Mededeling

Collapse
No announcement yet.

Mailadres op spam blacklists - Outlook verzend steeds 10 berichten - Vermoedelijk Malware?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Mailadres op spam blacklists - Outlook verzend steeds 10 berichten - Vermoedelijk Malware?

    Beste,

    Na enig Googelen kwam ik op deze site. Het ziet eruit alsof jullie er veel vanaf weten. Hopelijk kunnen jullie helpen.

    Het probleem
    Sinds een paar weken krijg ik mails terug. Het blijkt dat het adres op telkens andere spam-lijsten verschijnt. Ik vraag dan netjes om de-listing, maar toch krijg ik een paar dagen later mails terug.

    Mogelijke oorzaken
    • Dom, dom! Ik dacht dat mijn virusscanner automatisch scande, maar dat was sinds 24-12-2012 niet meer gebeurd. Alsnog gedaan 6 bedreigingen verwijderd.
    • Misschien ook niet zo slim... Ik zag wel regelmatig dat outlook bezig was met 'bericht 10 van 10 verzenden' maar heb daar geen aandacht aan geschonken. Ook al had ik maar 1 mailtje verstuurd. In de verzonden items zie ik verder niets van die 10 berichten terug. Maar misschien interpreteer ik de info niet goed: ik heb in outlook 10 mailadressen, dus daar kan het ook vandaan komen.
    • ...zie de logfiles, waar al een behoorlijk aantal meldingen in naar voren zijn gekomen.


    de gevraagde logs
    1.
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2014.02.20.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16518
    bosman :: BOSMAN-PC [administrator]

    20-2-2014 13:37:40
    MBAM-log-2014-02-20 (13-51-18).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 264316
    Verstreken tijd: 3 minuut/minuten, 26 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 5
    HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Geen actie ondernomen.
    HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Geen actie ondernomen.
    HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Geen actie ondernomen.
    HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Geen actie ondernomen.
    HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Geen actie ondernomen.

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 3
    D:\TEMP\mt_ffx\Delta (PUP.Optional.Delta.A) -> Geen actie ondernomen.
    D:\TEMP\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Geen actie ondernomen.
    D:\TEMP\mt_ffx\Delta\delta\1.8.10.0 (PUP.Optional.Delta.A) -> Geen actie ondernomen.

    Bestanden gedetecteerd: 3
    D:\TEMP\8A183645-BAB0-7891-B7BA-70C2C5FE1196\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Geen actie ondernomen.
    D:\TEMP\8A183645-BAB0-7891-B7BA-70C2C5FE1196\MyBabylonTB.exe (PUP.Optional.Delta) -> Geen actie ondernomen.
    D:\TEMP\Tijdelijke internetbestanden\Content.IE5\RHMGQ8ST\pack[1].7z (PUP.Optional.BProtector) -> Geen actie ondernomen.

    (einde)

    2.
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
    Run by bosman at 13:59:17 on 2014-02-20
    Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.8175.5860 [GMT 1:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
    C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
    C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\bosman\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [Smart Driver Updater] C:\Program Files (x86)\Smart Driver Updater\SDULauncher.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\bosman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\bosman\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.2.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{631ED218-167E-4D92-A8FF-4ED8CFDE443A} : DHCPNameServer = 192.168.2.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{EB6DC082-766E-47A0-8920-62F4AB0E5DB6} : DHCPNameServer = 8.8.8.8 8.8.4.4
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
    R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2013-1-2 21520]
    R2 MboxAudioDevMon;Mbox Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe [2010-10-7 1919504]
    R2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-10-8 1919504]
    R2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe [2010-10-8 1919504]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
    R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);C:\Windows\System32\drivers\dgmbx2.sys [2011-2-13 194864]
    R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-10-6 32344]
    R3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;C:\Windows\System32\drivers\dgmbx2fu.sys [2011-2-13 32944]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-9 408680]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 dalwdmservice;dal service;C:\Windows\System32\drivers\Dalwdm.sys [2013-1-2 162832]
    S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\Windows\System32\drivers\aabed2.sys [2008-3-20 28672]
    S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2011-3-14 12744]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
    S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\System32\drivers\mbx2midk.sys [2013-1-2 32400]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
    S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2011-8-17 12800]
    S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-3 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-12 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-02-20 12:36:04 -------- d-----w- C:\Users\bosman\AppData\Roaming\Malwarebytes
    2014-02-20 12:35:32 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-02-20 12:35:31 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-02-20 12:35:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-02-20 12:34:34 -------- d-----w- C:\Users\bosman\AppData\Local\Programs
    2014-02-12 20:59:12 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2014-02-12 20:59:12 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-02-12 08:27:54 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    .
    ==================== Find3M ====================
    .
    2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-05 09:08:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-05 09:08:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-12-18 20:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
    2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
    2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
    2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
    2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
    2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
    2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
    2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
    2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
    2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
    2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
    2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
    2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
    2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
    2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
    2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
    2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
    2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-11-25 20:47:22 196376 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2013-11-25 20:47:20 243480 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2013-11-25 20:47:20 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
    2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    .
    ============= FINISH: 13:59:26,60 ===============

