Mededeling

Collapse
No announcement yet.

Virussen gescand, kan nu alleen nog opstarten in veilige modus

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virussen gescand, kan nu alleen nog opstarten in veilige modus

    Hallo,

    Ik heb mijn laptop aan de hand van jullie instructie gescand op spyware en virussen, maar nu kan ik hem alleen nog opstarten in de veilige modus. Als ik 'gewoon' opstart en ik geef mijn wachtwoord springt het scherm op zwart en is er alleen nog een cursor.

    Kunnen jullie mij helpen?
    Alvast bedankt!


    Het logbestand van Malwarebytes luidt:

    Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2014.05.29.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17107
    Tineke :: TINEKESLAPTOP [administrator]

    Bescherming: Ingeschakeld

    29-5-2014 11:40:07
    mbam-log-2014-05-29 (11-40-07).txt

    Scan type: Volledige scan (C:\|D:\|)
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 398053
    Verstreken tijd: 2 uur/uren, 1 minuut/minuten, 55 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 24
    HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} (PUP.Optional.Bandoo.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\BrowserConnection.Loader.1 (PUP.Optional.Bandoo.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\BrowserConnection.Loader (PUP.Optional.Bandoo.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} (PUP.Optional.Datamngr.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} (PUP.Optional.Datamngr.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} (PUP.Optional.Datamngr.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} (PUP.Optional.Datamngr.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\SearchQUIEHelper.DNSGuard (PUP.Optional.SearchQu) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\SearchQUIEHelper.DNSGuard.1 (PUP.Optional.SearchQu) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\Software\Softonic\Universal Downloader (PUP.Optional.Softonic.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} (PUP.Optional.SearchResults.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} (PUP.Optional.SearchResults.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7ABE12CA-E995-4AB4-9A4E-EF8820A20182} (PUP.Optional.SearchResults.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7ABE12CA-E995-4AB4-9A4E-EF8820A20182} (PUP.Optional.SearchResults.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ABE12CA-E995-4AB4-9A4E-EF8820A20182} (PUP.Optional.SearchResults.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 1
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7ABE12CA-E995-4AB4-9A4E-EF8820A20182} (PUP.Optional.SearchResults.A) -> Data: Search-Results Toolbar -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 6
    C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Tineke\AppData\Roaming\SpeedAnalysis3 (PUP.Optional.SpeedAnalysis3.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Tineke\AppData\Roaming\7go (PUP.Optional.7Go.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Tineke\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\BitGuard\2.6.1673.238 (PUP.Optional.BitGuard.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BitGuard.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 12
    C:\Program Files (x86)\SR Toolbar\Datamngr\BrowserConnection.dll (PUP.Optional.Bandoo.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\SR Toolbar\Datamngr\IEBHO.dll (PUP.Optional.Datamngr.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Tineke\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Tineke\AppData\Roaming\speedanalysis.ico (PUP.Optional.SpeedAnalysis2.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Tineke\AppData\Roaming\SpeedAnalysis3\speedanalysis.crx (PUP.Optional.SpeedAnalysis3.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Tineke\AppData\Roaming\7go\7go.crx (PUP.Optional.7Go.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Tineke\AppData\Roaming\7go\icon.ico (PUP.Optional.7Go.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Tineke\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings (PUP.Optional.BitGuard.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BitGuard.A) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files (x86)\SR Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (PUP.Optional.SearchResults.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)


    het DDS.txt bestand:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2
    Run by Tineke at 14:07:10 on 2014-05-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3948.3036 [GMT 2:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Panda Internet Security 2013 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
    SP: Panda Internet Security 2013 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: Panda Personal Firewall 2013 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.volkskrant.nl/
    uDefault_Page_URL = hxxp://acer.msn.com
    mWinlogon: Userinit = userinit.exe,
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll
    uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
    mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
    StartupFolder: C:\Users\Tineke\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tineke\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Tineke\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0} : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\25F434E496A6D6567656E6D275966496 : DHCPNameServer = 10.162.0.3
    TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\4427F6F6D6127416374756E6 : DHCPNameServer = 192.168.176.254
    TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\4514055402261627 : DHCPNameServer = 192.168.179.1
    TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\4586F6D637F6E6138323138383 : DHCPNameServer = 192.168.2.254
    TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\65F68787 : DHCPNameServer = 10.0.0.11
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SR Toolbar\Datamngr\x64\BrowserConnection.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [Power Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: avldr - avldr64.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\
    FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
    FF - prefs.js: browser.startup.homepage - hxxp://www.volkskrant.nl/
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
    FF - plugin: C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\extensions\2020Player_IKEA @2020Technologies.com\plugins\NP_2020Player_IKEA.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 18799b8b000000000000d6af786d6122
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15962
    FF - user.js: extensions.delta.vrsn - 1.8.24.6
    FF - user.js: extensions.delta.vrsni - 1.8.24.6
    FF - user.js: extensions.delta.vrsnTs - 1.8.24.622:39:45
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - nl
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=124186&tsp=5005
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-8-21 25960]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 50464]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-8-2 30368]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-8-3 142632]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-3 76912]
    R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;C:\Windows\System32\drivers\n64i1644.sys [2013-10-27 216648]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
    S0 pavboot;Panda boot driver;C:\Windows\System32\drivers\pavboot64.sys [2013-10-27 30792]
    S1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
    S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
    S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-11-1 212280]
    S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-8-3 22648]
    S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-8-3 20520]
    S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-8-3 62776]
    S1 ShldFlt;Panda File Shield Driver;C:\Windows\System32\drivers\ShldFlt.sys [2013-10-27 48136]
    S2 AmFSM;AmFSM;C:\Windows\System32\drivers\amm6460.sys [2013-10-27 71432]
    S2 APPFLT;App Filter Plugin;C:\Windows\System32\drivers\APPFLT64.SYS [2013-10-27 129096]
    S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-8-2 103584]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
    S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
    S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-13 249648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 ComFiltr;Panda Anti-Dialer;C:\Windows\System32\drivers\COMFiltr.sys [2013-10-27 15928]
    S2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-8-21 198784]
    S2 DSAFLT;DSA Filter Plugin;C:\Windows\System32\drivers\dsaflt64.sys [2013-10-27 82952]
    S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-3 353360]
    S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-8-21 799848]
    S2 FNETMON;NetMon Filter Plugin;C:\Windows\System32\drivers\fnetm64.sys [2013-10-27 31752]
    S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-3 13336]
    S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-3 1817088]
    S2 IDSFLT;Ids Filter Plugin;C:\Windows\System32\drivers\idsflt64.sys [2013-10-27 78920]
    S2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-3 255376]
    S2 MBAMScheduler;MBAMScheduler;C:\Users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-5-29 418376]
    S2 MBAMService;MBAMService;C:\Users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2014-5-29 701512]
    S2 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\System32\drivers\NETTDI64.SYS [2013-10-27 170504]
    S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-24 256832]
    S2 Panda Software Controller;Panda Software Controller;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrlS.exe [2013-10-27 177440]
    S2 PAVFNSVR;Panda Function Service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe [2013-10-27 202016]
    S2 PavPrSrv;Panda Process Protection Service;C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe [2013-10-27 62768]
    S2 PAVSRV;Panda On-Access Anti-Malware Service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe [2013-10-27 313664]
    S2 PskSvcRetail;Panda PSK service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\psksvc.exe [2013-10-27 28992]
    S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2011-8-3 260640]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-30 16120]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-3 2656280]
    S2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-11-20 919192]
    S2 vmware-view-usbd;VMware Horizon View USB;C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2012-12-3 2436096]
    S2 vToolbarUpdater18.1.0;vToolbarUpdater18.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [2014-5-5 1801240]
    S2 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\System32\drivers\wnmflt64.sys [2013-10-27 74760]
    S2 wsnm;VMware View Client;C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [2013-3-5 472656]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-8-2 36000]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-8-2 330912]
    S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-8-2 110240]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-8-2 167584]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-8-2 68256]
    S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-8-2 280992]
    S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-8-2 511136]
    S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-15 111616]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-3 317440]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-29 25928]
    S3 Prot6Flt;Prot6Flt;C:\Windows\System32\drivers\prot6flt.sys [2014-5-29 30720]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-8-3 333928]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-6 1255736]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128]
    S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .vbe: VBEFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
    FileExt: .vbs: VBSFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
    FileExt: .js: JSFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
    FileExt: .jse: JSEFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
    FileExt: .wsf: WSFFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2014-05-29 11:50:31 30720 ----a-w- C:\Windows\System32\drivers\prot6flt.sys
    2014-05-29 09:36:58 -------- d-----w- C:\Users\Tineke\AppData\Roaming\Malwarebytes
    2014-05-29 09:36:49 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-05-29 09:36:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-05-29 08:52:49 -------- d-----w- C:\Program Files\CCleaner
    2014-05-24 19:27:42 -------- d-----w- C:\Users\Tineke\AppData\Local\Skype
    2014-05-24 19:27:28 -------- d-----r- C:\Program Files (x86)\Skype
    2014-05-14 16:18:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-14 16:18:57 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-13 18:31:09 477184 ----a-w- C:\Windows\System32\aepdu.dll
    2014-05-13 18:31:09 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-05-10 09:38:29 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
    2014-05-06 20:31:13 -------- d-s---w- C:\Windows\System32\CompatTel
    2014-05-05 19:36:29 -------- d-----w- C:\ProgramData\AVG Secure Search
    2014-05-03 15:49:28 -------- d-----w- C:\Users\Tineke\AppData\Roaming\DropboxMaster
    .
    ==================== Find3M ====================
    .
    2014-05-13 19:27:16 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-05-13 19:27:15 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-05-05 19:35:38 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2014-04-15 00:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
    2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
    2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
    2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
    2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
    2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
    2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
    2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
    2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
    2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
    2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
    2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
    .
    ============= FINISH: 14:08:37,02 ===============


