Mededeling

Collapse
No announcement yet.

veel advertising.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • veel advertising.

    Beste,

    ik heb veel last van advertising in mijn browsers.
    heb het al eens weg gekregen maar blijft terugkomen;
    graag wat hulp.

    heb ook alles opgevolgd, defogger is uitgevoerd en hieronder de nodige logs.

    dank bij voorbaat,

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 21/06/2014
    Scantijd: 22:10:00
    Logbestand: log.txt
    Beheerder: Ja

    Versie: 2.00.2.1012
    Malwaredatabase: v2014.06.21.09
    Rootkitdatabase: v2014.06.20.01
    Licentie: Gratis
    Malwarebescherming: Uitgeschakeld
    Kwaadaardige Website Bescherming: Uitgeschakeld
    Self-protection: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: crasherke

    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten Gescand: 317879
    Verstreken Tijd: 14 m, 38 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Heuristics: Ingeschakeld
    POP: Waarschuwen
    POA: Ingeschakeld

    Processen: 2
    PUP.Optional.NetworkUpdate.A, C:\Windows\SysWOW64\nethtsrv.exe, 3140, Verwijder-bij-Herstart, [db425625c5b67cba5f1bb7efbe44df21]
    PUP.Optional.NetworkUpdate.A, C:\Windows\SysWOW64\netupdsrv.exe, 3620, Verwijder-bij-Herstart, [da430e6d77042313bfbcb8ee639f619f]

    Modules: 0
    (No malicious items detected)

    Registersleutels: 5
    PUP.Optional.NetworkUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\nethfdrv, In Quarantaine, [64b9d4a79edd59ddd7a212945ba7cc34],
    PUP.Optional.NetworkUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetHttpService, In Quarantaine, [db425625c5b67cba5f1bb7efbe44df21],
    PUP.Optional.NetworkUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ServiceUpdater, In Quarantaine, [da430e6d77042313bfbcb8ee639f619f],
    PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MediaBuzzV1mode7828, In Quarantaine, [938ab6c5aad18babb99e74419969dc24],
    PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\WOW6432NODE\RichMediaViewV1release1457, In Quarantaine, [d74691ea7506a591ec0c2589d52dd927],

    Registerwaardes: 4
    PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode7828\ff, In Quarantaine, [8f8eef8c502bc37368f0f9bca0621fe1]
    PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release1457\ff, In Quarantaine, [40ddc1baef8ca88e5b9c2a84788a52ae]
    PUP.Optional.NetworkUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETHTTPSERVICE|ImagePath, C:\Windows\SysWOW64\nethtsrv.exe, In Quarantaine, [42dbf88347343df9d87bf7088f7412ee]
    PUP.Optional.NetworkUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICEUPDATER|ImagePath, C:\Windows\SysWOW64\netupdsrv.exe, In Quarantaine, [9e7feb907b00fd39d480f7082dd6f50b]

    Registerdata: 0
    (No malicious items detected)

    Mappen: 1
    PUP.Optional.MultiPlug.A, C:\Users\crasher\AppData\Roaming\YouSendIt, In Quarantaine, [38e5502b5b20c96d82ce6636eb17d62a],

    Bestanden: 5
    PUP.Optional.NetworkUpdate.A, C:\Windows\System32\drivers\nethfdrv.sys, In Quarantaine, [64b9d4a79edd59ddd7a212945ba7cc34],
    PUP.Optional.NetworkUpdate.A, C:\Windows\SysWOW64\nethtsrv.exe, Verwijder-bij-Herstart, [db425625c5b67cba5f1bb7efbe44df21],
    PUP.Optional.NetworkUpdate.A, C:\Windows\SysWOW64\netupdsrv.exe, Verwijder-bij-Herstart, [da430e6d77042313bfbcb8ee639f619f],
    PUP.Optional.MultiPlug.A, C:\Users\crasher\AppData\Roaming\YouSendIt\YsiDesktop.log, In Quarantaine, [38e5502b5b20c96d82ce6636eb17d62a],
    PUP.Optional.MultiPlug.A, C:\Users\crasher\AppData\Roaming\YouSendIt\YsiMigration.log, In Quarantaine, [38e5502b5b20c96d82ce6636eb17d62a],

    Fysieke Sectoren: 0
    (No malicious items detected)


    (end)


