Mededeling

Collapse
No announcement yet.

Vervelende malware

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Vervelende malware

    Goedemorgen,

    Sinds enkele dagen heb ik last van een vervelend malware-virus in zowel Google Chrome, als Firefox en IE. Hieronder enkele logjes. MBAM leverde geen logje op, omdat er geen kwaadaardige bestanden waren gedetecteerd..

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
    Run by Wouter at 23:40:58 on 2014-05-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3982.1941 [GMT 2:00]
    .
    AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    C:\Program Files\ShrewSoft\VPN Client\iked.exe
    C:\Users\Wouter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
    C:\Program Files (x86)\Samsung\Kies\Kies.exe
    C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390584264&from=ild&uid=SAMSUNGXSSDX830XSeries_S0Z4NEAC905762&q={searchTerms}
    uDefault_Page_URL = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390584264&from=ild&uid=SAMSUNGXSSDX830XSeries_S0Z4NEAC905762&q={searchTerms}
    mDefault_Page_URL = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com
    uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: ASUS Browser Extension x86: {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll
    BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Spotify Web Helper] "C:\Users\Wouter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    uRun: [AdobeBridge] <no file>
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
    StartupFolder: C:\Users\Wouter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Free YouTube Download - C:\Users\Wouter\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - C:\Users\Wouter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: payprint01.ru.nl
    TCP: NameServer = 213.46.228.196 62.179.104.196
    TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED} : DHCPNameServer = 213.46.228.196 62.179.104.196
    TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\0756475627B65627279637 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\24562756E64663D223 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\458657963723030383 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\D2C7023416665602724702841616E647A65602C7D2 : DHCPNameServer = 213.46.228.196 62.179.104.196
    TCP: Interfaces\{E9DAB2B1-0A99-4FBA-AEEC-EF00E572F957} : NameServer = 131.174.117.20
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://www.awesomehp.com/?type=hp&ts=1390584264&from=ild&uid=SAMSUNGXSSDX830XSeries_S0Z4NEAC905762
    x64-mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390584264&from=ild&uid=SAMSUNGXSSDX830XSeries_S0Z4NEAC905762&q={searchTerms}
    x64-mDefault_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390584264&from=ild&uid=SAMSUNGXSSDX830XSeries_S0Z4NEAC905762
    x64-mDefault_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390584264&from=ild&uid=SAMSUNGXSSDX830XSeries_S0Z4NEAC905762&q={searchTerms}
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: ASUS Browser Extension x64: {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Wouter\AppData\Roaming\Mozilla\Firefox\Profiles\w3kfgl7g.default\
    FF - prefs.js: network.proxy.ssl_port - 8118FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: C:\Users\Wouter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-7 16152]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
    R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2013-7-1 24064]
    R2 AntiVirSchedulerService;Avira Planner;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-25 440400]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-25 440400]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-4-13 277120]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 108440]
    R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
    R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
    R2 SystemUpdatekb70007;SystemUpdatekb70007;C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [2014-5-18 18944]
    R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-5-9 1042808]
    R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-5-9 295800]
    R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-5-7 17152]
    R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\drivers\AsusTP.sys [2012-9-11 56704]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-20 331264]
    R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-7 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-7 787736]
    R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2012-10-23 292968]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-23 565352]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-4-16 108800]
    S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2014-4-16 37344]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-12 111616]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-4-16 206080]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2013-7-1 17408]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-23 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
    S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
    .
    =============== Created Last 30 ================
    .
    2014-05-19 18:52:53 -------- d-sh--w- C:\Users\Wouter\AppData\Local\EmieUserList
    2014-05-19 18:52:53 -------- d-sh--w- C:\Users\Wouter\AppData\Local\EmieSiteList
    2014-05-19 06:31:17 -------- d-----w- C:\Program Files\Western Digital
    2014-05-18 17:23:10 -------- d-----w- C:\Windows\Microsoft
    2014-05-18 17:22:51 -------- d-----w- C:\Program Files (x86)\MSR
    2014-05-18 17:22:33 -------- d-----w- C:\Users\Wouter\AppData\Roaming\GetPrivate
    2014-05-18 17:22:27 -------- d-----w- C:\Users\Wouter\AppData\Roaming\Wise
    2014-05-14 11:17:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-14 11:17:39 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-04 11:04:19 -------- d-----w- C:\Users\Wouter\AppData\Local\Microsoft Games
    2014-04-30 05:01:56 -------- d-s---w- C:\Windows\System32\CompatTel
    .
    ==================== Find3M ====================
    .
    2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
    2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-04-15 00:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2014-04-14 18:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
    2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
    2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
    2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
    2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
    2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
    2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
    2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
    2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
    2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
    2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
    2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
    .
    ============= FINISH: 23:41:12,76 ===============

    GMER:
    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-05-20 23:47:10
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SSD_830_Series rev.CXM03B1Q 238,47GB
    Running: zxvxzcmz.exe; Driver: C:\Users\Wouter\AppData\Local\Temp\ufdiqpow.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bf1465 2 bytes [BF, 76]
    .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bf14bb 2 bytes [BF, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bf1465 2 bytes [BF, 76]
    .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bf14bb 2 bytes [BF, 76]
    .text ... * 2
    .text C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe[2588] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076bf1465 2 bytes [BF, 76]
    .text C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe[2588] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076bf14bb 2 bytes [BF, 76]
    .text ... * 2
    .text C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bf1465 2 bytes [BF, 76]
    .text C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bf14bb 2 bytes [BF, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bf1465 2 bytes [BF, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bf14bb 2 bytes [BF, 76]
    .text ... * 2
    ---- Processes - GMER 2.1 ----

    Library C:\Users\Wouter\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe [2588](2014-01-03 03:42:50) 0000000003c00000
    Library c:\users\wouter\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpugwqfh.dll (*** suspicious ***) @ C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe [2588](2014-05-20 21:36:13) 0000000003b00000
    Library C:\Users\Wouter\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe [2588](2013-10-18 23:55:02) 0000000061f40000
    Library C:\Users\Wouter\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe [2588] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 00000000615b0000

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\[email protected] 11203

    ---- EOF - GMER 2.1 ----

  • #2
    Hoi WouterE en welkom op Nucia Security Forum,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



    Stap 1:

    Malware scannen en verwijderen....

    Heb je MBAM reeds op je pc staan, moet je niet downloaden uiteraard.

    Download Malwarebytes Anti-Malware naar je bureaublad .

    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
    Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

    KLIK HIER voor een vergroting! 
    Klik op de foto voor een vergroting...

    Zorg dat er na de installatie een vinkje is geplaatst bij:
    • Update MalwareBytes' Anti-Malware
    • Start MalwareBytes' Anti-Malware
    • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.



    Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga naar het tabblad "Updates" en Update MBAM.
    • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    .
    Indien MBAM vraagt om een herstart, doe dit dan ook.
    Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
    In dat geval post je dus de twee logs. Dus een tweede "snelle scan" log enkel indien de VOLLEDIGE scan "iets" gevonden heeft.

    De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


    Bij problemen!!!

    .___________________________________________________________

    Stap 2:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scan
    • Klik op Clean
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
    Post deze inhoud hier op het Forum.

    Enkel de log na de "clean" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
    Deze word standaard door AdwCleaner terug gezet naar Google.com
    ___________________________________________________________

    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


    ___________________________________________________________

    Stap 4:

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.