    3.
    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-02-20 14:04:58
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 INTEL_SSDSA2M080G2GC rev.2CV102HD 74,53GB
    Running: t9hihtuq.exe; Driver: D:\TEMP\ugriipod.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076841465 2 bytes [84, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768414bb 2 bytes [84, 76]
    .text ... * 2
    .text C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe[1736] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076841465 2 bytes [84, 76]
    .text C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe[1736] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000768414bb 2 bytes [84, 76]
    .text ... * 2
    .text C:\Users\bosman\AppData\Roaming\Dropbox\bin\Dropbox.exe[2528] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076841465 2 bytes [84, 76]
    .text C:\Users\bosman\AppData\Roaming\Dropbox\bin\Dropbox.exe[2528] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000768414bb 2 bytes [84, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076841465 2 bytes [84, 76]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768414bb 2 bytes [84, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[5936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076841465 2 bytes [84, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[5936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768414bb 2 bytes [84, 76]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3764:2460] 000007fefa242a7c
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3764:2548] 000007fef4584830
    ---- Processes - GMER 2.1 ----

    Library C:\Users\bosman\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\bosman\AppData\Roaming\Dropbox\bin\Dropbox.exe [2528](2014-01-03 00:45:04) 0000000003f10000
    Library C:\Users\bosman\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\bosman\AppData\Roaming\Dropbox\bin\Dropbox.exe [2528](2013-10-18 23:55:02) 0000000066150000
    Library C:\Users\bosman\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\bosman\AppData\Roaming\Dropbox\bin\Dropbox.exe [2528] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 00000000657c0000

    ---- EOF - GMER 2.1 ----

  • #2
    (wat een akelige spelfout: Outlook verzendt moet het zijn...)

    Comment


    • #3
      Hoi Habo27 en welkom op Nucia Security Forum,

      Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
      .
      • Log enkel in als beheerder met alle rechten.
      • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
      • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
      • Volg aandachtig de instructies die door mij worden gegeven.
      • Volg enkel het door mij gegeven advies op
      • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
      • Als je iets niet weet of verstaat, vraag het dan even aub.
      • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
      • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
      • Zet je emoticons (Smileys) uit als je logs plaatst aub .
      • De logs niet als bijlage, noch tussen codetags zetten aub.

      .
      Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
      De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

      Stap 1:

      Malware scannen en verwijderen....

      Heb je MBAM reeds op je pc staan, moet je niet downloaden uiteraard.

      Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links: Dubbelklik op mbam-setup.exe om het programma te installeren.

      Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
      Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

      KLIK HIER voor een vergroting! 
      Klik op de foto voor een vergroting...

      Zorg dat er na de installatie een vinkje is geplaatst bij:
      • Update MalwareBytes' Anti-Malware
      • Start MalwareBytes' Anti-Malware
      • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.



      Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
      • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
      • Ga naar het tabblad "Updates" en Update MBAM.
      • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
      • Druk vervolgens op "Scannen" om de scan te starten.
      • Het scannen kan een tijdje duren, dus wees geduldig.
      • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
      • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
      • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

      Indien MBAM vraagt om een herstart, doe dit dan ook.
      Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
      In dat geval post je dus de twee logs.

      De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


      Bij problemen!!!

      .___________________________________________________________

      Stap 2:

      Controle op slechte toolbars...

      Download AdwCleaner by Xplode naar je Bureaublad.
      • Sluit alle openstaande vensters
      • Start AdwCleaner
      • Klik op Scan
      • Klik op Clean
      • KLIK HIER voor een vergroting! 

      Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
      Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner\AdwCleaner[xx].txt post de inhoud hier op het Forum.

      Enkel de log na de "clean" optie heb ik nodig.

      Vergeet niet om je "smileys" uit te schakelen.

      Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com
      ___________________________________________________________

      Stap 3:

      Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


      DDS is een diagnosetool en maakt gebruik van scripts.
      Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


      Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
      Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
      Beide logfiles sla je op je bureaublad.

      Post de inhoud van DDS.txt.

      De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


      ___________________________________________________________

      Stap 4:

      Download Security Check op je bureaublad via hier of hier

      Start Security Check
      Volg de Instructies in het scherm
      Aan het eind verschijnt een log ( checkup.txt )
      Plaats de inhoud ervan in je volgende antwoord.


      In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
      .
      • MBAM
      • AdwCleaner
      • DDS
      • checkup.txt

      .
      Deze logs NIET als bijlage of tussen codetags posten aub.
      (Desnoods in meerdere postingen.)

      Emphyrio
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        Bedankt voor je reactie!
        Hieronder lees je de logs op volgorde.

        Observaties:
        - gisteravond voor het eerst een blue screen of death (ongerelateerd? of vanwege de defogger)
        - defogger! Oeps, moest ik die nu gedurende dit hele proces disabelen?
        - ik heb een solid state disk (nav check)
        - en nog iets anders... we hebben ook nog een laptop. Na deze PC wellicht hier een ander draadje voor openen?