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16555 BrowserJavaVersion: 10.60.2
    Run by crasherke at 22:38:08 on 2014-06-21
    Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3959.1516 [GMT 2:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Panasonic\PNotif\PNotif.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\VPDAgent_x64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Panasonic\qbmgr\qbmgrsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Panasonic\DBoard\DBoardSV.exe
    C:\Windows\system32\DptfParticipantProcessorService.exe
    C:\Windows\system32\DptfPolicyCriticalService.exe
    C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files (x86)\DOS2USB\elSVC.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
    C:\Program Files (x86)\Panasonic\System Interface Manager\HKeyApp.exe
    C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\Program Files (x86)\Panasonic\pcinfo\PCInfoPi.exe
    C:\Program Files (x86)\Panasonic\pcinfo\PCInfoSV.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Panasonic\Selsussv\selsussv.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Windows Server\Bin\WhsMcClient.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
    C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
    C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
    C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
    C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
    C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Panasonic\PPlanEx\PPlanEx.exe
    C:\Program Files\Panasonic\WSwitch\WSwitch.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Wireless WAN Manager\WirelessManager.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Panasonic\DBoard\DBLaunch.exe
    C:\Users\crasher\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Panasonic\System Interface Manager\hkeyapp.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AirPort\APAgent.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    uRun: [WirelessManager] C:\Program Files (x86)\Wireless WAN Manager\WirelessManager.exe
    uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    uRun: [KasperskyPasswordManager] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
    mRun: [BRecal] "C:\Program Files (x86)\Panasonic\BRECAL\BRecal.exe" /logcheck
    mRun: [PCinfo] C:\Program Files (x86)\Panasonic\pcinfo\PcInfoUt.exe
    mRun: [System Interface Manager] C:\Program Files (x86)\Panasonic\System Interface Manager\HKEYAPP.EXE
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [QBMGR_StartUp] C:\Program Files (x86)\Panasonic\qbmgr\qbmgrud.exe
    mRun: [RemoteControl10] "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\crasher\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\crasher\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DASHBO~1.LNK - C:\Program Files\Panasonic\DBoard\DBLaunch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect.telenet.be/dana-cached/sc/JuniperSetupClient.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
    TCP: NameServer = 195.130.130.2 195.130.131.2
    TCP: Interfaces\{57EA1CC2-4378-4179-9FA6-43B585A76A3E} : NameServer = 10.0.46.10 10.0.46.12
    TCP: Interfaces\{AD1448F3-69AD-4213-BCCF-676D7B4C0BB3} : DHCPNameServer = 10.0.46.10 10.0.46.12
    TCP: Interfaces\{B14EA6FE-FE13-43DB-84BF-981D18CB90B7} : DHCPNameServer = 195.130.130.4 195.130.131.4
    TCP: Interfaces\{B14EA6FE-FE13-43DB-84BF-981D18CB90B7}\4756C656E65647D21303931314 : DHCPNameServer = 195.130.130.2 195.130.131.2
    TCP: Interfaces\{B14EA6FE-FE13-43DB-84BF-981D18CB90B7}\4756C656E65647D22464244443 : DHCPNameServer = 195.130.131.132 195.130.130.4
    TCP: Interfaces\{B14EA6FE-FE13-43DB-84BF-981D18CB90B7}\4756C656E65647D23403646364 : DHCPNameServer = 195.130.130.132 195.130.131.132
    TCP: Interfaces\{B14EA6FE-FE13-43DB-84BF-981D18CB90B7}\4756C656E65647D24433532463 : DHCPNameServer = 195.130.130.2 195.130.131.2
    TCP: Interfaces\{D1FF9151-24AA-4B70-978E-7DD747464A46} : DHCPNameServer = 195.130.130.2 195.130.131.2
    TCP: Interfaces\{D1FF9151-24AA-4B70-978E-7DD747464A46}\3427143784D2537484A5 : DHCPNameServer = 195.130.130.2 195.130.131.2
    TCP: Interfaces\{EC8416DA-9CA2-42A5-B5C6-2DBC97DE3BD7} : DHCPNameServer = 195.130.130.2 195.130.131.2
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    SSODL: WebCheck - <orphaned>
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [PPlanEx] C:\Program Files\Panasonic\PPlanEx\PPlanEx.exe
    x64-Run: [WSwitch] C:\Program Files\Panasonic\WSwitch\WSwitch.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [PRunOnce] C:\Program Files (x86)\Panasonic\PRunOnce\PRunOnce.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-Run: [Launchpad] C:\Program Files (x86)\Windows Server\Bin\Launchpad.exe -autostart
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\
    FF - plugin: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager\npKPMAutofill.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMioCyclo100PlugIn.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMioPlugIn.dll
    FF - plugin: C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
    FF - plugin: C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\extensions\[email protected] logmein.com\plugins\npRACtrl.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
    FF - ExtSQL: !HIDDEN! 2013-05-26 20:05; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-14 19224]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-31 55856]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
    R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2014-5-27 168960]
