Mededeling

Collapse
No announcement yet.

Snelkoppelingen verdwenen na malware

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Snelkoppelingen verdwenen na malware

    Dag beste mensen,

    Nadat ik vanmiddag een bestand gedownload heb (ben er onderhand aardig zeker van dat het malware/virus is), is m'n PC kuren gaan vertonen.
    Ik kreeg via AVG allerlei meldingen dat er een trojan aan het werk was. Deze heb ik via AVG laten verwijderen.
    Op een gegeven moment zag ik een lege taakbalk, en m'n hele bureaublad was ineens minder bedekt met snelkoppelingen.

    Heel veel snelkoppelingen zijn verdwenen. Ik kan bijvoorbeeld m'n browser niet meer bereiken (alleen via het 'uitvoeren' venster, wat onder de startknop zit). Met m'n mail idem dito.
    Met al deze programma's duurt het daarna veel langer dan normaal, voordat ze open gaan/werken.

    Heel veel mappen in m'n startmenu zijn ineens 'leeg'. Er staan geen pictogrammen of snelkoppelingen meer in.

    Ik heb onderhand MalwareBytes gedraaid (vanmiddag gelijk al), deze heeft heel veel hits verwijderd.
    AdWCleander heb ik ook gedraaid, deze heeft ook nog verscheidene dingen gevonden en verwijderd.
    Ik krijg echter nog steeds popups of reclame in m'n browser, terwijl ik dat tot vanmiddag niet had.
    En m'n snelkoppelingen zijn ook nog steeds foetsie...

    Ik heb geprobeerd systeemherstel te gebruiken, deze kon echter weinig herstelpunten vinden. Als ik dan een logisch herstelpunt wou gebruiken, kwam er na lange tijd werken en opnieuw opstarten de
    melding dat het punt niet te gebruiken was...

    Het valt me op, dat de PC nu steeds hard aan het werk is. Ook op momenten dat ik er niets mee doe. De fan van de videokaart blijft nu ineens veel sterker draaien, dan ik normaal gewend was.
    Dit geluid hoorde ik alleen als ik aan het gamen was. Nu dus ook ineens bij een 'nietgebruikte-pc'.

    In de map waar m'n documenten staan, zijn de mappen ineens van engelse namen voorzien...

    Wie heeft er voor mij de oplossing om deze snelkoppelingen weer terug te krijgen, en m'n pc weer helemaal schoon te krijgen?

    Bij voorbaat dank,

    Groet,

    Ronald

    ---------------------------------------------------------------------------------

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 20-5-2014
    Scantijd: 21:20:32
    Logbestand:
    Beheerder: Ja

    Versie: 2.00.1.1004
    Malwaredatabase: v2014.05.20.09
    Rootkitdatabase: v2014.03.27.01
    Licentie: Premium
    Malwarebescherming: Ingeschakeld
    Kwaadaardige Website Bescherming: Ingeschakeld
    Chameleon: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: Ronald en Jannie

    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten Gescand: 280997
    Verstreken Tijd: 19 m, 28 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Shuriken: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registersleutels: 0
    (No malicious items detected)

    Registerwaardes: 0
    (No malicious items detected)

    Registerdata: 0
    (No malicious items detected)

    Mappen: 0
    (No malicious items detected)

    Bestanden: 0
    (No malicious items detected)

    Fysieke Sectoren: 0
    (No malicious items detected)


    (end)


    ---------------------------------------------------------------------------------------


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
    Run by Ronald en Jannie at 21:22:16 on 2014-05-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2022 [GMT 2:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\Pixart\Pac7302\Monitor.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    uSearch Bar = Preserve
    uDefault_Page_URL = www.google.com
    mStart Page = www.google.com
    mSearch Page = hxxp://www.google.com
    mDefault_Page_URL = www.google.com
    mDefault_Search_URL = www.google.com
    uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "C:\Users\Ronald en Jannie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [AVG-Secure-Search-Update_0913b] C:\Users\Ronald en Jannie\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f68b68be0f3d70a451bdb52b4f2db189-c5654c4a675e1b30a1387a634a2be343963d6796 --CMPID 0913b
    uRun: [AVG-Secure-Search-Update_1213b] C:\Users\Ronald en Jannie\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=f68b68be0f3d70a451bdb52b4f2db189-c5654c4a675e1b30a1387a634a2be343963d6796 /CMPID=1213b
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://62.177.146.89/cab/OCXChecker_8120.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 212.54.44.54 212.54.40.25
    TCP: Interfaces\{581BAAE1-E3AA-4111-B671-EEB7BA82B5D9} : DHCPNameServer = 212.54.44.54 212.54.40.25
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = www.google.com
    x64-mSearch Page = hxxp://www.google.com
    x64-mDefault_Page_URL = www.google.com
    x64-mDefault_Search_URL = www.google.com
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 87.195.107.92 fillesdumonde.com
    Hosts: 87.195.107.92 cosmoeros.com
    Hosts: 87.195.107.92 fetisch-bizarr-sex.de
    Hosts: 87.195.107.92 schwanzmaedchen.de
    Hosts: 87.195.107.92 geheimertip.de
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\
    FF - prefs.js: network.proxy.ssl_port - 8118FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa2.dll
    FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Ronald en Jannie\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-3-27 192792]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-3-27 324376]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-3-31 130840]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-3-27 32536]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2011-8-31 17720]
    R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-3-27 153368]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-4-18 237336]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-3-27 236824]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-3-31 274200]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-4-18 3645456]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-3-27 291912]
    R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-20 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-20 857912]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-12 1494304]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-8 15129376]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-12 411936]
    R2 SystemUpdatekb70007;SystemUpdatekb70007;C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [2014-5-20 18944]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-20 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-20 119512]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-20 63192]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-3-12 39200]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-22 111616]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-14 27136]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-26 56832]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-31 1255736]
    S4 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-8-22 220504]
    .
    =============== Created Last 30 ================
    .
    2014-05-20 18:12:28 390256 ----a-w- C:\Users\Ronald en Jannie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\thunderbird.exe
    2014-05-20 18:12:10 275568 ----a-w- C:\Users\Ronald en Jannie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\firefox.exe
    2014-05-20 18:10:44 -------- d-----w- C:\Program Files (x86)\MSR
    2014-05-20 17:38:41 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-05-20 14:35:31 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-05-20 14:34:45 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-05-20 14:34:45 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-05-20 14:34:45 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-05-20 14:34:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-20 14:03:37 -------- d-----w- C:\Windows\Microsoft
    2014-05-20 13:57:49 -------- d-----w- C:\Users\Ronald en Jannie\AppData\Roaming\BitTorrent
    2014-05-14 18:30:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-14 18:30:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-11 17:35:53 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
    2014-05-08 13:48:42 227704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2014-05-08 13:48:42 227704 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2014-05-08 10:28:50 -------- d-----w- C:\Users\Ronald en Jannie\AppData\Local\{66FB70D7-1A5A-4BDE-9D3A-2281217FF146}
    2014-05-06 07:39:39 -------- d-s---w- C:\Windows\System32\CompatTel
    2014-04-27 17:43:32 -------- d-sh--w- C:\Users\Ronald en Jannie\AppData\Local\EmieUserList
    2014-04-27 17:43:32 -------- d-sh--w- C:\Users\Ronald en Jannie\AppData\Local\EmieSiteList
    2014-04-22 17:41:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ==================== Find3M ====================
    .
    2014-05-17 08:19:14 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-05-17 08:19:14 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-05-17 08:19:05 17938608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
    2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-04-18 13:01:56 237336 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
    2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
    2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-03-31 20:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
    2014-03-31 20:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2014-03-31 14:20:54 274200 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2014-03-31 14:06:26 130840 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2014-03-27 20:14:26 192792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2014-03-27 20:14:24 153368 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
    2014-03-27 20:07:10 236824 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2014-03-27 20:05:02 324376 ----a-w- C:\Windows\System32\drivers\avgloga.sys
    2014-03-27 20:03:16 32536 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-03-04 13:06:00 6714312 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-03-04 13:06:00 3497816 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-03-04 13:05:58 922968 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-03-04 13:05:58 64968 ----a-w- C:\Windows\System32\nvshext.dll
    2014-03-04 13:05:58 2558808 ----a-w- C:\Windows\System32\nvsvcr.dll
    2014-03-04 13:05:57 386336 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-03-04 11:32:59 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
    2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
    2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
    2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
    2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
    2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
    2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
    2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
    2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
    2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
    .
    ============= FINISH: 21:24:13,63 ===============



