013-11-05 15:35:42 -------- d-----w- C:\Program Files\SQL Anywhere 10
      2013-11-05 15:34:11 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
      2013-11-05 15:34:11 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
      2013-11-05 15:34:10 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
      2013-11-05 15:34:10 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
      2013-11-05 15:34:10 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
      2013-11-05 15:34:10 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
      2013-11-05 15:34:10 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
      2013-11-05 15:34:02 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
      2013-11-05 15:34:01 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
      2013-11-05 14:26:58 -------- d-----w- C:\TISNEW
      2013-11-05 13:50:31 -------- d-----w- C:\Users\henka\AppData\Local\Macromedia
      2013-11-05 12:54:53 -------- d-----w- C:\ProgramData\Brother
      2013-11-05 12:12:56 -------- d-----w- C:\Users\henka\AppData\Roaming\OpenVPN Technologies
      2013-11-05 12:12:56 -------- d-----w- C:\Users\henka\AppData\Local\OpenVPN Technologies
      2013-11-05 09:59:06 -------- d-----w- C:\Users\henka\AppData\Local\Transics
      2013-11-05 09:24:59 -------- d-----w- C:\Users\henka\AppData\Local\Microsoft_Corporation
      2013-11-05 09:13:46 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
      2013-11-05 09:13:35 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
      2013-11-05 09:13:31 -------- d-----w- C:\Windows\SysWow64\1033
      2013-11-05 09:13:31 -------- d-----w- C:\Windows\System32\1033
      2013-11-05 09:05:02 -------- d-----w- C:\Program Files\Microsoft SQL Server
      2013-11-05 08:50:58 -------- d-----r- C:\TXconnect
      2013-11-05 08:28:06 -------- d-----w- C:\Program Files (x86)\visionapp
      2013-11-05 08:19:04 -------- d-----w- C:\Training
      2013-11-05 08:18:49 -------- d-----w- C:\Tools
      2013-11-05 07:59:45 -------- d-----w- C:\Users\henka\AppData\Local\Deployment
      2013-11-05 07:36:26 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
      2013-11-05 07:36:23 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
      2013-11-04 17:43:51 -------- d-----w- C:\Windows\Panther
      2013-11-04 16:34:33 -------- d-----w- C:\Users\henka\AppData\Local\FrontRange_Solutions_Inc
      2013-11-04 16:34:14 -------- d-----w- C:\Temp
      2013-11-04 16:33:53 -------- d-----w- C:\sqlserver
      2013-11-04 16:33:39 -------- d-----r- C:\Sourcesafe
      2013-11-04 16:33:29 -------- d-----w- C:\sky.app
      2013-11-04 16:32:14 -------- d-----w- C:\SKY
      2013-11-04 16:31:50 -------- d-----w- C:\Shared
      2013-11-04 16:23:41 -------- d-----w- C:\SD_Operations
      2013-11-04 16:11:32 -------- d-----w- C:\Users\henka\AppData\Local\Google
      2013-11-04 15:16:24 -------- d-----w- C:\Users\henka\AppData\Local\Mozilla
      2013-11-04 15:16:14 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
      2013-11-04 15:11:39 -------- d-----w- C:\Programs
      2013-11-04 15:03:49 -------- d-----w- C:\Personal
      2013-11-04 15:02:01 -------- d-----w- C:\Installaties
      2013-11-04 15:01:33 -------- d-----w- C:\History
      2013-11-04 15:00:59 -------- d-----w- C:\Foto's
      2013-11-04 14:58:55 -------- d-----r- C:\EXPORT
      2013-11-04 14:53:45 -------- d-----w- C:\Documents
      2013-11-04 14:53:34 -------- d-----w- C:\Database & planning
      2013-11-04 14:53:14 -------- d-----r- C:\Buggit
      2013-11-04 13:21:14 -------- d-----w- C:\Users\henka\AppData\Local\DataRecommendation
      2013-11-04 13:21:08 -------- d-----w- C:\Users\henka\AppData\Roaming\DataRecommendations
      2013-11-04 13:18:47 -------- d-----w- C:\Program Files\Microsoft Dynamics AX
      2013-11-04 13:18:39 -------- d-----w- C:\Program Files (x86)\Microsoft Dynamics AX
      2013-11-04 13:12:26 -------- d-----w- C:\Users\henka\AppData\Local\ITSMAppStorage
      2013-11-04 13:09:53 -------- d-----w- C:\ProgramData\FrontRange Solutions USA Inc
      2013-11-04 13:09:53 -------- d-----w- C:\Program Files (x86)\FrontRange Solutions
      2013-11-04 13:09:53 -------- d-----w- C:\Program Files (x86)\Common Files\Outlook Security Manager
      2013-11-04 12:19:57 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
