Mededeling

Collapse
No announcement yet.

last van malware

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • last van malware

    beste,

    deze pc heeft wat malware problemen, start pagina van ie en chrome werden steeds aangepast en er stond software op die continu vroeg om de pc te scannen met allerlei reclame links en dergelijke,

    inmiddels de pc met behulp van mbam en sybot weer redelijk werkend gekregen, graag nog even een professioneel oog er overheen om er zeker van te zijn dat alles eraf is.

    alvast bedankt!

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 22-5-2014
    Scantijd: 19:23:28
    Logbestand: mbam.txt
    Beheerder: Ja

    Versie: 2.00.2.1012
    Malwaredatabase: v2014.05.22.07
    Rootkitdatabase: v2014.05.21.01
    Licentie: Proef
    Malwarebescherming: Ingeschakeld
    Kwaadaardige Website Bescherming: Ingeschakeld
    Self-protection: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: x

    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten Gescand: 261164
    Verstreken Tijd: 7 m, 9 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Heuristics: Ingeschakeld
    POP: Waarschuwen
    POA: Ingeschakeld

    Processen: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registersleutels: 4
    PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, In Quarantaine, [244ba2b2611a2d091014e57ec33f758b],
    PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\TypeLib\{03119103-0854-469D-807A-171568457991}, In Quarantaine, [adc234205c1f1d1925ffa3c0c04230d0],
    PUP.Optional.SavingsSideKick.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhdepfaagokllfmhfbcfmocaeigmoebo, In Quarantaine, [a2cdd183b4c70b2bd1a1becae02216ea],
    PUP.Optional.DealPly.A, HKU\S-1-5-21-3252252553-2964258157-315588943-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, In Quarantaine, [620dd282abd06acc6c08a7e015edc937],

    Registerwaardes: 0
    (No malicious items detected)

    Registerdata: 0
    (No malicious items detected)

    Mappen: 0
    (No malicious items detected)

    Bestanden: 2
    PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantaine, [3a356aeab0cb1f17c176f0ad26dcdd23],
    PUP.Optional.ASK.A, C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Preferences, Goed: (), Slecht: ( "startup_urls": [ "http://www.search.ask.com/?tpid=ORJ-V7C&o=APN11412&pf=V7&trgb=CR&p2=Vervangen,[541ba9ab2655d660c694542da064936d]EBBKVervangen,[541ba9ab2655d660c694542da064936d]EOSJ000Vervangen,[541ba9ab2655d660c694542da064936d]EYYVervangen,[541ba9ab2655d660c694542da064936d]ENL&gct=hp&apn_ptnrs=BBK&apn_dtid=Vervangen,[541ba9ab2655d660c694542da064936d]EOSJ000Vervangen,[541ba9ab2655d660c694542da064936d]EYYVervangen,[541ba9ab2655d660c694542da064936d]ENL&apn_dbr=cr_34.0.1847.116&apn_uid=6A301B2F-4FFB-4498-AC73-15F99C574913&itbv=12.10.6.48&doi=2014-04-25&psv=" ],), Vervangen,[541ba9ab2655d660c694542da064936d]

    Fysieke Sectoren: 0
    (No malicious items detected)


    (end)




    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
    Run by x at 22:10:59 on 2014-05-22
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4003.2079 [GMT 2:00]
    .
    AV: PC Veilig 9.12 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    SP: PC Veilig 9.12 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    FW: PC Veilig 9.12 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXE
    C:\Program Files (x86)\PC Veilig\Anti-Virus\FSGK32.EXE
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\PC Veilig\Common\FSHDLL32.EXE
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\PC Veilig\Common\FSHDLL64.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe
    C:\Program Files (x86)\PC Veilig\FWES\Program\fsdfwd.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\PC Veilig\Anti-Virus\fssm32.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files (x86)\PC Veilig\Anti-Virus\fsav32.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\PC Veilig\Spam Control\fsscoepl_x64.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.startpagina.nl/
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [F-Secure Manager] "C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE" /splash
    mRun: [F-Secure TNB] "C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    mRun: [KPN Assistent] C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe /auto
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: C:\Program Files (x86)\PC Veilig\FSPS\program\FSLSP.DLL
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{15D8CCAC-E309-43C1-AF77-C733EB0F02B9} : DHCPNameServer = 192.168.2.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2012-6-24 56016]
    R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\PC Veilig\HIPS\drivers\fshs.sys [2012-6-24 59784]
    R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2012-6-24 94024]
    R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\PC Veilig\Anti-Virus\minifilter\fsvista.sys [2012-6-24 16768]
    R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe [2012-6-24 221608]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-22 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-22 860472]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-3-27 1128952]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-3-10 3921880]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-3-10 1042272]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-3-10 171416]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-27 2656536]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\PC Veilig\Anti-Virus\minifilter\fsgk.sys [2012-6-24 202176]
    R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe [2012-6-24 60352]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-27 169584]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-10 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-22 122584]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-22 63704]
    S1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2012-6-24 50384]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-12-17 227904]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-30 111616]
    S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-3-27 158976]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-26 1255736]
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\PC Veilig\Anti-Virus\win2k\fsfilter.sys [2012-6-24 41640]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\PC Veilig\Anti-Virus\win2k\fsrec.sys [2012-6-24 27048]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2014-05-22 16:45:49 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A4492F20-2D82-4A59-9AAE-9CCBAE267BEA}\mpengine.dll
    2014-05-22 16:41:58 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-05-22 16:41:31 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-05-22 16:41:31 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-05-22 16:41:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-21 17:18:54 -------- d-----w- C:\Users\x\AppData\Local\{29944725-1E08-48E7-AC6C-B574A2A39C90}
    2014-05-20 14:51:47 -------- d-----w- C:\Users\x\AppData\Local\{AB187034-BE98-40D5-9CF2-42F82FAA4372}
    2014-05-19 09:16:33 -------- d-----w- C:\Users\x\AppData\Local\{89D09BFA-E9F9-4D62-B1DB-94DCDABFA31A}
    2014-05-18 09:40:36 -------- d-----w- C:\Users\x\AppData\Local\{E34858FC-7A3D-4E50-B60D-BA7EB650B219}
    2014-05-16 20:45:56 -------- d-----w- C:\Users\x\AppData\Local\{0180BE1A-8303-42FB-9DA9-0242F163F232}
    2014-05-16 05:29:11 -------- d-----w- C:\Users\x\AppData\Local\{DCD991C8-9F53-4043-AE88-265A483EEEAA}
    2014-05-15 21:58:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-15 21:58:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-14 19:50:20 477184 ----a-w- C:\Windows\System32\aepdu.dll
    2014-05-14 19:50:19 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-05-14 19:45:03 -------- d-----w- C:\Users\x\AppData\Local\{9F88FC32-6B3A-4D8A-BCC4-C597213FF842}
    2014-05-13 21:08:56 -------- d-----w- C:\Users\x\AppData\Local\{D4DB6814-2A84-49CC-8A89-374B9E0B6B42}
    2014-05-12 17:37:41 -------- d-----w- C:\Users\x\AppData\Local\{B403FDE4-07B3-4DF4-AD70-B31A5562622D}
    2014-05-12 05:24:34 -------- d-----w- C:\Users\x\AppData\Local\{E7E7C451-AE69-45F5-B2B7-D5FCDCD13203}
    2014-05-11 09:51:45 -------- d-----w- C:\Users\x\AppData\Local\{02FA4EA5-2090-4F4A-B49B-D2067904B34A}
    2014-05-09 05:00:12 -------- d-----w- C:\Users\x\AppData\Local\{838F8210-F986-43FA-A321-3CF8DD8966E1}
    2014-05-08 14:19:28 -------- d-----w- C:\Users\x\AppData\Local\{15A91E69-7189-4C72-B57D-5D99D33E7D23}
    2014-05-07 19:37:40 -------- d-----w- C:\Users\x\AppData\Local\{20595264-D978-46D1-BFEE-C6B988D0F6E5}
    2014-05-06 22:19:25 -------- d-s---w- C:\Windows\System32\CompatTel
    2014-05-06 21:21:00 -------- d-----w- C:\Users\x\AppData\Local\{4AC88B50-640D-4023-B510-C86447A7567C}
    2014-05-05 09:00:38 -------- d-----w- C:\Users\x\AppData\Local\{1DB8B59A-E6A7-47AE-9AC8-575701D1D898}
    2014-05-04 17:48:13 -------- d-----w- C:\Users\x\AppData\Local\{70DE8A74-06FE-4E27-9232-F7A6584BFBBC}
    2014-05-04 16:24:06 -------- d-----w- C:\Users\x\AppData\Local\{94F55C32-F701-4EB7-B427-02199E8B0D78}
    2014-05-02 13:27:26 -------- d-----w- C:\Users\x\AppData\Local\{C4D84219-8126-4762-BEA9-587FD441A3DD}
    2014-04-30 21:42:49 -------- d-----w- C:\Users\x\AppData\Local\{0ECE69FD-F8A6-40AD-9EB4-ACD741B737CA}
    2014-04-30 15:33:29 -------- d-sh--w- C:\Users\x\AppData\Local\EmieUserList
    2014-04-30 15:33:29 -------- d-sh--w- C:\Users\x\AppData\Local\EmieSiteList
    2014-04-29 17:49:14 -------- d-----w- C:\Users\x\AppData\Local\{2BD2812F-5186-41BD-9C77-292BF606ADC6}
    2014-04-28 22:06:00 -------- d-----w- C:\Users\x\AppData\Local\{A8F99A07-0162-4844-B4CB-10D41B3A6C43}
    2014-04-28 07:50:01 -------- d-----w- C:\Users\x\AppData\Local\{8A3E1AB3-9BEF-4C24-84A5-A5F87EB7B686}
    2014-04-27 19:04:48 -------- d-----w- C:\Users\x\AppData\Local\{3F80B384-887E-4AAC-8A97-F7B42E03CDBD}
    2014-04-26 17:09:53 -------- d-----w- C:\Users\x\AppData\Local\{EA8716FB-31D3-4312-83B5-BA8C35038490}
    2014-04-25 07:00:10 -------- d-----w- C:\ProgramData\APN
    2014-04-25 06:57:56 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-04-24 15:20:12 -------- d-----w- C:\Users\x\AppData\Local\{FDACFDBE-9B1E-4E78-B2BD-16FCF2779075}
    2014-04-23 17:48:02 -------- d-----w- C:\Users\x\AppData\Local\{5DA2EB24-1EE4-44CB-96DA-15AC7E490AD6}
    .
    ==================== Find3M ====================
    .
    2014-05-14 20:31:31 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-05-14 20:31:31 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-05-12 05:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
    2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
    2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-03-31 20:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
    2014-03-31 20:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2014-03-31 07:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
    2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
    2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
    2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
    2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
    2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
    2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
    2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
    2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
    2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
    .
    ============= FINISH: 22:12:02,56 ===============