    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-05-20 21:35:36
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD10EADS-65M2B0 rev.01.00A01 931,51GB
    Running: ik64xpvh.exe; Driver: C:\Users\RONALD~1\AppData\Local\Temp\pwlyrpod.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031b7000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff800031b7011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76]
    .text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76]
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76]
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76]
    .text ... * 2
    ? C:\Windows\system32\mssprxy.dll [2212] entry point in ".rdata" section 00000000741f71e6
    .text C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76]
    .text C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76]
    .text ... * 2
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76]
    .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\System32\svchost.exe [3708:4364] 000007fefb629688

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----

  • #2
    Bij dezen een aanvulling (m'n bericht wijzigen werkte helaas niet), met de eerste twee logbestanden van MalwareBytes:




    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 20-5-2014
    Scantijd: 16:48:56
    Logbestand:
    Beheerder: Ja

    Versie: 2.00.1.1004
    Malwaredatabase: v2014.05.20.04
    Rootkitdatabase: v2014.03.27.01
    Licentie: Premium
    Malwarebescherming: Ingeschakeld
    Kwaadaardige Website Bescherming: Ingeschakeld
    Chameleon: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: Ronald en Jannie

    Scantype: Bedreigingsscan
    Resultaat: Geannuleerd
    Objecten Gescand: 65163
    Verstreken Tijd: 13 m, 5 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Shuriken: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 1
    PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1592, Verwijder-bij-Herstart, [782c5df6cfac40f680c08dc93cc5748c]

    Modules: 0
    (No malicious items detected)

    Registersleutels: 34
    PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantaine, [782c5df6cfac40f680c08dc93cc5748c],
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantaine, [e2c2153e6e0d2e089c730f1cc63c916f],
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantaine, [e2c2153e6e0d2e089c730f1cc63c916f],
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantaine, [e2c2153e6e0d2e089c730f1cc63c916f],
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantaine, [e2c2153e6e0d2e089c730f1cc63c916f],
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantaine, [e2c2153e6e0d2e089c730f1cc63c916f],
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantaine, [e2c2153e6e0d2e089c730f1cc63c916f],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, In Quarantaine, [693b9fb47407f541fc714c147a8804fc],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantaine, [921288cb7b00c2741b52b5ab57abce32],
    PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantaine, [aef6e96ae19a83b3dc910858fe0428d8],

    Registerwaardes: 0
    (No malicious items detected)

    Registerdata: 0
    (No malicious items detected)

    Mappen: 0
    (No malicious items detected)

    Bestanden: 2
    PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Verwijder-bij-Herstart, [782c5df6cfac40f680c08dc93cc5748c],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantaine, [e2c2153e6e0d2e089c730f1cc63c916f],

    Fysieke Sectoren: 0
    (No malicious items detected)


    (end)





    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 20-5-2014
    Scantijd: 17:26:42
    Logbestand:
    Beheerder: Ja

    Versie: 2.00.1.1004
    Malwaredatabase: v2014.05.20.05
    Rootkitdatabase: v2014.03.27.01
    Licentie: Premium
    Malwarebescherming: Ingeschakeld
    Kwaadaardige Website Bescherming: Ingeschakeld
    Chameleon: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: Ronald en Jannie

    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten Gescand: 280414
    Verstreken Tijd: 31 m, 58 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Shuriken: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registersleutels: 4
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantaine, [23ddc33db9476a965d707121d32f827e],
    PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantaine, [f40ceb1533cd09f7d17aa51c907311ef],
    PUP.Optional.EasyDeals.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Easy Deals, In Quarantaine, [b848e31de020a35d88da0099689ae51b],
    PUP.Optional.Qone8, HKU\S-1-5-21-3046099074-103043334-1336331520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantaine, [78885fa19868dc2486c410b1d62d44bc],

    Registerwaardes: 1
    PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\xofvtcyv.default-1392749463536\extensions\[email protected], In Quarantaine, [9b6579871be5a65a0387266db54d5ca4]

    Registerdata: 14
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~1.DLL, Goed: (), Slecht: (C:\PROGRA~2\SupTab\SEARCH~1.DLL),Vervangen,[80805ba507f9c33d56eadcc039c99e62]
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~2.DLL, Goed: (), Slecht: (C:\PROGRA~2\SupTab\SEARCH~2.DLL),Vervangen,[80805ba507f9c33d56eadcc039c99e62]
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type...V5307624476244, Goed: (iexplore.exe), Slecht: (C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type...244),Vervangen,[8878738d5ba504fc1d4d9baa897b08f8]
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://istart.webssearches.com/web/?type=ds&ts=1400594530&from=amt&uid=WDCXWD10EADS-65M2B0_WD-WCAV5307624476244&q={searchTerms}, Goed: (www.google.com), Slecht: (http://istart.webssearches.com/web/?type=ds&ts=1400594530&from=amt&uid=WDCXWD10EADS-65M2B0_WD-WCAV5307624476244&q={searchTerms}),Vervangen,[32ce0bf5c43cc13fa3be400549bb59a7]
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type...V5307624476244, Goed: (www.google.com), Slecht: (http://istart.webssearches.com/?type...244),Vervangen,[a25eef1159a79c64f966c87d15efcf31]
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type...V5307624476244, Goed: (www.google.com), Slecht: (http://istart.webssearches.com/?type...244),Vervangen,[23dd817f827e0000f0739fa6ef15b34d]
    PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Goed: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Slecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Vervangen,[8e72c739b34d2dd3d7bba2ad7f85c43c]
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type...V5307624476244, Goed: (iexplore.exe), Slecht: (C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type...244),Vervangen,[d12fb84826dad927b8b28bba0afa5ea2]
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://istart.webssearches.com/web/?type=ds&ts=1400594530&from=amt&uid=WDCXWD10EADS-65M2B0_WD-WCAV5307624476244&q={searchTerms}, Goed: (www.google.com), Slecht: (http://istart.webssearches.com/web/?type=ds&ts=1400594530&from=amt&uid=WDCXWD10EADS-65M2B0_WD-WCAV5307624476244&q={searchTerms}),Vervangen,[20e05da39d63bb45da871f26b450a15f]
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type...V5307624476244, Goed: (www.google.com), Slecht: (http://istart.webssearches.com/?type...244),Vervangen,[26da4bb5fe02ac544c13b2931ce8ee12]
    PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type...V5307624476244, Goed: (www.google.com), Slecht: (http://istart.webssearches.com/?type...244),Vervangen,[bf41d62aa060a45cc2a10045c63ed030]
    PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Goed: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Slecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Vervangen,[e71952ae47b941bfff931738c83c3cc4]
    PUP.Optional.WebsSearches.A, HKU\S-1-5-21-3046099074-103043334-1336331520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type...V5307624476244, Goed: (www.google.com), Slecht: (http://istart.webssearches.com/?type...244),Vervangen,[fb05887840c0ea16bfa545009b698977]
    PUP.Optional.WebsSearches.A, HKU\S-1-5-21-3046099074-103043334-1336331520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type...V5307624476244, Goed: (www.google.com), Slecht: (http://istart.webssearches.com/?type...244),Vervangen,[7d83b64a48b8b64a88d8f64fff05b34d]

    Mappen: 28
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\code, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],