    R2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2012-11-2 80504]
    R2 DBoardSV;Dashboard for Panasonic PC Service;C:\Program Files\Panasonic\DBoard\DBoardSV.exe [2012-8-31 21104]
    R2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2012-6-14 22016]
    R2 DptfPolicyCriticalService;Intel(R) Dynamic Platform & Thermal Framework Critical Service Application;C:\Windows\System32\DptfPolicyCriticalService.exe [2012-6-14 22016]
    R2 elAPIsvc;elAPI - Service Server;C:\Program Files (x86)\DOS2USB\elsvc.exe [2013-10-22 45056]
    R2 HealthAlertsSvc;Windows Server Health Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2012-6-15 27648]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-14 161560]
    R2 LANConfig;Windows Server LAN Configuration;C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [2011-3-2 27520]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 376144]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 16056]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-10-5 72216]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 133928]
    R2 NotificationsProviderSvc;Windows Server Notifications Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
    R2 PcInfoPi;Panasonic PC Information Viewer Service 2;C:\Program Files (x86)\Panasonic\pcinfo\PcInfoPi.exe [2012-6-14 46912]
    R2 PcInfoSV;Panasonic PC Information Viewer;C:\Program Files (x86)\Panasonic\pcinfo\PCInfoSV.exe [2012-6-14 255600]
    R2 providers_system;Windows Server Download Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
    R2 QBMGRSV;Quick Boot Manager Service;C:\Program Files (x86)\Panasonic\qbmgr\qbmgrsv.exe [2012-8-31 174704]
    R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-8-31 100352]
    R2 SELSUSSV;USB Selective Suspend Manager;C:\Program Files (x86)\Panasonic\Selsussv\selsussv.exe [2012-6-14 115080]
    R2 ServiceProviderRegistry;Windows Server Service Provider Registry;C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2012-11-2 41568]
    R2 SqmProviderSvc;Windows Server SQM Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
    R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2011-4-8 315760]
    R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-4-11 5036352]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-7-2 93072]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-14 363800]
    R2 WhsMcClient;Windows Server Media Center Client Service;C:\Program Files\Windows Server\Bin\WhsMcClient.exe [2012-11-2 112224]
    R2 WinisoCDBus;WinISO Virtual CD Drive;C:\Windows\System32\drivers\WinisoCDBus.sys [2012-10-6 204032]
    R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [?]
    R2 WSConnectorUpdate;Windows Server Connector Update;C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe [2011-3-2 228736]
    R2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-28 2669840]
    R3 BackupReader;BackupReader;C:\Windows\System32\drivers\BackupReader.sys [2011-3-2 63872]
    R3 DptfDevDram;DptfDevDram;C:\Windows\System32\drivers\DptfDevDram.sys [2012-6-14 107288]
    R3 DptfDevFan;DptfDevFan;C:\Windows\System32\drivers\DptfDevFan.sys [2012-6-14 42776]
    R3 DptfDevPch;DptfDevPch;C:\Windows\System32\drivers\DptfDevPch.sys [2012-6-14 96024]
    R3 DptfDevProc;DptfDevProc;C:\Windows\System32\drivers\DptfDevProc.sys [2012-6-14 220952]
    R3 DptfManager;DptfManager;C:\Windows\System32\drivers\DptfManager.sys [2012-6-14 358168]
    R3 e36wgps; Mobile Broadband GPS Port;C:\Windows\System32\drivers\e36wgps64.sys [2012-8-31 102440]
    R3 ecnssndis; Mobile Broadband Driver;C:\Windows\System32\drivers\wwuss64.sys [2012-8-31 26664]
    R3 ecnssndisfltr; Mobile Broadband Driver Filter;C:\Windows\System32\drivers\wwussf64.sys [2012-8-31 29736]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-14 331264]
    R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-14 356632]
    R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-14 789272]
    R3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);C:\Windows\System32\drivers\Mbm3CBus.sys [2012-8-31 419400]
    R3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);C:\Windows\System32\drivers\Mbm3DevMt.sys [2012-8-31 430664]
    R3 Mbm3mdfl; Mobile Broadband Modem Port Filter;C:\Windows\System32\drivers\Mbm3mdfl.sys [2012-8-31 19528]
    R3 Mbm3Mdm; Mobile Broadband Modem Port Driver;C:\Windows\System32\drivers\Mbm3Mdm.sys [2012-8-31 483400]
    R3 NewMisc;Panasonic Misc Driver C;C:\Windows\System32\drivers\nmisc64.sys [2012-6-14 41104]
    R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
    R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-4-11 35112]
    R3 WwanUsbServ;Mobile Broadband Driver;C:\Windows\System32\drivers\WwanUsbMp64.sys [2012-8-31 282152]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 initMonitor;Windows Server Initialization Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
    S3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\System32\drivers\a38usb.sys [2013-2-11 44672]
    S3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2012-11-27 838136]
    S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2012-6-14 292864]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2012-6-14 71168]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-3-28 273168]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-6-15 27648]
    S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\swg3kser00.sys [2014-5-12 258432]
    S3 swiwdmbx;Sierra Wireless USB Bus Service;C:\Windows\System32\drivers\swiwdmbx64.sys [2014-5-12 109312]