  • #2
    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-05-22 22:30:00
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000DM rev.HP13 931,51GB
    Running: iszh3h6j.exe; Driver: C:\Users\x\AppData\Local\Temp\fxldipoc.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002dbb000 63 bytes [00, 00, 00, 00, 00, 00, 00, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80002dbb040 1 byte [01]

    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 0000000100201018
    .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 0000000100200018
    .text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 0000000100202018
    .text C:\Windows\system32\lsass.exe[704] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefd1855c8 5 bytes JMP 000007ff7ee13018
    .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 0000000100291018
    .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 0000000100290018
    .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 0000000100292018
    .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 00000001001a1018
    .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 00000001001a0018
    .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 00000001001a2018
    .text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 0000000101071018
    .text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 0000000101070018
    .text C:\Windows\System32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 0000000101072018
    .text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 0000000100d61018
    .text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 0000000100d60018
    .text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 0000000100d62018
    .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 0000000100161018
    .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 0000000100160018
    .text C:\Windows\system32\svchost.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 0000000100162018
    .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 0000000101231018
    .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 0000000101230018
    .text C:\Windows\system32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 0000000101232018
    .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 0000000101341018
    .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 0000000101340018
    .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 0000000101342018
    .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 0000000100bd1018
    .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 0000000100bd0018
    .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 0000000100bd2018
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1228] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 00000001001f100c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1228] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 00000001001f000c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1228] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 00000001001f200c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1228] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 00000001001f300c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1228] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 00000001001f400c
    .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 000000010097100c
    .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 000000010097000c
    .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1292] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 000000010097200c
    .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1292] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 000000010097300c
    .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1292] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 000000010097400c
    .text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 0000000100471018
    .text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 0000000100470018
    .text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 0000000100472018
    .text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1416] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefee0642c 5 bytes JMP 000007ff7ee11018
    .text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1416] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefee06484 5 bytes JMP 000007ff7ee10018
    .text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1416] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefee06518 5 bytes JMP 000007ff7ee12018
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1624] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 000000010026100c
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1624] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 000000010026000c
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1624] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 000000010026200c
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1624] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 000000010026300c
    .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1624] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 000000010026400c
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 000000010125100c
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 000000010125000c
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1660] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 000000010125200c
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1660] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 000000010125300c
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1660] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 000000010125400c
    .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 0000000102301018
    .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 0000000102300018
    .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 0000000102302018
    .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0b8ef0 5 bytes JMP 000007ff7d0c0018
    .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd0bc450 5 bytes JMP 000007ff7d0c1018
    .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefee0642c 5 bytes JMP 000007ff7ee11018
    .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefee06484 5 bytes JMP 000007ff7ee10018
    .text C:\Windows\system32\taskhost.exe[1984] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefee06518 5 bytes JMP 000007ff7ee12018
    .text C:\Program Files (x86)\PDF Complete\pdfsvc.exe[1580] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 0000000101ef100c
    .text C:\Program Files (x86)\PDF Complete\pdfsvc.exe[1580] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 0000000101ef000c
    .text C:\Program Files (x86)\PDF Complete\pdfsvc.exe[1580] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 0000000101ef200c
    .text C:\Program Files (x86)\PDF Complete\pdfsvc.exe[1580] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 0000000101ef300c
    .text C:\Program Files (x86)\PDF Complete\pdfsvc.exe[1580] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 0000000101ef400c
    .text C:\Windows\system32\Dwm.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 00000001001d1018
    .text C:\Windows\system32\Dwm.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 00000001001d0018
    .text C:\Windows\system32\Dwm.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 00000001001d2018
    .text C:\Windows\system32\Dwm.exe[2112] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0b8ef0 5 bytes JMP 000007ff7d0c0018
    .text C:\Windows\system32\Dwm.exe[2112] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd0bc450 5 bytes JMP 000007ff7d0c1018
    .text C:\Windows\system32\Dwm.exe[2112] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefee0642c 5 bytes JMP 000007ff7ee11018
    .text C:\Windows\system32\Dwm.exe[2112] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefee06484 5 bytes JMP 000007ff7ee10018
    .text C:\Windows\system32\Dwm.exe[2112] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefee06518 5 bytes JMP 000007ff7ee12018
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 000000010446100c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 000000010446000c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 000000010446200c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2148] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 000000010446300c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2148] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 000000010446400c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2148] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076c39d4e 5 bytes JMP 000000010446a00c
    .text C:\Windows\Explorer.EXE[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 0000000100261018
    .text C:\Windows\Explorer.EXE[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 0000000100260018
    .text C:\Windows\Explorer.EXE[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 0000000100262018
    .text C:\Windows\Explorer.EXE[2172] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0b8ef0 5 bytes JMP 000007ff7d0c0018
    .text C:\Windows\Explorer.EXE[2172] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd0bc450 5 bytes JMP 000007ff7d0c1018
    .text C:\Windows\Explorer.EXE[2172] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefee0642c 5 bytes JMP 000007ff7ee11018
    .text C:\Windows\Explorer.EXE[2172] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefee06484 5 bytes JMP 000007ff7ee10018
    .text C:\Windows\Explorer.EXE[2172] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefee06518 5 bytes JMP 000007ff7ee12018
    .text C:\Windows\Explorer.EXE[2172] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefebfde90 5 bytes JMP 000007ff7ee15018
    .text C:\Windows\Explorer.EXE[2172] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007ff7ee14018
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 0000000100e8100c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 0000000100e8000c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2916] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 0000000100e8200c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2916] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 0000000100e8300c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2916] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 0000000100e8400c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 0000000100aa100c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 0000000100aa000c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[1952] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 0000000100aa200c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[1952] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 0000000100aa300c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[1952] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 0000000100aa400c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[1952] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 00000000750ec9ec 5 bytes JMP 0000000100aa600c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[1952] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000750f361c 5 bytes JMP 0000000100aa800c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[1952] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000751070c4 5 bytes JMP 0000000100aa900c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[1952] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000751070dc 5 bytes JMP 0000000100aa700c
    .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[1952] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076c39d4e 5 bytes JMP 0000000100aaa00c
    .text C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE[4056] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 00000001002f100c
    .text C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE[4056] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 00000001002f000c
    .text C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE[4056] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 00000001002f200c
    .text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 00000001001d100c
    .text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 00000001001d000c
    .text C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 00000001001d200c
    .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 000000010024100c
    .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 000000010024000c
    .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 000000010024200c
    .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[1852] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 000000010024300c
    .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[1852] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 000000010024400c
    .text C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 00000001003f100c
    .text C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 00000001003f000c
    .text C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 00000001003f200c
    .text C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe[2200] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 00000001003f300c
    .text C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe[2200] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 00000001003f400c
    .text C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe[2200] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 00000001003f500c
    .text C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe[2200] C:\Windows\syswow64\USER32.dll!DdeConnect 0000000074ffeb7f 5 bytes JMP 00000001003fb00c
    .text C:\Windows\system32\wbem\wmiprvse.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 00000001001a1018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 00000001001a0018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 00000001001a2018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4692] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0b8ef0 5 bytes JMP 000007ff7d0c0018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4692] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd0bc450 5 bytes JMP 000007ff7d0c1018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4692] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefd1855c8 5 bytes JMP 000007ff7ee13018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4692] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefee0642c 5 bytes JMP 000007ff7ee11018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4692] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefee06484 5 bytes JMP 000007ff7ee10018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4692] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefee06518 5 bytes JMP 000007ff7ee12018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4692] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefebfde90 5 bytes JMP 000007ff7ee15018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4692] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007ff7ee14018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4780] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0b8ef0 5 bytes JMP 000007ff7d0c0018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4780] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd0bc450 5 bytes JMP 000007ff7d0c1018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4780] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefebfde90 5 bytes JMP 000007ff7ee15018