    Bestanden: 86
    PUP.Optional.IePluginService.A, C:\Users\Ronald en Jannie\AppData\Local\Temp\887661\887661.zipDir\tmp\SupTab_Setup302.exe, In Quarantaine, [629e60a06d939070ec5a69edc041c43c],
    PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantaine, [8a7634cc9e627888e2ed9002ce340ef2],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantaine, [80805ba507f9c33d56eadcc039c99e62],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\119.json, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\MessageBox.xml, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\uninstallDlg2.xml, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\bg.png, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\bg1.png, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\bk_shadow.png, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\button.png, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\button1.png, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\checkbox.png, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\checkbox_select.png, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\checked.png, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\close.png, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\loading_bg.png, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\loading_light.png, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\min.png, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\scrollbar.bmp, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\Thumbs.db, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\unchecked.png, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\code\code1.jpg, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\code\code2.jpg, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\code\code3.jpg, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\code\code4.jpg, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\code\code5.jpg, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\code\code6.jpg, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Roaming\webssearches\images\code\Thumbs.db, In Quarantaine, [35cb659b51af36ca3ba0b5c4be44ba46],
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Local\Google\Chrome\User Data\Default\Preferences, Goed: (), Slecht: ( "startup_urls": [ "http://istart.webssearches.com/?type=hp&ts=1400594530&from=amt&uid=WDCXWD10EADS-65M2B0_WD-WCAV5307624476244" ],), Vervangen,[9e6231cf8779e719108fcfac4db73ac6]
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Local\Google\Chrome\User Data\Default\Preferences, Goed: (), Slecht: ( "homepage": "http://istart.webssearches.com/?type=hp&ts=1400594530&from=amt&uid=WDCXWD10EADS-65M2B0_WD-WCAV5307624476244",), Vervangen,[f10f1ae631cf45bba9f71c5fe51f9c64]
    PUP.Optional.WebsSearches.A, C:\Users\Ronald en Jannie\AppData\Local\Google\Chrome\User Data\Default\Preferences, Goed: (), Slecht: ( "search_url": "http://istart.webssearches.com/web/?type=ds&ts=1400594530&from=amt&uid=WDCXWD10EADS-65M2B0_WD-WCAV5307624476244&q={searchTerms}",), Vervangen,[17e9e41ce51b27d9abf63645986c0ff1]

    Fysieke Sectoren: 0
    (No malicious items detected)


    (end)

    Comment


    • #3
      Download de 32 of 64 bit versie van HitmanPro naar het bureaublad.
      Klik hier voor een uitgebreide handleiding van HitmanPro.
      • Dubbelklik op "HitmanPro.exe" en klik op "volgende"
      • Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
      • Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
      • Als de scan klaar is klik je op "volgende"
      • Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
      • Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
      • Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
        Post dit logje in het volgende bericht.
      • Klik nu op de knop "Herstarten".

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        Bij dezen:

        Code:
        HitmanPro 3.7.9.216
        www.hitmanpro.com
        
           Computer name . . . . : CC852927-B
           Windows . . . . . . . : 6.1.1.7601.X64/4
           User name . . . . . . : cc852927-b\Ronald en Jannie
           UAC . . . . . . . . . : Enabled
           License . . . . . . . : Trial (30 days left)
        
           Scan date . . . . . . : 2014-05-21 16:27:29
           Scan mode . . . . . . : Normal
           Scan duration . . . . : 10m 15s
           Disk access mode  . . : Direct disk access (SRB)
           Cloud . . . . . . . . : Internet
           Reboot  . . . . . . . : Yes
        
           Threats . . . . . . . : 1
           Traces  . . . . . . . : 28
        
           Objects scanned . . . : 1.877.340
           Files scanned . . . . : 77.271
           Remnants scanned  . . : 476.326 files / 1.323.743 keys
        
        Suspicious files ____________________________________________________________
        
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\healthreport.sqlite-shm
              Size . . . . . . . : 32.768 bytes
              Age  . . . . . . . : 0.0 days (2014-05-21 16:21:59)
              Entropy  . . . . . : 6.1
              SHA-256  . . . . . : 934A32A69DE5DD227CA0127D9481B195E5F90606A707937442B07216805770F2
              Product  . . . . . : Microsoft® Windows® Operating System
              Publisher  . . . . : Microsoft Corporation
              Description  . . . : VGA/Super VGA Video Driver
              Version  . . . . . : 6.1.7600.16385
              Copyright  . . . . : © Microsoft Corporation. All rights reserved.
              Fuzzy  . . . . . . : 48.0
                 The file is hidden from Windows API. This is typical for malware.
                 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
                 The file name extension of this program is not common.
                 Time indicates that the file appeared recently on this computer.
                 The file is in use by one or more active processes.
                 The file is a device driver. Device drivers run as trusted (highly privileged) code.
              Forensic Cluster
                 -29.6s C:\Users\Ronald en Jannie\AppData\Local\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\startupCache\
                 -25.8s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\places.sqlite-wal
                 -25.8s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\places.sqlite-shm
                 -25.8s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\places.sqlite-shm
                 -25.8s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\places.sqlite-shm
                 -25.8s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\places.sqlite-shm
                 -25.8s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\places.sqlite-shm
                 -11.1s C:\Users\Ronald en Jannie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFJEMU0L\timefrom[1].png
                 -7.8s C:\Users\Ronald en Jannie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQXWC47B\m5RPAJUUY.gif
                 -6.4s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\webappsstore.sqlite-wal
                 -6.4s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\webappsstore.sqlite-shm
                 -3.0s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite-wal
                 -3.0s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite-wal
                 -3.0s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite-shm
                 -3.0s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite-shm
                  0.0s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\healthreport.sqlite-wal
                  0.0s C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\healthreport.sqlite-shm
                  0.0s C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\
                  0.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.5.gthr
                  0.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.5.Crwl
        
        
        Malware remnants ____________________________________________________________
        
           HKLM\SOFTWARE\Classes\m\ (MySearchDial) -> Deleted
        
        Potential Unwanted Programs _________________________________________________
        
           HKLM\SYSTEM\ControlSet001\services\eventlog\Application\IePluginService\ (FTDownloader) -> Deleted
           HKLM\SYSTEM\ControlSet001\services\eventlog\Application\Wpm\ (FTDownloader) -> Deleted
           HKLM\SYSTEM\ControlSet002\services\eventlog\Application\IePluginService\ (FTDownloader) -> Deleted
           HKLM\SYSTEM\ControlSet002\services\eventlog\Application\Wpm\ (FTDownloader) -> Deleted
           HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\IePluginService\ (FTDownloader) -> PendingDelete
           HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Wpm\ (FTDownloader) -> PendingDelete
        
        Repairs _____________________________________________________________________
        
           Proxyserver op deze computer (Gebruiker)
           127.0.0.1:8118
        
           Proxyserver op deze computer (Gebruiker)
           127.0.0.1:8118
        
           Proxyserver op deze computer (Gebruiker)
           127.0.0.1:8118
        
           Proxyserver op deze computer (Gebruiker)
           127.0.0.1:8118
        
           Proxyserver op deze computer (Gebruiker)
           127.0.0.1:8118
        
           Proxyserver op deze computer (Gebruiker)
           127.0.0.1:8118
        
        
        Cookies _____________________________________________________________________
        
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite:ad.360yield.com
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite:ads.pubmatic.com
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite:ads.stickyadstv.com
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite:ads.yahoo.com
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite:adtech.de
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite:advertising.com
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite:atdmt.com
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite:casalemedia.com
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite:doubleclick.net
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite:media6degrees.com
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite:ru4.com
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite:smartadserver.com
           C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\cookies.sqlite:track.adform.net

        Comment


        • #5
          Download Zoek.zip naar het bureaublad.
          • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.


          Antivirussoftware uitschakelen
          Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

          Zoek.exe uitvoeren
          Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
          • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
          • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
          • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
          • Klik nu op de knop "Run script".
          • Er verschijnt een popup met de melding dat er geen script aangetroffen is, druk gewoon op OK.
          • Zoek.exe gaat nu een scan + reparatie uitvoeren, bij sommige systemen kan deze langer dan een half uur duren.
          • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
          • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
          • Post het geopende logje in het volgende bericht als bijlage.


          Zoek.exe logbestand plaatsen
          • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht.
            (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Vraag:

            Deep scan plus automated cleanup of Quick scan?