    S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2014-5-12 249344]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-15 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-14 30208]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-1 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-06-21 20:09:12 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-06-21 20:08:40 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-06-21 20:08:40 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-06-21 20:08:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-21 20:07:30 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-06-21 20:07:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-06-21 19:48:34 687 ----a-w- C:\awh26A2.tmp
    2014-06-21 19:30:01 687 ----a-w- C:\awhF9.tmp
    2014-06-21 19:18:25 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-06-21 19:10:11 687 ----a-w- C:\awh3EB4.tmp
    2014-06-21 19:01:12 -------- d-----w- C:\AdwCleaner
    2014-06-21 18:48:46 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{751D3447-2581-4A4C-8289-85FA794A552D}\mpengine.dll
    2014-06-21 18:44:52 687 ----a-w- C:\awhD93E.tmp
    2014-06-20 04:57:33 687 ----a-w- C:\awhB386.tmp
    2014-06-20 04:52:17 -------- d-----w- C:\Program Files (x86)\Common Files\Config
    2014-06-19 14:48:48 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-06-18 05:22:02 20472 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\TeamViewer_PrintProcessor.dll
    2014-06-15 15:58:04 108544 ----a-w- C:\Windows\SysWow64\installd.exe
    2014-06-15 15:57:42 108544 ----a-w- C:\Windows\SysWow64\hfnapi.dll
    2014-06-15 15:57:34 246784 ----a-w- C:\Windows\SysWow64\hfpapi.dll
    2014-06-14 06:43:10 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F46D0AB9-B903-4321-83D0-458A5D62C530}\gapaengine.dll
    2014-06-12 05:11:59 801280 ----a-w- C:\Windows\System32\usp10.dll
    2014-06-12 05:11:59 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2014-06-12 05:11:13 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2014-06-12 05:11:13 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2014-06-12 05:09:53 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2014-06-12 05:09:53 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-06-12 05:09:53 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2014-06-12 05:09:52 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
    2014-06-12 05:09:52 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2014-06-12 05:09:52 2048 ----a-w- C:\Windows\System32\msxml6r.dll
    2014-06-12 05:09:52 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-06-12 05:09:52 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-06-12 05:09:11 116736 ----a-w- C:\Windows\System32\drivers\UMDF\WUDFUsbccidDriver.dll
    2014-06-12 05:08:24 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
    2014-06-12 05:08:23 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-06-12 05:03:33 506368 ----a-w- C:\Windows\System32\aepdu.dll
    2014-06-12 05:03:33 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-06-07 20:07:38 358000 ----a-w- C:\Windows\SysWow64\dsGinaLoaderX64.dll
    2014-05-27 18:24:59 -------- d-----w- C:\Program Files (x86)\NetSetMan
    2014-05-27 18:01:57 168960 ----a-w- C:\Windows\VPDAgent_x64.exe
    2014-05-27 18:01:54 54784 ----a-w- C:\Windows\System32\gcprpm.dll
    2014-05-27 18:00:50 -------- d-----w- C:\Users\crasher\AppData\Roaming\ObviousIdea
    2014-05-27 18:00:17 5716992 ----a-w- C:\Windows\System32\PDFCreatorPilot.dll
    2014-05-27 18:00:15 -------- d-----w- C:\ProgramData\ObviousIdea
    2014-05-27 18:00:15 -------- d-----w- C:\Program Files\ObviousIdea
    2014-05-27 18:00:08 -------- d-----w- C:\Users\crasher\AppData\Local\Lollipop_05271800
    2014-05-27 17:58:23 -------- d-----w- C:\Program Files (x86)\ObviousIdea
    .
    ==================== Find3M ====================
    .
    2014-06-21 19:21:19 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-06-21 19:21:19 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-06-09 06:15:02 92488 ----a-w- C:\Windows\System32\LMIinit.dll
    2014-06-09 06:15:02 35656 ----a-w- C:\Windows\System32\LMIport.dll
    2014-06-09 06:15:02 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
    2014-06-07 20:08:06 594032 ----a-w- C:\Windows\System32\dsNcSmartCardProv.dll
    2014-06-07 20:08:04 423536 ----a-w- C:\Windows\System32\dsNcCredProv.dll
    2014-06-03 04:45:32 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
    2014-05-28 18:37:06 2338816 ----a-w- C:\Windows\System32\jscript9.dll
    2014-05-28 18:31:31 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2014-05-28 18:30:24 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-05-28 18:29:28 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-05-28 18:29:19 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2014-05-28 18:28:10 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-28 18:28:02 12800 ----a-w- C:\Windows\System32\mshta.exe
    2014-05-28 16:39:36 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-05-28 16:32:59 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-05-28 16:32:25 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-05-28 16:30:53 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-05-28 16:30:53 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-05-28 16:29:31 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-28 16:29:27 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
    2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
    2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
    2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 22:39:43,36 ===============