      2013-11-04 12:19:56 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
      2013-11-04 12:11:43 -------- d-----r- C:\Windows\BrowserChoice
      2013-11-04 12:05:13 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
      2013-11-04 12:01:33 94208 ----a-w- C:\Windows\System32\synceng.dll
      2013-11-04 12:01:33 72192 ----a-w- C:\Windows\SysWow64\synceng.dll
      2013-11-04 11:55:46 74240 ----a-w- C:\Program Files\Windows Defender\MsMpCom.dll
      2013-11-04 11:52:54 81408 ----a-w- C:\Windows\System32\setupcln.dll
      2013-11-04 11:51:11 652288 ----a-w- C:\Windows\System32\comctl32.dll
      2013-11-04 11:51:11 541696 ----a-w- C:\Windows\SysWow64\comctl32.dll
      2013-11-04 11:47:15 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
      2013-11-04 11:47:15 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
      2013-11-04 11:47:15 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
      2013-11-04 11:47:14 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
      2013-11-04 11:47:14 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
      2013-11-04 11:47:14 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
      2013-11-04 11:47:14 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
      2013-11-04 11:42:59 -------- d-----w- C:\Windows\System32\MRT
      2013-11-04 11:36:56 656896 ----a-w- C:\Windows\SysWow64\kerberos.dll
      2013-11-04 11:34:55 77312 ----a-w- C:\Windows\System32\openfiles.exe
      2013-11-04 11:31:36 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll
      2013-11-04 11:31:36 677888 ----a-w- C:\Windows\System32\mfnetcore.dll
      2013-11-04 11:31:36 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll
      2013-11-04 11:31:36 568832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll
      2013-11-04 11:31:36 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
      2013-11-04 11:31:36 1172992 ----a-w- C:\Windows\System32\mfnetsrc.dll
      2013-11-04 11:19:54 27880 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
      2013-11-04 11:11:18 566784 ----a-w- C:\Windows\System32\wvc.dll
      2013-11-04 11:11:18 462336 ----a-w- C:\Windows\System32\sysmon.ocx
      2013-11-04 11:11:18 437248 ----a-w- C:\Windows\SysWow64\wvc.dll
      2013-11-04 11:11:18 399360 ----a-w- C:\Windows\SysWow64\sysmon.ocx
      2013-11-04 11:11:18 1374208 ----a-w- C:\Windows\System32\wdc.dll
      2013-11-04 11:11:18 1245696 ----a-w- C:\Windows\SysWow64\wdc.dll
      2013-11-04 11:08:59 1184256 ----a-w- C:\Windows\System32\Display.dll
      2013-11-04 11:08:59 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
      2013-11-04 11:07:02 1150160 ----a-w- C:\Windows\SysWow64\ole32.dll
      2013-11-04 11:03:30 3265256 ----a-w- C:\Windows\System32\drivers\evbda.sys
      2013-11-04 11:02:59 634880 ----a-w- C:\Windows\System32\apphelp.dll
      2013-11-04 11:01:38 301568 ----a-w- C:\Windows\System32\newdev.dll
      2013-11-04 11:01:38 275968 ----a-w- C:\Windows\SysWow64\newdev.dll
      2013-11-04 11:01:37 76288 ----a-w- C:\Windows\System32\newdev.exe
      2013-11-04 11:01:37 75264 ----a-w- C:\Windows\System32\ndadmin.exe
      2013-11-04 11:01:37 74240 ----a-w- C:\Windows\SysWow64\newdev.exe
      2013-11-04 11:01:37 73728 ----a-w- C:\Windows\SysWow64\ndadmin.exe
      2013-11-04 10:35:26 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2013-11-04 10:35:26 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2013-11-04 10:01:43 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
      2013-11-04 10:01:43 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
      2013-11-04 09:57:56 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
      2013-11-04 09:57:56 54488 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
      2013-11-04 09:57:04 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
      2013-11-04 09:57:04 32768 ----a-w- C:\Windows\System32\drivers\hidparse.sys
      2013-11-04 09:57:04 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys
      2013-11-04 09:57:04 25600 ----a-w- C:\Windows\System32\drivers\usbprint.sys
      2013-11-04 09:56:47 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
      2013-11-04 09:56:46 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
      2013-11-04 09:54:15 99328 ----a-w- C:\Windows\System32\drivers\usbcir.sys
      2013-11-04 09:54:15 210560 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