    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Malwarebytes Anti-Malware 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2014.05.23.04

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 11.0.9600.17107
      Wouter :: WOUTER-PC [administrator]

      23-5-2014 9:31:55
      mbam-log-2014-05-23 (09-31-55).txt

      Scan type: Volledige scan (C:\|)
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 474681
      Verstreken tijd: 36 minuut/minuten, 37 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerwaarden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerdata gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Mappen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Bestanden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      (einde)

      ----------
      # AdwCleaner v3.210 - Rapport aangemaakt 23/05/2014 op 17:40:21
      # Laatste Update 19/05/2014 door Xplode
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Gebruikersnaam : Wouter - WOUTER-PC
      # Gestart vanuit : C:\Users\Wouter\Downloads\adwcleaner_3.210.exe
      # Optie : Verwijderen

      ***** [ Services ] *****


      ***** [ Bestanden / Mappen ] *****

      Map Verwijderd : C:\ProgramData\Babylon
      Map Verwijderd : C:\ProgramData\WPM
      Map Verwijderd : C:\Program Files (x86)\BabylonToolbar
      Map Verwijderd : C:\Program Files (x86)\jZip
      Map Verwijderd : C:\Program Files (x86)\Mobogenie
      Map Verwijderd : C:\Program Files (x86)\MSR
      Map Verwijderd : C:\Program Files (x86)\Common Files\337
      Map Verwijderd : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
      Map Verwijderd : C:\Users\Wouter\AppData\Local\genienext
      Map Verwijderd : C:\Users\Wouter\AppData\Local\iMesh
      Map Verwijderd : C:\Users\Wouter\AppData\Local\jZip
      Map Verwijderd : C:\Users\Wouter\AppData\Local\Mobogenie
      Map Verwijderd : C:\Users\Wouter\AppData\Local\Temp\Desk365
      Map Verwijderd : C:\Users\Wouter\AppData\Local\Temp\jZip
      Map Verwijderd : C:\Users\Wouter\AppData\LocalLow\BabylonToolbar
      Map Verwijderd : C:\Users\Wouter\AppData\Roaming\Babylon
      Map Verwijderd : C:\Users\Wouter\AppData\Roaming\dvdvideosoftiehelpers
      Map Verwijderd : C:\Users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
      Bestand Verwijderd : C:\Users\Wouter\daemonprocess.txt
      Bestand Verwijderd : C:\Users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
      Bestand Verwijderd : C:\Users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
      Bestand Verwijderd : C:\Windows\System32\Tasks\BrowserProtect
      Bestand Verwijderd : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

      ***** [ Snelkoppelingen ] *****

      Snelkoppeling Gedesinfecteerd : C:\Users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      Snelkoppeling Gedesinfecteerd : C:\Users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
      Snelkoppeling Gedesinfecteerd : C:\Users\Wouter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

      ***** [ Register ] *****

      Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\halffneccaebicfdfajnbfgpglahfgoe
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\secman.DLL
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\escort.escortIEPane
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\jZip.file
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASAPI32
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASMANCS
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASAPI32
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASMANCS
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
      Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
      Sleutel Verwijderd : HKCU\Software\ded9d1bc6de946
      Sleutel Verwijderd : HKLM\SOFTWARE\ded9d1bc6de946
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222182210}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186610}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186610}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
      Sleutel Verwijderd : HKCU\Software\Cr_Installer
      Sleutel Verwijderd : HKCU\Software\installedbrowserextensions
      Sleutel Verwijderd : HKCU\Software\jZip
      Sleutel Verwijderd : HKCU\Software\Softonic
      Sleutel Verwijderd : HKLM\Software\Babylon
      Sleutel Verwijderd : HKLM\Software\DataMngr
      Sleutel Verwijderd : HKLM\Software\Desksvc
      Sleutel Verwijderd : HKLM\Software\hdcode
      Sleutel Verwijderd : HKLM\Software\jZip
      Sleutel Verwijderd : HKLM\Software\supWPM
      Sleutel Verwijderd : HKLM\Software\V9
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

      ***** [ Browsers ] *****

      -\\ Internet Explorer v11.0.9600.17041

      Instelling Hersteld : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
      Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
      Instelling Hersteld : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
      Instelling Hersteld : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
      Instelling Hersteld : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
      Instelling Hersteld : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

      -\\ Mozilla Firefox v29.0.1 (nl)

      [ Bestand : C:\Users\Wouter\AppData\Roaming\Mozilla\Firefox\Profiles\w3kfgl7g.default\prefs.js ]


      -\\ Google Chrome v34.0.1847.137

      [ Bestand : C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\preferences ]

      Verwijderd [Search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F878BEB70D14AA1C&affID=128403&tsp=5188
      Verwijderd [Homepage] : hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=F878BEB70D14AA1C&affID=128403&tsp=5188

      *************************

      AdwCleaner[R0].txt - [12463 octets] - [23/05/2014 17:35:22]
      AdwCleaner[S0].txt - [10980 octets] - [23/05/2014 17:40:21]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11041 octets] ##########

      ---------
      DDS (Ver_2012-11-20.01) - NTFS_AMD64
      Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
      Run by Wouter at 17:44:05 on 2014-05-23
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3982.2243 [GMT 2:00]
      .
      AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
      SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
      SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
      C:\Windows\system32\WLANExt.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
      C:\Windows\System32\spoolsv.exe
      C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
      C:\Windows\system32\taskhost.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\ASUS\P4G\BatteryLife.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
      C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\ShrewSoft\VPN Client\iked.exe
      C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
      C:\Users\Wouter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
      C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
      C:\Program Files (x86)\Samsung\Kies\Kies.exe
      C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
      C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe
      C:\Windows\system32\NOTEPAD.EXE
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
      C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
      C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
      C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
      C:\Program Files (x86)\iTunes\iTunesHelper.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
      C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\System32\svchost.exe -k LocalServicePeerNet
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.google.com
      uSearch Bar = hxxp://www.google.com/ie
      uSearch Page = hxxp://www.google.com
      uDefault_Page_URL = hxxp://www.google.com
      uDefault_Search_URL = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      mSearch Page = hxxp://www.google.com
      mDefault_Page_URL = hxxp://www.google.com
      mDefault_Search_URL = hxxp://www.google.com
      uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      mWinlogon: Userinit = userinit.exe
      BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
      BHO: ASUS Browser Extension x86: {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll
      BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
      uRun: [Spotify Web Helper] "C:\Users\Wouter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
      uRun: [AdobeBridge] <no file>
      mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
      mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
      mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
      mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      mRun: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
      StartupFolder: C:\Users\Wouter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe
      mPolicies-Explorer: NoActiveDesktop = dword:1
      mPolicies-Explorer: NoActiveDesktopChanges = dword:1
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableUIADesktopToggle = dword:0
      IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
      IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
      IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
      IE: Free YouTube Download - C:\Users\Wouter\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
      IE: Free YouTube to MP3 Converter - C:\Users\Wouter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      Trusted Zone: payprint01.ru.nl
      TCP: NameServer = 213.46.228.196 62.179.104.196
      TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED} : DHCPNameServer = 213.46.228.196 62.179.104.196
      TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\0756475627B65627279637 : DHCPNameServer = 192.168.0.1
      TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\24562756E64663D223 : DHCPNameServer = 192.168.0.1
      TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\458657963723030383 : DHCPNameServer = 192.168.0.1
      TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\56465727F616D6 : DHCPNameServer = 131.174.117.20
      TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\D2C7023416665602724702841616E647A65602C7D2 : DHCPNameServer = 213.46.228.196 62.179.104.196
      TCP: Interfaces\{E9DAB2B1-0A99-4FBA-AEEC-EF00E572F957} : NameServer = 131.174.117.20
      Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      SSODL: WebCheck - <orphaned>
      SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
      x64-mStart Page = hxxp://www.google.com
      x64-mSearch Page = hxxp://www.google.com
      x64-mDefault_Page_URL = hxxp://www.google.com
      x64-mDefault_Search_URL = hxxp://www.google.com
      x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
      x64-BHO: ASUS Browser Extension x64: {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll
      x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
      x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
      x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
      x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
      x64-Notify: igfxcui - igfxdev.dll
      x64-SSODL: WebCheck - <orphaned>
      x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\Wouter\AppData\Roaming\Mozilla\Firefox\Profiles\w3kfgl7g.default\
      FF - prefs.js: network.proxy.ssl_port - 8118
      FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
      FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
      FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
      FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
      FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
      FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
      FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
      FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
      FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
      FF - plugin: C:\Users\Wouter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
      FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-7 16152]
      R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
      R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
      R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2013-7-1 24064]
      R2 AntiVirSchedulerService;Avira Planner;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-25 440400]
      R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-25 440400]
      R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
      R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-4-13 277120]
      R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 108440]
      R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
      R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
      R2 SystemUpdatekb70007;SystemUpdatekb70007;C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [2014-5-18 18944]
      R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-5-9 1042808]
      R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-5-9 295800]
      R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-5-7 17152]
      R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\drivers\AsusTP.sys [2012-9-11 56704]
      R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-20 331264]
      R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-7 356120]
      R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-7 787736]
      R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2012-10-23 292968]
      R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-23 565352]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
      S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
      S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-4-16 108800]
      S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2014-4-16 37344]
      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-12 111616]
      S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-4-16 206080]
      S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
      S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
      S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
      S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2013-7-1 17408]
      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-23 1255736]
      S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
      S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
      .
      =============== Created Last 30 ================
      .
      2014-05-23 15:41:53 -------- d-----w- C:\Program Files (x86)\MSR
      2014-05-23 15:35:53 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
      2014-05-23 07:32:40 -------- d-----w- C:\AdwCleaner
      2014-05-19 18:52:53 -------- d-sh--w- C:\Users\Wouter\AppData\Local\EmieUserList
      2014-05-19 18:52:53 -------- d-sh--w- C:\Users\Wouter\AppData\Local\EmieSiteList
      2014-05-19 06:31:17 -------- d-----w- C:\Program Files\Western Digital
      2014-05-18 17:23:10 -------- d-----w- C:\Windows\Microsoft
      2014-05-18 17:22:33 -------- d-----w- C:\Users\Wouter\AppData\Roaming\GetPrivate
      2014-05-18 17:22:27 -------- d-----w- C:\Users\Wouter\AppData\Roaming\Wise
      2014-05-14 11:17:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      2014-05-14 11:17:39 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
      2014-05-04 11:04:19 -------- d-----w- C:\Users\Wouter\AppData\Local\Microsoft Games
      2014-04-30 05:01:56 -------- d-s---w- C:\Windows\System32\CompatTel
      .
      ==================== Find3M ====================
      .
      2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
      2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
      2014-04-15 00:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
      2014-04-14 18:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
      2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
      2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
      2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
      2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
      2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
      2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
      2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
      2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
      2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
      2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
      2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
      2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
      2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
      2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
      2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
      2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
      2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
      2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
      2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
      2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
      2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
      2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
      2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
      2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
      2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
      2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
      2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
      2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
      2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
      2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
      2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
      2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
      2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
      2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
      2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
      2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
      2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
      2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
      2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
      2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
      2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
      2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
      2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
      2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
      2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
      2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
      2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
      2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
      2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
      2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
      2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
      2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
      2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
      2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
      2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
      2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
      .
      ============= FINISH: 17:44:31,35 ===============