            Groet,

            Ronald

            Comment


            • #7
              Ik krijg (nadat het venster van ZOEK is verdwenen) een melding van AVG...

              C:\Windows\SysWOW64\cmd.exe

              Veroorzaakt bedreiging.

              Hierna is Zoek verdwenen.

              En ZOEK.exe is niet meer te vinden...

              Comment


              • #8
                Zoek.exe v5.0.0.0 Updated 21-05-2014
                Tool run by Ronald en Jannie on wo 21-05-2014 at 17:51:50,32.
                Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
                Running in: Normal Mode Internet Access Detected
                Launched: C:\Users\Ronald en Jannie\Desktop\zoek\zoek.exe [Scan all users] [Deep Scan] [Auto Clean]

                ==== Older Logs ==

                C:\zoek-results2014-05-21-153857.log 35201 bytes

                ==== Deleting CLSID Registry Keys ====


                ==== Deleting CLSID Registry Values ==


                ==== Running Processes ==

                C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
                C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
                C:\Windows\SysWOW64\svchost.exe
                C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
                C:\Windows\SysWOW64\svchost.exe
                c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
                C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
                C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
                C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
                C:\Windows\Pixart\Pac7302\Monitor.exe
                C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
                C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
                C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
                C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
                C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
                C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
                C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                C:\Program Files (x86)\AVG\AVG2014\avgui.exe
                C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
                C:\Windows\SysWOW64\ctfmon.exe
                C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
                C:\Users\Ronald en Jannie\Desktop\zoek\zoek.exe
                C:\Windows\SysWOW64\cmd.exe
                C:\Windows\SysWOW64\cmd.exe
                C:\Windows\SysWOW64\cmd.exe

                ==== Deleting Services ===


                ==== System Specs ====

                Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
                Memory (RAM): 4096 MB
                CPU Info: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
                CPU Speed: 2533,3 MHz
                Sound Card: Luidsprekers (Realtek High Defi |
                Display Adapters: NVIDIA GeForce G210 | NVIDIA GeForce G210 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
                Monitors: 1x; SyncMaster 2223NW |
                Screen Resolution: 1680 X 1050 - 32 bit
                Network: Network Present
                Network Adapters: Realtek PCIe FE Family Controller
                CD / DVD Drives: 1x (E: | ) E: hp DVD A DH16AAL
                Ports: COM Ports NOT Present. LPT Port NOT Present.
                Mouse: 8 Button Wheel Mouse Present
                Hard Disks: C: 476,3GB | D: 442,0GB | G: 13,1GB
                Hard Disks - Free: C: 355,2GB | D: 301,3GB | G: 2,3GB
                Manufacturer *: American Megatrends Inc.
                BIOS Info: AT/AT COMPATIBLE | 09/25/09 | HPQOEM - 20090925
                Time Zone: West-Europa (standaardtijd)
                Motherboard *: FOXCONN ETON
                Country: Nederland
                Language: NLD

                ==== System Specs (Software) ======================

                Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)
                Anti-Spyware: Windows Defender disabled (Outdated)
                Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated)
                Default Browser: Firefox 29.0.1
                Internet Explorer Version: 11.0.9600.17107
                Mozilla Firefox version: 29.0.1 (x86 nl)
                Adobe Reader version: 11.0.07.79
                Sun Java version: 1.7.0_55 (32-bit)
                Flash Player version: 13.0.0.214
                Shockwave Player version: 12.0.9r149