    .text C:\Windows\system32\wbem\wmiprvse.exe[4780] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007ff7ee14018
    .text C:\Windows\system32\wuauclt.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 00000001000e1018
    .text C:\Windows\system32\wuauclt.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 00000001000e0018
    .text C:\Windows\system32\wuauclt.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 00000001000e2018
    .text C:\Windows\system32\wuauclt.exe[5084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0b8ef0 5 bytes JMP 000007ff7d0c0018
    .text C:\Windows\system32\wuauclt.exe[5084] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd0bc450 5 bytes JMP 000007ff7d0c1018
    .text C:\Windows\system32\wuauclt.exe[5084] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefebfde90 5 bytes JMP 000007ff7ee15018
    .text C:\Windows\system32\wuauclt.exe[5084] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007ff7ee14018
    .text C:\Windows\system32\wuauclt.exe[5084] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefee0642c 5 bytes JMP 000007ff7ee11018
    .text C:\Windows\system32\wuauclt.exe[5084] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefee06484 5 bytes JMP 000007ff7ee10018
    .text C:\Windows\system32\wuauclt.exe[5084] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefee06518 5 bytes JMP 000007ff7ee12018
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5984] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 00000001001b100c
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5984] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 00000001001b000c
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5984] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 00000001001b200c
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5984] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 00000001001b300c
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5984] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 00000001001b400c
    ? C:\Windows\system32\mssprxy.dll [5984] entry point in ".rdata" section 00000000713e71e6
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[5128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077121465 2 bytes [12, 77]
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[5128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771214bb 2 bytes [12, 77]
    .text ... * 2
    .text C:\Program Files\Internet Explorer\iexplore.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 0000000100101018
    .text C:\Program Files\Internet Explorer\iexplore.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 0000000100100018
    .text C:\Program Files\Internet Explorer\iexplore.exe[6280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 0000000100102018
    .text C:\Program Files\Internet Explorer\iexplore.exe[6280] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0b8ef0 5 bytes JMP 000007ff7d0c0018
    .text C:\Program Files\Internet Explorer\iexplore.exe[6280] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd0bc450 5 bytes JMP 000007ff7d0c1018
    .text C:\Program Files\Internet Explorer\iexplore.exe[6280] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefee0642c 5 bytes JMP 000007ff7ee11018
    .text C:\Program Files\Internet Explorer\iexplore.exe[6280] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefee06484 5 bytes JMP 000007ff7ee10018
    .text C:\Program Files\Internet Explorer\iexplore.exe[6280] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefee06518 5 bytes JMP 000007ff7ee12018
    .text C:\Program Files\Internet Explorer\iexplore.exe[6280] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefebfde90 5 bytes JMP 000007ff7ee15018
    .text C:\Program Files\Internet Explorer\iexplore.exe[6280] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007ff7ee14018
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6488] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 00000001000b100c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6488] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 00000001000b000c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6488] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 00000001000b200c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6488] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 00000001000b300c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6488] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 00000001000b400c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6488] C:\Windows\syswow64\advapi32.DLL!OpenServiceW 00000000750ec9ec 5 bytes JMP 00000001000b600c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6488] C:\Windows\syswow64\advapi32.DLL!CloseServiceHandle 00000000750f361c 5 bytes JMP 00000001000b800c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6488] C:\Windows\syswow64\advapi32.DLL!CreateServiceW 00000000751070c4 5 bytes JMP 00000001000b900c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6488] C:\Windows\syswow64\advapi32.DLL!ControlService 00000000751070dc 5 bytes JMP 00000001000b700c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6488] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 00000001000b500c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6488] C:\Windows\syswow64\user32.DLL!DdeConnect 0000000074ffeb7f 5 bytes JMP 00000001000ba00c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077121465 2 bytes [12, 77]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771214bb 2 bytes [12, 77]
    .text ... * 2
    .text C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 0000000100081018
    .text C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 0000000100080018
    .text C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 0000000100082018
    .text C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[4752] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0b8ef0 5 bytes JMP 000007ff7d0c0018
    .text C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[4752] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd0bc450 5 bytes JMP 000007ff7d0c1018
    .text C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[4752] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefebfde90 5 bytes JMP 000007ff7ee15018
    .text C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[4752] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007ff7ee14018
    .text C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[4752] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefee0642c 5 bytes JMP 000007ff7ee11018
    .text C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[4752] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefee06484 5 bytes JMP 000007ff7ee10018
    .text C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe[4752] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefee06518 5 bytes JMP 000007ff7ee12018
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6284] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 000000010013100c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6284] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 000000010013000c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6284] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 000000010013200c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6284] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 000000010013300c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6284] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 000000010013400c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6284] C:\Windows\syswow64\advapi32.DLL!OpenServiceW 00000000750ec9ec 5 bytes JMP 000000010013600c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6284] C:\Windows\syswow64\advapi32.DLL!CloseServiceHandle 00000000750f361c 5 bytes JMP 000000010013800c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6284] C:\Windows\syswow64\advapi32.DLL!CreateServiceW 00000000751070c4 5 bytes JMP 000000010013900c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6284] C:\Windows\syswow64\advapi32.DLL!ControlService 00000000751070dc 5 bytes JMP 000000010013700c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6284] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 000000010013500c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6284] C:\Windows\syswow64\user32.DLL!DdeConnect 0000000074ffeb7f 5 bytes JMP 000000010013a00c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077121465 2 bytes [12, 77]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771214bb 2 bytes [12, 77]
    .text ... * 2
    .text C:\Windows\System32\MsSpellCheckingFacility.exe[2076] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0b8ef0 5 bytes JMP 000007ff7d0c0018
    .text C:\Windows\System32\MsSpellCheckingFacility.exe[2076] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd0bc450 5 bytes JMP 000007ff7d0c1018
    .text C:\Windows\System32\MsSpellCheckingFacility.exe[2076] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefee0642c 5 bytes JMP 000007ff7ee11018
    .text C:\Windows\System32\MsSpellCheckingFacility.exe[2076] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefee06484 5 bytes JMP 000007ff7ee10018
    .text C:\Windows\System32\MsSpellCheckingFacility.exe[2076] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefee06518 5 bytes JMP 000007ff7ee12018
    .text C:\Windows\System32\MsSpellCheckingFacility.exe[2076] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefebfde90 5 bytes JMP 000007ff7ee15018
    .text C:\Windows\System32\MsSpellCheckingFacility.exe[2076] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 5 bytes JMP 000007ff7ee14018
    .text C:\Windows\system32\NOTEPAD.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076fc1780 5 bytes JMP 00000001002a1018
    .text C:\Windows\system32\NOTEPAD.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076fc1cd0 5 bytes JMP 00000001002a0018
    .text C:\Windows\system32\NOTEPAD.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076fc1d80 5 bytes JMP 00000001002a2018
    .text C:\Windows\system32\NOTEPAD.EXE[6672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0b8ef0 5 bytes JMP 000007ff7d0c0018
    .text C:\Windows\system32\NOTEPAD.EXE[6672] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefd0bc450 5 bytes JMP 000007ff7d0c1018
    .text C:\Windows\system32\NOTEPAD.EXE[6672] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefee0642c 5 bytes JMP 000007ff7ee11018
    .text C:\Windows\system32\NOTEPAD.EXE[6672] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefee06484 5 bytes JMP 000007ff7ee10018
    .text C:\Windows\system32\NOTEPAD.EXE[6672] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefee06518 5 bytes JMP 000007ff7ee12018
    .text C:\Users\x\Desktop\iszh3h6j.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007716ffec 5 bytes JMP 00000001003c100c
    .text C:\Users\x\Desktop\iszh3h6j.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077170814 5 bytes JMP 00000001003c000c
    .text C:\Users\x\Desktop\iszh3h6j.exe[2092] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007717091c 5 bytes JMP 00000001003c200c
    .text C:\Users\x\Desktop\iszh3h6j.exe[2092] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076784925 5 bytes JMP 00000001003c300c
    .text C:\Users\x\Desktop\iszh3h6j.exe[2092] C:\Windows\syswow64\kernel32.dll!TerminateThread 00000000767879f7 5 bytes JMP 00000001003c400c
    .text C:\Users\x\Desktop\iszh3h6j.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077121465 2 bytes [12, 77]
    .text C:\Users\x\Desktop\iszh3h6j.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771214bb 2 bytes [12, 77]
    .text ... * 2
    .text C:\Users\x\Desktop\iszh3h6j.exe[2092] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074fc7603 5 bytes JMP 00000001003c500c
    .text C:\Users\x\Desktop\iszh3h6j.exe[2092] C:\Windows\syswow64\USER32.dll!DdeConnect 0000000074ffeb7f 5 bytes JMP 00000001003ca00c
    .text C:\Users\x\Desktop\iszh3h6j.exe[2092] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 00000000750ec9ec 5 bytes JMP 00000001003c600c
    .text C:\Users\x\Desktop\iszh3h6j.exe[2092] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000750f361c 5 bytes JMP 00000001003c800c
    .text C:\Users\x\Desktop\iszh3h6j.exe[2092] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000751070c4 5 bytes JMP 00000001003c900c
    .text C:\Users\x\Desktop\iszh3h6j.exe[2092] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000751070dc 5 bytes JMP 00000001003c700c

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\system32\svchost.exe [528:5192] 000007feec21d3c8
    Thread C:\Windows\system32\svchost.exe [528:1824] 000007feec21d3c8
    Thread C:\Windows\system32\svchost.exe [528:5776] 000007feec21d3c8
    Thread C:\Windows\system32\svchost.exe [528:5640] 000007feec21d3c8
    Thread C:\Windows\System32\spoolsv.exe [1116:2468] 000007fef91b10c8
    Thread C:\Windows\System32\spoolsv.exe [1116:2472] 000007fef8196144
    Thread C:\Windows\System32\spoolsv.exe [1116:2476] 000007fefa0c5fd0
    Thread C:\Windows\System32\spoolsv.exe [1116:2480] 000007fef8173438
    Thread C:\Windows\System32\spoolsv.exe [1116:2484] 000007fefa0c63ec
    Thread C:\Windows\System32\spoolsv.exe [1116:2492] 000007fef8425e5c
    Thread C:\Windows\System32\spoolsv.exe [1116:2496] 000007fef84d5074
    Thread C:\Windows\System32\WUDFHost.exe [4084:3272] 000007fef56124a0

    ---- EOF - GMER 2.1 ----

    Comment


    • #3
      Hoi suffe en welkom op Nucia Security Forum,

      Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
      .
      • Log enkel in als beheerder met alle rechten.
      • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
      • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
      • Volg aandachtig de instructies die door mij worden gegeven.
      • Volg enkel het door mij gegeven advies op
      • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
      • Als je iets niet weet of verstaat, vraag het dan even aub.
      • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
      • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
      • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
      • De logs niet als bijlage, noch tussen codetags zetten aub.