      2013-11-04 09:54:15 121984 ----a-w- C:\Windows\System32\drivers\USBAUDIO.sys
      2013-11-04 09:49:43 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
      2013-11-04 09:49:43 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll
      2013-11-04 09:46:54 141312 ----a-w- C:\Windows\System32\cryptnet.dll
      2013-11-04 09:46:54 1255936 ----a-w- C:\Windows\System32\certutil.exe
      2013-11-04 09:46:54 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
      2013-11-04 09:46:54 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
      2013-11-04 09:46:46 589896 ----a-w- C:\Windows\SysWow64\dsNcSmartCardProv.dll
      2013-11-04 09:46:45 421448 ----a-w- C:\Windows\SysWow64\dsNcCredProv.dll
      2013-11-04 09:46:40 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
      2013-11-04 09:46:09 -------- d-----w- C:\Program Files (x86)\Juniper Networks
      2013-11-04 09:44:33 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
      2013-11-04 09:44:33 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
      2013-11-04 09:44:26 595968 ----a-w- C:\Windows\System32\qedit.dll
      2013-11-04 09:44:26 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
      2013-11-04 09:42:59 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll
      2013-11-04 09:42:59 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
      2013-11-04 09:42:56 1838080 ----a-w- C:\Windows\System32\DWrite.dll
      2013-11-04 09:42:56 1421312 ----a-w- C:\Windows\SysWow64\DWrite.dll
      2013-11-04 09:42:03 79192 ----a-w- C:\Windows\System32\drivers\usbehci.sys
      2013-11-04 09:42:03 623448 ----a-w- C:\Windows\System32\drivers\usbhub.sys
      2013-11-04 09:42:03 498008 ----a-w- C:\Windows\System32\drivers\usbport.sys
      2013-11-04 09:42:03 32256 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
      2013-11-04 09:42:03 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys
      2013-11-04 09:42:03 21848 ----a-w- C:\Windows\System32\drivers\usbd.sys
      2013-11-04 09:42:03 120832 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
      2013-11-04 09:41:51 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys
      2013-11-04 09:41:24 70144 ----a-w- C:\Windows\System32\appinfo.dll
      2013-11-04 09:41:24 112872 ----a-w- C:\Windows\System32\consent.exe
      2013-11-04 09:39:57 888320 ----a-w- C:\Windows\System32\autochk.exe
      2013-11-04 09:39:57 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
      2013-11-04 09:39:57 542208 ----a-w- C:\Windows\System32\untfs.dll
      2013-11-04 09:39:57 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
      2013-11-04 09:39:53 733184 ----a-w- C:\Windows\System32\win32spl.dll
      2013-11-04 09:38:37 -------- d-----w- C:\Windows\System32\appmgmt
      2013-11-04 09:38:08 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL
      2013-11-04 09:38:08 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
      2013-11-04 09:38:05 98304 ----a-w- C:\Windows\System32\apprepsync.dll
      2013-11-04 09:38:05 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll
      2013-11-04 09:38:05 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll
      2013-11-04 09:38:05 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
      2013-11-04 09:38:05 337408 ----a-w- C:\Windows\System32\wintrust.dll
      2013-11-04 09:38:05 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll
      2013-11-04 09:38:05 124416 ----a-w- C:\Windows\System32\apprepapi.dll
      2013-11-04 09:36:48 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
      2013-11-04 09:33:57 1558912 ----a-w- C:\Program Files\Windows Defender\DbgHelp.dll
      2013-11-04 09:30:27 -------- d-----w- C:\ProgramData\Oracle
      2013-11-04 09:30:19 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
      2013-11-04 09:29:01 -------- d-----w- C:\Program Files (x86)\MSECache
      2013-11-04 09:28:41 -------- d-----w- C:\Users\henka\AppData\Local\Apps
      2013-11-04 09:25:01 -------- d-----w- C:\Windows\PCHEALTH
      2013-11-04 09:25:01 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
      2013-11-04 09:23:32 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
      2013-11-04 09:22:56 -------- d-----w- C:\Users\henka\AppData\Local\Microsoft Help
      2013-11-04 09:21:52 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