      De SecurityCheck heb ik helaas niet kunnen uitvoeren, omdat beide links een 'Connect failed'-melding geven: Your request for http://screen317.spywareinfoforum.org/SecurityCheck.exe could not be fulfilled, because the connection to screen317.spywareinfoforum.org could not be established.

      Comment


      • #4
        Bij mij werkt de link wel. Probeer nogmaals aub.

        Heb jijzelf deze proxy ingestelt: uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Helaas werkt de link nog steeds niet: ik krijg dezelfde foutmelding. En nee, ik heb niet zelf die proxy ingesteld.

          Comment


          • #6
            Doe eens deze stappen met RIES om je IE settings te herstellen.

            Herinitializeer je Firefox volgens deze instructies.


            Download of Update Ccleaner

            Start CCleaner op.
            • Run Ccleaner en klik in de linkse kolom op Opties
            • Selecteer het tabblad Geavanceerd
            • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
            • Selecteer het tabblad Instellingen
            • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
            • Klik in de linkse kolom op Cleaner.
            • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
            • Klik vervolgens in de linkse kolom op Register
            • Klik op Scan naar problemen.
            • Op de vraag of je een backup wil maken van het register, klik je "Ja".
            • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK



            Zet je beveiligingssoftware tijdelijk uit.

            Download Security Check.zip (hier als bijlage meegegeven) naar je bureaublad.
            Unzip (uitpakken) het en rechtsklik op Security Check.exe, selecteer Als admin uitvoeren.
            Post de log.
            Bijgevoegde Bestanden
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              Gelukt

              Results of screen317's Security Check version 0.99.83
              Windows 7 Service Pack 1 x64 (UAC is enabled)
              Internet Explorer 11
              ``````````````Antivirus/Firewall Check:``````````````
              Avira Desktop
              Antivirus up to date! (On Access scanning disabled!)
              `````````Anti-malware/Other Utilities Check:`````````
              Java 7 Update 55
              Adobe Reader XI
              Mozilla Firefox (29.0.1)
              Google Chrome 34.0.1847.137
              Google Chrome 35.0.1916.114
              ````````Process Check: objlist.exe by Laurent````````
              Avira Antivir avgnt.exe
              Avira Antivir avguard.exe
              `````````````````System Health check`````````````````
              Total Fragmentation on Drive C: 10%
              ````````````````````End of Log``````````````````````

              Comment


              • #8
                Mooi zo

                Download Combofix naar je bureaublad.
                (Dus niet naar een download map of temp map)

                Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

                Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                Als Combofix vraagt om een update, dan staat je dit toe.

                Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                Deze kan je vinden als C:\combofix.txt.

                Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                • Illegal operation attempted on a registry key that has been marked for deletion.
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  ComboFix 14-05-19.01 - Wouter 25-05-2014 13:51:39.1.4 - x64
                  Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3982.2580 [GMT 2:00]
                  Gestart vanuit: c:\users\Wouter\Desktop\ComboFix.exe
                  AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
                  SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
                  SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                  .
                  .
                  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  c:\windows\IsUn0413.exe
                  c:\windows\MICROSOFT
                  c:\windows\MICROSOFT\SystemUpdatekb70007\Installer.dll
                  c:\windows\MICROSOFT\SystemUpdatekb70007\InstallerLibrary.dll
                  c:\windows\MICROSOFT\SystemUpdatekb70007\Newtonsoft.Json.dll
                  c:\windows\MICROSOFT\SystemUpdatekb70007\SQLite.Interop.dll
                  c:\windows\MICROSOFT\SystemUpdatekb70007\System.Data.SQLite.dll
                  c:\windows\MICROSOFT\SystemUpdatekb70007\win32.reg
                  c:\windows\MICROSOFT\SystemUpdatekb70007\WindowsUpdater.exe
                  c:\windows\msvcr71.dll
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  -------\Service_SystemUpdatekb70007
                  -------\Service_SystemUpdatekb70007
                  .
                  .
                  (((((((((((((((((((( Bestanden Gemaakt van 2014-04-25 to 2014-05-25 ))))))))))))))))))))))))))))))
                  .
                  .
                  2014-05-24 15:30 . 2014-05-24 15:30 -------- d-----w- c:\program files\CCleaner
                  2014-05-23 15:41 . 2014-05-23 15:41 -------- d-----w- c:\program files (x86)\MSR
                  2014-05-23 15:35 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
                  2014-05-23 07:32 . 2014-05-23 15:40 -------- d-----w- C:\AdwCleaner
                  2014-05-19 18:52 . 2014-05-19 18:52 -------- d-sh--w- c:\users\Wouter\AppData\Local\EmieUserList
                  2014-05-19 18:52 . 2014-05-19 18:52 -------- d-sh--w- c:\users\Wouter\AppData\Local\EmieSiteList
                  2014-05-19 06:31 . 2014-05-19 06:31 -------- d-----w- c:\program files\Western Digital
                  2014-05-18 17:22 . 2014-05-18 17:22 -------- d-----w- c:\users\Wouter\AppData\Roaming\GetPrivate
                  2014-05-18 17:22 . 2014-05-18 17:22 -------- d-----w- c:\users\Wouter\AppData\Roaming\Wise
                  2014-05-14 11:17 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
                  2014-05-14 11:17 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
                  2014-05-14 11:17 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
                  2014-05-14 11:17 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
                  2014-05-04 11:04 . 2014-05-04 11:13 -------- d-----w- c:\users\Wouter\AppData\Local\Microsoft Games
                  2014-04-30 05:01 . 2014-05-14 15:05 -------- d-s---w- c:\windows\system32\CompatTel
                  .
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2014-05-14 11:15 . 2012-10-23 17:26 93223848 ----a-w- c:\windows\system32\MRT.exe
                  2014-04-15 00:34 . 2014-04-15 00:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
                  2014-04-14 18:13 . 2014-02-09 16:44 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
                  2014-03-06 09:31 . 2014-04-12 19:39 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
                  2014-03-06 08:59 . 2014-04-12 19:39 66048 ----a-w- c:\windows\system32\iesetup.dll
                  2014-03-06 08:57 . 2014-04-12 19:39 548352 ----a-w- c:\windows\system32\vbscript.dll
                  2014-03-06 08:57 . 2014-04-12 19:39 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
                  2014-03-06 08:53 . 2014-04-12 19:39 2767360 ----a-w- c:\windows\system32\iertutil.dll
                  2014-03-06 08:40 . 2014-04-12 19:39 51200 ----a-w- c:\windows\system32\jsproxy.dll
                  2014-03-06 08:39 . 2014-04-12 19:39 33792 ----a-w- c:\windows\system32\iernonce.dll
                  2014-03-06 08:32 . 2014-04-12 19:39 574976 ----a-w- c:\windows\system32\ieui.dll
                  2014-03-06 08:29 . 2014-04-12 19:39 139264 ----a-w- c:\windows\system32\ieUnatt.exe
                  2014-03-06 08:29 . 2014-04-12 19:39 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
                  2014-03-06 08:28 . 2014-04-12 19:39 752640 ----a-w- c:\windows\system32\jscript9diag.dll
                  2014-03-06 08:15 . 2014-04-12 19:39 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
                  2014-03-06 08:11 . 2014-04-12 19:39 5784064 ----a-w- c:\windows\system32\jscript9.dll
                  2014-03-06 08:09 . 2014-04-12 19:39 453120 ----a-w- c:\windows\system32\dxtmsft.dll
                  2014-03-06 08:03 . 2014-04-12 19:39 586240 ----a-w- c:\windows\system32\ie4uinit.exe
                  2014-03-06 08:02 . 2014-04-12 19:39 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
                  2014-03-06 08:02 . 2014-04-12 19:39 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
                  2014-03-06 08:01 . 2014-04-12 19:39 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
                  2014-03-06 07:56 . 2014-04-12 19:39 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
                  2014-03-06 07:48 . 2014-04-12 19:39 195584 ----a-w- c:\windows\system32\msrating.dll
                  2014-03-06 07:46 . 2014-04-12 19:39 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
                  2014-03-06 07:42 . 2014-04-12 19:39 296960 ----a-w- c:\windows\system32\dxtrans.dll
                  2014-03-06 07:38 . 2014-04-12 19:39 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
                  2014-03-06 07:36 . 2014-04-12 19:39 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
                  2014-03-06 07:21 . 2014-04-12 19:39 628736 ----a-w- c:\windows\system32\msfeeds.dll
                  2014-03-06 07:13 . 2014-04-12 19:39 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
                  2014-03-06 07:11 . 2014-04-12 19:39 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
                  2014-03-06 06:53 . 2014-04-12 19:39 13551104 ----a-w- c:\windows\system32\ieframe.dll
                  2014-03-06 06:40 . 2014-04-12 19:39 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
                  2014-03-06 06:22 . 2014-04-12 19:39 2260480 ----a-w- c:\windows\system32\wininet.dll
                  2014-03-06 05:58 . 2014-04-12 19:39 1400832 ----a-w- c:\windows\system32\urlmon.dll
                  2014-03-06 05:50 . 2014-04-12 19:39 846336 ----a-w- c:\windows\system32\ieapfltr.dll
                  2014-03-06 05:41 . 2014-04-12 19:39 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
                  2014-03-04 09:44 . 2014-04-09 07:05 362496 ----a-w- c:\windows\system32\wow64win.dll
                  2014-03-04 09:44 . 2014-04-09 07:05 243712 ----a-w- c:\windows\system32\wow64.dll
                  2014-03-04 09:44 . 2014-04-09 07:05 13312 ----a-w- c:\windows\system32\wow64cpu.dll
                  2014-03-04 09:44 . 2014-04-09 07:05 16384 ----a-w- c:\windows\system32\ntvdm64.dll
                  2014-03-04 09:44 . 2014-04-09 07:05 1163264 ----a-w- c:\windows\system32\kernel32.dll
                  2014-03-04 09:17 . 2014-04-09 07:05 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
                  2014-03-04 09:17 . 2014-04-09 07:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
                  2014-03-04 09:16 . 2014-04-09 07:05 25600 ----a-w- c:\windows\SysWow64\setup16.exe
                  2014-03-04 09:16 . 2014-04-09 07:05 5120 ----a-w- c:\windows\SysWow64\wow32.dll
                  2014-03-04 08:09 . 2014-04-09 07:05 7680 ----a-w- c:\windows\SysWow64\instnm.exe
                  2014-03-04 08:09 . 2014-04-09 07:05 2048 ----a-w- c:\windows\SysWow64\user.exe
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                  REGEDIT4
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
                  @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 131248 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
                  @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 131248 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
                  @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 131248 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                  .
                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "Spotify Web Helper"="c:\users\Wouter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-05-16 1176632]
                  "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
                  "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-02-14 1564992]
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                  "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-03-14 689744]
                  "WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2014-05-09 5562736]
                  "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
                  "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
                  "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
                  "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
                  "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
                  "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
                  "DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
                  .
                  c:\users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                  Dropbox.lnk - c:\users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                  "ConsentPromptBehaviorAdmin"= 5 (0x5)
                  "ConsentPromptBehaviorUser"= 3 (0x3)
                  "EnableUIADesktopToggle"= 0 (0x0)
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
                  "Userinit"="userinit.exe"
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                  "LoadAppInit_DLLs"=1 (0x1)
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
                  "aux"=wdmaud.drv
                  .
                  R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                  R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
                  R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
                  R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                  R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
                  R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
                  R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                  R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
                  R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
                  R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]
                  R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                  R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
                  R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
                  S0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
                  S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
                  S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
                  S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]
                  S2 AntiVirSchedulerService;Avira Planner;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
                  S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
                  S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
                  S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe;c:\program files\ShrewSoft\VPN Client\iked.exe [x]
                  S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x]
                  S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                  S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
                  S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
                  S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
                  S3 ATP;ASUS PS/2 Port Input Device;c:\windows\system32\DRIVERS\AsusTP.sys;c:\windows\SYSNATIVE\DRIVERS\AsusTP.sys [x]
                  S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
                  S3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
                  S3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
                  S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
                  S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
                  .
                  .
                  --- Andere Services/Drivers In Geheugen ---
                  .
                  *NewlyCreated* - WS2IFSL
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                  2014-05-24 08:16 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
                  .
                  Inhoud van de 'Gedeelde Taken' map
                  .
                  2014-05-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1409675537-703518401-962605179-1000Core.job
                  - c:\users\Wouter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-27 17:35]
                  .
                  2014-05-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1409675537-703518401-962605179-1000UA.job
                  - c:\users\Wouter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-27 17:35]
                  .
                  2014-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-23 16:59]
                  .
                  2014-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-23 16:59]
                  .
                  .
                  --------- X64 Entries -----------
                  .
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
                  @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 164016 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
                  @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 164016 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
                  @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 164016 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
                  @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                  2013-09-10 23:54 164016 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveBlacklistedOverlay]
                  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
                  [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
                  2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedEditOverlay]
                  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedOverlay]
                  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                  [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
                  2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedEditOverlay]
                  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedOverlay]
                  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                  [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
                  2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedViewOverlay]
                  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
                  [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
                  2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncedOverlay]
                  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
                  [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
                  2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncingOverlay]
                  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
                  [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
                  2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
                  .
                  ------- Bijkomende Scan -------
                  .
                  uLocal Page = c:\windows\system32\blank.htm
                  mDefault_Search_URL = hxxp://www.google.com
                  mDefault_Page_URL = hxxp://www.google.com
                  mStart Page = hxxp://www.google.com
                  mLocal Page = c:\windows\SysWOW64\blank.htm
                  mSearch Page = hxxp://www.google.com
                  uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
                  uSearchAssistant = hxxp://www.google.com/ie
                  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                  Trusted Zone: payprint01.ru.nl
                  TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
                  TCP: Interfaces\{E9DAB2B1-0A99-4FBA-AEEC-EF00E572F957}: NameServer = 131.174.117.20
                  FF - ProfilePath - c:\users\Wouter\AppData\Roaming\Mozilla\Firefox\Profiles\w3kfgl7g.default\
                  FF - prefs.js: network.proxy.http - 127.0.0.1
                  FF - prefs.js: network.proxy.http_port - 8118
                  FF - prefs.js: network.proxy.ssl - 127.0.0.1
                  FF - prefs.js: network.proxy.ssl_port - 8118
                  FF - prefs.js: network.proxy.type - 1
                  .
                  - - - - ORPHANS VERWIJDERD - - - -
                  .
                  Wow6432Node-HKCU-Run-AdobeBridge - (no file)
                  HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
                  .
                  .
                  .
                  --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
                  @="?????????????????? v1"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
                  @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
                  @="?????????????????? v2"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
                  @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
                  @Denied: (A) (Everyone)
                  "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
                  @Denied: (A) (Everyone)
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
                  "Key"="ActionsPane3"
                  "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
                  @Denied: (A) (Users)
                  @Denied: (A) (Everyone)
                  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                  "BlindDial"=dword:00000000
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
                  @Denied: (Full) (Everyone)
                  .
                  ------------------------ Andere Aktieve Processen ------------------------
                  .
                  c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
                  c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
                  c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
                  c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
                  c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                  c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
                  c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
                  c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
                  c:\users\Wouter\AppData\Roaming\GetPrivate\gp_upd.exe
                  c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
                  c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                  .
                  **************************************************************************
                  .
                  Voltooingstijd: 2014-05-25 13:56:41 - machine werd herstart
                  ComboFix-quarantined-files.txt 2014-05-25 11:56
                  .
                  Pre-Run: 55.652.999.168 bytes beschikbaar
                  Post-Run: 55.041.802.240 bytes beschikbaar
                  .
                  - - End Of File - - F1EB3087BCEBC4931D95F8EDC80A0E0C
                  A36C5E4F47E84449FF07ED3517B43A31