                ==== Files Recently Created / Modified ==

                ====== C:\Windows ====
                2014-05-20 14:38:56 E185BDA84E5F03F4E1D8DCA30E209277 1912 ----a-w- C:\Windows\epplauncher.mif
                ====== C:\Users\RONALD~1\AppData\Local\Temp ====
                2014-05-12 02:06:56 8F4AF3027DC96C5B8C37AC20D19D071B 208280 ----a-w- C:\Users\Ronald en Jannie\AppData\Local\Temp\887661\887661.zipDir\qSE.exe
                ====== Java Cache =====
                ====== C:\Windows\SysWOW64 =====
                2014-05-20 17:38:41 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
                2014-05-14 18:30:38 FBCF3F01177953EBF1E735643621CCF5 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
                2014-05-14 18:30:37 EB5347F6149D3FF25F4D609A21A3BD67 17382912 ----a-w- C:\Windows\SysWOW64\mshtml.dll
                2014-05-14 18:30:37 10D531ADC7B8FB36C7361D44AF6E8AB6 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
                2014-05-14 18:19:58 E9D88493FBDB36D4B65C6F2F7F122C95 12874240 ----a-w- C:\Windows\SysWOW64\shell32.dll
                2014-05-14 18:19:35 9DE19EA21DF99AF15BA5A947E5317F9E 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll
                2014-05-14 18:19:35 4D59F470985D08139E42D15842816C47 3969984 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
                2014-05-14 18:19:34 ED195AC76E10F17F6DD60C49666F2A83 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
                2014-05-14 18:19:34 31FA2485DFC773F1E718A4D19F443FA9 3914176 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
                2014-05-14 18:19:33 995B39A08421C7725D1DF8DACEBBFC89 538112 ----a-w- C:\Windows\SysWOW64\objsel.dll
                2014-05-14 18:19:33 62C0798CC68EBF42F29C92E6CD6DC3D6 36864 ----a-w- C:\Windows\SysWOW64\dimsroam.dll
                2014-05-14 18:19:33 541BB9B4C899ADCC5D3DB89208C1F409 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
                2014-05-14 18:19:33 461B713DE7F353C6447B744F1A049930 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
                2014-05-14 18:19:33 3A1ABE045A3E30799576E83A2D012B43 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
                2014-05-14 18:19:32 FBC78B5D12A4F5A62D9C91E0E0E46D46 49664 ----a-w- C:\Windows\SysWOW64\adprovider.dll
                2014-05-14 18:19:32 C94CE65AE7701E9FDBA889045543E27C 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
                2014-05-14 18:19:32 834A859BB331B0B2CCAE25BB1986F80D 47616 ----a-w- C:\Windows\SysWOW64\dpapiprovider.dll
                2014-05-14 18:19:32 828185688FDAAE6C7959B884ABED1766 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll
                2014-05-14 18:19:32 75878492F2B33405EEF900F8C16C6D08 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
                2014-05-14 18:19:32 5E11C55CC4D9330E55CCB22B1F20BB33 35328 ----a-w- C:\Windows\SysWOW64\wincredprovider.dll
                2014-05-14 18:19:32 38A30B8E4216BE24D30F766EF3BAC2C7 48128 ----a-w- C:\Windows\SysWOW64\capiprovider.dll
                2014-05-14 18:19:32 335FA669FC952BC4888CEDBDB42607E2 51200 ----a-w- C:\Windows\SysWOW64\cngprovider.dll
                2014-05-14 18:19:32 2A86C18CE6869C77FCEB62F3B47D4D5B 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
                ====== C:\Windows\SysWOW64\drivers =====
                ====== C:\Windows\Sysnative =====
                2014-05-21 14:38:20 7D6439D4109EEE1694C3CF29DAE96E7C 1234 ----a-w- C:\Windows\Sysnative\.crusader
                2014-05-14 18:30:38 A920E1336F9FEA95477763E2CC15891B 84992 ----a-w- C:\Windows\Sysnative\mshtmled.dll
                2014-05-14 18:30:38 797E2E5C309AFF76990D5B7AF457EACA 23544320 ----a-w- C:\Windows\Sysnative\mshtml.dll
                2014-05-14 18:30:37 A45BFDCFD5864F658289A165E6E0227F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
                2014-05-14 18:20:00 427015D56DF17241F634611557146C57 14175744 ----a-w- C:\Windows\Sysnative\shell32.dll
                2014-05-14 18:19:55 4A795989DF0043973711B666D36D2678 477184 ----a-w- C:\Windows\Sysnative\aepdu.dll
                2014-05-14 18:19:55 485FB1F3792FF7B5D5EBB99AB870E588 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
                2014-05-14 18:19:36 9358149234A4F3FE00CF5C2096DC1652 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll
                2014-05-14 18:19:35 B19C8390A1D641B9AC4490D4828A7B5E 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll
                2014-05-14 18:19:34 E2A483E796D5FC7E447725FD01D98FA0 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll
                2014-05-14 18:19:34 89EF1CE0CE43AB8F55247D746739A321 722944 ----a-w- C:\Windows\Sysnative\objsel.dll
                2014-05-14 18:19:33 CF13522172342AD8196B329C15D68E23 44544 ----a-w- C:\Windows\Sysnative\dimsroam.dll
                2014-05-14 18:19:33 B6D8C1202DACA028AD94BDA2795CBBE9 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
                2014-05-14 18:19:33 851BB346CD59D9B3BC8854384C7DD5C3 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll
                2014-05-14 18:19:33 6B47CF5C27865DDF6680E4D834FBE34F 5550016 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
                2014-05-14 18:19:33 481F70241D4EA038BB02590A30F15A23 340992 ----a-w- C:\Windows\Sysnative\schannel.dll
                2014-05-14 18:19:33 26AF184300C0868D854D5A3092234E24 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll
                2014-05-14 18:19:32 C072064F95579C0D6D86AF5B3DC53192 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll
                2014-05-14 18:19:32 BDA8B14AFE99A0C52BFEA64C5AC62171 52736 ----a-w- C:\Windows\Sysnative\dpapiprovider.dll
                2014-05-14 18:19:32 9D942180B5B6CE1C882B9CC54EA1F275 57344 ----a-w- C:\Windows\Sysnative\cngprovider.dll
                2014-05-14 18:19:32 9A3C6D8593F29A9F66744A3D4E6309B2 39936 ----a-w- C:\Windows\Sysnative\wincredprovider.dll
                2014-05-14 18:19:32 82A72E99AA1CF0B04D3B9843CBA3AEC1 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
                2014-05-14 18:19:32 8098627D0AA1706D69C5AF3F74332ABB 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll
                2014-05-14 18:19:32 692E9886B2A475684F7E3294BF66E97D 56832 ----a-w- C:\Windows\Sysnative\adprovider.dll
                2014-05-14 18:19:32 4959DE74643CBC4B83E5BC99486A4FC9 53760 ----a-w- C:\Windows\Sysnative\capiprovider.dll
                2014-05-14 18:19:32 39312B37C5FE5138F99680A49ACD3AEA 28160 ----a-w- C:\Windows\Sysnative\secur32.dll
                2014-05-14 18:19:32 204F3F58212B3E422C90BD9691A2DF28 31232 ----a-w- C:\Windows\Sysnative\lsass.exe
                ====== C:\Windows\Sysnative\drivers =====
                2014-05-20 14:35:31 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
                2014-05-20 14:34:45 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
                2014-05-20 14:34:45 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
                2014-05-20 14:34:45 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
                2014-05-14 18:19:33 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
                2014-05-14 18:19:32 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
                ====== C:\Windows\Tasks ======
                ====== C:\Windows\Temp ======
                ======= C:\Program Files =====
                2014-05-21 14:27:26 -------- d-----w- C:\Program Files\HitmanPro
                ======= C:\PROGRA~2 =====
                2014-05-20 18:10:44 -------- d-----w- C:\PROGRA~2\MSR
                2014-05-14 18:30:24 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER
                2014-05-02 15:19:17 -------- d-----w- C:\PROGRA~2\Mozilla Thunderbird
                ======= C: =====
                2014-05-20 18:17:01 1914444E0CF6ECDD3389A78982573D4C 1862 ----a-w- C:\sc-cleaner.txt
                ====== C:\Users\Ronald en Jannie\AppData\Roaming ======
                2014-05-21 15:38:57 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
                2014-05-21 15:38:57 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
                2014-05-21 15:38:57 -------- d-----w- C:\Users\Default\AppData\Local\Temp
                2014-05-21 15:38:57 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
                2014-04-27 17:43:38 -------- d-----w- C:\Users\Ronald en Jannie\AppData\Locallow\EmieUserList
                2014-04-27 17:43:32 -------- d-sh--w- C:\Users\Ronald en Jannie\AppData\Local\EmieUserList
                2014-04-27 17:43:32 -------- d-sh--w- C:\Users\Ronald en Jannie\AppData\Local\EmieSiteList
                2014-04-27 17:43:27 -------- d-----w- C:\Users\Ronald en Jannie\AppData\Locallow\EmieSiteList
                ====== C:\Users\Ronald en Jannie ======
                2014-05-21 14:27:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
                2014-05-21 14:26:54 -------- d-----w- C:\ProgramData\HitmanPro
                2014-05-21 14:25:50 98ADA896D51610D3412EEEAA5F12A53F 10971424 ----a-w- C:\Users\Ronald en Jannie\Downloads\HitmanPro_x64.exe
                2014-05-20 19:23:17 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Ronald en Jannie\Desktop\ik64xpvh.exe
                2014-05-20 19:21:24 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Ronald en Jannie\Desktop\dds.com
                2014-05-20 18:59:27 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Ronald en Jannie\defogger_reenable
                2014-05-20 18:59:06 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Ronald en Jannie\Downloads\Defogger.exe
                2014-05-20 18:16:40 C1974F029A2E6A44E6BB5A75762235B8 441592 ----a-w- C:\Users\Ronald en Jannie\Downloads\sc-cleaner.exe
                2014-05-20 18:12:24 0CC6BCDAAD124EC51A96F60C51CD184D 390256 ----a-w- C:\Users\Ronald en Jannie\Desktop\thunderbird.exe
                2014-05-20 18:12:01 0DA891CB0703D912CEAFA072F54D002B 275568 ----a-w- C:\Users\Ronald en Jannie\Desktop\firefox.exe
                2014-05-20 17:37:50 70F851F7A524071E13F17DC401A21906 1326389 ----a-w- C:\Users\Ronald en Jannie\Downloads\adwcleaner_3.210.exe
                2014-05-20 15:54:23 2529406E348278E6CB3FF7FCB104C54F 398752 ----a-w- C:\Users\Ronald en Jannie\Downloads\unhide.exe
                2014-05-20 14:32:40 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\Ronald en Jannie\Downloads\mbam-setup-2.0.1.1004.exe
                2014-05-20 14:32:04 31BF4892327DA51363D73953ACF8C0C0 13845688 ----a-w- C:\Users\Ronald en Jannie\Downloads\mseinstall.exe
                2014-05-20 12:56:38 CE31E2E826FD3F1FAD3A74CEAB3CE572 415759 ----a-w- C:\Users\Ronald en Jannie\Downloads\ASIO4ALL_2_10_English.exe
                2014-04-22 17:41:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