    GMER log:

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-05-29 14:20:16
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
    Running: 124dwhk5.exe; Driver: C:\Users\Tineke\AppData\Local\Temp\axtiykog.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076111465 2 bytes [11, 76]
    .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761114bb 2 bytes [11, 76]
    .text ... * 2

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5205eb8
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5205eb8 (not active ControlSet)

    ---- EOF - GMER 2.1 ----

  • #2
    Hoi 10-11 en Welkom op Nucia Security Forum,

    Je hebt twee actieve AV tools draaien: AVG en Panda.
    Verwijder AVG via start>configuratiescherm>software of programma's en onderdelen.
    (Dat is, als je voor Panda betaald hebt)

    Download avgremoverx64.exe naar het bureaublad.
    .
    • Start de computer op in de veilige modus (klik)
    • Dubbelklik op "avgremoverx64.exe" om de uninstall tool te starten.
    • Herstart de computer.

    .
    Plaats een verse DDS log.
    Last edited by Emphyrio; 29-05-14, 16:08.
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      AVG verwijderd, dit is de nieuwe ddslog:

      DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
      Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2
      Run by Tineke at 19:42:13 on 2014-05-29
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3948.3021 [GMT 2:00]
      .
      AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
      AV: Panda Internet Security 2013 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
      SP: Panda Internet Security 2013 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
      FW: Panda Personal Firewall 2013 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Windows\Explorer.EXE
      C:\Windows\system32\ctfmon.exe
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      C:\Windows\System32\svchost.exe -k secsvcs
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.volkskrant.nl/
      uDefault_Page_URL = hxxp://acer.msn.com
      mWinlogon: Userinit = userinit.exe,
      BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
      BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
      BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
      BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
      BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
      BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
      BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
      TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
      uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
      mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
      mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
      mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
      mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
      mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
      mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
      mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
      mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
      mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      mRunOnce: [Malwarebytes Anti-Malware] C:\Users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
      mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
      dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
      StartupFolder: C:\Users\Tineke\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tineke\AppData\Roaming\Dropbox\bin\Dropbox.exe
      StartupFolder: C:\Users\Tineke\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
      mPolicies-Explorer: NoActiveDesktop = dword:1
      mPolicies-Explorer: NoActiveDesktopChanges = dword:1
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableUIADesktopToggle = dword:0
      IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
      IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      TCP: NameServer = 192.168.2.1
      TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0} : DHCPNameServer = 192.168.2.1
      TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\25F434E496A6D6567656E6D275966496 : DHCPNameServer = 10.162.0.3
      TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\4427F6F6D6127416374756E6 : DHCPNameServer = 192.168.176.254
      TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\4514055402261627 : DHCPNameServer = 192.168.179.1
      TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\4586F6D637F6E6138323138383 : DHCPNameServer = 192.168.2.254
      TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\65F68787 : DHCPNameServer = 10.0.0.11
      Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      SSODL: WebCheck - <orphaned>
      SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
      LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth
      x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
      x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
      x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      x64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SR Toolbar\Datamngr\x64\BrowserConnection.dll
      x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
      x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
      x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
      x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
      x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
      x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
      x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
      x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
      x64-Run: [Power Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
      x64-RunOnce: [AvgRemover] C:\Users\Tineke\Desktop\avgremoverx64.exe /run_number=2 /ndis_nextstep=1
      x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
      x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
      x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
      x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
      x64-Notify: avldr - avldr64.dll
      x64-Notify: igfxcui - igfxdev.dll
      x64-SSODL: WebCheck - <orphaned>
      x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\
      FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
      FF - prefs.js: browser.startup.homepage - hxxp://www.volkskrant.nl/
      FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
      FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
      FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
      FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
      FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
      FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
      FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
      FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
      FF - plugin: C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\extensions\2020Player_IKEA @2020Technologies.com\plugins\NP_2020Player_IKEA.dll
      FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
      .
      ---- FIREFOX POLICIES ----
      FF - user.js: extensions.delta.tlbrSrchUrl -
      FF - user.js: extensions.delta.id - 18799b8b000000000000d6af786d6122
      FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
      FF - user.js: extensions.delta.instlDay - 15962
      FF - user.js: extensions.delta.vrsn - 1.8.24.6
      FF - user.js: extensions.delta.vrsni - 1.8.24.6
      FF - user.js: extensions.delta.vrsnTs - 1.8.24.622:39:45
      FF - user.js: extensions.delta.prtnrId - delta
      FF - user.js: extensions.delta.prdct - delta
      FF - user.js: extensions.delta.aflt - babsst
      FF - user.js: extensions.delta.smplGrp - none
      FF - user.js: extensions.delta.tlbrId - base
      FF - user.js: extensions.delta.instlRef - sst
      FF - user.js: extensions.delta.dfltLng - nl
      FF - user.js: extensions.delta.excTlbr - false
      FF - user.js: extensions.delta.ffxUnstlRst - true
      FF - user.js: extensions.delta.admin - false
      FF - user.js: extensions.delta_i.babTrack - affID=124186&tsp=5005
      FF - user.js: extensions.delta_i.babExt -
      FF - user.js: extensions.delta_i.srcExt - ss
      FF - user.js: extensions.delta.autoRvrt - false
      FF - user.js: extensions.delta.rvrt - false
      FF - user.js: extensions.delta.newTab - false
      .
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-8-21 25960]
      R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 50464]
      R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-8-2 30368]
      R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-8-3 142632]
      R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-3 76912]
      R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;C:\Windows\System32\drivers\n64i1644.sys [2013-10-27 216648]
      R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
      R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
      S0 pavboot;Panda boot driver;C:\Windows\System32\drivers\pavboot64.sys [2013-10-27 30792]
      S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-8-3 22648]
      S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-8-3 20520]
      S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-8-3 62776]
      S1 ShldFlt;Panda File Shield Driver;C:\Windows\System32\drivers\ShldFlt.sys [2013-10-27 48136]
      S2 AmFSM;AmFSM;C:\Windows\System32\drivers\amm6460.sys [2013-10-27 71432]
      S2 APPFLT;App Filter Plugin;C:\Windows\System32\drivers\APPFLT64.SYS [2013-10-27 129096]
      S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-8-2 103584]
      S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-13 249648]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
      S2 ComFiltr;Panda Anti-Dialer;C:\Windows\System32\drivers\COMFiltr.sys [2013-10-27 15928]
      S2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-8-21 198784]
      S2 DSAFLT;DSA Filter Plugin;C:\Windows\System32\drivers\dsaflt64.sys [2013-10-27 82952]
      S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-3 353360]
      S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-8-21 799848]
      S2 FNETMON;NetMon Filter Plugin;C:\Windows\System32\drivers\fnetm64.sys [2013-10-27 31752]
      S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]
      S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-3 13336]
      S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-3 1817088]
      S2 IDSFLT;Ids Filter Plugin;C:\Windows\System32\drivers\idsflt64.sys [2013-10-27 78920]
      S2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-3 255376]
      S2 MBAMScheduler;MBAMScheduler;C:\Users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-5-29 418376]
      S2 MBAMService;MBAMService;C:\Users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2014-5-29 701512]
      S2 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\System32\drivers\NETTDI64.SYS [2013-10-27 170504]
      S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
      S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-24 256832]
      S2 Panda Software Controller;Panda Software Controller;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrlS.exe [2013-10-27 177440]
      S2 PAVFNSVR;Panda Function Service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe [2013-10-27 202016]
      S2 PavPrSrv;Panda Process Protection Service;C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe [2013-10-27 62768]
      S2 PAVSRV;Panda On-Access Anti-Malware Service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe [2013-10-27 313664]
      S2 PskSvcRetail;Panda PSK service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\psksvc.exe [2013-10-27 28992]
      S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2011-8-3 260640]
      S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
      S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-30 16120]
      S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-3 2656280]
      S2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-11-20 919192]
      S2 vmware-view-usbd;VMware Horizon View USB;C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2012-12-3 2436096]
      S2 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\System32\drivers\wnmflt64.sys [2013-10-27 74760]
      S2 wsnm;VMware View Client;C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [2013-3-5 472656]
      S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-8-2 36000]
      S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
      S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-8-2 330912]
      S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-8-2 110240]
      S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-8-2 167584]
      S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-8-2 68256]
      S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-8-2 280992]
      S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-8-2 511136]
      S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
      S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-15 111616]
      S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-3 317440]
      S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-29 25928]
      S3 Prot6Flt;Prot6Flt;C:\Windows\System32\drivers\prot6flt.sys [2014-5-29 30720]
      S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-8-3 333928]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
      S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
      S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-6 1255736]
      S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128]
      S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
      S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
      .
      =============== File Associations ===============
      .
      FileExt: .vbe: VBEFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
      FileExt: .vbs: VBSFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
      FileExt: .js: JSFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
      FileExt: .jse: JSEFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
      FileExt: .wsf: WSFFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
      .
      =============== Created Last 30 ================
      .
      2014-05-29 11:50:31 30720 ----a-w- C:\Windows\System32\drivers\prot6flt.sys
      2014-05-29 09:36:58 -------- d-----w- C:\Users\Tineke\AppData\Roaming\Malwarebytes
      2014-05-29 09:36:49 -------- d-----w- C:\ProgramData\Malwarebytes
      2014-05-29 09:36:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2014-05-29 08:52:49 -------- d-----w- C:\Program Files\CCleaner
      2014-05-24 19:27:42 -------- d-----w- C:\Users\Tineke\AppData\Local\Skype
      2014-05-24 19:27:28 -------- d-----r- C:\Program Files (x86)\Skype
      2014-05-14 16:18:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      2014-05-14 16:18:57 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
      2014-05-13 18:31:09 477184 ----a-w- C:\Windows\System32\aepdu.dll
      2014-05-13 18:31:09 424448 ----a-w- C:\Windows\System32\aeinv.dll
      2014-05-10 09:38:29 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
      2014-05-06 20:31:13 -------- d-s---w- C:\Windows\System32\CompatTel
      2014-05-03 15:49:28 -------- d-----w- C:\Users\Tineke\AppData\Roaming\DropboxMaster
      .
      ==================== Find3M ====================
      .
      2014-05-13 19:27:16 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2014-05-13 19:27:15 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2014-05-05 19:35:38 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
      2014-04-15 00:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
      2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
      2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
      2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
      2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
      2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
      2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
      2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
      2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
      2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
      2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
      2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
      2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
      2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
      2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
      2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
      2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
      2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
      2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
      2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
      2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
      2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
      2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
      2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
      2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
      2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
      2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
      2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
      2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
      2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
      2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
      2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
      2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
      2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
      2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
      2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
      2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
      2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
      2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
      2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
      2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
      2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
      2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
      2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
      2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
      2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
      2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
      2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
      2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
      2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
      2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
      2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
      2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
      2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
      2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
      2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
      2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
      .
      ============= FINISH: 19:43:33,82 ===============