                  --------------

                  DDS (Ver_2012-11-20.01) - NTFS_AMD64
                  Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
                  Run by Wouter at 13:59:03 on 2014-05-25
                  Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3982.2197 [GMT 2:00]
                  .
                  AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
                  SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
                  SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                  .
                  ============== Running Processes ===============
                  .
                  C:\Windows\system32\lsm.exe
                  C:\Windows\system32\svchost.exe -k DcomLaunch
                  C:\Windows\system32\svchost.exe -k RPCSS
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                  C:\Windows\system32\svchost.exe -k LocalService
                  C:\Windows\system32\svchost.exe -k netsvcs
                  C:\Windows\system32\svchost.exe -k NetworkService
                  C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
                  C:\Windows\system32\WLANExt.exe
                  C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
                  C:\Windows\System32\spoolsv.exe
                  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
                  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                  C:\Windows\system32\taskhost.exe
                  C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
                  C:\Windows\system32\Dwm.exe
                  C:\Windows\system32\taskeng.exe
                  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
                  C:\Windows\system32\taskeng.exe
                  C:\Program Files\ASUS\P4G\BatteryLife.exe
                  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                  C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
                  C:\Windows\system32\taskeng.exe
                  C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
                  C:\Program Files\Bonjour\mDNSResponder.exe
                  C:\Program Files\ShrewSoft\VPN Client\iked.exe
                  C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
                  C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
                  C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
                  C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
                  C:\Windows\system32\svchost.exe -k imgsvc
                  C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
                  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                  C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
                  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                  C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
                  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                  C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                  C:\Windows\system32\wbem\wmiprvse.exe
                  C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                  C:\Windows\system32\SearchIndexer.exe
                  C:\Windows\system32\SearchProtocolHost.exe
                  C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                  C:\Windows\explorer.exe
                  C:\Program Files\Windows Media Player\wmpnetwk.exe
                  C:\Windows\system32\sppsvc.exe
                  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  C:\Windows\system32\wbem\wmiprvse.exe
                  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                  C:\Windows\system32\SearchFilterHost.exe
                  \\?\C:\Windows\system32\wbem\WMIADAP.EXE
                  C:\Windows\System32\cscript.exe
                  .
                  ============== Pseudo HJT Report ===============
                  .
                  mStart Page = hxxp://www.google.com
                  mSearch Page = hxxp://www.google.com
                  mDefault_Page_URL = hxxp://www.google.com
                  mDefault_Search_URL = hxxp://www.google.com
                  uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
                  uSearchAssistant = hxxp://www.google.com/ie
                  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                  mWinlogon: Userinit = userinit.exe
                  uRun: [Spotify Web Helper] "C:\Users\Wouter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
                  uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
                  uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
                  mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
                  mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
                  mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
                  mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
                  mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                  mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                  mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
                  mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                  mRun: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
                  StartupFolder: C:\Users\Wouter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe
                  uPolicies-Explorer: NoDrives = dword:0
                  mPolicies-Explorer: NoDrives = dword:0
                  mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                  mPolicies-System: ConsentPromptBehaviorUser = dword:3
                  mPolicies-System: EnableUIADesktopToggle = dword:0
                  IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
                  IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                  Trusted Zone: payprint01.ru.nl
                  TCP: NameServer = 213.46.228.196 62.179.104.196
                  TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED} : DHCPNameServer = 213.46.228.196 62.179.104.196
                  TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\0756475627B65627279637 : DHCPNameServer = 192.168.0.1
                  TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\24562756E64663D223 : DHCPNameServer = 192.168.0.1
                  TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\458657963723030383 : DHCPNameServer = 192.168.0.1
                  TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\56465727F616D6 : DHCPNameServer = 131.174.117.20
                  TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\D2C7023416665602724702841616E647A65602C7D2 : DHCPNameServer = 213.46.228.196 62.179.104.196
                  TCP: Interfaces\{E9DAB2B1-0A99-4FBA-AEEC-EF00E572F957} : NameServer = 131.174.117.20
                  Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                  Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                  Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                  SSODL: WebCheck - <orphaned>
                  SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
                  mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                  x64-mStart Page = hxxp://www.google.com
                  x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
                  x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
                  x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                  x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                  x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                  x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                  x64-Notify: igfxcui - igfxdev.dll
                  x64-SSODL: WebCheck - <orphaned>
                  x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
                  .
                  ================= FIREFOX ===================
                  .
                  FF - ProfilePath - C:\Users\Wouter\AppData\Roaming\Mozilla\Firefox\Profiles\w3kfgl7g.default\
                  FF - prefs.js: network.proxy.http - 127.0.0.1
                  FF - prefs.js: network.proxy.http_port - 8118
                  FF - prefs.js: network.proxy.ssl - 127.0.0.1
                  FF - prefs.js: network.proxy.ssl_port - 8118
                  FF - prefs.js: network.proxy.type - 1
                  FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
                  FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
                  FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
                  FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
                  FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
                  FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
                  FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
                  FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
                  FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
                  FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
                  FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
                  FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
                  FF - plugin: C:\Users\Wouter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
                  FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll
                  .
                  ============= SERVICES / DRIVERS ===============
                  .
                  R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-7 16152]
                  R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
                  R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
                  R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2013-7-1 24064]
                  R2 AntiVirSchedulerService;Avira Planner;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-25 440400]
                  R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-25 440400]
                  R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
                  R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-4-13 277120]
                  R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 108440]
                  R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
                  R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
                  R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-5-9 1042808]
                  R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-5-9 295800]
                  R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-5-7 17152]
                  R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\drivers\AsusTP.sys [2012-9-11 56704]
                  R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-20 331264]
                  R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-7 356120]
                  R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-7 787736]
                  R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2012-10-23 292968]
                  R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-23 565352]
                  S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                  S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                  S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
                  S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-4-16 108800]
                  S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2014-4-16 37344]
                  S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-12 111616]
                  S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-4-16 206080]
                  S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
                  S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
                  S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
                  S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
                  S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2013-7-1 17408]
                  S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-23 1255736]
                  S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
                  S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
                  .
                  =============== Created Last 30 ================
                  .
                  2014-05-25 11:55:25 -------- d-sh--w- C:\$RECYCLE.BIN
                  2014-05-25 11:45:38 98816 ----a-w- C:\Windows\sed.exe
                  2014-05-25 11:45:38 256000 ----a-w- C:\Windows\PEV.exe
                  2014-05-25 11:45:38 208896 ----a-w- C:\Windows\MBR.exe
                  2014-05-24 15:30:58 -------- d-----w- C:\Program Files\CCleaner
                  2014-05-23 15:41:53 -------- d-----w- C:\Program Files (x86)\MSR
                  2014-05-23 15:35:53 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
                  2014-05-23 07:32:40 -------- d-----w- C:\AdwCleaner
                  2014-05-19 18:52:53 -------- d-sh--w- C:\Users\Wouter\AppData\Local\EmieUserList
                  2014-05-19 18:52:53 -------- d-sh--w- C:\Users\Wouter\AppData\Local\EmieSiteList
                  2014-05-19 06:31:17 -------- d-----w- C:\Program Files\Western Digital
                  2014-05-18 17:22:33 -------- d-----w- C:\Users\Wouter\AppData\Roaming\GetPrivate
                  2014-05-18 17:22:27 -------- d-----w- C:\Users\Wouter\AppData\Roaming\Wise
                  2014-05-14 11:17:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                  2014-05-14 11:17:39 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                  2014-05-04 11:04:19 -------- d-----w- C:\Users\Wouter\AppData\Local\Microsoft Games
                  2014-04-30 05:01:56 -------- d-s---w- C:\Windows\System32\CompatTel
                  .
                  ==================== Find3M ====================
                  .
                  2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
                  2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
                  2014-04-15 00:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
                  2014-04-14 18:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                  2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
                  2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
                  2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
                  2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
                  2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
                  2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
                  2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
                  2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
                  2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
                  2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                  2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
                  2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
                  2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                  2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                  2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                  2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
                  2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
                  2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
                  2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                  2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
                  2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                  2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
                  2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
                  2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                  2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                  2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
                  2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
                  2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                  2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
                  2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
                  2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
                  2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
                  2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
                  2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
                  2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
                  2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
                  2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
                  2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
                  2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
                  2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
                  2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
                  2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
                  2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
                  2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
                  2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
                  2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
                  2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
                  2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
                  2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
                  2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
                  2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
                  2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
                  2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
                  2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
                  2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
                  2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
                  2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
                  .
                  ============= FINISH: 13:59:10,94 ===============

                  Comment


                  • #10
                    Schakel je beveiligingssoftware uit.