        MBAM:

        Malwarebytes Anti-Malware 1.75.0.1300
        www.malwarebytes.org

        Databaseversie: v2014.02.21.06

        Windows 7 Service Pack 1 x64 NTFS
        Internet Explorer 11.0.9600.16518
        bosman :: BOSMAN-PC [administrator]

        21-2-2014 14:18:52
        mbam-log-2014-02-21 (14-18-52).txt

        Scan type: Volledige scan (C:\|D:\|H:\|I:\|J:\|M:\|Q:\|)
        Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
        Uitgeschakelde scan opties: P2P
        Objecten gescand: 548838
        Verstreken tijd: 41 minuut/minuten, 4 seconde(n)

        Geheugenprocessen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Geheugenmodulen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registersleutels gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registerwaarden gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registerdata gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Mappen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Bestanden gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        (einde)

        -=-=-=-=-=-=-=-=-=

        AdwCleaner

        # AdwCleaner v3.019 - Report created 21/02/2014 at 15:39:47
        # Updated 17/02/2014 by Xplode
        # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
        # Username : bosman - BOSMAN-PC
        # Running from : D:\TEMP\Downloads van Chrome\adwcleaner.exe
        # Option : Clean

        ***** [ Services ] *****


        ***** [ Files / Folders ] *****

        Folder Deleted : C:\ProgramData\Ask
        Folder Deleted : C:\ProgramData\Babylon
        Folder Deleted : C:\ProgramData\SoftSafe
        Folder Deleted : C:\ProgramData\Browusue2suave
        Folder Deleted : C:\ProgramData\Searochh-NuewaTaab
        Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Driver Updater
        Folder Deleted : C:\Program Files (x86)\BrowseToSave
        Folder Deleted : C:\Program Files (x86)\Smart Driver Updater
        Folder Deleted : C:\Program Files (x86)\WebSearch
        Folder Deleted : C:\Users\bosman\AppData\LocalLow\Browusue2suave
        Folder Deleted : C:\Users\bosman\AppData\Roaming\Babylon
        Folder Deleted : C:\Users\bosman\AppData\Roaming\Smart Driver Updater
        File Deleted : C:\Users\bosman\Desktop\Smart Driver Updater.lnk

        ***** [ Shortcuts ] *****


        ***** [ Registry ] *****

        Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Smart Driver Updater]
        Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
        Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
        Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
        Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
        Key Deleted : HKCU\Software\f0dad1b13dba47
        Key Deleted : HKLM\SOFTWARE\f0dad1b13dba47
        Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
        Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
        Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
        Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
        Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
        Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
        Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
        Key Deleted : HKCU\Software\Smart Driver Updater
        Key Deleted : HKLM\Software\AVG Secure Search
        Key Deleted : HKLM\Software\Babylon

        -=-=-=-=-=-=-=-=-=-=-=-=-=

        DDS

        DDS (Ver_2012-11-20.01) - NTFS_AMD64
        Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
        Run by bosman at 15:42:49 on 2014-02-21
        Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.8175.6358 [GMT 1:00]
        .
        AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
        SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
        .
        ============== Running Processes ===============
        .
        C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
        C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
        C:\Windows\system32\lsm.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch
        C:\Windows\system32\nvvsvc.exe
        C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
        C:\Windows\system32\svchost.exe -k RPCSS
        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        C:\Windows\system32\svchost.exe -k LocalService
        C:\Windows\system32\svchost.exe -k netsvcs
        C:\Windows\system32\svchost.exe -k NetworkService
        C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
        C:\Windows\system32\nvvsvc.exe
        C:\Windows\System32\spoolsv.exe
        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
        C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
        C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
        C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
        C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
        C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe
        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
        C:\Windows\system32\svchost.exe -k imgsvc
        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
        C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
        C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
        C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
        C:\Windows\System32\WUDFHost.exe
        C:\Windows\system32\taskeng.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\Explorer.EXE
        C:\Windows\system32\taskhost.exe
        C:\Windows\system32\taskeng.exe
        C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
        C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
        C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Users\bosman\AppData\Roaming\Dropbox\bin\Dropbox.exe
        C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
        C:\Program Files (x86)\AVG\AVG2014\avgui.exe
        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        C:\Program Files (x86)\iTunes\iTunesHelper.exe
        C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Windows\system32\SearchIndexer.exe
        C:\Program Files\Windows Media Player\wmpnetwk.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Windows\System32\svchost.exe -k LocalServicePeerNet
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Windows\System32\cscript.exe
        .
        ============== Pseudo HJT Report ===============
        .
        mWinlogon: Userinit = userinit.exe,
        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
        BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
        TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
        TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
        uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
        uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
        mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
        mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
        mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
        mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
        mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
        mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
        mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
        mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
        StartupFolder: C:\Users\bosman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\bosman\AppData\Roaming\Dropbox\bin\Dropbox.exe
        mPolicies-Explorer: NoActiveDesktop = dword:1
        mPolicies-Explorer: NoActiveDesktopChanges = dword:1
        mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
        mPolicies-System: ConsentPromptBehaviorUser = dword:3
        mPolicies-System: EnableUIADesktopToggle = dword:0
        DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
        DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
        TCP: NameServer = 192.168.2.254 195.241.77.55 195.241.77.58
        TCP: Interfaces\{631ED218-167E-4D92-A8FF-4ED8CFDE443A} : DHCPNameServer = 192.168.2.254 195.241.77.55 195.241.77.58
        TCP: Interfaces\{EB6DC082-766E-47A0-8920-62F4AB0E5DB6} : DHCPNameServer = 8.8.8.8 8.8.4.4
        Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
        SSODL: WebCheck - <orphaned>
        mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
        x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
        x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
        x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
        x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
        x64-SSODL: WebCheck - <orphaned>
        .
        ============= SERVICES / DRIVERS ===============
        .
        R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
        R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
        R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
        R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
        R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
        R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
        R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
        R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
        R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
        R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
        R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
        R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2013-1-2 21520]
        R2 MboxAudioDevMon;Mbox Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe [2010-10-7 1919504]
        R2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-10-8 1919504]
        R2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe [2010-10-8 1919504]
        R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
        R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
        R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);C:\Windows\System32\drivers\dgmbx2.sys [2011-2-13 194864]
        R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-10-6 32344]
        R3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;C:\Windows\System32\drivers\dgmbx2fu.sys [2011-2-13 32944]
        R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
        R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
        R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-9 408680]
        R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
        R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
        R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
        R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
        R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
        S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
        S3 dalwdmservice;dal service;C:\Windows\System32\drivers\Dalwdm.sys [2013-1-2 162832]
        S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\Windows\System32\drivers\aabed2.sys [2008-3-20 28672]
        S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2011-3-14 12744]
        S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
        S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\System32\drivers\mbx2midk.sys [2013-1-2 32400]
        S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
        S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2011-8-17 12800]
        S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
        S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
        S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-3 59392]
        S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
        S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-12 1255736]
        .
        =============== Created Last 30 ================
        .
        2014-02-21 14:38:39 -------- d-----w- C:\AdwCleaner
        2014-02-20 12:36:04 -------- d-----w- C:\Users\bosman\AppData\Roaming\Malwarebytes
        2014-02-20 12:35:32 -------- d-----w- C:\ProgramData\Malwarebytes
        2014-02-20 12:35:31 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
        2014-02-20 12:35:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
        2014-02-20 12:34:34 -------- d-----w- C:\Users\bosman\AppData\Local\Programs
        2014-02-12 20:59:12 548864 ----a-w- C:\Windows\System32\vbscript.dll
        2014-02-12 20:59:12 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
        2014-02-12 08:27:54 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
        .
        ==================== Find3M ====================
        .
        2014-02-21 09:08:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
        2014-02-21 09:08:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
        2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
        2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
        2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
        2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
        2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
        2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
        2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
        2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
        2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
        2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
        2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
        2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
        2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
        2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
        2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
        2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
        2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
        2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
        2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
        2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
        2013-12-18 20:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
        2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
        2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
        2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
        2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
        2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
        2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
        2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
        2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
        2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
        2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
        2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
        2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
        2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
        2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
        2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
        2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
        2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
        2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
        2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
        2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
        2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
        2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
        2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
        2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
        2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
        2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
        2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
        2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
        2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
        2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
        2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
        2013-11-25 20:47:22 196376 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
        2013-11-25 20:47:20 243480 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
        2013-11-25 20:47:20 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
        2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
        2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
        .
        ============= FINISH: 15:42:59,36 ===============