      Comment


      • #4
        Mooi zo.

        Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
        .
        • Log enkel in als beheerder met alle rechten.
        • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
        • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
        • Volg aandachtig de instructies die door mij worden gegeven.
        • Volg enkel het door mij gegeven advies op
        • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
        • Als je iets niet weet of verstaat, vraag het dan even aub.
        • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
        • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
        • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
        • De logs niet als bijlage, noch tussen codetags zetten aub.

        .
        Opmerking: Alle tools steeds uitvoeren als admin.
        De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

        Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



        Stap 1:

        Controle op slechte toolbars...

        Download AdwCleaner by Xplode naar je Bureaublad.
        • Sluit alle openstaande vensters
        • Start AdwCleaner
        • Klik op Scan
        • Klik op Clean
        • KLIK HIER voor een vergroting! 

        Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
        Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
        Post deze inhoud hier op het Forum.

        Enkel de log na de "clean" optie heb ik nodig.

        Vergeet niet om je "smileys" uit te schakelen.

        Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
        Deze word standaard door AdwCleaner terug gezet naar Google.com
        ___________________________________________________________

        Stap 2:

        Download Security Check op je bureaublad via hier of hier

        Start Security Check
        Volg de Instructies in het scherm
        Aan het eind verschijnt een log ( checkup.txt )
        Plaats de inhoud ervan in je volgende antwoord.


        In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
        .
        • AdwCleaner
        • DDS
        • checkup.txt

        .
        Deze logs NIET als bijlage of tussen codetags posten aub.
        (Desnoods in meerdere postingen.)

        Emphyrio
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Dit is de adwcleaner logfile.
          Let op bij het opstarten ik eerst per ongeluk naar de gewone modus; die ging weer op zwart, toen werd me nog wel even gevraagd of ik de avg remover wilde uitvoeren. toen heb ik NEE gezegd, in de veronderstelling dat dit al gebeurd was.

          Bij 'terugkomst' waren er 2 adwcleaner files, ik veronderstel 1 die aangemaakt is bij de gewone (en mislukte) opstart, een 1 bij de opstart in veilige modus. Ik stuur hier de eerste (dus na de gewone opstart).

          En: het filmpje over hoe smileys uit te zetten kan ik in deze modus niet zien, dus ik weet niet zeker of dat een probleem op gaat leveren. ik hoop het niet.

          Volgt dan hier de logfile, en na mijn volgende acties zullen ook die logfiles volgen.

          # AdwCleaner v3.211 - Rapport aangemaakt 29/05/2014 op 20:22:40
          # Laatste Update 26/05/2014 door Xplode
          # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
          # Gebruikersnaam : Tineke - TINEKESLAPTOP
          # Gestart vanuit : C:\Users\Tineke\Desktop\adwcleaner_3.211.exe
          # Optie : Scannen

          ***** [ Services ] *****


          ***** [ Bestanden / Mappen ] *****

          Bestand Gevonden : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
          Bestand Gevonden : C:\Users\Tineke\AppData\Local\Temp\Uninstall.exe
          Bestand Gevonden : C:\Users\Tineke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
          Bestand Gevonden : C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\invalidprefs.js
          Bestand Gevonden : C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\searchplugins\Search_Resul ts.xml
          Bestand Gevonden : C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\user.js
          Bestand Gevonden : C:\Users\Tineke\Desktop\jZip.lnk
          Map Gevonden : C:\Program Files (x86)\jZip
          Map Gevonden : C:\ProgramData\Babylon
          Map Gevonden : C:\ProgramData\BitGuard
          Map Gevonden : C:\ProgramData\DSearchLink
          Map Gevonden : C:\ProgramData\Tarma Installer
          Map Gevonden : C:\ProgramData\wincert
          Map Gevonden : C:\Users\Tineke\AppData\Local\jZip
          Map Gevonden : C:\Users\Tineke\AppData\Local\Software
          Map Gevonden : C:\Users\Tineke\AppData\LocalLow\Delta
          Map Gevonden : C:\Users\Tineke\AppData\LocalLow\jziptoolbargaw
          Map Gevonden : C:\Users\Tineke\AppData\Roaming\Babylon
          Map Gevonden : C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\jziptoolbargaw
          Map Gevonden : C:\Users\Tineke\AppData\Roaming\PerformerSoft