                ====== C: exe-files ==
                2014-05-21 14:27:28 CD3FE805E00666E4CDF6C92BD6F290ED 127752 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe
                2014-05-21 14:27:26 98ADA896D51610D3412EEEAA5F12A53F 10971424 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
                2014-05-21 14:25:50 98ADA896D51610D3412EEEAA5F12A53F 10971424 ----a-w- C:\Users\Ronald en Jannie\Downloads\HitmanPro_x64.exe
                2014-05-20 19:23:17 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Ronald en Jannie\Desktop\ik64xpvh.exe
                2014-05-20 18:59:06 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Ronald en Jannie\Downloads\Defogger.exe
                2014-05-20 18:16:40 C1974F029A2E6A44E6BB5A75762235B8 441592 ----a-w- C:\Users\Ronald en Jannie\Downloads\sc-cleaner.exe
                2014-05-20 18:12:28 0CC6BCDAAD124EC51A96F60C51CD184D 390256 ----a-w- C:\Users\Ronald en Jannie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\thunderbird.exe
                2014-05-20 18:12:24 0CC6BCDAAD124EC51A96F60C51CD184D 390256 ----a-w- C:\Users\Ronald en Jannie\Desktop\thunderbird.exe
                2014-05-20 18:12:10 0DA891CB0703D912CEAFA072F54D002B 275568 ----a-w- C:\Users\Ronald en Jannie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\firefox.exe
                2014-05-20 18:12:01 0DA891CB0703D912CEAFA072F54D002B 275568 ----a-w- C:\Users\Ronald en Jannie\Desktop\firefox.exe
                2014-05-20 18:10:45 F8A362B8F164B6362488D9CA07DFC9C9 36243 ----a-w- C:\Program Files (x86)\MSR\Privoxy\privoxy_uninstall.exe
                2014-05-20 18:10:45 F493C2A6C2ABD351358484E72B2E3128 370176 ----a-w- C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
                2014-05-20 17:37:50 70F851F7A524071E13F17DC401A21906 1326389 ----a-w- C:\Users\Ronald en Jannie\Downloads\adwcleaner_3.210.exe
                2014-05-20 15:54:23 2529406E348278E6CB3FF7FCB104C54F 398752 ----a-w- C:\Users\Ronald en Jannie\Downloads\unhide.exe
                2014-05-20 15:45:40 5D89741A77FCD3E1EEA11A76CED93654 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3046099074-103043334-1336331520-1000\$IW10SDM.exe
                2014-05-20 14:32:40 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\Ronald en Jannie\Downloads\mbam-setup-2.0.1.1004.exe
                2014-05-20 14:32:04 31BF4892327DA51363D73953ACF8C0C0 13845688 ----a-w- C:\Users\Ronald en Jannie\Downloads\mseinstall.exe
                2014-05-20 14:03:37 CABD5BF30A009765D8E550BF90AD209E 18944 ----a-w- C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
                2014-05-20 14:03:25 B0B1C2912D53EAC505F9D9B3914EA062 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3046099074-103043334-1336331520-1000\$IHM64PD.exe
                2014-05-20 13:59:44 C3A64EF79FA912A62D2711E54B452D07 23050921 ----a-w- C:\Users\Ronald en Jannie\Downloads\Sibelius 5 Sound Essentials\SSE_Setup.exe
                2014-05-20 13:57:32 CAB489F2FA001EDCC54D1842C8EB1188 1639760 ----a-w- C:\$Recycle.Bin\S-1-5-21-3046099074-103043334-1336331520-1000\$RW10SDM.exe
                2014-05-20 12:56:38 CE31E2E826FD3F1FAD3A74CEAB3CE572 415759 ----a-w- C:\Users\Ronald en Jannie\Downloads\ASIO4ALL_2_10_English.exe
                2014-05-16 08:47:25 13DE611F0A410DEFEDE0C29CA6B32F94 3548304 ----a-w- C:\Users\Ronald en Jannie\AppData\Local\NVIDIA\NvBackend\Packages\00005adb\DAO.18473838.exe
                2014-05-16 08:44:59 A742CCF738AEFEF3078683BD0E803215 739808 ----a-w- C:\Users\Ronald en Jannie\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.137\34.0.1847.137_34.0.1847.131_chrome_updater.exe
                2014-05-14 18:19:55 94566D109585C5867B01B761276C2D1F 155136 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
                2014-05-14 18:19:55 6FF6FF2DD6B7CDD07049DCA1F7A18319 31232 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe
                2014-05-14 18:19:35 4D59F470985D08139E42D15842816C47 3969984 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
                2014-05-14 18:19:34 31FA2485DFC773F1E718A4D19F443FA9 3914176 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
                2014-05-14 18:19:33 6B47CF5C27865DDF6680E4D834FBE34F 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
                2014-05-14 18:19:32 204F3F58212B3E422C90BD9691A2DF28 31232 ----a-w- C:\Windows\System32\lsass.exe
                === C: other files ==
                2014-05-20 19:21:24 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Ronald en Jannie\Desktop\dds.com
                2014-05-20 18:20:09 CFD51D8253365E6F539B1436B616B0F6 81901 ----a-w- C:\Users\Ronald en Jannie\Desktop\Oude Firefox-gegevens\xofvtcyv.default-1392749463536\extensions\[email protected]
                2014-05-20 18:20:09 91A180E1508D2D2A5194B0BCE5FDA41E 376249 ----a-w- C:\Users\Ronald en Jannie\Desktop\Oude Firefox-gegevens\xofvtcyv.default-1392749463536\extensions\[email protected]
                2014-05-20 18:20:09 606A946A06E2645B553504D005F4912B 384235 ----a-w- C:\Users\Ronald en Jannie\Desktop\Oude Firefox-gegevens\xofvtcyv.default-1392749463536\extensions\[email protected]
                2014-05-20 15:39:16 EAA2102EC015C92F09ECF21AF55A739C 104 ----a-w- C:\Users\Ronald en Jannie\AppData\Local\Temp\utt2694.tmp.bat
                2014-05-20 14:35:31 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
                2014-05-20 14:34:45 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
                2014-05-20 14:34:45 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
                2014-05-20 14:34:45 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
                2014-05-20 14:04:49 E5B5C928D9CCA202EC9EF749DCCF1C6B 7314717 ----a-w- C:\ProgramData\AVG2014\IDS\outbox\tmp_bc52d338-d63a-47d2-b36a-d16f13dbbd88.zip
                2014-05-20 13:41:07 C9FA8CB67D949CE1935AEE373F1E959E 5260 ----a-w- C:\Users\Ronald en Jannie\Downloads\Sibelius_Essentials_GM.zip
                2014-05-14 18:19:33 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
                2014-05-14 18:19:32 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

                ==== Startup Registry Enabled ===

                [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
                "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

                [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
                "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

                [HKEY_USERS\S-1-5-21-3046099074-103043334-1336331520-1000\Software\Microsoft\Windows\CurrentVersion\Run]
                "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
                "Google Update"="C:\Users\Ronald en Jannie\AppData\Local\Google\Update\GoogleUpdate.exe /c"
                "AVG-Secure-Search-Update_0913b"="C:\Users\Ronald en Jannie\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f68b68be0f3d70a451bdb52b4f2db189-c5654c4a675e1b30a1387a634a2be343963d6796 --CMPID 0913b"
                "AVG-Secure-Search-Update_1213b"="C:\Users\Ronald en Jannie\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=f68b68be0f3d70a451bdb52b4f2db189-c5654c4a675e1b30a1387a634a2be343963d6796 /CMPID=1213b"

                [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
                "mctadmin"="C:\Windows\System32\mctadmin.exe"

                [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
                "mctadmin"="C:\Windows\System32\mctadmin.exe"

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
                "UpdatePRCShortCut"="C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Hewlett-Packard\Recovery UpdateWithCreateOnce Software\CyberLink\PowerRecover"
                "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
                "Freecorder FLV Service"="C:\Program Files (x86)\Freecorder\FLVSrvc.exe /run"
                "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
                "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
                "HP Remote Solution"="%ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe"

                [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
                "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
                "Google Update"="C:\Users\Ronald en Jannie\AppData\Local\Google\Update\GoogleUpdate.exe /c"
                "AVG-Secure-Search-Update_0913b"="C:\Users\Ronald en Jannie\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f68b68be0f3d70a451bdb52b4f2db189-c5654c4a675e1b30a1387a634a2be343963d6796 --CMPID 0913b"
                "AVG-Secure-Search-Update_1213b"="C:\Users\Ronald en Jannie\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=f68b68be0f3d70a451bdb52b4f2db189-c5654c4a675e1b30a1387a634a2be343963d6796 /CMPID=1213b"

                ==== Startup Registry Enabled x64 ======================

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe"
                "Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
                "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
                "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

                ==== Startup Registry Disabled x64 ======================

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
                "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                "item"="APSDaemon"
                "hkey"="HKLM"
                "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]
                "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                "item"="GarminExpressTrayApp"
                "hkey"="HKCU"
                "command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\""

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
                "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                "item"="Google Update"
                "hkey"="HKCU"
                "command"="\"C:\\Users\\Ronald en Jannie\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPADVISOR]
                "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                "item"="HPADVISOR"
                "hkey"="HKCU"
                "command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\HPAdvisor.exe view=DOCKVIEW"