      .
      Opmerking: Alle tools steeds uitvoeren als admin.
      De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

      Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....




      Stap 1:

      Controle op slechte toolbars...

      Download AdwCleaner by Xplode naar je Bureaublad.
      • Sluit alle openstaande vensters
      • Start AdwCleaner
      • Klik op Scan
      • Klik op Clean
      • KLIK HIER voor een vergroting! 

      Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
      Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
      Post deze inhoud hier op het Forum.

      Enkel de log na de "clean" optie heb ik nodig.

      Vergeet niet om je "smileys" uit te schakelen.

      Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
      Deze word standaard door AdwCleaner terug gezet naar Google.com
      ___________________________________________________________

      Stap 2:

      Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
      Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
      Beide logfiles sla je op je bureaublad.

      Post de inhoud van DDS.txt.

      De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

      ___________________________________________________________

      Stap 3:

      Download Security Check op je bureaublad via hier of hier

      Start Security Check
      Volg de Instructies in het scherm
      Aan het eind verschijnt een log ( checkup.txt )
      Plaats de inhoud ervan in je volgende antwoord.


      In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
      .
      • AdwCleaner
      • DDS
      • checkup.txt

      .
      Deze logs NIET als bijlage of tussen codetags posten aub.
      (Desnoods in meerdere postingen.)

      Emphyrio
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        Emphyrio

        alvast zeer bedankt voor je hulp,

        gedaan zoals jij gevraagd had,\zie hier onder de log files.

        Gr.



        # AdwCleaner v3.210 - Rapport aangemaakt 24/05/2014 op 02:00:17
        # Laatste Update 19/05/2014 door Xplode
        # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
        # Gebruikersnaam : x - X-HP
        # Gestart vanuit : C:\Users\x\Desktop\adwcleaner_3.210.exe
        # Optie : Verwijderen

        ***** [ Services ] *****


        ***** [ Bestanden / Mappen ] *****

        Map Verwijderd : C:\ProgramData\apn
        Map Verwijderd : C:\ProgramData\Ask
        Map Verwijderd : C:\ProgramData\Browser Manager
        Map Verwijderd : C:\ProgramData\wincert
        Map Verwijderd : C:\Program Files (x86)\Movies Toolbar
        Map Verwijderd : C:\Users\x\AppData\Local\PackageAware
        Map Verwijderd : C:\Users\x\AppData\Local\Systweak
        Map Verwijderd : C:\Users\x\AppData\Local\Temp\apn
        Map Verwijderd : C:\Users\x\AppData\LocalLow\BabylonToolbar
        Map Verwijderd : C:\Users\x\AppData\LocalLow\iac
        Map Verwijderd : C:\Users\x\AppData\Roaming\BrowserCompanion
        Map Verwijderd : C:\Users\x\AppData\Roaming\PerformerSoft
        Map Verwijderd : C:\Users\x\AppData\Roaming\Systweak
        Bestand Verwijderd : C:\Users\x\AppData\Roaming\BabMaint.exe
        Bestand Verwijderd : C:\Program Files (x86)\Mozilla Firefox\user.js
        Bestand Verwijderd : C:\Windows\System32\Tasks\Dealply
        Bestand Verwijderd : C:\Windows\System32\Tasks\DealPlyUpdate
        Bestand Verwijderd : C:\Windows\System32\Tasks\EPUpdater

        ***** [ Snelkoppelingen ] *****


        ***** [ Register ] *****

        Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
        Sleutel Verwijderd : HKCU\Software\Classes\iLivid.torrent
        Sleutel Verwijderd : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
        Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\*\shell\filescout
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iLivid.torrent
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
        Waarde Verwijderd : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
        Waarde Verwijderd : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
        Waarde Verwijderd : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
        Waarde Verwijderd : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
        Sleutel Verwijderd : HKCU\Software\534dbd1b739bf14
        Sleutel Verwijderd : HKLM\SOFTWARE\534dbd1b739bf14
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7CAEFAFC-9A1E-4BCC-94DD-BC7D8D52717A}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
        Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
        Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{53F6A516-3DCC-48F4-835C-6C670CB39CEA}
        Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
        Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
        Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
        Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
        Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
        Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
        Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
        Sleutel Verwijderd : HKCU\Software\Blabbers
        Sleutel Verwijderd : HKCU\Software\Blabbers
        Sleutel Verwijderd : HKCU\Software\BrowserMngr
        Sleutel Verwijderd : HKCU\Software\filescout
        Sleutel Verwijderd : HKCU\Software\ilivid
        Sleutel Verwijderd : HKCU\Software\installedbrowserextensions
        Sleutel Verwijderd : HKCU\Software\systweak
        Sleutel Verwijderd : HKLM\Software\Babylon
        Sleutel Verwijderd : HKLM\Software\BrowserCompanion
        Sleutel Verwijderd : HKLM\Software\BrowserMngr
        Sleutel Verwijderd : HKLM\Software\DataMngr
        Sleutel Verwijderd : HKLM\Software\systweak
        Sleutel Verwijderd : HKLM\Software\Vittalia
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
        Gegevens Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN32C~1.DLL
        Gegevens Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL
        Gegevens Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\x64\mgrldr.dll
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe

        ***** [ Browsers ] *****

        -\\ Internet Explorer v11.0.9600.17041


        -\\ Google Chrome v34.0.1847.137

        [ Bestand : C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\preferences ]

        Verwijderd [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000027&locale=nl_NL&apn_uid=CCDA4A5D-5F79-4037-B15B-05EB42968182&apn_ptnrs=U3&apn_sauid=BC3F0EFD-334B-4DD4-805E-14AA091F39FE&apn_dtid=OSJ000YYNL&q={searchTerms}
        Verwijderd [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=115300&tt=120912_ccp_3912_3&babsrc=SP_ss_gin2g&mntrId=825835ce000000000000e0c b4efbe602
        Verwijderd [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm072^YYA^nl&si=flvrunner&ptb=9A60DC1B-D970-446F-9E23-607EA681D835&ind=2013102414&n=77fd814e&psa=&st=sb&searchfor={searchTerms}
        Verwijderd [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=420&systemid=406&v=a11465-209&apn_uid=8243128234424762&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
        Verwijderd [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11412&l=dis&pf=V7&p2=%5EBBK%5EOSJ000%5EYY%5ENL&gct=&itbv=12.10.6.48&doi=2014-04-25&apn_uid=6A301B2F-4FFB-4498-AC73-15F99C574913&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5ENL&apn_dbr=cr_34.0.1847.116&psv=&trgb=CR&q={sea rchTerms}
        Verwijderd [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
        Verwijderd [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

        *************************

        AdwCleaner[R0].txt - [15392 octets] - [24/05/2014 01:59:01]
        AdwCleaner[S0].txt - [12400 octets] - [24/05/2014 02:00:17]

        ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12461 octets] ##########

        Comment


        • #5
          DDS (Ver_2012-11-20.01) - NTFS_AMD64
          Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
          Run by x at 2:03:45 on 2014-05-24
          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4003.2385 [GMT 2:00]
          .
          AV: PC Veilig 9.12 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
          SP: PC Veilig 9.12 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
          SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
          FW: PC Veilig 9.12 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
          .
          ============== Running Processes ===============
          .
          C:\Windows\system32\lsm.exe
          C:\Windows\system32\svchost.exe -k DcomLaunch
          C:\Windows\system32\svchost.exe -k RPCSS
          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
          C:\Windows\system32\svchost.exe -k LocalService
          C:\Windows\system32\svchost.exe -k netsvcs
          C:\Windows\system32\svchost.exe -k GPSvcGroup
          C:\Windows\system32\svchost.exe -k NetworkService
          C:\Windows\system32\taskeng.exe
          C:\Windows\System32\spoolsv.exe
          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
          C:\Windows\SysWOW64\ezSharedSvcHost.exe
          C:\Windows\system32\Dwm.exe
          C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe
          C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
          C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXE
          C:\Windows\system32\taskhost.exe
          C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
          C:\Program Files (x86)\PC Veilig\Anti-Virus\FSGK32.EXE
          C:\Program Files (x86)\PC Veilig\Common\FSHDLL32.EXE
          C:\Windows\Explorer.EXE
          C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
          C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
          C:\Program Files (x86)\PC Veilig\Common\FSHDLL64.EXE
          C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
          C:\Program Files (x86)\PDF Complete\pdfsvc.exe
          C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
          C:\Program Files (x86)\Skype\Updater\Updater.exe
          C:\Windows\system32\svchost.exe -k imgsvc
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
          C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
          C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
          C:\Windows\sysWOW64\wbem\wmiprvse.exe
          C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe
          C:\Program Files (x86)\PC Veilig\FWES\Program\fsdfwd.exe
          C:\Program Files (x86)\PC Veilig\Anti-Virus\fssm32.exe
          C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
          C:\Windows\System32\WUDFHost.exe
          C:\Windows\System32\igfxtray.exe
          C:\Windows\System32\igfxpers.exe
          C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
          C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
          C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
          C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE
          C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
          C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
          C:\Windows\splwow64.exe
          C:\Program Files (x86)\PC Veilig\Spam Control\fsscoepl_x64.exe
          C:\Windows\system32\PrintIsolationHost.exe
          C:\Program Files (x86)\PC Veilig\Anti-Virus\fsav32.exe
          C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe
          C:\Windows\system32\SearchIndexer.exe
          C:\Program Files\Windows Media Player\wmpnetwk.exe
          C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
          C:\Windows\system32\SearchProtocolHost.exe
          C:\Windows\system32\SearchFilterHost.exe
          C:\Windows\system32\wbem\wmiprvse.exe
          C:\Windows\system32\wbem\unsecapp.exe
          C:\Windows\system32\wbem\wmiprvse.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
          C:\Windows\System32\cscript.exe
          .
          ============== Pseudo HJT Report ===============
          .
          uStart Page = hxxp://www.startpagina.nl/
          BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
          BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
          BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
          BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
          BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
          TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
          TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
          EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
          mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
          mRun: [F-Secure Manager] "C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE" /splash
          mRun: [F-Secure TNB] "C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
          mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
          mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
          mRun: [KPN Assistent] C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe /auto
          mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
          mPolicies-Explorer: NoActiveDesktop = dword:1
          mPolicies-Explorer: EnableShellExecuteHooks = dword:1
          mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
          mPolicies-System: ConsentPromptBehaviorUser = dword:3
          mPolicies-System: EnableUIADesktopToggle = dword:0
          mPolicies-System: HideFastUserSwitching = dword:0
          IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
          IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
          IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
          IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
          .
          INFO: HKCU has more than 50 listed domains.
          If you wish to scan all of them, select the 'Force scan all domains' option.
          .
          .
          INFO: HKLM has more than 50 listed domains.
          If you wish to scan all of them, select the 'Force scan all domains' option.
          .
          DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          TCP: NameServer = 192.168.2.1
          TCP: Interfaces\{15D8CCAC-E309-43C1-AF77-C733EB0F02B9} : DHCPNameServer = 192.168.2.1
          Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
          Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
          Notify: SDWinLogon - SDWinLogon.dll
          SSODL: WebCheck - <orphaned>
          mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
          mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
          x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
          x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
          x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
          x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
          x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
          x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
          x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
          .
          INFO: x64-HKLM has more than 50 listed domains.
          If you wish to scan all of them, select the 'Force scan all domains' option.
          .
          x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
          x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
          x64-Notify: igfxcui - igfxdev.dll
          x64-SSODL: WebCheck - <orphaned>
          Hosts: 127.0.0.1 www.spywareinfo.com
          .
          ============= SERVICES / DRIVERS ===============
          .
          R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2012-6-24 56016]
          R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\PC Veilig\HIPS\drivers\fshs.sys [2012-6-24 59784]
          R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2012-6-24 94024]
          R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\PC Veilig\Anti-Virus\minifilter\fsvista.sys [2012-6-24 16768]
          R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
          R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe [2012-6-24 221608]
          R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
          R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-22 1809720]
          R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
          R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-3-27 1128952]
          R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-3-10 3921880]
          R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-3-10 1042272]
          R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-3-10 171416]
          R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
          R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\PC Veilig\Anti-Virus\minifilter\fsgk.sys [2012-6-24 202176]
          R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe [2012-6-24 60352]
          R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-27 169584]
          R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-10 25816]
          S1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2012-6-24 50384]
          S2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
          S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
          S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
          S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
          S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-22 860472]
          S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-27 2656536]
          S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-12-17 227904]
          S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
          S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-30 111616]
          S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-3-27 158976]
          S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-22 122584]
          S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-22 63704]
          S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-22 19456]
          S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-22 56832]
          S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-22 30208]
          S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-26 1255736]
          S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\PC Veilig\Anti-Virus\win2k\fsfilter.sys [2012-6-24 41640]
          S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\PC Veilig\Anti-Virus\win2k\fsrec.sys [2012-6-24 27048]
          S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
          .
          =============== Created Last 30 ================
          .
          2014-05-23 23:59:24 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
          2014-05-23 23:58:54 -------- d-----w- C:\AdwCleaner
          2014-05-22 20:39:20 -------- d-----w- C:\Windows\System32\drivers\en-US
          2014-05-22 19:59:34 3584 ----a-w- C:\Windows\System32\drivers\nl-NL\tsusbflt.sys.mui
          2014-05-22 19:59:34 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
          2014-05-22 19:59:33 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
          2014-05-22 19:59:33 243200 ----a-w- C:\Windows\System32\rdpudd.dll
          2014-05-22 19:59:33 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
          2014-05-22 19:59:33 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
          2014-05-22 19:59:33 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
          2014-05-22 19:59:32 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
          2014-05-22 19:58:20 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
          2014-05-22 19:58:19 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
          2014-05-22 19:58:13 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
          2014-05-22 19:58:13 366592 ----a-w- C:\Windows\System32\qdvd.dll
          2014-05-22 16:45:49 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A4492F20-2D82-4A59-9AAE-9CCBAE267BEA}\mpengine.dll
          2014-05-22 16:41:58 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
          2014-05-22 16:41:31 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
          2014-05-22 16:41:31 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
          2014-05-22 16:41:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
          2014-05-21 17:18:54 -------- d-----w- C:\Users\x\AppData\Local\{29944725-1E08-48E7-AC6C-B574A2A39C90}
          2014-05-20 14:51:47 -------- d-----w- C:\Users\x\AppData\Local\{AB187034-BE98-40D5-9CF2-42F82FAA4372}
          2014-05-19 09:16:33 -------- d-----w- C:\Users\x\AppData\Local\{89D09BFA-E9F9-4D62-B1DB-94DCDABFA31A}
          2014-05-18 09:40:36 -------- d-----w- C:\Users\x\AppData\Local\{E34858FC-7A3D-4E50-B60D-BA7EB650B219}
          2014-05-16 20:45:56 -------- d-----w- C:\Users\x\AppData\Local\{0180BE1A-8303-42FB-9DA9-0242F163F232}
          2014-05-16 05:29:11 -------- d-----w- C:\Users\x\AppData\Local\{DCD991C8-9F53-4043-AE88-265A483EEEAA}
          2014-05-15 21:58:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
          2014-05-15 21:58:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
          2014-05-14 19:50:20 477184 ----a-w- C:\Windows\System32\aepdu.dll
          2014-05-14 19:50:19 424448 ----a-w- C:\Windows\System32\aeinv.dll
          2014-05-14 19:45:03 -------- d-----w- C:\Users\x\AppData\Local\{9F88FC32-6B3A-4D8A-BCC4-C597213FF842}
          2014-05-13 21:08:56 -------- d-----w- C:\Users\x\AppData\Local\{D4DB6814-2A84-49CC-8A89-374B9E0B6B42}
          2014-05-12 17:37:41 -------- d-----w- C:\Users\x\AppData\Local\{B403FDE4-07B3-4DF4-AD70-B31A5562622D}
          2014-05-12 05:24:34 -------- d-----w- C:\Users\x\AppData\Local\{E7E7C451-AE69-45F5-B2B7-D5FCDCD13203}
          2014-05-11 09:51:45 -------- d-----w- C:\Users\x\AppData\Local\{02FA4EA5-2090-4F4A-B49B-D2067904B34A}
          2014-05-09 05:00:12 -------- d-----w- C:\Users\x\AppData\Local\{838F8210-F986-43FA-A321-3CF8DD8966E1}
          2014-05-08 14:19:28 -------- d-----w- C:\Users\x\AppData\Local\{15A91E69-7189-4C72-B57D-5D99D33E7D23}
          2014-05-07 19:37:40 -------- d-----w- C:\Users\x\AppData\Local\{20595264-D978-46D1-BFEE-C6B988D0F6E5}
          2014-05-06 22:19:25 -------- d-s---w- C:\Windows\System32\CompatTel
          2014-05-06 21:21:00 -------- d-----w- C:\Users\x\AppData\Local\{4AC88B50-640D-4023-B510-C86447A7567C}
          2014-05-05 09:00:38 -------- d-----w- C:\Users\x\AppData\Local\{1DB8B59A-E6A7-47AE-9AC8-575701D1D898}
          2014-05-04 17:48:13 -------- d-----w- C:\Users\x\AppData\Local\{70DE8A74-06FE-4E27-9232-F7A6584BFBBC}
          2014-05-04 16:24:06 -------- d-----w- C:\Users\x\AppData\Local\{94F55C32-F701-4EB7-B427-02199E8B0D78}
          2014-05-02 13:27:26 -------- d-----w- C:\Users\x\AppData\Local\{C4D84219-8126-4762-BEA9-587FD441A3DD}
          2014-04-30 21:42:49 -------- d-----w- C:\Users\x\AppData\Local\{0ECE69FD-F8A6-40AD-9EB4-ACD741B737CA}
          2014-04-30 15:33:29 -------- d-sh--w- C:\Users\x\AppData\Local\EmieUserList
          2014-04-30 15:33:29 -------- d-sh--w- C:\Users\x\AppData\Local\EmieSiteList
          2014-04-29 17:49:14 -------- d-----w- C:\Users\x\AppData\Local\{2BD2812F-5186-41BD-9C77-292BF606ADC6}
          2014-04-28 22:06:00 -------- d-----w- C:\Users\x\AppData\Local\{A8F99A07-0162-4844-B4CB-10D41B3A6C43}
          2014-04-28 07:50:01 -------- d-----w- C:\Users\x\AppData\Local\{8A3E1AB3-9BEF-4C24-84A5-A5F87EB7B686}
          2014-04-27 19:04:48 -------- d-----w- C:\Users\x\AppData\Local\{3F80B384-887E-4AAC-8A97-F7B42E03CDBD}
          2014-04-26 17:09:53 -------- d-----w- C:\Users\x\AppData\Local\{EA8716FB-31D3-4312-83B5-BA8C35038490}
          2014-04-25 06:57:56 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
          2014-04-24 15:20:12 -------- d-----w- C:\Users\x\AppData\Local\{FDACFDBE-9B1E-4E78-B2BD-16FCF2779075}
          .
          ==================== Find3M ====================
          .
          2014-05-14 20:31:31 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
          2014-05-14 20:31:31 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
          2014-05-12 05:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
          2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
          2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
          2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
          2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
          2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
          2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
          2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
          2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
          2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
          2014-03-31 20:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
          2014-03-31 20:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
          2014-03-31 07:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
          2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
          2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
          2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
          2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
          2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
          2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
          2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
          2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
          2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
          2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
          2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
          2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
          2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
          2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
          2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
          2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
          2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
          2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
          2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
          2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
          2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
          2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
          2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
          2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
          2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
          2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
          2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
          2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
          2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
          2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
          2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
          2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
          2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
          2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
          2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
          2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
          2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
          2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
          2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
          2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
          2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
          2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
          2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
          2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
          2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
          2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
          2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
          2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
          .
          ============= FINISH: 2:04:57,31 ===============