        -=-=-=-=-=-=-=-=-=

        checkup.txt

        Results of screen317's Security Check version 0.99.79
        Windows 7 Service Pack 1 x64 (UAC is enabled)
        Internet Explorer 11
        ``````````````Antivirus/Firewall Check:``````````````
        AVG AntiVirus Free Edition 2014
        Antivirus up to date!
        `````````Anti-malware/Other Utilities Check:`````````
        AVG PC Tuneup
        Java 7 Update 51
        Adobe Reader 10.1.8 Adobe Reader out of Date!
        Google Chrome 32.0.1700.102
        Google Chrome 32.0.1700.107
        ````````Process Check: objlist.exe by Laurent````````
        AVG avgwdsvc.exe
        `````````````````System Health check`````````````````
        Total Fragmentation on Drive C: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
        ````````````````````End of Log``````````````````````

        Comment


        • #5
          Kan je mij hier wat meer info over geven:

          TCP: Interfaces\{EB6DC082-766E-47A0-8920-62F4AB0E5DB6} : DHCPNameServer = 8.8.8.8 8.8.4.4
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment


          • #6
            Ik weet niet wat dat is.
            Als ik Google op: DHCPNameServer = 8.8.8.8 8.8.4.4
            kom ik allemaal Engelstalige threads tegen over virussen / malware

            In ons netwerk worden herkend:
            - deze PC
            - de laptop
            - de Samsung Smart TV

            Daarnaast hebben we ook 2 iphones en kijken we ook via hetzelfde modem TV.

            Comment


            • #7
              Download of Update Ccleaner

              Start CCleaner op.
              • Run Ccleaner en klik in de linkse kolom op Opties
              • Selecteer het tabblad Geavanceerd
              • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
              • Selecteer het tabblad Instellingen
              • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
              • Klik in de linkse kolom op Cleaner.
              • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
              • Klik vervolgens in de linkse kolom op Register
              • Klik op Scan naar problemen.
              • Op de vraag of je een backup wil maken van het register, klik je "Ja".
              • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK



              Download Combofix naar je bureaublad.

              Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
              Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.


              Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.


              Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
              Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

              Als Combofix vraagt om een update, dan staat je dit toe.

              Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
              Deze kan je vinden als C:\combofix.txt.

              Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

              * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
              • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
              • Illegal operation attempted on a registry key that has been marked for deletion.
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                Deze vond ik interessant:
                http://www.geekstogo.com/forum/topic...w-connections/

                met name de reactie van Macboatmaster.
                (NB ik doe verder niets voor ik een reactie van je krijg hoor)

                Comment


                • #9
                  Hieronder vind je de logs. Erg fijn zoals je helpt. Ik probeer zo goed mogelijk tussen huishouden en kinderen door actief te blijven.