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMServer]
                "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                "item"="NokiaMServer"
                "hkey"="HKLM"
                "command"="C:\\Program Files (x86)\\Common Files\\Nokia\\MPlatform\\NokiaMServer /watchfiles startup"

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar]
                "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                "item"="Sidebar"
                "hkey"="HKCU"
                "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
                "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                "item"="SunJavaUpdateSched"
                "hkey"="HKLM"
                "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
                "item"="HP Digital Imaging Monitor"
                "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
                "backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
                "backupExtension"=".CommonStartup"
                "command"="C:\\PROGRA~2\\hp\\DIGITA~1\\bin\\hpqtra08.exe"


                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Garmin Core Update Service]


                ==== Task Scheduler Jobs ======================

                C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [17-05-2014 10:19]
                C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24-10-2012 20:57]
                C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24-10-2012 20:57]
                C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3046099074-103043334-1336331520-1000Core.job --a------ C:\Users\Ronald en Jannie\AppData\Local\Google\Update\GoogleUpdate.exe [12-12-2010 22:59]
                C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3046099074-103043334-1336331520-1000UA.job --a------ C:\Users\Ronald en Jannie\AppData\Local\Google\Update\GoogleUpdate.exe [12-12-2010 22:59]
                C:\Windows\tasks\PCDRScheduledMaintenance.job --a------ C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [02-07-2009 13:04]

                ==== Other Scheduled Tasks =====

                "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
                "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
                "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
                "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3046099074-103043334-1336331520-1000Core" [C:\Users\Ronald en Jannie\AppData\Local\Google\Update\GoogleUpdate.exe]
                "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3046099074-103043334-1336331520-1000UA" [C:\Users\Ronald en Jannie\AppData\Local\Google\Update\GoogleUpdate.exe]
                "C:\Windows\SysNative\tasks\PCDRScheduledMaintenance" [C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe]
                "C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-3046099074-103043334-1336331520-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
                "C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-3046099074-103043334-1336331520-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
                "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
                "C:\Windows\SysNative\tasks\SmartDefrag_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe]
                "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{3DF73EB1-740E-48C0-B25C-5BA580AF0D6F}" [C:\Windows\system32\msfeedssync.exe]
                "C:\Windows\SysNative\tasks\{27A50B8D-333B-4318-A4D2-A0129EE102D1}" [D:\Need For Speed Undercover RELOADED\nfs.exe]
                "C:\Windows\SysNative\tasks\{739292AE-6530-4E1E-99ED-901F7563C7C8}" [D:\Need For Speed Undercover RELOADED\nfs.exe]
                "C:\Windows\SysNative\tasks\{AF417292-7066-4450-8F26-8D32A7F4A55A}" [D:\Need For Speed Undercover RELOADED\nfs.exe]
                "C:\Windows\SysNative\tasks\{E79AA8EA-E42A-4215-8A27-0A9E711E2F32}" [D:\Games\MSTS\train.exe]
                "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe]
                "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe]
                "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
                "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
                "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe]

                ==== Firefox Extensions Registry ======================

                [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
                "[email protected]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [05-11-2013 13:08]
                [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
                "[email protected]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [05-11-2013 13:08]

                ==== Firefox Extensions ======================

                ProfilePath: C:\Users\RONALD~1\AppData\Roaming\Thunderbird\Profiles\9y8pv5lu.default
                - British English Dictionary - C:\Users\Ronald en Jannie\AppData\Roaming\Thunderbird\Profiles\9y8pv5lu.default\extensions\[email protected]
                - Deutsches Wrterbuch - %ProfilePath%\extensions\[email protected]
                - British English Dictionary - %ProfilePath%\extensions\[email protected]

                AppDir: C:\Program Files (x86)\Mozilla Firefox
                - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
                - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
                - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
                - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

                ==== Firefox Plugins ======================

                Profilepath: C:\Users\Ronald en Jannie\AppData\Roaming\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124
                A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
                785105A23650755A8F7A72405EB0D923 - C:\Users\Ronald en Jannie\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
                5174E3BE46B2CCCDAF9CEB5B622CEA9B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll - Shockwave for Director / Shockwave for Director


                ==== Chrome Look ===

                Google Wallet - Ronald en Jannie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

                ==== Set IE to Default ==

                Old Values:
                [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

                New Values:
                [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
                "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

                ==== All HKCU SearchScopes ====

                HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
                "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
                {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
                {630BD764-60FB-49D0-B8BD-8DB229E322DF} Kelkoo Url="http://nl.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935"
                {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"
                {F7C974B4-BDB5-4546-9B62-6220AC62DA45} AOL Zoeken Url="http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl"

                ==== Reset IE Proxy ===
                Value(s) before fix:
                "ProxyServer"="http=127.0.0.1:8118;https=127.0.0.1:8118"
                "ProxyEnable"=dword:00000001