          ***** [ Snelkoppelingen ] *****


          ***** [ Register ] *****

          Sleutel Gevonden : HKCU\Software\APN DTX
          Sleutel Gevonden : HKCU\Software\AppDataLow\Software
          Sleutel Gevonden : HKCU\Software\BabSolution
          Sleutel Gevonden : HKCU\Software\Delta
          Sleutel Gevonden : HKCU\Software\filescout
          Sleutel Gevonden : HKCU\Software\IGearSettings
          Sleutel Gevonden : HKCU\Software\jZip
          Sleutel Gevonden : HKCU\Software\jziptoolbargaw
          Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
          Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
          Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
          Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
          Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
          Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
          Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
          Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
          Sleutel Gevonden : HKCU\Software\Softonic
          Sleutel Gevonden : [x64] HKCU\Software\APN DTX
          Sleutel Gevonden : [x64] HKCU\Software\BabSolution
          Sleutel Gevonden : [x64] HKCU\Software\Delta
          Sleutel Gevonden : [x64] HKCU\Software\filescout
          Sleutel Gevonden : [x64] HKCU\Software\IGearSettings
          Sleutel Gevonden : [x64] HKCU\Software\jZip
          Sleutel Gevonden : [x64] HKCU\Software\jziptoolbargaw
          Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
          Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
          Sleutel Gevonden : [x64] HKCU\Software\Softonic
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\*\shell\filescout
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\jZip.file
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\Prod.cap
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
          Sleutel Gevonden : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
          Sleutel Gevonden : HKLM\Software\DataMngr
          Sleutel Gevonden : HKLM\Software\Delta
          Sleutel Gevonden : HKLM\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi
          Sleutel Gevonden : HKLM\Software\jZip
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_google-gmail-gadget_RASAPI32
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_google-gmail-gadget_RASMANCS
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
          Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jziptoolbargaw
          Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
          Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
          Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
          Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
          Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
          Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
          Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
          Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
          Sleutel Gevonden : [x64] HKLM\SOFTWARE\DataMngr
          Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
          Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
          Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
          Sleutel Gevonden : [x64] HKLM\SOFTWARE\Tarma Installer
          Waarde Gevonden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

          ***** [ Browsers ] *****

          -\\ Internet Explorer v11.0.9600.17041


          -\\ Mozilla Firefox v29.0.1 (nl)

          [ Bestand : C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\prefs.js ]

          Regel gevonden : user_pref("extensions.delta.admin", false);
          Regel gevonden : user_pref("extensions.delta.aflt", "babsst");
          Regel gevonden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
          Regel gevonden : user_pref("extensions.delta.autoRvrt", "false");
          Regel gevonden : user_pref("extensions.delta.dfltLng", "nl");
          Regel gevonden : user_pref("extensions.delta.excTlbr", false);
          Regel gevonden : user_pref("extensions.delta.ffxUnstlRst", true);
          Regel gevonden : user_pref("extensions.delta.id", "18799b8b000000000000d6af786d6122");
          Regel gevonden : user_pref("extensions.delta.instlDay", "15962");
          Regel gevonden : user_pref("extensions.delta.instlRef", "sst");
          Regel gevonden : user_pref("extensions.delta.newTab", false);
          Regel gevonden : user_pref("extensions.delta.prdct", "delta");
          Regel gevonden : user_pref("extensions.delta.prtnrId", "delta");
          Regel gevonden : user_pref("extensions.delta.rvrt", "false");
          Regel gevonden : user_pref("extensions.delta.smplGrp", "none");
          Regel gevonden : user_pref("extensions.delta.tlbrId", "base");
          Regel gevonden : user_pref("extensions.delta.tlbrSrchUrl", "");
          Regel gevonden : user_pref("extensions.delta.vrsn", "1.8.24.6");
          Regel gevonden : user_pref("extensions.delta.vrsnTs", "1.8.24.622:39:45");
          Regel gevonden : user_pref("extensions.delta.vrsni", "1.8.24.6");
          Regel gevonden : user_pref("extensions.delta_i.babExt", "");
          Regel gevonden : user_pref("extensions.delta_i.babTrack", "affID=124186&tsp=5005");
          Regel gevonden : user_pref("extensions.delta_i.srcExt", "ss");

          *************************

          AdwCleaner[R0].txt - [10182 octets] - [29/05/2014 20:22:40]

          ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10243 octets] ##########

          Comment


          • #6
            Goed lezen, 10-11
            Oorspronkelijk geplaatst door Emphyrio Bekijk Berichten
            Enkel de log na de "clean" optie heb ik nodig.
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              Hi Emphyrio,
              De security check levert me geen logfile op.....
              En, ik realiseer me dat ik, bij mijn vorige actie met de adwcleaner, geen icoontjes heb zien verdwijnen. Ook hoefde ik de startpagina van firefox niet opnieuw in te stellen....

              Hierbij wel de dds file.

              DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
              Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2
              Run by Tineke at 20:51:55 on 2014-05-29
              Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3948.2974 [GMT 2:00]
              .
              AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
              AV: Panda Internet Security 2013 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
              SP: Panda Internet Security 2013 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
              SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
              FW: Panda Personal Firewall 2013 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
              .
              ============== Running Processes ===============
              .
              C:\Windows\system32\lsm.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch
              C:\Windows\system32\svchost.exe -k RPCSS
              C:\Windows\system32\svchost.exe -k NetworkService
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
              C:\Windows\system32\svchost.exe -k netsvcs
              C:\Windows\system32\svchost.exe -k LocalService
              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
              C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
              C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
              C:\Windows\Explorer.EXE
              C:\Windows\system32\ctfmon.exe
              C:\Program Files (x86)\Mozilla Firefox\firefox.exe
              C:\Windows\System32\svchost.exe -k secsvcs
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Windows\System32\cscript.exe
              .
              ============== Pseudo HJT Report ===============
              .
              uStart Page = hxxp://www.volkskrant.nl/
              uDefault_Page_URL = hxxp://acer.msn.com
              mWinlogon: Userinit = userinit.exe,
              BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
              BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
              BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
              BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
              BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
              BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
              BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
              TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
              uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
              uRunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt
              mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
              mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
              mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
              mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
              mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
              mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
              mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
              mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
              mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
              mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
              mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
              mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
              mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
              mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
              mRunOnce: [Malwarebytes Anti-Malware] C:\Users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
              mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
              dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
              StartupFolder: C:\Users\Tineke\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tineke\AppData\Roaming\Dropbox\bin\Dropbox.exe
              StartupFolder: C:\Users\Tineke\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
              StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
              StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
              StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
              mPolicies-Explorer: NoActiveDesktop = dword:1
              mPolicies-Explorer: NoActiveDesktopChanges = dword:1
              mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
              mPolicies-System: ConsentPromptBehaviorUser = dword:3
              mPolicies-System: EnableUIADesktopToggle = dword:0
              IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
              IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
              IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
              IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
              IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
              IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
              TCP: NameServer = 192.168.2.1
              TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0} : DHCPNameServer = 192.168.2.1
              TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\25F434E496A6D6567656E6D275966496 : DHCPNameServer = 10.162.0.3
              TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\4427F6F6D6127416374756E6 : DHCPNameServer = 192.168.176.254
              TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\4514055402261627 : DHCPNameServer = 192.168.179.1
              TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\4586F6D637F6E6138323138383 : DHCPNameServer = 192.168.2.254
              TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\65F68787 : DHCPNameServer = 10.0.0.11
              Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
              Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
              Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
              Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
              SSODL: WebCheck - <orphaned>
              SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
              LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth
              x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
              x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
              x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
              x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
              x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
              x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
              x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
              x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
              x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
              x64-Run: [Power Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
              x64-RunOnce: [AvgRemover] C:\Users\Tineke\Desktop\avgremoverx64.exe /run_number=2 /ndis_nextstep=1
              x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
              x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
              x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
              x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
              x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
              x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
              x64-Notify: avldr - avldr64.dll
              x64-Notify: igfxcui - igfxdev.dll
              x64-SSODL: WebCheck - <orphaned>
              x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
              .
              ================= FIREFOX ===================
              .
              FF - ProfilePath - C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\
              FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
              FF - prefs.js: browser.startup.homepage - hxxp://www.volkskrant.nl/
              FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
              FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
              FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
              FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
              FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
              FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
              FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
              FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
              FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
              FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
              FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
              FF - plugin: C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\extensions\2020Player_IKEA @2020Technologies.com\plugins\NP_2020Player_IKEA.dll
              FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
              .
              ============= SERVICES / DRIVERS ===============
              .
              R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-8-21 25960]
              R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 50464]
              R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-8-2 30368]
              R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-8-3 142632]
              R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-3 76912]
              R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;C:\Windows\System32\drivers\n64i1644.sys [2013-10-27 216648]
              R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
              R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
              S0 pavboot;Panda boot driver;C:\Windows\System32\drivers\pavboot64.sys [2013-10-27 30792]
              S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-8-3 22648]
              S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-8-3 20520]
              S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-8-3 62776]
              S1 ShldFlt;Panda File Shield Driver;C:\Windows\System32\drivers\ShldFlt.sys [2013-10-27 48136]
              S2 AmFSM;AmFSM;C:\Windows\System32\drivers\amm6460.sys [2013-10-27 71432]
              S2 APPFLT;App Filter Plugin;C:\Windows\System32\drivers\APPFLT64.SYS [2013-10-27 129096]
              S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-8-2 103584]
              S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-13 249648]
              S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
              S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
              S2 ComFiltr;Panda Anti-Dialer;C:\Windows\System32\drivers\COMFiltr.sys [2013-10-27 15928]
              S2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-8-21 198784]
              S2 DSAFLT;DSA Filter Plugin;C:\Windows\System32\drivers\dsaflt64.sys [2013-10-27 82952]
              S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-3 353360]
              S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-8-21 799848]
              S2 FNETMON;NetMon Filter Plugin;C:\Windows\System32\drivers\fnetm64.sys [2013-10-27 31752]
              S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]
              S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-3 13336]
              S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-3 1817088]
              S2 IDSFLT;Ids Filter Plugin;C:\Windows\System32\drivers\idsflt64.sys [2013-10-27 78920]
              S2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-3 255376]
              S2 MBAMScheduler;MBAMScheduler;C:\Users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-5-29 418376]
              S2 MBAMService;MBAMService;C:\Users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2014-5-29 701512]
              S2 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\System32\drivers\NETTDI64.SYS [2013-10-27 170504]
              S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
              S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-24 256832]
              S2 Panda Software Controller;Panda Software Controller;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrlS.exe [2013-10-27 177440]
              S2 PAVFNSVR;Panda Function Service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe [2013-10-27 202016]
              S2 PavPrSrv;Panda Process Protection Service;C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe [2013-10-27 62768]
              S2 PAVSRV;Panda On-Access Anti-Malware Service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe [2013-10-27 313664]
              S2 PskSvcRetail;Panda PSK service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\psksvc.exe [2013-10-27 28992]
              S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2011-8-3 260640]
              S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
              S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-30 16120]
              S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-3 2656280]
              S2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-11-20 919192]
              S2 vmware-view-usbd;VMware Horizon View USB;C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2012-12-3 2436096]
              S2 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\System32\drivers\wnmflt64.sys [2013-10-27 74760]
              S2 wsnm;VMware View Client;C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [2013-3-5 472656]
              S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-8-2 36000]
              S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
              S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-8-2 330912]
              S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-8-2 110240]
              S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-8-2 167584]
              S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-8-2 68256]
              S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-8-2 280992]
              S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-8-2 511136]
              S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
              S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
              S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-15 111616]
              S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-3 317440]
              S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-29 25928]
              S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-8-3 333928]
              S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
              S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
              S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
              S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-6 1255736]
              S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128]
              S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
              S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
              .
              =============== File Associations ===============
              .
              FileExt: .vbe: VBEFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
              FileExt: .vbs: VBSFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
              FileExt: .js: JSFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
              FileExt: .jse: JSEFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
              FileExt: .wsf: WSFFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
              .
              =============== Created Last 30 ================
              .
              2014-05-29 18:22:31 -------- d-----w- C:\AdwCleaner
              2014-05-29 09:36:58 -------- d-----w- C:\Users\Tineke\AppData\Roaming\Malwarebytes
              2014-05-29 09:36:49 -------- d-----w- C:\ProgramData\Malwarebytes
              2014-05-29 09:36:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
              2014-05-29 08:52:49 -------- d-----w- C:\Program Files\CCleaner
              2014-05-24 19:27:42 -------- d-----w- C:\Users\Tineke\AppData\Local\Skype
              2014-05-24 19:27:28 -------- d-----r- C:\Program Files (x86)\Skype
              2014-05-14 16:18:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
              2014-05-14 16:18:57 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
              2014-05-13 18:31:09 477184 ----a-w- C:\Windows\System32\aepdu.dll
              2014-05-13 18:31:09 424448 ----a-w- C:\Windows\System32\aeinv.dll
              2014-05-10 09:38:29 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
              2014-05-06 20:31:13 -------- d-s---w- C:\Windows\System32\CompatTel
              2014-05-03 15:49:28 -------- d-----w- C:\Users\Tineke\AppData\Roaming\DropboxMaster
              .
              ==================== Find3M ====================
              .
              2014-05-13 19:27:16 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
              2014-05-13 19:27:15 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
              2014-05-05 19:35:38 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
              2014-04-15 00:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
              2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
              2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
              2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
              2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
              2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
              2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
              2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
              2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
              2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
              2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
              2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
              2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
              2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
              2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
              2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
              2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
              2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
              2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
              2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
              2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
              2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
              2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
              2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
              2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
              2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
              2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
              2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
              2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
              2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
              2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
              2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
              2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
              2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
              2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
              2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
              2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
              2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
              2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
              2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
              2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
              2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
              2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
              2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
              2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
              2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
              2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
              2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
              2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
              2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
              2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
              2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
              2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
              2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
              2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
              2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
              2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
              2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
              .
              ============= FINISH: 20:53:13,95 ===============