                  DDS (Ver_2012-11-20.01) - NTFS_AMD64
                  Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
                  Run by bosman at 19:22:23 on 2014-02-21
                  Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.8175.5975 [GMT 1:00]
                  .
                  AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
                  SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                  SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
                  .
                  ============== Running Processes ===============
                  .
                  C:\Windows\system32\lsm.exe
                  C:\Windows\system32\svchost.exe -k DcomLaunch
                  C:\Windows\system32\nvvsvc.exe
                  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
                  C:\Windows\system32\svchost.exe -k RPCSS
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                  C:\Windows\system32\svchost.exe -k LocalService
                  C:\Windows\system32\svchost.exe -k netsvcs
                  C:\Windows\system32\svchost.exe -k NetworkService
                  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                  C:\Windows\system32\nvvsvc.exe
                  C:\Windows\System32\spoolsv.exe
                  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                  C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
                  C:\Program Files\Bonjour\mDNSResponder.exe
                  C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
                  C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
                  C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
                  C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe
                  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
                  C:\Windows\system32\svchost.exe -k imgsvc
                  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
                  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
                  C:\Windows\System32\WUDFHost.exe
                  C:\Windows\system32\taskeng.exe
                  C:\Windows\system32\Dwm.exe
                  C:\Windows\system32\taskhost.exe
                  C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
                  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
                  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
                  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
                  C:\Program Files (x86)\AVG\AVG2014\avgui.exe
                  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                  C:\Program Files (x86)\iTunes\iTunesHelper.exe
                  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                  C:\Program Files\iPod\bin\iPodService.exe
                  C:\Windows\system32\SearchIndexer.exe
                  C:\Program Files\Windows Media Player\wmpnetwk.exe
                  C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                  C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
                  C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
                  C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
                  C:\Windows\explorer.exe
                  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  C:\Windows\system32\wbem\wmiprvse.exe
                  C:\Windows\System32\cscript.exe
                  .
                  ============== Pseudo HJT Report ===============
                  .
                  BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                  BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
                  BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                  TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
                  TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
                  uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
                  mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
                  mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                  mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                  mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
                  mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
                  mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                  mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                  mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                  StartupFolder: C:\Users\bosman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\bosman\AppData\Roaming\Dropbox\bin\Dropbox.exe
                  uPolicies-Explorer: NoDrives = dword:0
                  mPolicies-Explorer: NoDrives = dword:0
                  mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                  mPolicies-System: ConsentPromptBehaviorUser = dword:3
                  mPolicies-System: EnableUIADesktopToggle = dword:0
                  DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
                  DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
                  TCP: NameServer = 192.168.2.254 195.241.77.55 195.241.77.58
                  TCP: Interfaces\{631ED218-167E-4D92-A8FF-4ED8CFDE443A} : DHCPNameServer = 192.168.2.254 195.241.77.55 195.241.77.58
                  TCP: Interfaces\{EB6DC082-766E-47A0-8920-62F4AB0E5DB6} : DHCPNameServer = 8.8.8.8 8.8.4.4
                  Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
                  SSODL: WebCheck - <orphaned>
                  mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                  x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
                  x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
                  x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
                  x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
                  x64-SSODL: WebCheck - <orphaned>
                  .
                  ============= SERVICES / DRIVERS ===============
                  .
                  R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
                  R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
                  R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
                  R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
                  R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
                  R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
                  R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
                  R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
                  R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
                  R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
                  R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2013-1-2 21520]
                  R2 MboxAudioDevMon;Mbox Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe [2010-10-7 1919504]
                  R2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-10-8 1919504]
                  R2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe [2010-10-8 1919504]
                  R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
                  R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
                  R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);C:\Windows\System32\drivers\dgmbx2.sys [2011-2-13 194864]
                  R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-10-6 32344]
                  R3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;C:\Windows\System32\drivers\dgmbx2fu.sys [2011-2-13 32944]
                  R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
                  R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
                  R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-9 408680]
                  R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
                  R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
                  R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
                  R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
                  R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
                  S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
                  S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                  S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
                  S3 dalwdmservice;dal service;C:\Windows\System32\drivers\Dalwdm.sys [2013-1-2 162832]
                  S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\Windows\System32\drivers\aabed2.sys [2008-3-20 28672]
                  S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2011-3-14 12744]
                  S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
                  S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\System32\drivers\mbx2midk.sys [2013-1-2 32400]
                  S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
                  S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2011-8-17 12800]
                  S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
                  S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
                  S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-3 59392]
                  S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
                  S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-12 1255736]
                  .
                  =============== Created Last 30 ================
                  .
                  2014-02-21 18:16:38 -------- d-sh--w- C:\$RECYCLE.BIN
                  2014-02-21 18:16:36 -------- d-----w- C:\Users\bosman\AppData\Local\temp
                  2014-02-21 18:12:20 98816 ----a-w- C:\Windows\sed.exe
                  2014-02-21 18:12:20 256000 ----a-w- C:\Windows\PEV.exe
                  2014-02-21 18:12:20 208896 ----a-w- C:\Windows\MBR.exe
                  2014-02-21 18:03:22 -------- d-----w- C:\Program Files\CCleaner
                  2014-02-21 14:38:39 -------- d-----w- C:\AdwCleaner
                  2014-02-20 12:36:04 -------- d-----w- C:\Users\bosman\AppData\Roaming\Malwarebytes
                  2014-02-20 12:35:32 -------- d-----w- C:\ProgramData\Malwarebytes
                  2014-02-20 12:35:31 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
                  2014-02-20 12:35:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
                  2014-02-20 12:34:34 -------- d-----w- C:\Users\bosman\AppData\Local\Programs
                  2014-02-12 20:59:12 548864 ----a-w- C:\Windows\System32\vbscript.dll
                  2014-02-12 20:59:12 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
                  2014-02-12 08:27:54 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
                  .
                  ==================== Find3M ====================
                  .
                  2014-02-21 09:08:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                  2014-02-21 09:08:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                  2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                  2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                  2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
                  2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                  2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                  2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                  2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
                  2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                  2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
                  2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                  2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                  2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
                  2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                  2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                  2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
                  2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
                  2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                  2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
                  2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
                  2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
                  2013-12-18 20:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                  2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
                  2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
                  2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
                  2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
                  2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
                  2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
                  2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
                  2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
                  2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
                  2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
                  2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
                  2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
                  2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
                  2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
                  2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
                  2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
                  2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
                  2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
                  2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
                  2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
                  2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
                  2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
                  2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
                  2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
                  2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
                  2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
                  2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
                  2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
                  2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
                  2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
                  2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
                  2013-11-25 20:47:22 196376 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
                  2013-11-25 20:47:20 243480 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
                  2013-11-25 20:47:20 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
                  2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
                  .
                  ============= FINISH: 19:22:28,76 ===============