                Value(s) after fix:
                "ProxyEnable"=dword:00000000

                ==== HijackThis Entries ====

                O1 - Hosts: 87.195.107.92 fillesdumonde.com
                O1 - Hosts: 87.195.107.92 cosmoeros.com
                O1 - Hosts: 87.195.107.92 fetisch-bizarr-sex.de
                O1 - Hosts: 87.195.107.92 schwanzmaedchen.de
                O1 - Hosts: 87.195.107.92 geheimertip.de
                O1 - Hosts: 87.195.107.92 yanks-allison.com
                O1 - Hosts: 87.195.107.92 boy-oh-boy.net
                O1 - Hosts: 87.195.107.92 yanks-molly.com
                O1 - Hosts: 87.195.107.92 blackmonsters.com
                O1 - Hosts: 87.195.107.92 mistress-tanya.com
                O1 - Hosts: 87.195.107.92 seksdiyari.com
                O1 - Hosts: 87.195.107.92 babesplaza.com
                O1 - Hosts: 87.195.107.92 legclinic.com
                O1 - Hosts: 87.195.107.92 pornodex.com
                O1 - Hosts: 87.195.107.92 prettyboobs.sexcamwebcam.nl
                O1 - Hosts: 87.195.107.92 bidomination.com
                O1 - Hosts: 87.195.107.92 vipbdsm.com
                O1 - Hosts: 87.195.107.92 mradult.nl
                O1 - Hosts: 87.195.107.92 mradult.be
                O1 - Hosts: 87.195.107.92 naughty-kitties.com
                O1 - Hosts: 87.195.107.92 histoiresex.com
                O1 - Hosts: 87.195.107.92 private-bondage.com
                O1 - Hosts: 87.195.107.92 r-art.com
                O1 - Hosts: 87.195.107.92 vialet.nl
                O1 - Hosts: 87.195.107.92 inheaven.nl
                O1 - Hosts: 87.195.107.92 juuldevries.com
                O1 - Hosts: 87.195.107.92 sex-plosive.com
                O1 - Hosts: 87.195.107.92 privewestwal21.nl
                O1 - Hosts: 87.195.107.92 minibike-online.nl
                O1 - Hosts: 87.195.107.92 eroticdanceparty.nl
                O1 - Hosts: 87.195.107.92 lovebirdinternational.com
                O1 - Hosts: 87.195.107.92 herzberlin.de
                O1 - Hosts: 87.195.107.92 sexodebit.net
                O1 - Hosts: 87.195.107.92 filles-vicieuses.com
                O1 - Hosts: 87.195.107.92 dutchgays.com
                O1 - Hosts: 87.195.107.92 sexelaeuten.ch
                O1 - Hosts: 87.195.107.92 goldcoastgirls.com
                O1 - Hosts: 87.195.107.92 blackdream.hu
                O1 - Hosts: 87.195.107.92 borstje.com
                O1 - Hosts: 87.195.107.92 cafe4you.nl
                O1 - Hosts: 87.195.107.92 sexcodes.be
                O1 - Hosts: 87.195.107.92 zatteaap.nl
                O1 - Hosts: 87.195.107.92 key-escort.be
                O1 - Hosts: 87.195.107.92 worldsex.cz
                O1 - Hosts: 87.195.107.92 helemaalnaakt.com
                O1 - Hosts: 87.195.107.92 clubbarbarella.com
                O1 - Hosts: 87.195.107.92 karinshowkleding.nl
                O1 - Hosts: 87.195.107.92 designandphotography.nl
                O1 - Hosts: 87.195.107.92 mail.escort-begleitservice-bordelle.de
                O1 - Hosts: 87.195.107.92 glamourgirlshouston.com
                O1 - Hosts: 87.195.107.92 ateenphonefuck.com
                O1 - Hosts: 87.195.107.92 barebackjack.com
                O1 - Hosts: 87.195.107.92 ina-ac.de
                O1 - Hosts: 87.195.107.92 planet-bdsm.com
                O1 - Hosts: 87.195.107.92 pinup-modelle.de
                O1 - Hosts: 87.195.107.92 car-babes.com
                O1 - Hosts: 87.195.107.92 penisful.com
                O1 - Hosts: 87.195.107.92 sexy2wear.co.uk
                O1 - Hosts: 87.195.107.92 sexy2use.co.uk
                O1 - Hosts: 87.195.107.92 elp.hu
                O1 - Hosts: 87.195.107.92 xmal69.de
                O1 - Hosts: 87.195.107.92 pantyhoseforum.com
                O1 - Hosts: 87.195.107.92 legacyfilm.com
                O1 - Hosts: 87.195.107.92 66.36.230.27
                O1 - Hosts: 87.195.107.92 npb.nl
                O1 - Hosts: 87.195.107.92 privatclub.tv
                O1 - Hosts: 87.195.107.92 tangaundpo.de
                O1 - Hosts: 87.195.107.92 porno-sofort.de
                O1 - Hosts: 87.195.107.92 annuaire-so-sexy.com
                O1 - Hosts: 87.195.107.92 busen-freepics.de
                O1 - Hosts: 87.195.107.92 kylieireland.com
                O1 - Hosts: 87.195.107.92 boundmaidens.com
                O1 - Hosts: 87.195.107.92 escortboys.ch
                O1 - Hosts: 87.195.107.92 bootpassion.com
                O1 - Hosts: 87.195.107.92 savatoons.home.comcast.net
                O1 - Hosts: 87.195.107.92 gothicbound.com
                O1 - Hosts: 87.195.107.92 isolationcell.com
                O1 - Hosts: 87.195.107.92 slavegirlproductions.com
                O1 - Hosts: 87.195.107.92 foot-domination.com
                O1 - Hosts: 87.195.107.92 geile-hentaigirls.de
                O1 - Hosts: 87.195.107.92 erotikdvd.biz
                O1 - Hosts: 87.195.107.92 pornobutler.de
                O1 - Hosts: 87.195.107.92 girlcam-community.de
                O1 - Hosts: 87.195.107.92 adultstop.com
                O1 - Hosts: 87.195.107.92 pumpkinxxx.com
                O1 - Hosts: 87.195.107.92 sexchat4you.de
                O1 - Hosts: 87.195.107.92 straightfraternity.com
                O1 - Hosts: 87.195.107.92 geil-erotik.de
                O1 - Hosts: 87.195.107.92 vegastop10escorts.com
                O1 - Hosts: 87.195.107.92 bettiepage.com
                O1 - Hosts: 87.195.107.92 ohmy.net
                O1 - Hosts: 87.195.107.92 shoperotica.nl
                O1 - Hosts: 87.195.107.92 artnude.net
                O1 - Hosts: 87.195.107.92 buduar.com
                O1 - Hosts: 87.195.107.92 dating.buduar.com
                O1 - Hosts: 87.195.107.92 dominavip.ru
                O1 - Hosts: 87.195.107.92 fetishbdsm.ru
                O1 - Hosts: 87.195.107.92 foto.erohuk.ru
                O1 - Hosts: 87.195.107.92 kissme.spb.ru
                O1 - Hosts: 87.195.107.92 massage-best.ru
                O1 - Hosts: 87.195.107.92 naturism.com.ru
                O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
                O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
                O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
                O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
                O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
                O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
                O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
                O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
                O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
                O4 - HKCU\..\Run: [Google Update] "C:\Users\Ronald en Jannie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
                O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0913b] C:\Users\Ronald en Jannie\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f68b68be0f3d70a451bdb52b4f2db189-c5654c4a675e1b30a1387a634a2be343963d6796 --CMPID 0913b
                O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\Ronald en Jannie\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=f68b68be0f3d70a451bdb52b4f2db189-c5654c4a675e1b30a1387a634a2be343963d6796 /CMPID=1213b
                O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
                O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
                O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
                O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
                O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
                O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
                O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
                O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
                O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
                O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
                O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
                O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
                O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://62.177.146.89/cab/OCXChecker_8120.cab
                O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pu...sh/swflash.cab
                O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
                O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
                O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
                O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
                O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
                O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
                O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
                O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
                O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
                O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
                O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
                O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
                O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
                O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
                O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
                O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
                O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
                O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
                O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
                O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
                O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
                O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
                O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
                O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
                O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
                O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
                O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
                O23 - Service: SystemUpdatekb70007 - Unknown owner - C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
                O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
                O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
                O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
                O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
                O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
                O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
                O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
                O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

                ==== Empty IE Cache ===

                C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                C:\Users\Ronald en Jannie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQXWC47B will be deleted at reboot
                C:\Users\Ronald en Jannie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LYWSWJGT will be deleted at reboot

                ==== Empty FireFox Cache ======================

                C:\Users\Ronald en Jannie\AppData\Local\Mozilla\Firefox\Profiles\qgztltpa.default-1400610004124\Cache emptied successfully

                ==== Empty Chrome Cache ======================

                C:\Users\Ronald en Jannie\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

                ==== Empty All Flash Cache ======================

                Flash Cache Emptied Successfully

                ==== Empty All Java Cache ======================

                Java Cache cleared successfully

                ==== C:\zoek_backup content ======================

                C:\zoek_backup (files=31 folders=11 28149360 bytes)

                ==== Empty Temp Folders ======================

                C:\Users\Default\AppData\Local\Temp emptied successfully
                C:\Users\Default User\AppData\Local\Temp emptied successfully
                C:\Users\Ronald en Jannie\AppData\Local\Temp will be emptied at reboot
                C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
                C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
                C:\Windows\Temp will be emptied at reboot

                ==== After Reboot ======================

                ==== Empty Temp Folders ======================

                C:\Windows\Temp successfully emptied
                C:\Users\RONALD~1\AppData\Local\Temp successfully emptied

                ==== Empty Recycle Bin ======================

                C:\$RECYCLE.BIN successfully emptied

                ==== Deleting Files / Folders ======================

                "C:\Users\Ronald en Jannie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQXWC47B" not found
                "C:\Users\Ronald en Jannie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LYWSWJGT" not found

                ==== EOF on wo 21-05-2014 at 18:25:09,94 ======================

                Comment


                • #9
                  1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
                  2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

                  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
                  • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
                  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
                  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
                    Code:
                    emptyclsid;
                    emptyfolderscheck;
                    firefoxlook; 
                    Chromelook; 
                    CHRdefaults;
                    resethosts;
                    autoclean; 
                    iedefaults; 
                    filesrcm;
                  • Klik nu op de knop "Run script".
                  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
                  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
                  • Post het geopende logje in het volgende bericht als bijlage.

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Dag Juisterr,

                    Ik heb een andere (redelijk drastischer) maatregel genomen.

                    Voor m'n werkzaamheden had ik de pc hard nodig. En er viel niet meer mee te werken. Ontzettend traag, veel popups, snelkoppelingen die ik steeds weer op moest zoeken etc. etc. etc.

                    Ik heb daarom gisteren m'n harde schijf helemaal leeggehaald, en Windows 7 opnieuw geïnstalleerd, vanaf herstelschijven, die ik bij de PC had.

                    De PC draait nu weer fijn. En vlot.

                    In ieder geval, bedankt voor de genomen moeite!

                    Groet,

                    Ronald

                    Comment


                    • #11
                      Ok, we waren er bijna maar prima, dat kan ook.

                      Windows 10 opstarten in Veilige Modus

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X