              Comment


              • #8
                Mag ik de AdwCleaner log na de "Clean" actie aub?
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Hi,

                  Ik heb 2 mails achter elkaar gestuurd (een om 20:44 een om 20:46) in die van 20:44 zit de adwcleanfile. Tenminste, zo heb ik het bedoeld. Dat was volgens mij de log na de clean. Please correct me (again) if i'm wrong.
                  10-11

                  Comment


                  • #10
                    Oorspronkelijk geplaatst door 10-11 Bekijk Berichten
                    Hi,

                    Ik heb 2 mails achter elkaar gestuurd (een om 20:44 een om 20:46) in die van 20:44 zit de adwcleanfile. Tenminste, zo heb ik het bedoeld. Dat was volgens mij de log na de clean. Please correct me (again) if i'm wrong.
                    10-11
                    mag ik de AdwCleaner log zoals gevraagd aub? (laatste maal).
                    Die van 20:46 zoals je zegt, staat niet gepost.
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Hi, ik hoop echt dat ik het nu goed doe. Als niet: zou je me dan een concrete tip kunnen geven? Ik vind in de root txt bestandjes adwcleaner[S0] en adwcleaner[S1]. Ik stuur nu S1, S0 is veel groter, die stuurde ik al eerder.

                      Excuus als ik je niet begrijp, ik doe echt mijn best!


                      # AdwCleaner v3.211 - Rapport aangemaakt 29/05/2014 op 20:59:48
                      # Laatste Update 26/05/2014 door Xplode
                      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
                      # Gebruikersnaam : Tineke - TINEKESLAPTOP
                      # Gestart vanuit : C:\Users\Tineke\Desktop\adwcleaner_3.211.exe
                      # Optie : Verwijderen

                      ***** [ Services ] *****


                      ***** [ Bestanden / Mappen ] *****


                      ***** [ Snelkoppelingen ] *****


                      ***** [ Register ] *****


                      ***** [ Browsers ] *****

                      -\\ Internet Explorer v11.0.9600.17041


                      -\\ Mozilla Firefox v29.0.1 (nl)

                      [ Bestand : C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\prefs.js ]


                      *************************

                      AdwCleaner[R0].txt - [10416 octets] - [29/05/2014 20:22:40]
                      AdwCleaner[R1].txt - [942 octets] - [29/05/2014 20:58:58]
                      AdwCleaner[S0].txt - [10068 octets] - [29/05/2014 20:24:21]
                      AdwCleaner[S1].txt - [867 octets] - [29/05/2014 20:59:48]

                      ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [926 octets] ##########

                      Comment


                      • #12
                        Dit was de goede

                        Download of Update Ccleaner

                        Start CCleaner op.
                        • Run Ccleaner en klik in de linkse kolom op Opties
                        • Selecteer het tabblad Geavanceerd
                        • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                        • Selecteer het tabblad Instellingen
                        • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                        • Klik in de linkse kolom op Cleaner.
                        • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                        • Klik vervolgens in de linkse kolom op Register
                        • Klik op Scan naar problemen.
                        • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                        • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK



                        Download Combofix naar je bureaublad.
                        (Dus niet naar een download map of temp map)

                        Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                        Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

                        Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                        Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                        Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                        Als Combofix vraagt om een update, dan staat je dit toe.

                        Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                        Deze kan je vinden als C:\combofix.txt.

                        Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                        * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                        • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                        • Illegal operation attempted on a registry key that has been marked for deletion.
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Hallo emphyrio.