                  Combofix:
                  ComboFix 14-02-20.01 - bosman 21-02-2014 19:12:57.1.8 - x64
                  Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.8175.6326 [GMT 1:00]
                  Gestart vanuit: d:\temp\Downloads van Chrome\ComboFix.exe
                  AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
                  SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
                  SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                  * Nieuw herstelpunt werd aangemaakt
                  .
                  .
                  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  c:\windows\tmp
                  c:\windows\tmp\dd_vcredistMSI524C.txt
                  c:\windows\tmp\dd_vcredistMSI6066.txt
                  c:\windows\tmp\dd_vcredistMSI6CD5.txt
                  c:\windows\tmp\dd_vcredistUI524F.txt
                  c:\windows\tmp\dd_vcredistUI6066.txt
                  c:\windows\tmp\dd_vcredistUI6CD5.txt
                  c:\windows\tmp\fonts\fontdb
                  c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile
                  .
                  .
                  (((((((((((((((((((( Bestanden Gemaakt van 2014-01-21 to 2014-02-21 ))))))))))))))))))))))))))))))
                  .
                  .
                  2014-02-21 18:03 . 2014-02-21 18:03 -------- d-----w- c:\program files\CCleaner
                  2014-02-21 14:38 . 2014-02-21 14:39 -------- d-----w- C:\AdwCleaner
                  2014-02-20 12:36 . 2014-02-20 12:36 -------- d-----w- c:\users\bosman\AppData\Roaming\Malwarebytes
                  2014-02-20 12:35 . 2014-02-20 12:35 -------- d-----w- c:\programdata\Malwarebytes
                  2014-02-20 12:35 . 2014-02-20 12:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
                  2014-02-20 12:35 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
                  2014-02-20 12:34 . 2014-02-20 12:34 -------- d-----w- c:\users\bosman\AppData\Local\Programs
                  2014-02-12 20:59 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
                  2014-02-12 20:59 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
                  2014-02-12 08:27 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
                  .
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2014-02-21 09:08 . 2013-03-22 13:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                  2014-02-21 09:08 . 2013-03-22 13:31 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                  2014-02-17 14:01 . 2011-03-21 11:54 88567024 ----a-w- c:\windows\system32\MRT.exe
                  2013-12-18 20:09 . 2014-01-21 08:34 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
                  2013-12-03 16:23 . 2013-12-03 16:23 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
                  2013-12-03 16:23 . 2013-12-03 16:23 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 235008 ----a-w- c:\windows\system32\elshyph.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 182272 ----a-w- c:\windows\SysWow64\msls31.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 942592 ----a-w- c:\windows\system32\jsIntl.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
                  2013-12-03 16:23 . 2013-12-03 16:23 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
                  2013-12-03 16:23 . 2013-12-03 16:23 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
                  2013-12-03 16:23 . 2013-12-03 16:23 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 337408 ----a-w- c:\windows\SysWow64\html.iec
                  2013-12-03 16:23 . 2013-12-03 16:23 247808 ----a-w- c:\windows\system32\msls31.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
                  2013-12-03 16:23 . 2013-12-03 16:23 139264 ----a-w- c:\windows\SysWow64\wextract.exe
                  2013-12-03 16:23 . 2013-12-03 16:23 13312 ----a-w- c:\windows\SysWow64\mshta.exe
                  2013-12-03 16:23 . 2013-12-03 16:23 13312 ----a-w- c:\windows\system32\msfeedssync.exe
                  2013-12-03 16:23 . 2013-12-03 16:23 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
                  2013-12-03 16:23 . 2013-12-03 16:23 84992 ----a-w- c:\windows\system32\mshtmled.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 81408 ----a-w- c:\windows\system32\icardie.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 77312 ----a-w- c:\windows\system32\tdc.ocx
                  2013-12-03 16:23 . 2013-12-03 16:23 62464 ----a-w- c:\windows\system32\pngfilt.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 616104 ----a-w- c:\windows\system32\ieapfltr.dat
                  2013-12-03 16:23 . 2013-12-03 16:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 453120 ----a-w- c:\windows\system32\dxtmsft.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 413696 ----a-w- c:\windows\system32\html.iec
                  2013-12-03 16:23 . 2013-12-03 16:23 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 30208 ----a-w- c:\windows\system32\licmgr10.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 296960 ----a-w- c:\windows\system32\dxtrans.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 263376 ----a-w- c:\windows\system32\iedkcs32.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 243200 ----a-w- c:\windows\system32\webcheck.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 235520 ----a-w- c:\windows\system32\url.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 167424 ----a-w- c:\windows\system32\iexpress.exe
                  2013-12-03 16:23 . 2013-12-03 16:23 147968 ----a-w- c:\windows\system32\occache.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 143872 ----a-w- c:\windows\system32\wextract.exe
                  2013-12-03 16:23 . 2013-12-03 16:23 13824 ----a-w- c:\windows\system32\mshta.exe
                  2013-12-03 16:23 . 2013-12-03 16:23 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 105984 ----a-w- c:\windows\system32\iesysprep.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 101376 ----a-w- c:\windows\system32\inseng.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 774144 ----a-w- c:\windows\system32\jscript.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 48128 ----a-w- c:\windows\system32\imgutil.dll
                  2013-12-03 16:23 . 2013-12-03 16:23 135680 ----a-w- c:\windows\system32\iepeers.dll
                  2013-11-27 01:41 . 2014-01-15 08:52 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
                  2013-11-27 01:41 . 2014-01-15 08:52 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
                  2013-11-27 01:41 . 2014-01-15 08:52 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
                  2013-11-27 01:41 . 2014-01-15 08:52 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
                  2013-11-27 01:41 . 2014-01-15 08:52 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
                  2013-11-27 01:41 . 2014-01-15 08:52 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
                  2013-11-27 01:41 . 2014-01-15 08:52 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
                  2013-11-26 11:40 . 2014-01-15 08:52 376768 ----a-w- c:\windows\system32\drivers\netio.sys
                  2013-11-26 10:32 . 2014-01-15 08:52 3156480 ----a-w- c:\windows\system32\win32k.sys
                  2013-11-25 20:47 . 2013-11-25 20:47 196376 ----a-w- c:\windows\system32\drivers\avgidsha.sys
                  2013-11-25 20:47 . 2013-11-25 20:47 243480 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
                  2013-11-25 20:47 . 2013-11-25 20:47 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
                  2013-11-23 18:26 . 2013-12-11 11:22 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                  REGEDIT4
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
                  @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 131248 ----a-w- c:\users\bosman\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
                  @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 131248 ----a-w- c:\users\bosman\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
                  @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 131248 ----a-w- c:\users\bosman\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                  .
                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-03-22 39408]
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                  "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
                  "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
                  "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
                  "DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2011-03-02 77824]
                  "AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
                  "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
                  "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
                  "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