  • #2
    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-06-21 22:43:32
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB
    Running: jbjnfvp4.exe; Driver: C:\Users\crasher\AppData\Local\Temp\fxldipow.sys


    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\System32\svchost.exe [1164:1456] 000007fefb78331c
    Thread C:\Windows\System32\svchost.exe [1164:1784] 000007fefa2059a0
    Thread C:\Windows\System32\svchost.exe [1164:3592] 000007fee9bba2b0
    Thread C:\Windows\System32\svchost.exe [1164:5572] 000007fefcad44e0
    Thread C:\Windows\System32\svchost.exe [1164:5312] 000007fee0b642c8
    Thread C:\Windows\System32\svchost.exe [1164:1384] 000007fef7b75fd0
    Thread C:\Windows\System32\svchost.exe [1164:2440] 000007fef7b763ec
    Thread C:\Windows\System32\svchost.exe [1164:3316] 000007fef03988f8
    Thread C:\Windows\system32\svchost.exe [1336:1692] 000007fefbc38274
    Thread C:\Windows\system32\svchost.exe [1336:2264] 000007fefbc38274
    Thread C:\Windows\system32\svchost.exe [1492:1564] 000007fefb36341c
    Thread C:\Windows\system32\svchost.exe [1492:1568] 000007fefb363a2c
    Thread C:\Windows\system32\svchost.exe [1492:1572] 000007fefb363768
    Thread C:\Windows\system32\svchost.exe [1492:1576] 000007fefb365c20
    Thread C:\Windows\system32\svchost.exe [1492:1908] 000007fefb363900
    Thread C:\Windows\system32\WLANExt.exe [1820:2172] 000007fef9bd46e4
    Thread C:\Windows\system32\WLANExt.exe [1820:2176] 000007fef9bd4700
    Thread C:\Windows\system32\WLANExt.exe [1820:2180] 000007fef9bd46c8
    Thread C:\Windows\System32\spoolsv.exe [1900:2156] 000007fef46610c8
    Thread C:\Windows\System32\spoolsv.exe [1900:2148] 000007fef4626144
    Thread C:\Windows\System32\spoolsv.exe [1900:2160] 000007fef7b75fd0
    Thread C:\Windows\System32\spoolsv.exe [1900:2144] 000007fef4603438
    Thread C:\Windows\System32\spoolsv.exe [1900:2140] 000007fef7b763ec
    Thread C:\Windows\System32\spoolsv.exe [1900:2252] 000007fef76f5e5c
    Thread C:\Windows\System32\spoolsv.exe [1900:2280] 000007fef46d5074
    Thread C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2716:2876] 000007fef624bd94
    Thread C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2716:2880] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2716:4496] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2716:4508] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2716:4764] 000007fef62d8970
    Thread C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2716:4768] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2716:5832] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2716:6612] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2716:2208] 000007fef61c3368
    Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3112:3124] 000007fef624bd94
    Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3112:3128] 000007fef61c3368
    Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3112:3644] 000007fef61c3368
    Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3112:4332] 000007fef61f87b8
    Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3112:5996] 000007fef61c3368
    Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3112:5764] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [4052:6716] 000007fef6a76c8c
    Thread C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [4052:5356] 000007fef6a76c8c
    Thread C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2464:1044] 000007fef624bd94
    Thread C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2464:3000] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2464:2020] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2464:2460] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2464:4228] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2464:4232] 000007fef62d8970
    Thread C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2464:5176] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2464:2944] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2464:6252] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2464:6680] 000007fef61c3368
    Thread C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2464:3468] 000007fef61b93d4
    Thread C:\Program Files\Microsoft Security Client\msseces.exe [5228:3016] 000007fefc332bf8
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1884:424] 000007fefc332bf8
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1884:3204] 000007fedf9b4830
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1884:5792] 000007fefb165124
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1884:3044] 000007fedf939d90
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1884:7076] 000007fedf9b4830
    ---- Processes - GMER 2.1 ----