          Comment


          • #6
            Results of screen317's Security Check version 0.99.83
            Windows 7 Service Pack 1 x64 (UAC is enabled)
            Internet Explorer 11
            ``````````````Antivirus/Firewall Check:``````````````
            PC Veilig 9.12
            Antivirus up to date!
            `````````Anti-malware/Other Utilities Check:`````````
            MVPS Hosts File
            Spybot - Search & Destroy
            JavaFX 2.1.1
            Java 7 Update 55
            Adobe Reader XI
            Google Chrome 34.0.1847.131
            Google Chrome 34.0.1847.137
            ````````Process Check: objlist.exe by Laurent````````
            Spybot Teatimer.exe is disabled!
            PC Veilig Anti-Virus fsgk32st.exe
            PC Veilig Anti-Virus FSGK32.EXE
            PC Veilig Anti-Virus fssm32.exe
            PC Veilig Anti-Virus fsav32.exe
            Malwarebytes Anti-Malware mbamscheduler.exe
            Symantec Norton Online Backup NOBuAgent.exe
            `````````````````System Health check`````````````````
            Total Fragmentation on Drive C: 0%
            ````````````````````End of Log``````````````````````

            Comment


            • #7
              Download of Update Ccleaner

              Start CCleaner op.
              • Run Ccleaner en klik in de linkse kolom op Opties
              • Selecteer het tabblad Geavanceerd
              • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
              • Selecteer het tabblad Instellingen
              • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
              • Klik in de linkse kolom op Cleaner.
              • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
              • Klik vervolgens in de linkse kolom op Register
              • Klik op Scan naar problemen.
              • Op de vraag of je een backup wil maken van het register, klik je "Ja".
              • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK



              Download Combofix naar je bureaublad.
              (Dus niet naar een download map of temp map)

              Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
              Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

              Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

              Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
              Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

              Als Combofix vraagt om een update, dan staat je dit toe.

              Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
              Deze kan je vinden als C:\combofix.txt.

              Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

              * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
              • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
              • Illegal operation attempted on a registry key that has been marked for deletion.
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                ComboFix 14-05-19.01 - x 24-05-2014 18:44:50.1.4 - x64
                Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4003.2423 [GMT 2:00]
                Gestart vanuit: c:\users\x\Desktop\ComboFix.exe
                AV: PC Veilig 9.12 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
                FW: PC Veilig 9.12 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
                SP: PC Veilig 9.12 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
                SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
                SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                .
                .
                (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                c:\windows\wininit.ini
                .
                .
                (((((((((((((((((((( Bestanden Gemaakt van 2014-04-24 to 2014-05-24 ))))))))))))))))))))))))))))))
                .
                .
                2014-05-24 16:48 . 2014-05-24 16:48 -------- d-----w- c:\users\Default\AppData\Local\temp
                2014-05-24 16:44 . 2014-05-24 16:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{562AFE5C-A53A-4719-9535-84FC6F878D54}\offreg.dll
                2014-05-24 00:08 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
                2014-05-24 00:08 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
                2014-05-24 00:05 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{562AFE5C-A53A-4719-9535-84FC6F878D54}\mpengine.dll
                2014-05-23 23:59 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
                2014-05-23 23:58 . 2014-05-24 00:00 -------- d-----w- C:\AdwCleaner
                2014-05-22 20:39 . 2014-05-22 20:39 -------- d-----w- c:\windows\system32\drivers\en-US
                2014-05-22 19:59 . 2012-08-23 15:28 3584 ----a-w- c:\windows\system32\drivers\nl-NL\tsusbflt.sys.mui
                2014-05-22 19:59 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
                2014-05-22 19:59 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
                2014-05-22 19:59 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
                2014-05-22 19:59 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
                2014-05-22 19:59 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
                2014-05-22 19:59 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
                2014-05-22 19:59 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
                2014-05-22 19:58 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
                2014-05-22 19:58 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
                2014-05-22 19:58 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
                2014-05-22 19:58 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
                2014-05-22 16:41 . 2014-05-24 16:18 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
                2014-05-22 16:41 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
                2014-05-22 16:41 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
                2014-05-22 16:41 . 2014-05-22 16:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
                2014-05-15 21:58 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
                2014-05-15 21:58 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
                2014-05-15 21:58 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
                2014-05-15 21:58 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
                2014-05-14 19:50 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
                2014-05-14 19:50 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
                2014-05-14 19:50 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
                2014-05-06 22:19 . 2014-05-15 22:13 -------- d-s---w- c:\windows\system32\CompatTel
                2014-04-30 15:33 . 2014-04-30 15:33 -------- d-sh--w- c:\users\x\AppData\Local\EmieUserList
                2014-04-30 15:33 . 2014-04-30 15:33 -------- d-sh--w- c:\users\x\AppData\Local\EmieSiteList
                2014-04-25 06:57 . 2014-04-14 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
                .
                .
                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2014-05-15 21:55 . 2012-07-18 19:38 93223848 ----a-w- c:\windows\system32\MRT.exe
                2014-05-14 20:31 . 2012-10-24 19:13 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                2014-05-14 20:31 . 2012-03-27 20:51 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                2014-05-12 05:25 . 2014-03-10 18:51 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
                2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
                2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
                2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
                2014-03-04 09:44 . 2014-04-09 18:24 362496 ----a-w- c:\windows\system32\wow64win.dll
                2014-03-04 09:44 . 2014-04-09 18:24 243712 ----a-w- c:\windows\system32\wow64.dll
                2014-03-04 09:44 . 2014-04-09 18:24 13312 ----a-w- c:\windows\system32\wow64cpu.dll
                2014-03-04 09:44 . 2014-04-09 18:24 16384 ----a-w- c:\windows\system32\ntvdm64.dll
                2014-03-04 09:44 . 2014-04-09 18:24 1163264 ----a-w- c:\windows\system32\kernel32.dll
                2014-03-04 09:17 . 2014-04-09 18:24 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
                2014-03-04 09:17 . 2014-04-09 18:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
                2014-03-04 09:16 . 2014-04-09 18:24 25600 ----a-w- c:\windows\SysWow64\setup16.exe
                2014-03-04 09:16 . 2014-04-09 18:24 5120 ----a-w- c:\windows\SysWow64\wow32.dll
                2014-03-04 08:09 . 2014-04-09 18:24 7680 ----a-w- c:\windows\SysWow64\instnm.exe
                2014-03-04 08:09 . 2014-04-09 18:24 2048 ----a-w- c:\windows\SysWow64\user.exe
                .
                .
                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                REGEDIT4
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
                "F-Secure Manager"="c:\program files (x86)\PC Veilig\Common\FSM32.EXE" [2009-11-18 201128]
                "F-Secure TNB"="c:\program files (x86)\PC Veilig\FSGUI\TNBUtil.exe" [2012-06-24 1655464]
                "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
                "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
                "KPN Assistent"="c:\program files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe" [2013-06-12 38142582]
                "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
                .
                [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                "ConsentPromptBehaviorAdmin"= 5 (0x5)
                "ConsentPromptBehaviorUser"= 3 (0x3)
                "EnableUIADesktopToggle"= 0 (0x0)
                "HideFastUserSwitching"= 0 (0x0)
                .
                [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
                "EnableShellExecuteHooks"= 1 (0x1)
                .
                [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                "LoadAppInit_DLLs"=1 (0x1)
                .
                [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
                BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
                .
                R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys;c:\windows\SYSNATIVE\drivers\fses.sys [x]
                R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
                R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
                R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
                R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
                R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\PC Veilig\ORSP Client\fsorsp.exe;c:\program files (x86)\PC Veilig\ORSP Client\fsorsp.exe [x]
                R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
                R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
                R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
                R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drive rs\MBAMSwissArmy.sys [x]
                R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\ drivers\mwac.sys [x]
                R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
                R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\PC Veilig\Anti-Virus\Win2K\FSfilter.sys;c:\program files (x86)\PC Veilig\Anti-Virus\Win2K\FSfilter.sys [x]
                R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\PC Veilig\Anti-Virus\Win2K\FSrec.sys;c:\program files (x86)\PC Veilig\Anti-Virus\Win2K\FSrec.sys [x]
                R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
                S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x]
                S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\PC Veilig\HIPS\drivers\fshs.sys;c:\program files (x86)\PC Veilig\HIPS\drivers\fshs.sys [x]
                S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys;c:\windows\SYSNATIVE\drivers\fsdfw.sys [x]
                S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\PC Veilig\Anti-Virus\minifilter\fsvista.sys;c:\program files (x86)\PC Veilig\Anti-Virus\minifilter\fsvista.sys [x]
                S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
                S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
                S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
                S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
                S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
                S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
                S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
                S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
                S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\PC Veilig\Anti-Virus\minifilter\fsgk.sys;c:\program files (x86)\PC Veilig\Anti-Virus\minifilter\fsgk.sys [x]
                S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
                S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
                .
                .
                [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                2014-05-24 16:38 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
                .
                Inhoud van de 'Gedeelde Taken' map
                .
                2014-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
                - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-06 20:31]
                .
                2014-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03 10:51]
                .
                2014-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03 10:51]
                .
                2014-05-22 c:\windows\Tasks\HPCeeScheduleForx.job
                - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
                .
                .
                --------- X64 Entries -----------
                .
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-07 168216]
                "Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-07 416024]
                "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
                "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
                "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-05-13 21720]
                .
                ------- Bijkomende Scan -------
                .
                uStart Page = hxxp://www.startpagina.nl/
                uLocal Page = c:\windows\system32\blank.htm
                mLocal Page = c:\windows\SysWOW64\blank.htm
                IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
                TCP: DhcpNameServer = 192.168.2.1
                .
                - - - - ORPHANS VERWIJDERD - - - -
                .
                Toolbar-10 - (no file)
                Notify-SDWinLogon - SDWinLogon.dll
                HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
                HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
                Toolbar-10 - (no file)
                AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
                .
                .
                .
                [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
                "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
                .
                --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                @Denied: (A 2) (Everyone)
                @="FlashBroker"
                "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                "Enabled"=dword:00000001
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                @Denied: (A 2) (Everyone)
                @="IFlashBroker5"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                @="{00020424-0000-0000-C000-000000000046}"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                "Version"="1.0"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                @Denied: (A 2) (Everyone)
                @="FlashBroker"
                "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                "Enabled"=dword:00000001
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                @Denied: (A 2) (Everyone)
                @="Shockwave Flash Object"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
                "ThreadingModel"="Apartment"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                @="0"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                @="ShockwaveFlash.ShockwaveFlash.13"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                @="1.0"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                @="ShockwaveFlash.ShockwaveFlash"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                @Denied: (A 2) (Everyone)
                @="Macromedia Flash Factory Object"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
                "ThreadingModel"="Apartment"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                @="FlashFactory.FlashFactory.1"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                @="1.0"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                @="FlashFactory.FlashFactory"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                @Denied: (A 2) (Everyone)
                @="IFlashBroker5"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                @="{00020424-0000-0000-C000-000000000046}"
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                "Version"="1.0"
                .
                [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
                @Denied: (Full) (Everyone)
                .
                Voltooingstijd: 2014-05-24 18:51:00
                ComboFix-quarantined-files.txt 2014-05-24 16:51
                .
                Pre-Run: 888.540.176.384 bytes beschikbaar
                Post-Run: 887.994.085.376 bytes beschikbaar
                .
                - - End Of File - - DA891D4A9BE54EB7D29AC67594B5CF1E