      2013-11-04 09:21:45 -------- d-----w- C:\Intel
      2013-11-04 09:21:11 -------- d-----w- C:\Program Files\Validity Sensors
      2013-11-04 09:20:09 -------- d-----w- C:\Program Files (x86)\Foxit Software
      2013-11-04 09:18:35 -------- d-----w- C:\Program Files (x86)\Tim Heuer
      2013-11-04 09:17:18 -------- d-----w- C:\Windows\System32\log
      2013-11-04 09:16:41 -------- d-----w- C:\Program Files (x86)\Trend Micro
      2013-11-04 09:15:40 -------- d-----w- C:\Program Files (x86)\vnc
      2013-11-04 09:15:09 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
      2013-11-04 09:15:09 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
      2013-11-04 09:15:09 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
      2013-11-04 09:15:06 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
      2013-11-04 09:15:06 -------- d-----w- C:\Program Files (x86)\PDFCreator
      2013-11-04 09:14:43 -------- d-----w- C:\Program Files (x86)\FileZilla
      2013-11-04 09:13:44 -------- d-----w- C:\Users\henka\AppData\Local\Diagnostics
      2013-11-04 09:12:23 -------- d-----w- C:\Users\henka\AppData\Roaming\hpqlog
      2013-11-04 09:12:04 -------- d-----r- C:\Users\henka\Searches
      2013-11-04 09:12:04 -------- d-----r- C:\Users\henka\Contacts
      2013-11-04 09:07:12 90112 ----a-w- C:\Windows\System32\snymsico.dll
      2013-11-04 09:07:12 79360 ----a-w- C:\Windows\System32\drivers\risdpe64.sys
      2013-11-04 09:07:12 61952 ----a-w- C:\Windows\System32\drivers\rimspe64.sys
      2013-11-04 09:07:12 55808 ----a-w- C:\Windows\System32\drivers\rixdpe64.sys
      2013-11-04 09:07:12 196608 ----a-w- C:\Windows\System32\RiSDIcon.dll
      2013-11-04 09:07:12 188416 ----a-w- C:\Windows\System32\RiMMCIcon.dll
      2013-11-04 09:07:12 172032 ----a-w- C:\Windows\System32\rixdicon.dll
      2013-11-04 09:07:12 114688 ----a-w- C:\Windows\SysWow64\RicohMediadriverVer.dll
      2013-11-04 09:06:35 -------- d-----w- C:\swsetup
      2013-11-04 08:56:59 -------- d-----w- C:\Program Files\Windows Identity Foundation
      2013-11-04 08:56:40 -------- d-----w- C:\Program Files\Synaptics
      2013-11-04 08:52:12 -------- d-----w- C:\Windows\wlansvc
      2013-11-04 08:51:49 1166440 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
      2013-11-04 08:51:48 35400 ----a-w- C:\Windows\System32\TsWpfWrp.exe
      2013-11-04 08:51:47 35400 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
      2013-11-04 08:51:45 778856 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
      2013-11-04 08:48:23 -------- d-----w- C:\ProgramData\PRICache
      2013-11-04 08:44:52 0 ----a-w- C:\Windows\ativpsrm.bin
      .
      ==================== Find3M ====================
      .
      2013-10-20 16:47:24 329216 ----a-w- C:\Windows\System32\StartMenuHelper64.dll
      2013-10-20 16:46:56 268288 ----a-w- C:\Windows\SysWow64\StartMenuHelper32.dll
      2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
      2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
      2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
      2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2013-10-08 22:30:32 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
      2013-10-08 22:30:17 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
      2013-10-08 22:30:17 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
      2013-10-08 22:28:11 40448 ----a-w- C:\Windows\System32\wuapp.exe
      2013-10-08 22:27:56 99328 ----a-w- C:\Windows\System32\wudriver.dll
      2013-10-08 22:27:56 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
      2013-10-08 22:27:56 1622016 ----a-w- C:\Windows\System32\wucltux.dll
      2013-10-08 22:27:56 142848 ----a-w- C:\Windows\System32\wuwebv.dll
      2013-10-08 22:27:45 175104 ----a-w- C:\Windows\System32\storewuauth.dll
      2013-09-28 05:48:00 778752 ----a-w- C:\Windows\System32\oleaut32.dll
      2013-09-28 03:58:44 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll
      2013-09-24 22:18:27 288768 ----a-w- C:\Windows\System32\drivers\portcls.sys
      2013-09-19 07:32:10 1455448 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
      2013-09-13 22:36:14 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
      2013-09-13 22:33:42 328192 ----a-w- C:\Windows\System32\ubpm.dll
      .
      ============= FINISH: 20:16:49,00 ===============