                  .
                  c:\users\bosman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                  Dropbox.lnk - c:\users\bosman\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                  "ConsentPromptBehaviorAdmin"= 5 (0x5)
                  "ConsentPromptBehaviorUser"= 3 (0x3)
                  "EnableUIADesktopToggle"= 0 (0x0)
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                  "LoadAppInit_DLLs"=1 (0x1)
                  .
                  R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
                  R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                  R3 cpuz130;cpuz130;d:\temp\cpuz130\cpuz_x64.sys;d:\temp\cpuz130\cpuz_x64.sys [x]
                  R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys;c:\windows\SYSNATIVE\drivers\dalwdm.sys [x]
                  R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys;c:\windows\SYSNATIVE\DRIVERS\aabed2.sys [x]
                  R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys;c:\windows\SYSNATIVE\DRIVERS\ENTECH64.sys [x]
                  R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                  R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys;c:\windows\SYSNATIVE\drivers\mbx2midk.sys [x]
                  R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
                  R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
                  R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
                  R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
                  R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                  R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
                  R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                  S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
                  S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
                  S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
                  S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
                  S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
                  S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS \avgidsdrivera.sys [x]
                  S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
                  S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
                  S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
                  S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
                  S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys;c:\windows\SYSNATIVE\DRIVERS\diginet.sys [x]
                  S2 MboxAudioDevMon;Mbox Audio Device Monitor;c:\program files (x86)\Avid\Mbox\AudioDevMon.exe;c:\program files (x86)\Avid\Mbox\AudioDevMon.exe [x]
                  S2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;c:\program files (x86)\Avid\Mbox Mini\AudioDevMon.exe;c:\program files (x86)\Avid\Mbox Mini\AudioDevMon.exe [x]
                  S2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;c:\program files (x86)\Avid\Mbox Pro\AudioDevMon.exe;c:\program files (x86)\Avid\Mbox Pro\AudioDevMon.exe [x]
                  S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
                  S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
                  S3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys;c:\windows\SYSNATIVE\DRIVERS\dgmbx2.sys [x]
                  S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
                  S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys;c:\windows\SYSNATIVE\DRIVERS\dgmbx2fu.sys [x]
                  S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
                  S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
                  S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
                  S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
                  S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
                  S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh .sys [x]
                  S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
                  S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
                  .
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                  2014-02-04 18:11 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
                  .
                  Inhoud van de 'Gedeelde Taken' map
                  .
                  2014-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
                  - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-22 09:08]
                  .
                  2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 13:31]
                  .
                  2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 13:31]
                  .
                  .
                  --------- X64 Entries -----------
                  .
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
                  @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 164016 ----a-w- c:\users\bosman\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
                  @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 164016 ----a-w- c:\users\bosman\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
                  @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 164016 ----a-w- c:\users\bosman\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
                  @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 164016 ----a-w- c:\users\bosman\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-11-02 6538856]
                  .
                  ------- Bijkomende Scan -------
                  .
                  uLocal Page = c:\windows\system32\blank.htm
                  mLocal Page = c:\windows\SysWOW64\blank.htm
                  uInternet Settings,ProxyOverride = *.local
                  TCP: DhcpNameServer = 192.168.2.254 195.241.77.55 195.241.77.58
                  .
                  - - - - ORPHANS VERWIJDERD - - - -
                  .
                  HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
                  .
                  .
                  .
                  --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                  @Denied: (A 2) (Everyone)
                  @="FlashBroker"
                  "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                  "Enabled"=dword:00000001
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                  @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                  @Denied: (A 2) (Everyone)
                  @="IFlashBroker5"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                  @="{00020424-0000-0000-C000-000000000046}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  "Version"="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                  @Denied: (A 2) (Everyone)
                  @="FlashBroker"
                  "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                  "Enabled"=dword:00000001
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                  @Denied: (A 2) (Everyone)
                  @="Shockwave Flash Object"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
                  "ThreadingModel"="Apartment"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                  @="0"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                  @="ShockwaveFlash.ShockwaveFlash.12"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                  @="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                  @="ShockwaveFlash.ShockwaveFlash"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                  @Denied: (A 2) (Everyone)
                  @="Macromedia Flash Factory Object"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
                  "ThreadingModel"="Apartment"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                  @="FlashFactory.FlashFactory.1"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                  @="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                  @="FlashFactory.FlashFactory"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                  @Denied: (A 2) (Everyone)
                  @="IFlashBroker5"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                  @="{00020424-0000-0000-C000-000000000046}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  "Version"="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
                  @Denied: (Full) (Everyone)
                  .
                  Voltooingstijd: 2014-02-21 19:16:35
                  ComboFix-quarantined-files.txt 2014-02-21 18:16
                  .
                  Pre-Run: 4.636.844.032 bytes beschikbaar
                  Post-Run: 4.216.647.680 bytes beschikbaar
                  .
                  - - End Of File - - 3E9AC1116D5D1CC820831A58369671C5
                  A36C5E4F47E84449FF07ED3517B43A31