                    Note: Dit script is speciaal bedoeld voor deze PC,
                    gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.


                    Open een kladblokbestand.
                    Kopieer het onderstaande en plak dit in het kladblokbestand.
                    Sla het kladblokbestand op als CFScript.txt
                    Code:
                    KillAll::
                    ClearJavaCache::
                    Firefox::
                    FF - ProfilePath - c:\users\Wouter\AppData\Roaming\Mozilla\Firefox\Profiles\w3kfgl7g.default\
                    FF - prefs.js: network.proxy.http - 127.0.0.1
                    FF - prefs.js: network.proxy.http_port - 8118
                    FF - prefs.js: network.proxy.ssl - 127.0.0.1
                    FF - prefs.js: network.proxy.ssl_port - 8118
                    FF - prefs.js: network.proxy.type - 1
                    DDS::
                    uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
                    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe



                    ComboFix zal opnieuw starten.
                    Als Combofix vraagt om een update, dan staat je dit toe.

                    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

                    Maak een nieuwe DDS log en post deze ook.
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      ComboFix 14-05-19.01 - Wouter 25-05-2014 22:10:33.2.4 - x64
                      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3982.2698 [GMT 2:00]
                      Gestart vanuit: c:\users\Wouter\Desktop\ComboFix.exe
                      gebruikte Opdracht switches :: c:\users\Wouter\Desktop\CFScript.txt
                      AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
                      SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
                      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                      .
                      .
                      (((((((((((((((((((( Bestanden Gemaakt van 2014-04-25 to 2014-05-25 ))))))))))))))))))))))))))))))
                      .
                      .
                      2014-05-25 20:16 . 2014-05-25 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
                      2014-05-25 15:28 . 2014-05-19 23:26 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{756478D7-3C34-4437-94F8-B0BD48B8308A}\mpengine.dll
                      2014-05-24 15:30 . 2014-05-24 15:30 -------- d-----w- c:\program files\CCleaner
                      2014-05-23 15:41 . 2014-05-23 15:41 -------- d-----w- c:\program files (x86)\MSR
                      2014-05-23 15:35 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
                      2014-05-23 07:32 . 2014-05-23 15:40 -------- d-----w- C:\AdwCleaner
                      2014-05-19 18:52 . 2014-05-19 18:52 -------- d-sh--w- c:\users\Wouter\AppData\Local\EmieUserList
                      2014-05-19 18:52 . 2014-05-19 18:52 -------- d-sh--w- c:\users\Wouter\AppData\Local\EmieSiteList
                      2014-05-19 06:31 . 2014-05-19 06:31 -------- d-----w- c:\program files\Western Digital
                      2014-05-18 17:22 . 2014-05-18 17:22 -------- d-----w- c:\users\Wouter\AppData\Roaming\GetPrivate
                      2014-05-18 17:22 . 2014-05-18 17:22 -------- d-----w- c:\users\Wouter\AppData\Roaming\Wise
                      2014-05-14 11:17 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
                      2014-05-14 11:17 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
                      2014-05-14 11:17 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
                      2014-05-14 11:17 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
                      2014-05-04 11:04 . 2014-05-04 11:13 -------- d-----w- c:\users\Wouter\AppData\Local\Microsoft Games
                      2014-04-30 05:01 . 2014-05-14 15:05 -------- d-s---w- c:\windows\system32\CompatTel
                      .
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2014-05-14 11:15 . 2012-10-23 17:26 93223848 ----a-w- c:\windows\system32\MRT.exe
                      2014-04-15 00:34 . 2014-04-15 00:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
                      2014-04-14 18:13 . 2014-02-09 16:44 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
                      2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
                      2014-03-06 09:31 . 2014-04-12 19:39 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
                      2014-03-06 08:59 . 2014-04-12 19:39 66048 ----a-w- c:\windows\system32\iesetup.dll
                      2014-03-06 08:57 . 2014-04-12 19:39 548352 ----a-w- c:\windows\system32\vbscript.dll
                      2014-03-06 08:57 . 2014-04-12 19:39 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
                      2014-03-06 08:53 . 2014-04-12 19:39 2767360 ----a-w- c:\windows\system32\iertutil.dll
                      2014-03-06 08:40 . 2014-04-12 19:39 51200 ----a-w- c:\windows\system32\jsproxy.dll
                      2014-03-06 08:39 . 2014-04-12 19:39 33792 ----a-w- c:\windows\system32\iernonce.dll
                      2014-03-06 08:32 . 2014-04-12 19:39 574976 ----a-w- c:\windows\system32\ieui.dll
                      2014-03-06 08:29 . 2014-04-12 19:39 139264 ----a-w- c:\windows\system32\ieUnatt.exe
                      2014-03-06 08:29 . 2014-04-12 19:39 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
                      2014-03-06 08:28 . 2014-04-12 19:39 752640 ----a-w- c:\windows\system32\jscript9diag.dll
                      2014-03-06 08:15 . 2014-04-12 19:39 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
                      2014-03-06 08:11 . 2014-04-12 19:39 5784064 ----a-w- c:\windows\system32\jscript9.dll
                      2014-03-06 08:09 . 2014-04-12 19:39 453120 ----a-w- c:\windows\system32\dxtmsft.dll
                      2014-03-06 08:03 . 2014-04-12 19:39 586240 ----a-w- c:\windows\system32\ie4uinit.exe
                      2014-03-06 08:02 . 2014-04-12 19:39 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
                      2014-03-06 08:02 . 2014-04-12 19:39 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
                      2014-03-06 08:01 . 2014-04-12 19:39 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
                      2014-03-06 07:56 . 2014-04-12 19:39 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
                      2014-03-06 07:48 . 2014-04-12 19:39 195584 ----a-w- c:\windows\system32\msrating.dll
                      2014-03-06 07:46 . 2014-04-12 19:39 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
                      2014-03-06 07:42 . 2014-04-12 19:39 296960 ----a-w- c:\windows\system32\dxtrans.dll
                      2014-03-06 07:38 . 2014-04-12 19:39 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
                      2014-03-06 07:36 . 2014-04-12 19:39 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
                      2014-03-06 07:21 . 2014-04-12 19:39 628736 ----a-w- c:\windows\system32\msfeeds.dll
                      2014-03-06 07:13 . 2014-04-12 19:39 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
                      2014-03-06 07:11 . 2014-04-12 19:39 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
                      2014-03-06 06:53 . 2014-04-12 19:39 13551104 ----a-w- c:\windows\system32\ieframe.dll
                      2014-03-06 06:40 . 2014-04-12 19:39 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
                      2014-03-06 06:22 . 2014-04-12 19:39 2260480 ----a-w- c:\windows\system32\wininet.dll
                      2014-03-06 05:58 . 2014-04-12 19:39 1400832 ----a-w- c:\windows\system32\urlmon.dll
                      2014-03-06 05:50 . 2014-04-12 19:39 846336 ----a-w- c:\windows\system32\ieapfltr.dll
                      2014-03-06 05:41 . 2014-04-12 19:39 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
                      2014-03-04 09:44 . 2014-04-09 07:05 362496 ----a-w- c:\windows\system32\wow64win.dll
                      2014-03-04 09:44 . 2014-04-09 07:05 243712 ----a-w- c:\windows\system32\wow64.dll
                      2014-03-04 09:44 . 2014-04-09 07:05 13312 ----a-w- c:\windows\system32\wow64cpu.dll
                      2014-03-04 09:44 . 2014-04-09 07:05 16384 ----a-w- c:\windows\system32\ntvdm64.dll
                      2014-03-04 09:44 . 2014-04-09 07:05 1163264 ----a-w- c:\windows\system32\kernel32.dll
                      2014-03-04 09:17 . 2014-04-09 07:05 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
                      2014-03-04 09:17 . 2014-04-09 07:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
                      2014-03-04 09:16 . 2014-04-09 07:05 25600 ----a-w- c:\windows\SysWow64\setup16.exe
                      2014-03-04 09:16 . 2014-04-09 07:05 5120 ----a-w- c:\windows\SysWow64\wow32.dll
                      2014-03-04 08:09 . 2014-04-09 07:05 7680 ----a-w- c:\windows\SysWow64\instnm.exe
                      2014-03-04 08:09 . 2014-04-09 07:05 2048 ----a-w- c:\windows\SysWow64\user.exe
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                      REGEDIT4
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
                      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                      2013-09-10 23:54 131248 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
                      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                      2013-09-10 23:54 131248 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
                      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                      2013-09-10 23:54 131248 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                      .
                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "Spotify Web Helper"="c:\users\Wouter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-05-16 1176632]
                      "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
                      "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-02-14 1564992]
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                      "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-03-14 689744]
                      "WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2014-05-09 5562736]
                      "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
                      "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
                      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
                      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
                      "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
                      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
                      "DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
                      .
                      c:\users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                      Dropbox.lnk - c:\users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                      "ConsentPromptBehaviorAdmin"= 5 (0x5)
                      "ConsentPromptBehaviorUser"= 3 (0x3)
                      "EnableUIADesktopToggle"= 0 (0x0)
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                      "LoadAppInit_DLLs"=1 (0x1)
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
                      "aux"=wdmaud.drv
                      .
                      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                      R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
                      R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
                      R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                      R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
                      R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
                      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
                      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
                      R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]
                      R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                      R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
                      R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
                      S0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
                      S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
                      S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
                      S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]
                      S2 AntiVirSchedulerService;Avira Planner;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
                      S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
                      S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
                      S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe;c:\program files\ShrewSoft\VPN Client\iked.exe [x]
                      S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x]
                      S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                      S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
                      S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
                      S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
                      S3 ATP;ASUS PS/2 Port Input Device;c:\windows\system32\DRIVERS\AsusTP.sys;c:\windows\SYSNATIVE\DRIVERS\AsusTP.sys [x]
                      S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
                      S3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
                      S3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
                      S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
                      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
                      .
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                      2014-05-24 08:16 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
                      .
                      Inhoud van de 'Gedeelde Taken' map
                      .
                      2014-05-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1409675537-703518401-962605179-1000Core.job
                      - c:\users\Wouter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-27 17:35]
                      .
                      2014-05-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1409675537-703518401-962605179-1000UA.job
                      - c:\users\Wouter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-27 17:35]
                      .
                      2014-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-23 16:59]
                      .
                      2014-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-23 16:59]
                      .
                      .
                      --------- X64 Entries -----------
                      .
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
                      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                      2013-09-10 23:54 164016 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
                      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                      2013-09-10 23:54 164016 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
                      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                      2013-09-10 23:54 164016 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
                      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                      2013-09-10 23:54 164016 ----a-w- c:\users\Wouter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveBlacklistedOverlay]
                      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
                      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
                      2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedEditOverlay]
                      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedOverlay]
                      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
                      2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedEditOverlay]
                      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedOverlay]
                      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
                      2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedViewOverlay]
                      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
                      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
                      2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncedOverlay]
                      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
                      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
                      2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncingOverlay]
                      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
                      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
                      2014-04-25 08:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
                      .
                      ------- Bijkomende Scan -------
                      .
                      uLocal Page = c:\windows\system32\blank.htm
                      mDefault_Search_URL = hxxp://www.google.com
                      mDefault_Page_URL = hxxp://www.google.com
                      mStart Page = hxxp://www.google.com
                      mLocal Page = c:\windows\SysWOW64\blank.htm
                      mSearch Page = hxxp://www.google.com
                      uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
                      uSearchAssistant = hxxp://www.google.com/ie
                      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                      Trusted Zone: payprint01.ru.nl
                      TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
                      TCP: Interfaces\{E9DAB2B1-0A99-4FBA-AEEC-EF00E572F957}: NameServer = 131.174.117.20
                      FF - ProfilePath - c:\users\Wouter\AppData\Roaming\Mozilla\Firefox\Profiles\w3kfgl7g.default\
                      .
                      .
                      --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
                      @="?????????????????? v1"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
                      @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
                      @="?????????????????? v2"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
                      @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
                      @Denied: (A) (Everyone)
                      "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
                      @Denied: (A) (Everyone)
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
                      "Key"="ActionsPane3"
                      "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
                      @Denied: (A) (Users)
                      @Denied: (A) (Everyone)
                      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                      "BlindDial"=dword:00000000
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
                      @Denied: (Full) (Everyone)
                      .
                      ------------------------ Andere Aktieve Processen ------------------------
                      .
                      c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
                      c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
                      c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
                      c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
                      c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                      c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
                      c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
                      c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
                      c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
                      c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                      .
                      **************************************************************************
                      .
                      Voltooingstijd: 2014-05-25 22:20:41 - machine werd herstart
                      ComboFix-quarantined-files.txt 2014-05-25 20:20
                      ComboFix2.txt 2014-05-25 11:56
                      .
                      Pre-Run: 52.974.641.152 bytes beschikbaar
                      Post-Run: 52.539.904.000 bytes beschikbaar
                      .
                      - - End Of File - - DCE8F1676F0BA6D9D4A132E65C9F676D
                      A36C5E4F47E84449FF07ED3517B43A31