      Comment


      • #4
        3) checkup

        Results of screen317's Security Check version 0.99.77
        x64 (UAC is enabled)
        Internet Explorer 10 Out of date!
        ``````````````Antivirus/Firewall Check:``````````````
        Windows Firewall Enabled!
        Windows Defender
        Trend Micro OfficeScan Antivirus
        Antivirus up to date!
        `````````Anti-malware/Other Utilities Check:`````````
        Java 7 Update 45
        Adobe Flash Player 11.9.900.117
        Mozilla Firefox (25.0.1)
        Google Chrome 31.0.1650.57
        ````````Process Check: objlist.exe by Laurent````````
        Malwarebytes Anti-Malware mbamservice.exe
        Malwarebytes Anti-Malware mbamgui.exe
        Trend Micro OfficeScan Client pccntmon.exe
        Malwarebytes' Anti-Malware mbamscheduler.exe
        Trend Micro OfficeScan Client ntrtscan.exe
        Trend Micro OfficeScan Client tmlisten.exe
        Trend Micro OfficeScan Client CNTAoSMgr.exe
        Trend Micro OfficeScan Client TmProxy.exe
        `````````````````System Health check`````````````````
        Total Fragmentation on Drive C: %
        ````````````````````End of Log``````````````````````

        Comment


        • #5
          Hoe is het nu?
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment


          • #6
            Net eens getest en probleem doet zich nog steeds voor. Wat ik nog niet vermeld had is dat hij ook vaak als ik iets open doe in firefox een extra tabpage opendoet naar deze site (zopas dus ook) :

            http://rvzr-a.akamaihd.net/sd/wrap-0...%3D%26subid%3D

            Comment


            • #7
              Herintializeer je Firefox.

              Volg daarvoor deze handleiding: http://support.mozilla.org/nl/kb/fir...emen-verhelpen
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                Hey, dit heb ik uitgevoerd en op het eerste zicht lijkt het probleem opgelost. Net wat zaken zitten opendoen in Firefox en waar ik normaal al lang een popup of extra tab zou krijgen, kreeg ik die nu niet.
                Ik ga hem morgen weer ganse dag gebruiken op het werk. Als het dan nog steeds goed is, dan zal het wel in orde zijn. Ik laat dan nog iets weten.

                Comment


                • #9
                  Mooi zo

                  Nog even dit:

                  Download of Update Ccleaner

                  Start CCleaner op.
                  .
                  • Run Ccleaner en klik in de linkse kolom op Opties
                  • Selecteer het tabblad Geavanceerd
                  • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                  • Haal het vinkje weg voor Verwijder alleen bestanden in de Prullenbak die ouder zijn dan 24 uur
                  • Selecteer het tabblad Instellingen
                  • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                  • Klik in de linkse kolom op Cleaner.
                  • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                  • Klik vervolgens in de linkse kolom op Register
                  • Klik op Scan naar problemen.
                  • Als er fouten gevonden worden klik je op Herstel geselecteerde problemen
                  • Hier kan de vraag verschijnen of je je register wil backuppen.Antwoord met Ja en OK



                  Je pc is clean.
                  1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                  2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                  Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                  3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                  4) Allerlei tips en hints kan je hier raadplegen.


                  Ik zet het topic op opgelost.

                  Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden
                  naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                  Dit is gedaan om het forum netjes en overzichtelijk te houden.

                  Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                  Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                  Emphyrio
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X