                          Hierbij de combofixlog, de dds komt in het bericht hierna.
                          groet en alvast weer bedankt,

                          10-11

                          ComboFix 14-05-29.01 - Tineke 30-05-2014 21:29:53.1.4 - x64 NETWORK
                          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3948.3124 [GMT 2:00]
                          Gestart vanuit: c:\users\Tineke\Desktop\ComboFix.exe
                          AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
                          AV: Panda Internet Security 2013 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
                          FW: Panda Personal Firewall 2013 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
                          SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
                          SP: Panda Internet Security 2013 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
                          SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                          * Nieuw herstelpunt werd aangemaakt
                          .
                          .
                          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
                          C:\programfiles
                          c:\programfiles\CuteWriter\converter.exe
                          c:\programfiles\CuteWriter\CuteWriter.exe
                          c:\windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
                          c:\windows\wininit.ini
                          .
                          .
                          (((((((((((((((((((( Bestanden Gemaakt van 2014-04-28 to 2014-05-30 ))))))))))))))))))))))))))))))
                          .
                          .
                          2014-05-30 19:34 . 2014-05-30 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
                          2014-05-30 19:12 . 2014-05-30 19:12 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33578E8C-9D7A-474D-82F1-1A4C3AADE13B}\offreg.dll
                          2014-05-29 18:22 . 2014-05-29 18:59 -------- d-----w- C:\AdwCleaner
                          2014-05-29 09:36 . 2014-05-29 09:36 -------- d-----w- c:\users\Tineke\AppData\Roaming\Malwarebytes
                          2014-05-29 09:36 . 2014-05-29 09:36 -------- d-----w- c:\programdata\Malwarebytes
                          2014-05-29 09:36 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
                          2014-05-29 08:52 . 2014-05-30 19:05 -------- d-----w- c:\program files\CCleaner
                          2014-05-24 19:27 . 2014-05-24 19:27 -------- d-----w- c:\users\Tineke\AppData\Local\Skype
                          2014-05-24 19:27 . 2014-05-24 19:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
                          2014-05-24 19:27 . 2014-05-24 19:27 -------- d-----r- c:\program files (x86)\Skype
                          2014-05-14 16:18 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
                          2014-05-14 16:18 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
                          2014-05-14 16:18 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
                          2014-05-14 16:18 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
                          2014-05-13 18:31 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
                          2014-05-13 18:31 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
                          2014-05-13 18:31 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
                          2014-05-06 20:31 . 2014-05-14 16:48 -------- d-s---w- c:\windows\system32\CompatTel
                          2014-05-03 15:49 . 2014-05-29 09:03 -------- d-----w- c:\users\Tineke\AppData\Roaming\DropboxMaster
                          .
                          .
                          .
                          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          2014-05-14 16:04 . 2012-06-05 17:07 93223848 ----a-w- c:\windows\system32\MRT.exe
                          2014-05-13 19:27 . 2012-04-17 14:18 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                          2014-05-13 19:27 . 2011-08-03 16:12 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                          2014-05-05 19:35 . 2012-08-30 19:43 50464 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
                          2014-04-15 00:34 . 2014-04-15 00:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
                          2014-03-06 09:31 . 2014-04-15 18:56 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
                          2014-03-06 08:59 . 2014-04-15 18:56 66048 ----a-w- c:\windows\system32\iesetup.dll
                          2014-03-06 08:57 . 2014-04-15 18:57 548352 ----a-w- c:\windows\system32\vbscript.dll
                          2014-03-06 08:57 . 2014-04-15 18:56 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
                          2014-03-06 08:53 . 2014-04-15 18:56 2767360 ----a-w- c:\windows\system32\iertutil.dll
                          2014-03-06 08:40 . 2014-04-15 18:56 51200 ----a-w- c:\windows\system32\jsproxy.dll
                          2014-03-06 08:39 . 2014-04-15 18:56 33792 ----a-w- c:\windows\system32\iernonce.dll
                          2014-03-06 08:32 . 2014-04-15 18:57 574976 ----a-w- c:\windows\system32\ieui.dll
                          2014-03-06 08:29 . 2014-04-15 18:56 139264 ----a-w- c:\windows\system32\ieUnatt.exe
                          2014-03-06 08:29 . 2014-04-15 18:56 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
                          2014-03-06 08:28 . 2014-04-15 18:56 752640 ----a-w- c:\windows\system32\jscript9diag.dll
                          2014-03-06 08:15 . 2014-04-15 18:56 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
                          2014-03-06 08:11 . 2014-04-15 18:56 5784064 ----a-w- c:\windows\system32\jscript9.dll
                          2014-03-06 08:09 . 2014-04-15 18:56 453120 ----a-w- c:\windows\system32\dxtmsft.dll
                          2014-03-06 08:03 . 2014-04-15 18:56 586240 ----a-w- c:\windows\system32\ie4uinit.exe
                          2014-03-06 08:02 . 2014-04-15 18:56 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
                          2014-03-06 08:02 . 2014-04-15 18:57 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
                          2014-03-06 08:01 . 2014-04-15 18:56 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
                          2014-03-06 07:56 . 2014-04-15 18:56 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
                          2014-03-06 07:48 . 2014-04-15 18:56 195584 ----a-w- c:\windows\system32\msrating.dll
                          2014-03-06 07:46 . 2014-04-15 18:56 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
                          2014-03-06 07:42 . 2014-04-15 18:56 296960 ----a-w- c:\windows\system32\dxtrans.dll
                          2014-03-06 07:38 . 2014-04-15 18:56 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
                          2014-03-06 07:36 . 2014-04-15 18:56 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
                          2014-03-06 07:21 . 2014-04-15 18:56 628736 ----a-w- c:\windows\system32\msfeeds.dll
                          2014-03-06 07:13 . 2014-04-15 18:56 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
                          2014-03-06 07:11 . 2014-04-15 18:56 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
                          2014-03-06 06:53 . 2014-04-15 18:56 13551104 ----a-w- c:\windows\system32\ieframe.dll
                          2014-03-06 06:40 . 2014-04-15 18:56 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
                          2014-03-06 06:22 . 2014-04-15 18:56 2260480 ----a-w- c:\windows\system32\wininet.dll
                          2014-03-06 05:58 . 2014-04-15 18:56 1400832 ----a-w- c:\windows\system32\urlmon.dll
                          2014-03-06 05:50 . 2014-04-15 18:56 846336 ----a-w- c:\windows\system32\ieapfltr.dll
                          2014-03-06 05:41 . 2014-04-15 18:56 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
                          2014-03-04 09:44 . 2014-04-09 19:31 243712 ----a-w- c:\windows\system32\wow64.dll
                          2014-03-04 09:44 . 2014-04-09 19:31 362496 ----a-w- c:\windows\system32\wow64win.dll
                          2014-03-04 09:44 . 2014-04-09 19:31 13312 ----a-w- c:\windows\system32\wow64cpu.dll
                          2014-03-04 09:44 . 2014-04-09 19:31 16384 ----a-w- c:\windows\system32\ntvdm64.dll
                          2014-03-04 09:44 . 2014-04-09 19:31 1163264 ----a-w- c:\windows\system32\kernel32.dll
                          2014-03-04 09:17 . 2014-04-09 19:31 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
                          2014-03-04 09:17 . 2014-04-09 19:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
                          2014-03-04 09:16 . 2014-04-09 19:31 25600 ----a-w- c:\windows\SysWow64\setup16.exe
                          2014-03-04 09:16 . 2014-04-09 19:31 5120 ----a-w- c:\windows\SysWow64\wow32.dll
                          2014-03-04 08:09 . 2014-04-09 19:31 7680 ----a-w- c:\windows\SysWow64\instnm.exe
                          2014-03-04 08:09 . 2014-04-09 19:31 2048 ----a-w- c:\windows\SysWow64\user.exe
                          .
                          .
                          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                          REGEDIT4
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
                          @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                          [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                          2013-09-10 23:54 131248 ----a-w- c:\users\Tineke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
                          @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                          [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                          2013-09-10 23:54 131248 ----a-w- c:\users\Tineke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
                          @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                          [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                          2013-09-10 23:54 131248 ----a-w- c:\users\Tineke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
                          .
                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                          "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
                          "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
                          "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
                          "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
                          "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
                          "Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
                          "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-10 177448]
                          "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
                          "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
                          "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
                          "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
                          "ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-11-12 73728]
                          "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
                          "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
                          "Malwarebytes Anti-Malware"="c:\users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
                          "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
                          .
                          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
                          "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
                          .
                          c:\users\Tineke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                          Dropbox.lnk - c:\users\Tineke\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
                          Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
                          .
                          c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                          Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-8-3 723560]
                          McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                          "ConsentPromptBehaviorAdmin"= 5 (0x5)
                          "ConsentPromptBehaviorUser"= 3 (0x3)
                          "EnableUIADesktopToggle"= 0 (0x0)
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                          "LoadAppInit_DLLs"=1 (0x1)
                          .
                          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
                          "aux"=wdmaud.drv
                          .
                          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
                          Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth
                          .
                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                          @=""
                          .
                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
                          @="Service"
                          .
                          R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys;c:\windows\SYSNATIVE\Drivers\pavboot64.sys [x]
                          R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ mwlPSDFilter.sys [x]
                          R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwl PSDNServ.sys [x]
                          R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwl PSDVDisk.sys [x]
                          R1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys;c:\windows\SYSNATIVE\DRIVERS\ShldFlt.sys [x]