    Library C:\Users\crasher\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\crasher\AppData\Roaming\Dropbox\bin\Dropbox.exe [5116](2014-01-03 01:09:26) 0000000004000000
    Library c:\users\crasher\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2yeaum.dll (*** suspicious ***) @ C:\Users\crasher\AppData\Roaming\Dropbox\bin\Dropbox.exe [5116](2014-06-21 20:32:51) 0000000003ef0000
    Library C:\Users\crasher\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\crasher\AppData\Roaming\Dropbox\bin\Dropbox.exe [5116](2013-08-23 19:01:44) 0000000067790000
    Library C:\Users\crasher\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\crasher\AppData\Roaming\Dropbox\bin\Dropbox.exe [5116] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 0000000066e00000

    ---- EOF - GMER 2.1 ----

    Comment


    • #3
      Hoi Crasherke,

      Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
      .
      • Log enkel in als beheerder met alle rechten.
      • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
      • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
      • Volg aandachtig de instructies die door mij worden gegeven.
      • Volg enkel het door mij gegeven advies op
      • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
      • Als je iets niet weet of verstaat, vraag het dan even aub.
      • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
      • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
      • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
      • De logs niet als bijlage, noch tussen codetags zetten aub.

      .
      Opmerking: Alle tools steeds uitvoeren als admin.
      De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

      Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



      Instaleer een degelijke actieve antivirus tool. van MSE zijn we niet echt enthousiast.


      Stap 1:
      Controle op slechte toolbars...

      Download AdwCleaner by Xplode naar je Bureaublad.
      • Sluit alle openstaande vensters
      • Start AdwCleaner
      • Klik op Scan
      • Klik op Clean
      • KLIK HIER voor een vergroting! 

      Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
      Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
      Post deze inhoud hier op het Forum.

      Enkel de log na de "clean" optie heb ik nodig.

      Vergeet niet om je "smileys" uit te schakelen.

      Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
      Deze word standaard door AdwCleaner terug gezet naar Google.com
      ___________________________________________________________

      Stap 3:

      Download Security Check op je bureaublad via hier of hier

      Start Security Check
      Volg de Instructies in het scherm
      Aan het eind verschijnt een log ( checkup.txt )
      Plaats de inhoud ervan in je volgende antwoord.


      In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
      .
      • AdwCleaner
      • DDS
      • checkup.txt

      .
      Deze logs NIET als bijlage of tussen codetags posten aub.
      (Desnoods in meerdere postingen.)

      Emphyrio
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        moet ik die DDS ook nog doen? want de uitleg staat er niet maar onderaan de vraag wel voor de log?
        hier de logs al van adwcleaner en checkup.txt.
        ik had dit al gedaan voor mijn post en toen was het verdwenen maar als ik daarna terug surfte met firefox kwam het terug.
        op de moment nog niet.