                      ---------
                      DDS (Ver_2012-11-20.01) - NTFS_AMD64
                      Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
                      Run by Wouter at 22:22:06 on 2014-05-25
                      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3982.1928 [GMT 2:00]
                      .
                      AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
                      SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
                      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                      .
                      ============== Running Processes ===============
                      .
                      C:\Windows\system32\lsm.exe
                      C:\Windows\system32\svchost.exe -k DcomLaunch
                      C:\Windows\system32\svchost.exe -k RPCSS
                      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                      C:\Windows\system32\svchost.exe -k LocalService
                      C:\Windows\system32\svchost.exe -k netsvcs
                      C:\Windows\system32\svchost.exe -k NetworkService
                      C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
                      C:\Windows\system32\WLANExt.exe
                      C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
                      C:\Windows\System32\spoolsv.exe
                      C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
                      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                      C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
                      C:\Windows\system32\taskeng.exe
                      C:\Windows\system32\Dwm.exe
                      C:\Program Files\ASUS\P4G\BatteryLife.exe
                      C:\Windows\system32\taskhost.exe
                      C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
                      C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                      C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
                      C:\Windows\system32\taskeng.exe
                      C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
                      C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
                      C:\Program Files\Bonjour\mDNSResponder.exe
                      C:\Program Files\ShrewSoft\VPN Client\iked.exe
                      C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
                      C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
                      C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
                      C:\Windows\system32\svchost.exe -k imgsvc
                      C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
                      C:\Windows\System32\svchost.exe -k secsvcs
                      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                      C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
                      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                      C:\Windows\system32\wbem\wmiprvse.exe
                      C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
                      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                      C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                      C:\Windows\System32\rundll32.exe
                      C:\Windows\system32\SearchIndexer.exe
                      C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                      C:\Windows\system32\sppsvc.exe
                      C:\Program Files\Windows Media Player\wmpnetwk.exe
                      C:\Windows\system32\wbem\wmiprvse.exe
                      C:\Windows\servicing\TrustedInstaller.exe
                      C:\Windows\system32\notepad.exe
                      C:\Windows\explorer.exe
                      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      C:\Windows\System32\cscript.exe
                      .
                      ============== Pseudo HJT Report ===============
                      .
                      mStart Page = hxxp://www.google.com
                      mSearch Page = hxxp://www.google.com
                      mDefault_Page_URL = hxxp://www.google.com
                      mDefault_Search_URL = hxxp://www.google.com
                      uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
                      uSearchAssistant = hxxp://www.google.com/ie
                      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                      uRun: [Spotify Web Helper] "C:\Users\Wouter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
                      uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
                      uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
                      mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
                      mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
                      mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
                      mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
                      mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                      mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                      mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
                      mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                      mRun: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
                      StartupFolder: C:\Users\Wouter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Wouter\AppData\Roaming\Dropbox\bin\Dropbox.exe
                      uPolicies-Explorer: NoDrives = dword:0
                      mPolicies-Explorer: NoDrives = dword:0
                      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                      mPolicies-System: ConsentPromptBehaviorUser = dword:3
                      mPolicies-System: EnableUIADesktopToggle = dword:0
                      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
                      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                      Trusted Zone: payprint01.ru.nl
                      TCP: NameServer = 213.46.228.196 62.179.104.196
                      TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED} : DHCPNameServer = 213.46.228.196 62.179.104.196
                      TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\0756475627B65627279637 : DHCPNameServer = 192.168.0.1
                      TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\24562756E64663D223 : DHCPNameServer = 192.168.0.1
                      TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\458657963723030383 : DHCPNameServer = 192.168.0.1
                      TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\56465727F616D6 : DHCPNameServer = 131.174.117.20
                      TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\C696E6B6379737 : DHCPNameServer = 62.179.104.196 213.46.228.196
                      TCP: Interfaces\{8BE4E6D2-5460-4AAF-B61C-15204C4030ED}\D2C7023416665602724702841616E647A65602C7D2 : DHCPNameServer = 213.46.228.196 62.179.104.196
                      TCP: Interfaces\{E9DAB2B1-0A99-4FBA-AEEC-EF00E572F957} : NameServer = 131.174.117.20
                      Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                      SSODL: WebCheck - <orphaned>
                      SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
                      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                      x64-mStart Page = hxxp://www.google.com
                      x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
                      x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
                      x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                      x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                      x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                      x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                      x64-Notify: igfxcui - igfxdev.dll
                      x64-SSODL: WebCheck - <orphaned>
                      x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
                      .
                      ================= FIREFOX ===================
                      .
                      FF - ProfilePath - C:\Users\Wouter\AppData\Roaming\Mozilla\Firefox\Profiles\w3kfgl7g.default\
                      FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
                      FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
                      FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
                      FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
                      FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
                      FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
                      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
                      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
                      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
                      FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
                      FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
                      FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
                      FF - plugin: C:\Users\Wouter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
                      FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll
                      .
                      ============= SERVICES / DRIVERS ===============
                      .
                      R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-7 16152]
                      R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
                      R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
                      R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2013-7-1 24064]
                      R2 AntiVirSchedulerService;Avira Planner;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-25 440400]
                      R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-25 440400]
                      R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
                      R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-4-13 277120]
                      R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 108440]
                      R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
                      R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
                      R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-5-9 1042808]
                      R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-5-9 295800]
                      R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-5-7 17152]
                      R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\drivers\AsusTP.sys [2012-9-11 56704]
                      R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-20 331264]
                      R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-7 356120]
                      R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-7 787736]
                      R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2012-10-23 292968]
                      R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-23 565352]
                      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                      S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
                      S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-4-16 108800]
                      S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2014-4-16 37344]
                      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-12 111616]
                      S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-4-16 206080]
                      S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
                      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
                      S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
                      S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
                      S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2013-7-1 17408]
                      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-23 1255736]
                      S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
                      S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
                      .
                      =============== Created Last 30 ================
                      .
                      2014-05-25 20:17:45 -------- d-sh--w- C:\$RECYCLE.BIN
                      2014-05-25 15:28:46 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
                      2014-05-25 15:28:42 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{756478D7-3C34-4437-94F8-B0BD48B8308A}\mpengine.dll
                      2014-05-25 11:45:38 98816 ----a-w- C:\Windows\sed.exe
                      2014-05-25 11:45:38 256000 ----a-w- C:\Windows\PEV.exe
                      2014-05-25 11:45:38 208896 ----a-w- C:\Windows\MBR.exe
                      2014-05-24 15:30:58 -------- d-----w- C:\Program Files\CCleaner
                      2014-05-23 15:41:53 -------- d-----w- C:\Program Files (x86)\MSR
                      2014-05-23 15:35:53 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
                      2014-05-23 07:32:40 -------- d-----w- C:\AdwCleaner
                      2014-05-19 18:52:53 -------- d-sh--w- C:\Users\Wouter\AppData\Local\EmieUserList
                      2014-05-19 18:52:53 -------- d-sh--w- C:\Users\Wouter\AppData\Local\EmieSiteList
                      2014-05-19 06:31:17 -------- d-----w- C:\Program Files\Western Digital
                      2014-05-18 17:22:33 -------- d-----w- C:\Users\Wouter\AppData\Roaming\GetPrivate
                      2014-05-18 17:22:27 -------- d-----w- C:\Users\Wouter\AppData\Roaming\Wise
                      2014-05-14 11:17:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                      2014-05-14 11:17:39 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                      2014-05-04 11:04:19 -------- d-----w- C:\Users\Wouter\AppData\Local\Microsoft Games
                      2014-04-30 05:01:56 -------- d-s---w- C:\Windows\System32\CompatTel
                      .
                      ==================== Find3M ====================
                      .
                      2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
                      2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
                      2014-04-15 00:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
                      2014-04-14 18:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                      2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
                      2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
                      2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
                      2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
                      2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
                      2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
                      2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
                      2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
                      2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
                      2014-03-31 07:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
                      2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                      2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
                      2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
                      2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                      2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                      2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                      2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
                      2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
                      2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
                      2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                      2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
                      2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                      2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
                      2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
                      2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                      2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                      2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
                      2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
                      2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                      2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
                      2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
                      2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
                      2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
                      2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
                      2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
                      2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
                      2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
                      2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
                      2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
                      2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
                      2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
                      2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
                      2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
                      2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
                      2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
                      2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
                      2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
                      2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
                      2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
                      2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
                      2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
                      2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
                      2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
                      2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
                      2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
                      2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
                      2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
                      2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
                      .
                      ============= FINISH: 22:22:25,85 ===============