                          R2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys;c:\windows\SYSNATIVE\DRIVERS\amm6460.sys [x]
                          R2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT64.SYS;c:\windows\SYSNATIVE\Drivers\APPFLT64.SYS [x]
                          R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
                          R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
                          R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                          R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys;c:\windows\SYSNATIVE\DRIVERS\COMFiltr.sys [x]
                          R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
                          R2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT64.SYS;c:\windows\SYSNATIVE\Drivers\DSAFLT64.SYS [x]
                          R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
                          R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
                          R2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetm64.SYS;c:\windows\SYSNATIVE\Drivers\fnetm64.SYS [x]
                          R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
                          R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
                          R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
                          R2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT64.SYS;c:\windows\SYSNATIVE\Drivers\IDSFLT64.SYS [x]
                          R2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
                          R2 MBAMScheduler;MBAMScheduler;c:\users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
                          R2 MBAMService;MBAMService;c:\users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe;c:\users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [x]
                          R2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETTDI64.SYS;c:\windows\SYSNATIVE\Drivers\NETTDI64.SYS [x]
                          R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
                          R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
                          R2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Internet Security 2013\PskSvc.exe;c:\program files (x86)\Panda Security\Panda Internet Security 2013\PskSvc.exe [x]
                          R2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
                          R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                          R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
                          R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
                          R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
                          R2 vmware-view-usbd;VMware Horizon View USB;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe;c:\program files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [x]
                          R2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT64.SYS;c:\windows\SYSNATIVE\Drivers\WNMFLT64.SYS [x]
                          R2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [x]
                          R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
                          R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
                          R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
                          R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
                          R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
                          R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
                          R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
                          R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
                          R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
                          R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
                          R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                          R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
                          R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
                          R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys;c:\windows\SYSNATIVE\PavTPK.sys [x]
                          R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]
                          R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
                          R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                          R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
                          R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
                          R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                          R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
                          R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]
                          R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
                          S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
                          S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
                          S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
                          S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
                          S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
                          S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\DRIVERS\n64i1644.sys;c:\windows\SYSNATIVE\DRIVERS\n64i1644.sys [x]
                          S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
                          S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
                          .
                          .
                          Inhoud van de 'Gedeelde Taken' map
                          .
                          2014-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
                          - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 19:27]
                          .
                          2014-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                          - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 12:31]
                          .
                          2014-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                          - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 12:31]
                          .
                          .
                          --------- X64 Entries -----------
                          .
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
                          @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                          [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                          2013-09-10 23:54 164016 ----a-w- c:\users\Tineke\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
                          @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                          [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                          2013-09-10 23:54 164016 ----a-w- c:\users\Tineke\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
                          @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                          [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                          2013-09-10 23:54 164016 ----a-w- c:\users\Tineke\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
                          @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                          [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                          2013-09-10 23:54 164016 ----a-w- c:\users\Tineke\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960]
                          "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 392216]
                          "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 415768]
                          "IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
                          "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-08-02 961184]
                          "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-08-02 798880]
                          "Power Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2011-03-28 499304]
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
                          "AvgRemover"="c:\users\Tineke\Desktop\avgremoverx64.exe" [2014-05-29 1316632]
                          .
                          ------- Bijkomende Scan -------
                          .
                          uStart Page = hxxp://www.volkskrant.nl/
                          uLocal Page = c:\windows\system32\blank.htm
                          mLocal Page = c:\windows\SysWOW64\blank.htm
                          IE: &Verzenden naar OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
                          IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
                          TCP: DhcpNameServer = 192.168.2.1
                          FF - ProfilePath - c:\users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\
                          FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
                          FF - prefs.js: browser.startup.homepage - hxxp://www.volkskrant.nl/
                          .
                          .
                          ------- Bestandsassociaties -------
                          .
                          JSEFile=c:\progra~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
                          .
                          - - - - ORPHANS VERWIJDERD - - - -
                          .
                          Toolbar-Locked - (no file)
                          Toolbar-10 - (no file)
                          HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
                          Toolbar-Locked - (no file)
                          Toolbar-10 - (no file)
                          HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
                          .
                          .
                          .
                          --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                          @Denied: (A 2) (Everyone)
                          @="FlashBroker"
                          "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                          "Enabled"=dword:00000001
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                          @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                          @Denied: (A 2) (Everyone)
                          @="IFlashBroker5"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                          @="{00020424-0000-0000-C000-000000000046}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          "Version"="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                          @Denied: (A 2) (Everyone)
                          @="FlashBroker"
                          "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                          "Enabled"=dword:00000001
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                          @Denied: (A 2) (Everyone)
                          @="Shockwave Flash Object"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
                          "ThreadingModel"="Apartment"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                          @="0"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                          @="ShockwaveFlash.ShockwaveFlash.13"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                          @="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                          @="ShockwaveFlash.ShockwaveFlash"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                          @Denied: (A 2) (Everyone)
                          @="Macromedia Flash Factory Object"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
                          "ThreadingModel"="Apartment"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                          @="FlashFactory.FlashFactory.1"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                          @="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                          @="FlashFactory.FlashFactory"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                          @Denied: (A 2) (Everyone)
                          @="IFlashBroker5"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                          @="{00020424-0000-0000-C000-000000000046}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          "Version"="1.0"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
                          "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                          00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
                          @Denied: (A) (Everyone)
                          "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
                          @Denied: (A) (Everyone)
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
                          "Key"="ActionsPane3"
                          "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
                          "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                          00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
                          .
                          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
                          @Denied: (Full) (Everyone)
                          .
                          Voltooingstijd: 2014-05-30 21:37:20
                          ComboFix-quarantined-files.txt 2014-05-30 19:37
                          .
                          Pre-Run: 501.147.574.272 bytes beschikbaar
                          Post-Run: 500.741.763.072 bytes beschikbaar
                          .
                          - - End Of File - - ED1B38E3EC9A9770FC1244C2F3604F43