        # AdwCleaner v3.212 - Rapport aangemaakt 22/06/2014 op 18:13:53
        # Laatste Update 05/06/2014 door Xplode
        # Besturingssysteem : Windows 7 Professional Service Pack 1 (64 bits)
        # Gebruikersnaam : crasherke - TT1808
        # Gestart vanuit : C:\Users\crasher\Desktop\adwcleaner_3.212.exe
        # Optie : Verwijderen

        ***** [ Services ] *****


        ***** [ Bestanden / Mappen ] *****


        ***** [ Snelkoppelingen ] *****


        ***** [ Register ] *****


        ***** [ Browsers ] *****

        -\\ Internet Explorer v9.0.8112.16555


        -\\ Mozilla Firefox v30.0 (nl)

        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        [ Bestand : C:\Users\crasher\AppData\Roaming\Mozilla\Firefox\Profiles\pegqc5uk.default\prefs.js ]


        *************************

        AdwCleaner[R0].txt - [12008 octets] - [21/06/2014 21:01:17]
        AdwCleaner[R1].txt - [2586 octets] - [21/06/2014 21:21:44]
        AdwCleaner[R2].txt - [2706 octets] - [21/06/2014 21:38:19]
        AdwCleaner[R3].txt - [2929 octets] - [22/06/2014 18:12:57]
        AdwCleaner[S0].txt - [5231 octets] - [21/06/2014 21:02:28]
        AdwCleaner[S1].txt - [2650 octets] - [21/06/2014 21:22:30]
        AdwCleaner[S2].txt - [1017 octets] - [21/06/2014 21:40:46]
        AdwCleaner[S3].txt - [2853 octets] - [22/06/2014 18:13:53]

        ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2913 octets] ##########

        Results of screen317's Security Check version 0.99.85
        Windows 7 Service Pack 1 x64 (UAC is enabled)
        Internet Explorer 11
        ``````````````Antivirus/Firewall Check:``````````````
        Microsoft Security Essentials
        Antivirus up to date!
        `````````Anti-malware/Other Utilities Check:`````````
        Java 7 Update 60
        Adobe Flash Player 14.0.0.125
        Adobe Reader 10.1.10 Adobe Reader out of Date!
        Mozilla Firefox (30.0)
        ````````Process Check: objlist.exe by Laurent````````
        Microsoft Security Essentials MSMpEng.exe
        Microsoft Security Essentials msseces.exe
        Kaspersky Lab Kaspersky Password Manager stpass.exe
        `````````````````System Health check`````````````````
        Total Fragmentation on Drive C: 5%
        ````````````````````End of Log``````````````````````

        Comment


        • #5
          In dit specifieke geval niet, er is immers niet verwijderdt

          De volgende tool mag je eerst updaten, hoe je dit precies doet staat aangegeven in de links:

          Adobe Reader
          (Vergeet niet om de gratis Google Tool Bar uit te vinken voor je installeert !)



          Je PC herstarten hierna.


          Doe eens deze stappen met RIES om je IE settings te herstellen.


          Download of Update Ccleaner

          Start CCleaner op.
          • Run Ccleaner en klik in de linkse kolom op Opties
          • Selecteer het tabblad Geavanceerd
          • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
          • Selecteer het tabblad Instellingen
          • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
          • Klik in de linkse kolom op Cleaner.
          • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
          • Klik vervolgens in de linkse kolom op Register
          • Klik op Scan naar problemen.
          • Op de vraag of je een backup wil maken van het register, klik je "Ja".
          • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

          .

          Hoe is het nu?

          Emphyrio
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment


          • #6
            Beste,

            Vriendelijk dank voor de hulp ziet er goed uit.
            Tot hiertoe geen problemen meer ondervonden.
            Hopelijk dat het zo blijft

            Mvg,

            Crasherke

            Comment


            • #7
              Graag gedaan

              1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

              2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

              Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

              3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

              4) Allerlei tips en hints kan je hier raadplegen.


              Ik zet het topic op opgelost.

              Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
              naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
              Dit is gedaan om het forum netjes en overzichtelijk te houden.

              Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



              Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

              Emphyrio
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment

              Sorry, you are not authorized to view this page
              Working...
              X