                      Comment


                      • #12
                        Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                        ComboFix /Uninstall

                        Zorg ervoor dat er dus een spatie is tussen Combofix en /
                        Daarna klik je op Enter.


                        Klik op de afbeelding om te vergroten....


                        Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw,
                        verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen
                        en reset je Systeemherstel opnieuw.




                        Download of Update Ccleaner

                        Start CCleaner op.
                        • Run Ccleaner en klik in de linkse kolom op Opties
                        • Selecteer het tabblad Geavanceerd
                        • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                        • Selecteer het tabblad Instellingen
                        • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                        • Klik in de linkse kolom op Cleaner.
                        • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                        • Klik vervolgens in de linkse kolom op Register
                        • Klik op Scan naar problemen.
                        • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                        • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                        .


                        Download Windows Repair (All in One) en installeer het.

                        http://www.majorgeeks.com/files/deta...ws_repair.html

                        Start het op en gan naar het tabblad "Start Repairs"
                        Klik vervolgens achtereen op "Start" en "Nee"
                        Je gaat nu een venster zien met nummers(1-37)
                        Klik op "Unselect All"

                        Nu selecteer je de volgende nummers: 01-02-03-07-09-15

                        Vink (rechtsonder) "restart/shutdown system when finnished" aan.
                        Selecteer: "Restart System"
                        Klik op "Start".
                        (Sluit wel alle nog openstaande vensters, inclusief je browser, behalve Windows Repair uiteraard)

                        Laat het tool zijn werk doen.
                        Na een herstart kan/zal er een log verschijnen, die mag je posten.

                        Emphyrio
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Ook dit is helemaal gelukt! Er is geen log verschenen, en Chrome start niet meer op (?), dus zit nu in Firefox.

                          Comment


                          • #14
                            Dat Chrome niet meer opstart, is niet te wijten aan het voorgesteld advies.
                            Reset je Chrome volgens deze handleiding.

                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              Oorspronkelijk geplaatst door Emphyrio Bekijk Berichten
                              Dat Chrome niet meer opstart, is niet te wijten aan het voorgesteld advies.
                              Reset je Chrome volgens deze handleiding.

                              Excuus, nu ik mijn comment van vanmiddag teruglees, klinkt het erg bot. Zo was het niet bedoeld . Daarnaast heb ik het idee dat ik geen last meer heb van de vervelende malware. Is er nog iets wat ik moet/kan doen?

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X