                          Comment


                          • #14
                            ...en de DDS:

                            DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
                            Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2
                            Run by Tineke at 21:40:56 on 2014-05-30
                            Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3948.2662 [GMT 2:00]
                            .
                            AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
                            AV: Panda Internet Security 2013 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
                            SP: Panda Internet Security 2013 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
                            SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                            SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
                            FW: Panda Personal Firewall 2013 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
                            .
                            ============== Running Processes ===============
                            .
                            C:\Windows\system32\lsm.exe
                            C:\Windows\system32\svchost.exe -k DcomLaunch
                            C:\Windows\system32\svchost.exe -k RPCSS
                            C:\Windows\system32\svchost.exe -k NetworkService
                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                            C:\Windows\system32\svchost.exe -k netsvcs
                            C:\Windows\system32\svchost.exe -k LocalService
                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
                            C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                            C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                            C:\Windows\system32\ctfmon.exe
                            C:\Windows\System32\svchost.exe -k secsvcs
                            C:\Windows\system32\notepad.exe
                            C:\Windows\explorer.exe
                            C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                            C:\Windows\system32\wbem\wmiprvse.exe
                            C:\Windows\System32\cscript.exe
                            .
                            ============== Pseudo HJT Report ===============
                            .
                            uStart Page = hxxp://www.volkskrant.nl/
                            BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
                            BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
                            BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                            BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
                            BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
                            BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
                            BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                            TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
                            uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
                            mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
                            mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
                            mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
                            mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
                            mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
                            mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
                            mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
                            mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
                            mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                            mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                            mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                            mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
                            mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
                            mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                            mRunOnce: [Malwarebytes Anti-Malware] C:\Users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
                            mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
                            dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
                            StartupFolder: C:\Users\Tineke\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tineke\AppData\Roaming\Dropbox\bin\Dropbox.exe
                            StartupFolder: C:\Users\Tineke\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
                            StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
                            StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
                            uPolicies-Explorer: NoDrives = dword:0
                            mPolicies-Explorer: NoDrives = dword:0
                            mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                            mPolicies-System: ConsentPromptBehaviorUser = dword:3
                            mPolicies-System: EnableUIADesktopToggle = dword:0
                            IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
                            IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
                            IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                            IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
                            IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
                            IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                            TCP: NameServer = 192.168.2.1
                            TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0} : DHCPNameServer = 192.168.2.1
                            TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\25F434E496A6D6567656E6D275966496 : DHCPNameServer = 10.162.0.3
                            TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\4427F6F6D6127416374756E6 : DHCPNameServer = 192.168.176.254
                            TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\4514055402261627 : DHCPNameServer = 192.168.179.1
                            TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\4586F6D637F6E6138323138383 : DHCPNameServer = 192.168.2.254
                            TCP: Interfaces\{45206D32-09B7-4751-B011-86684DEB91F0}\65F68787 : DHCPNameServer = 10.0.0.11
                            Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                            Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
                            Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                            Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                            SSODL: WebCheck - <orphaned>
                            SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
                            LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth
                            x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
                            x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
                            x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
                            x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
                            x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
                            x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
                            x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
                            x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
                            x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
                            x64-Run: [Power Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
                            x64-RunOnce: [AvgRemover] C:\Users\Tineke\Desktop\avgremoverx64.exe /run_number=2 /ndis_nextstep=1
                            x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
                            x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                            x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                            x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
                            x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                            x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                            x64-Notify: avldr - avldr64.dll
                            x64-Notify: igfxcui - igfxdev.dll
                            x64-SSODL: WebCheck - <orphaned>
                            x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
                            .
                            ================= FIREFOX ===================
                            .
                            FF - ProfilePath - C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\
                            FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
                            FF - prefs.js: browser.startup.homepage - hxxp://www.volkskrant.nl/
                            FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
                            FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
                            FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
                            FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
                            FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
                            FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
                            FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
                            FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
                            FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
                            FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
                            FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
                            FF - plugin: C:\Users\Tineke\AppData\Roaming\Mozilla\Firefox\Profiles\xjvi39rk.default\extensions\2020Player_IKEA @2020Technologies.com\plugins\NP_2020Player_IKEA.dll
                            FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
                            .
                            ============= SERVICES / DRIVERS ===============
                            .
                            R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-8-21 25960]
                            R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 50464]
                            R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-8-2 30368]
                            R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-8-3 142632]
                            R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-3 76912]
                            R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;C:\Windows\System32\drivers\n64i1644.sys [2013-10-27 216648]
                            R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
                            R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
                            S0 pavboot;Panda boot driver;C:\Windows\System32\drivers\pavboot64.sys [2013-10-27 30792]
                            S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-8-3 22648]
                            S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-8-3 20520]
                            S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-8-3 62776]
                            S1 ShldFlt;Panda File Shield Driver;C:\Windows\System32\drivers\ShldFlt.sys [2013-10-27 48136]
                            S2 AmFSM;AmFSM;C:\Windows\System32\drivers\amm6460.sys [2013-10-27 71432]
                            S2 APPFLT;App Filter Plugin;C:\Windows\System32\drivers\APPFLT64.SYS [2013-10-27 129096]
                            S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-8-2 103584]
                            S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-13 249648]
                            S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                            S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                            S2 ComFiltr;Panda Anti-Dialer;C:\Windows\System32\drivers\COMFiltr.sys [2013-10-27 15928]
                            S2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-8-21 198784]
                            S2 DSAFLT;DSA Filter Plugin;C:\Windows\System32\drivers\dsaflt64.sys [2013-10-27 82952]
                            S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-3 353360]
                            S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-8-21 799848]
                            S2 FNETMON;NetMon Filter Plugin;C:\Windows\System32\drivers\fnetm64.sys [2013-10-27 31752]
                            S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]
                            S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-3 13336]
                            S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-3 1817088]
                            S2 IDSFLT;Ids Filter Plugin;C:\Windows\System32\drivers\idsflt64.sys [2013-10-27 78920]
                            S2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-3 255376]
                            S2 MBAMScheduler;MBAMScheduler;C:\Users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-5-29 418376]
                            S2 MBAMService;MBAMService;C:\Users\Tineke\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2014-5-29 701512]
                            S2 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\System32\drivers\NETTDI64.SYS [2013-10-27 170504]
                            S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
                            S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-24 256832]
                            S2 Panda Software Controller;Panda Software Controller;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PsCtrlS.exe [2013-10-27 177440]
                            S2 PAVFNSVR;Panda Function Service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\PavFnSvr.exe [2013-10-27 202016]
                            S2 PavPrSrv;Panda Process Protection Service;C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe [2013-10-27 62768]
                            S2 PAVSRV;Panda On-Access Anti-Malware Service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\pavsrvx86.exe [2013-10-27 313664]
                            S2 PskSvcRetail;Panda PSK service;C:\Program Files (x86)\Panda Security\Panda Internet Security 2013\psksvc.exe [2013-10-27 28992]
                            S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2011-8-3 260640]
                            S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
                            S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-30 16120]
                            S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-3 2656280]
                            S2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-11-20 919192]
                            S2 vmware-view-usbd;VMware Horizon View USB;C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2012-12-3 2436096]
                            S2 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\System32\drivers\wnmflt64.sys [2013-10-27 74760]
                            S2 wsnm;VMware View Client;C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [2013-3-5 472656]
                            S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-8-2 36000]
                            S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
                            S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-8-2 330912]
                            S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-8-2 110240]
                            S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-8-2 167584]
                            S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-8-2 68256]
                            S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-8-2 280992]
                            S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-8-2 511136]
                            S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
                            S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
                            S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-15 111616]
                            S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-3 317440]
                            S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-29 25928]
                            S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-8-3 333928]
                            S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
                            S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
                            S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
                            S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-6 1255736]
                            S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128]
                            S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
                            S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
                            .
                            =============== File Associations ===============
                            .
                            FileExt: .jse: JSEFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
                            FileExt: .wsf: WSFFile=C:\PROGRA~2\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
                            .
                            =============== Created Last 30 ================
                            .
                            2014-05-30 19:37:24 -------- d-sh--w- C:\$RECYCLE.BIN
                            2014-05-30 19:27:53 98816 ----a-w- C:\Windows\sed.exe
                            2014-05-30 19:27:53 256000 ----a-w- C:\Windows\PEV.exe
                            2014-05-30 19:27:53 208896 ----a-w- C:\Windows\MBR.exe
                            2014-05-30 19:12:31 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{33578E8C-9D7A-474D-82F1-1A4C3AADE13B}\offreg.dll
                            2014-05-29 18:22:31 -------- d-----w- C:\AdwCleaner
                            2014-05-29 09:36:58 -------- d-----w- C:\Users\Tineke\AppData\Roaming\Malwarebytes
                            2014-05-29 09:36:49 -------- d-----w- C:\ProgramData\Malwarebytes
                            2014-05-29 09:36:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
                            2014-05-29 08:52:49 -------- d-----w- C:\Program Files\CCleaner
                            2014-05-24 19:27:42 -------- d-----w- C:\Users\Tineke\AppData\Local\Skype
                            2014-05-24 19:27:28 -------- d-----r- C:\Program Files (x86)\Skype
                            2014-05-14 16:18:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                            2014-05-14 16:18:57 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                            2014-05-13 18:31:09 477184 ----a-w- C:\Windows\System32\aepdu.dll
                            2014-05-13 18:31:09 424448 ----a-w- C:\Windows\System32\aeinv.dll
                            2014-05-10 09:38:29 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
                            2014-05-06 20:31:13 -------- d-s---w- C:\Windows\System32\CompatTel
                            2014-05-03 15:49:28 -------- d-----w- C:\Users\Tineke\AppData\Roaming\DropboxMaster
                            .
                            ==================== Find3M ====================
                            .
                            2014-05-13 19:27:16 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                            2014-05-13 19:27:15 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                            2014-05-05 19:35:38 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
                            2014-04-15 00:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
                            2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
                            2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
                            2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
                            2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
                            2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
                            2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
                            2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
                            2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
                            2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
                            2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                            2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
                            2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
                            2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                            2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                            2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                            2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
                            2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
                            2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
                            2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                            2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
                            2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                            2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
                            2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
                            2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                            2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                            2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
                            2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
                            2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                            2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
                            2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
                            2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
                            2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
                            2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
                            2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
                            2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
                            2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
                            2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
                            2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
                            2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
                            2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
                            2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
                            2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
                            2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
                            2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
                            2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
                            2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
                            2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
                            2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
                            2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
                            2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
                            2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
                            2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
                            2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
                            2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
                            2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
                            2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
                            2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
                            .
                            ============= FINISH: 21:41:02,99 ===============

                            Comment


                            • #15
                              Schakel je beveiligingssoftware uit.

                              Note: Dit script is speciaal bedoeld voor deze PC,
                              gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.


                              Open een kladblokbestand.
                              Kopieer het onderstaande en plak dit in het kladblokbestand.
                              Sla het kladblokbestand op als CFScript.txt
                              Code:
                              KillAll::
                              ClearJavaCache::
                              SecCenter::
                              AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
                              SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
                              Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe



                              ComboFix zal opnieuw starten.
                              Als Combofix vraagt om een update, dan staat je dit toe.

                              Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

                              Maak een nieuwe DDS log en post deze ook.
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X