                Comment


                • #9
                  DDS (Ver_2012-11-20.01) - NTFS_AMD64
                  Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.55.2
                  Run by x at 18:55:06 on 2014-05-24
                  Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4003.2301 [GMT 2:00]
                  .
                  AV: PC Veilig 9.12 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
                  SP: PC Veilig 9.12 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
                  SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                  SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
                  FW: PC Veilig 9.12 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
                  .
                  ============== Running Processes ===============
                  .
                  C:\Windows\system32\lsm.exe
                  C:\Windows\system32\svchost.exe -k DcomLaunch
                  C:\Windows\system32\svchost.exe -k RPCSS
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                  C:\Windows\system32\svchost.exe -k LocalService
                  C:\Windows\system32\svchost.exe -k netsvcs
                  C:\Windows\system32\svchost.exe -k GPSvcGroup
                  C:\Windows\system32\svchost.exe -k NetworkService
                  C:\Windows\System32\spoolsv.exe
                  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                  C:\Windows\SysWOW64\ezSharedSvcHost.exe
                  C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe
                  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                  C:\Program Files (x86)\PC Veilig\Anti-Virus\FSGK32.EXE
                  C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXE
                  C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
                  C:\Program Files (x86)\PC Veilig\Common\FSHDLL32.EXE
                  C:\Program Files (x86)\PC Veilig\Common\FSHDLL64.EXE
                  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
                  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
                  C:\Windows\system32\taskeng.exe
                  C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
                  C:\Program Files (x86)\PDF Complete\pdfsvc.exe
                  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
                  C:\Windows\system32\taskhost.exe
                  C:\Windows\system32\Dwm.exe
                  C:\Windows\Explorer.EXE
                  C:\Windows\system32\svchost.exe -k imgsvc
                  C:\Windows\System32\svchost.exe -k secsvcs
                  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
                  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
                  C:\Program Files (x86)\PC Veilig\FWES\Program\fsdfwd.exe
                  C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe
                  C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                  C:\Program Files (x86)\PC Veilig\Anti-Virus\fssm32.exe
                  C:\Windows\System32\WUDFHost.exe
                  C:\Program Files (x86)\PC Veilig\Anti-Virus\fsav32.exe
                  C:\Windows\System32\igfxtray.exe
                  C:\Windows\System32\igfxpers.exe
                  C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
                  C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
                  C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
                  C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE
                  C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
                  C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
                  C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe
                  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                  C:\Program Files (x86)\PC Veilig\Spam Control\fsscoepl_x64.exe
                  C:\Windows\splwow64.exe
                  C:\Windows\system32\SearchIndexer.exe
                  C:\Windows\system32\wbem\wmiprvse.exe
                  C:\Windows\system32\wbem\unsecapp.exe
                  C:\Program Files\Windows Media Player\wmpnetwk.exe
                  C:\Windows\system32\wbem\wmiprvse.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                  C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
                  C:\Windows\system32\SearchProtocolHost.exe
                  C:\Windows\system32\SearchFilterHost.exe
                  C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
                  C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
                  C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
                  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                  C:\Windows\system32\sppsvc.exe
                  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                  C:\Windows\System32\cscript.exe
                  .
                  ============== Pseudo HJT Report ===============
                  .
                  uStart Page = hxxp://www.startpagina.nl/
                  BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
                  BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                  BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
                  BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                  BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
                  TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
                  TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
                  EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
                  mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
                  mRun: [F-Secure Manager] "C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE" /splash
                  mRun: [F-Secure TNB] "C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
                  mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
                  mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
                  mRun: [KPN Assistent] C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe /auto
                  mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                  uPolicies-Explorer: NoDrives = dword:0
                  mPolicies-Explorer: EnableShellExecuteHooks = dword:1
                  mPolicies-Explorer: NoDrives = dword:0
                  mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                  mPolicies-System: ConsentPromptBehaviorUser = dword:3
                  mPolicies-System: EnableUIADesktopToggle = dword:0
                  mPolicies-System: HideFastUserSwitching = dword:0
                  IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
                  IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                  IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
                  IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                  .
                  INFO: HKCU has more than 50 listed domains.
                  If you wish to scan all of them, select the 'Force scan all domains' option.
                  .
                  .
                  INFO: HKLM has more than 50 listed domains.
                  If you wish to scan all of them, select the 'Force scan all domains' option.
                  .
                  DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                  TCP: NameServer = 192.168.2.1
                  TCP: Interfaces\{15D8CCAC-E309-43C1-AF77-C733EB0F02B9} : DHCPNameServer = 192.168.2.1
                  Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                  Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                  Notify: SDWinLogon - SDWinLogon.dll
                  SSODL: WebCheck - <orphaned>
                  mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                  x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
                  x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
                  x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
                  x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
                  x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
                  x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
                  x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
                  .
                  INFO: x64-HKLM has more than 50 listed domains.
                  If you wish to scan all of them, select the 'Force scan all domains' option.
                  .
                  x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                  x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                  x64-Notify: igfxcui - igfxdev.dll
                  x64-SSODL: WebCheck - <orphaned>
                  .
                  ============= SERVICES / DRIVERS ===============
                  .
                  R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2012-6-24 56016]
                  R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\PC Veilig\HIPS\drivers\fshs.sys [2012-6-24 59784]
                  R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2012-6-24 94024]
                  R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\PC Veilig\Anti-Virus\minifilter\fsvista.sys [2012-6-24 16768]
                  R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
                  R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
                  R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe [2012-6-24 221608]
                  R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
                  R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
                  R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-22 1809720]
                  R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
                  R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-3-27 1128952]
                  R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-3-10 3921880]
                  R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-3-10 1042272]
                  R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-3-10 171416]
                  R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-27 2656536]
                  R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\PC Veilig\Anti-Virus\minifilter\fsgk.sys [2012-6-24 202176]
                  R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe [2012-6-24 60352]
                  R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-27 169584]
                  R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-10 25816]
                  S1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2012-6-24 50384]
                  S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                  S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                  S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-22 860472]
                  S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
                  S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-12-17 227904]
                  S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
                  S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-30 111616]
                  S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-3-27 158976]
                  S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-22 122584]
                  S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-22 63704]
                  S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-22 19456]
                  S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-22 56832]
                  S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-22 30208]
                  S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-26 1255736]
                  S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\PC Veilig\Anti-Virus\win2k\fsfilter.sys [2012-6-24 41640]
                  S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\PC Veilig\Anti-Virus\win2k\fsrec.sys [2012-6-24 27048]
                  S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
                  .
                  =============== Created Last 30 ================
                  .
                  2014-05-24 16:51:04 -------- d-sh--w- C:\$RECYCLE.BIN
                  2014-05-24 16:44:00 98816 ----a-w- C:\Windows\sed.exe
                  2014-05-24 16:44:00 256000 ----a-w- C:\Windows\PEV.exe
                  2014-05-24 16:44:00 208896 ----a-w- C:\Windows\MBR.exe
                  2014-05-24 00:08:08 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
                  2014-05-24 00:08:07 6574592 ----a-w- C:\Windows\System32\mstscax.dll
                  2014-05-24 00:05:22 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{562AFE5C-A53A-4719-9535-84FC6F878D54}\mpengine.dll
                  2014-05-23 23:59:24 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
                  2014-05-23 23:58:54 -------- d-----w- C:\AdwCleaner
                  2014-05-22 20:39:20 -------- d-----w- C:\Windows\System32\drivers\en-US
                  2014-05-22 19:59:34 3584 ----a-w- C:\Windows\System32\drivers\nl-NL\tsusbflt.sys.mui