                  Comment


                  • #10
                    Goed zo

                    Zijn er nog problemen?
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Allereerst: dankjewel!

                      Hopelijk is het opgelost!
                      Omdat er eerder ook meerdere dagen verstreken voor ik ineens weer op een lijst bleek te staan, durf ik nog niet te juichen...

                      Maar het goede nieuws: Ik heb een login voor een externe server. Naar het domein van die externe server kon ik niet mailen. Maar nu wel. Wat ik hoop, is dat alle eventuele malware nu weg is en ik daardoor met mijn IP niet op spamlijsten terecht kom.

                      Outlook zegt nog steeds: bericht 10 van 10 verzenden als ik ik op verzenden/ontvangen druk. Maar misschien is dat dus standaard vanwege het hebben van 10 mailboxen.
                      Wat er bij sommige sites van spamlijsten werd aangegeven was dat er een 'baitmail' verstuurd was naar het IP en dat ze het daarom geblokkeerd hadden. Dat zou dan ook allemaal buiten mijn zicht moeten zijn, maar dat is denk ik juist het probleem....???

                      Nu nog de laptop!
                      Wil je dat ik daar een apart draadje voor maak? En/of kan ik alle checks uit deze draad achter elkaar doen?

                      Deze draad 2 weken openhouden?
                      Het was eerder ook een tijdje 'rustig' - de problemen spelen sinds in totaal 1 maand. Maar na een week had ik ze ineens weer. Vandaar de vraag: wil je deze draad open houden of kan ik hem heropenen als ik weer hetzelfde probleem heb?

                      Comment


                      • #12
                        Voor de andere pc's maak je een ander topic aan. Anders wordt het verwarrend

                        Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                        ComboFix /Uninstall

                        Zorg ervoor dat er dus een spatie is tussen Combofix en /
                        Daarna klik je op Enter.


                        Klik op de afbeelding om te vergroten....


                        Dit zal Combofix verwijderen+gerelateerde mappen en bestanden,
                        herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
                        gaat verborgen bestanden en systeembestanden terug verbergen
                        en reset je Systeemherstel opnieuw.



                        Start CCleaner op.
                        • Run Ccleaner en klik in de linkse kolom op Opties
                        • Selecteer het tabblad Geavanceerd
                        • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                        • Selecteer het tabblad Instellingen
                        • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                        • Klik in de linkse kolom op Cleaner.
                        • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                        • Klik vervolgens in de linkse kolom op Register
                        • Klik op Scan naar problemen.
                        • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                        • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK



                        1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                        2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                        Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                        3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                        4) Allerlei tips en hints kan je hier raadplegen.


                        Ik zet het topic op opgelost.

                        Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
                        naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                        Dit is gedaan om het forum netjes en overzichtelijk te houden.

                        Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                        Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                        Emphyrio
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Dankjewel!
                          Ik zal een nieuw draadje openen voor de laptop.
                          Donatie is onderweg!

                          Comment


                          • #14
                            Graag gedaan
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X