                  2014-05-22 19:59:34 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
                  2014-05-22 19:59:33 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
                  2014-05-22 19:59:33 243200 ----a-w- C:\Windows\System32\rdpudd.dll
                  2014-05-22 19:59:33 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
                  2014-05-22 19:59:33 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
                  2014-05-22 19:59:33 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
                  2014-05-22 19:59:32 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
                  2014-05-22 19:58:20 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
                  2014-05-22 19:58:19 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
                  2014-05-22 19:58:13 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
                  2014-05-22 19:58:13 366592 ----a-w- C:\Windows\System32\qdvd.dll
                  2014-05-22 16:41:58 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
                  2014-05-22 16:41:31 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
                  2014-05-22 16:41:31 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
                  2014-05-22 16:41:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
                  2014-05-21 17:18:54 -------- d-----w- C:\Users\x\AppData\Local\{29944725-1E08-48E7-AC6C-B574A2A39C90}
                  2014-05-20 14:51:47 -------- d-----w- C:\Users\x\AppData\Local\{AB187034-BE98-40D5-9CF2-42F82FAA4372}
                  2014-05-19 09:16:33 -------- d-----w- C:\Users\x\AppData\Local\{89D09BFA-E9F9-4D62-B1DB-94DCDABFA31A}
                  2014-05-18 09:40:36 -------- d-----w- C:\Users\x\AppData\Local\{E34858FC-7A3D-4E50-B60D-BA7EB650B219}
                  2014-05-16 20:45:56 -------- d-----w- C:\Users\x\AppData\Local\{0180BE1A-8303-42FB-9DA9-0242F163F232}
                  2014-05-16 05:29:11 -------- d-----w- C:\Users\x\AppData\Local\{DCD991C8-9F53-4043-AE88-265A483EEEAA}
                  2014-05-15 21:58:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                  2014-05-15 21:58:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                  2014-05-14 19:50:20 477184 ----a-w- C:\Windows\System32\aepdu.dll
                  2014-05-14 19:50:19 424448 ----a-w- C:\Windows\System32\aeinv.dll
                  2014-05-14 19:45:03 -------- d-----w- C:\Users\x\AppData\Local\{9F88FC32-6B3A-4D8A-BCC4-C597213FF842}
                  2014-05-13 21:08:56 -------- d-----w- C:\Users\x\AppData\Local\{D4DB6814-2A84-49CC-8A89-374B9E0B6B42}
                  2014-05-12 17:37:41 -------- d-----w- C:\Users\x\AppData\Local\{B403FDE4-07B3-4DF4-AD70-B31A5562622D}
                  2014-05-12 05:24:34 -------- d-----w- C:\Users\x\AppData\Local\{E7E7C451-AE69-45F5-B2B7-D5FCDCD13203}
                  2014-05-11 09:51:45 -------- d-----w- C:\Users\x\AppData\Local\{02FA4EA5-2090-4F4A-B49B-D2067904B34A}
                  2014-05-09 05:00:12 -------- d-----w- C:\Users\x\AppData\Local\{838F8210-F986-43FA-A321-3CF8DD8966E1}
                  2014-05-08 14:19:28 -------- d-----w- C:\Users\x\AppData\Local\{15A91E69-7189-4C72-B57D-5D99D33E7D23}
                  2014-05-07 19:37:40 -------- d-----w- C:\Users\x\AppData\Local\{20595264-D978-46D1-BFEE-C6B988D0F6E5}
                  2014-05-06 22:19:25 -------- d-s---w- C:\Windows\System32\CompatTel
                  2014-05-06 21:21:00 -------- d-----w- C:\Users\x\AppData\Local\{4AC88B50-640D-4023-B510-C86447A7567C}
                  2014-05-05 09:00:38 -------- d-----w- C:\Users\x\AppData\Local\{1DB8B59A-E6A7-47AE-9AC8-575701D1D898}
                  2014-05-04 17:48:13 -------- d-----w- C:\Users\x\AppData\Local\{70DE8A74-06FE-4E27-9232-F7A6584BFBBC}
                  2014-05-04 16:24:06 -------- d-----w- C:\Users\x\AppData\Local\{94F55C32-F701-4EB7-B427-02199E8B0D78}
                  2014-05-02 13:27:26 -------- d-----w- C:\Users\x\AppData\Local\{C4D84219-8126-4762-BEA9-587FD441A3DD}
                  2014-04-30 21:42:49 -------- d-----w- C:\Users\x\AppData\Local\{0ECE69FD-F8A6-40AD-9EB4-ACD741B737CA}
                  2014-04-30 15:33:29 -------- d-sh--w- C:\Users\x\AppData\Local\EmieUserList
                  2014-04-30 15:33:29 -------- d-sh--w- C:\Users\x\AppData\Local\EmieSiteList
                  2014-04-29 17:49:14 -------- d-----w- C:\Users\x\AppData\Local\{2BD2812F-5186-41BD-9C77-292BF606ADC6}
                  2014-04-28 22:06:00 -------- d-----w- C:\Users\x\AppData\Local\{A8F99A07-0162-4844-B4CB-10D41B3A6C43}
                  2014-04-28 07:50:01 -------- d-----w- C:\Users\x\AppData\Local\{8A3E1AB3-9BEF-4C24-84A5-A5F87EB7B686}
                  2014-04-27 19:04:48 -------- d-----w- C:\Users\x\AppData\Local\{3F80B384-887E-4AAC-8A97-F7B42E03CDBD}
                  2014-04-26 17:09:53 -------- d-----w- C:\Users\x\AppData\Local\{EA8716FB-31D3-4312-83B5-BA8C35038490}
                  2014-04-25 06:57:56 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                  .
                  ==================== Find3M ====================
                  .
                  2014-05-14 20:31:31 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                  2014-05-14 20:31:31 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                  2014-05-12 05:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
                  2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
                  2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
                  2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
                  2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
                  2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
                  2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
                  2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
                  2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
                  2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
                  2014-03-31 20:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
                  2014-03-31 20:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
                  2014-03-31 07:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
                  2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                  2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
                  2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
                  2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                  2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                  2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                  2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
                  2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
                  2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
                  2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                  2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
                  2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                  2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
                  2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
                  2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                  2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                  2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
                  2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
                  2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                  2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
                  2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
                  2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
                  2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
                  2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
                  2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
                  2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
                  2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
                  2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
                  2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
                  2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
                  2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
                  2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
                  2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
                  2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
                  2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
                  2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
                  2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
                  2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
                  2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
                  2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
                  2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
                  2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
                  2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
                  2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
                  2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
                  2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
                  2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
                  2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
                  .
                  ============= FINISH: 18:56:40,92 ===============

                  Comment


                  • #10
                    Zijn er nog problemen?
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Het enige wat ik nog wel eens heb is dat ik soms een "blue screen of death" krijg,
                      Misschien kun jij zien waar dat aan ligt?

                      Voor de rest momenteel geen last meer van malware.

                      Alvast bedankt

                      Comment


                      • #12
                        We gaan eerst Combofix verwijderen...

                        Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                        ComboFix /Uninstall

                        Zorg ervoor dat er dus een spatie is tussen Combofix en /
                        Daarna klik je op Enter.


                        Klik op de afbeelding om te vergroten....


                        Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw,
                        verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen
                        en reset je Systeemherstel opnieuw.




                        Download of Update Ccleaner

                        Start CCleaner op.
                        • Run Ccleaner en klik in de linkse kolom op Opties
                        • Selecteer het tabblad Geavanceerd
                        • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                        • Selecteer het tabblad Instellingen
                        • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                        • Klik in de linkse kolom op Cleaner.
                        • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                        • Klik vervolgens in de linkse kolom op Register
                        • Klik op Scan naar problemen.
                        • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                        • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                        .
                        Mocht je nog problemen hebben (ivm BSOD) dan stel ik voor dat je een topic opent in de Windows sectie.

                        Emphyrio
                        Last edited by Emphyrio; 26-05-14, 01:30.
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Oke super!

                          Bedankt voor je hulp!!!!!!


                          Als ik nog last krijg van bsod dan volg ik je advies. Badankt.

                          Bij deze is mijn probleem verholpen en mag dit topic als opgelost beschouwd worden!

                          Comment


                          • #14
                            1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                            2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                            Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                            3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                            4) Allerlei tips en hints kan je hier raadplegen.


                            Ik zet het topic op opgelost.

                            Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
                            naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                            Dit is gedaan om het forum netjes en overzichtelijk te houden.

                            Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                            Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                            Emphyrio
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X