Mededeling

Collapse
No announcement yet.

besmet en ik krijg het uiteraard zelf niet weg

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • besmet en ik krijg het uiteraard zelf niet weg

    PC is wederom besmet. Heb een discussie met mijn zoon gehad over wat er gedownload wordt.
    Ook al terug in een herstelpunt. Hitman er overheen.
    Helpt allemaal niks. Balen!!!!!!

    Zouden jullie mij willen helpen.

    Zie hitman melding.

    Click image for larger version

Name:	schermprint hitmanpro.png
Views:	1
Size:	882,2 KB
ID:	1073964

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:23:34, on 7-7-2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17126)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/i...4DD453ADE01EF1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
    O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    O4 - Startup: Malwarebytes Anti-Malware.lnk = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    O4 - Startup: psi - Snelkoppeling.lnk = C:\Program Files (x86)\Secunia\PSI\psi.exe
    O4 - Global Startup: Microsoft Security Essentials.lnk = C:\Program Files\Microsoft Security Client\msseces.exe
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://remote.gasunie.nl
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14547 bytes

  • #2
    Hoi kram,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



    Stap 1:

    Malware scannen en verwijderen....

    Heb je MBAM reeds op je pc staan, moet je niet downloaden uiteraard.

    Download Malwarebytes Anti-Malware naar je bureaublad .

    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
    Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

    KLIK HIER voor een vergroting! 
    Klik op de foto voor een vergroting...

    Zorg dat er na de installatie een vinkje is geplaatst bij:
    • Update MalwareBytes' Anti-Malware
    • Start MalwareBytes' Anti-Malware
    • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.



    Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga naar het tabblad "Updates" en Update MBAM.
    • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    .
    Indien MBAM vraagt om een herstart, doe dit dan ook.
    Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
    In dat geval post je dus de twee logs. Dus een tweede "snelle scan" log enkel indien de VOLLEDIGE scan "iets" gevonden heeft.

    De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


    Bij problemen!!!

    .___________________________________________________________

    Stap 2:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scannen
    • Klik op Verwijderen
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
    Post deze inhoud hier op het Forum.

    Enkel de log na de "Verwijderen" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
    Deze word standaard door AdwCleaner terug gezet naar Google.com
    ___________________________________________________________

    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


    ___________________________________________________________

    Stap 4:

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.


    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Malware

      0Malwarebytes Anti-Malware
      www.malwarebytes.org

      Scandatum: 8-7-2014
      Scantijd: 17:53:31
      Logbestand: Malware geen bedreiging.txt
      Beheerder: Ja

      Versie: 2.00.2.1012
      Malwaredatabase: v2014.07.08.06
      Rootkitdatabase: v2014.07.07.01
      Licentie: Premium
      Malwarebescherming: Ingeschakeld
      Kwaadaardige Website Bescherming: Ingeschakeld
      Self-protection: Uitgeschakeld

      Besturingssysteem: Windows 7 Service Pack 1
      Processor: x64
      Bestandssysteem: NTFS
      Gebruiker: Harma

      Scantype: Bedreigingsscan
      Resultaat: Voltooid
      Objecten Gescand: 311500
      Verstreken Tijd: 19 m, 46 s

      Geheugen: Ingeschakeld
      Opstarten: Ingeschakeld
      Bestandssysteem: Ingeschakeld
      Archieven: Ingeschakeld
      Rootkits: Uitgeschakeld
      Heuristics: Ingeschakeld
      POP: Ingeschakeld
      POA: Ingeschakeld

      Processen: 0
      (No malicious items detected)

      Modules: 0
      (No malicious items detected)

      Registersleutels: 0
      (No malicious items detected)

      Registerwaardes: 0
      (No malicious items detected)

      Registerdata: 0
      (No malicious items detected)

      Mappen: 0
      (No malicious items detected)

      Bestanden: 0
      (No malicious items detected)

      Fysieke Sectoren: 0
      (No malicious items detected)


      (end)

      ADW

      # AdwCleaner v3.214 - Rapport aangemaakt 08/07/2014 op 18:28:23
      # Laatste Update 29/06/2014 door Xplode
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Gebruikersnaam : Harma - HARMA-PC
      # Gestart vanuit : C:\Users\Harma\Desktop\besmet\adwcleaner_3.214.exe
      # Optie : Verwijderen

      ***** [ Services ] *****


      ***** [ Bestanden / Mappen ] *****

      Map Verwijderd : C:\ProgramData\ParetoLogic
      Map Verwijderd : C:\Users\Harma\AppData\Roaming\DriverCure
      Map Verwijderd : C:\Users\Harma\AppData\Roaming\iWin
      Map Verwijderd : C:\Users\Harma\AppData\Roaming\ParetoLogic
      Map Verwijderd : C:\Users\Harma\AppData\Roaming\SecureSearch
      Bestand Verwijderd : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml

      ***** [ Snelkoppelingen ] *****


      ***** [ Register ] *****

      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
      Waarde Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
      Sleutel Verwijderd : HKCU\Software\ParetoLogic
      Sleutel Verwijderd : HKLM\Software\ParetoLogic
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

      ***** [ Browsers ] *****

      -\\ Internet Explorer v11.0.9600.17126


      -\\ Mozilla Firefox v30.0 (nl)

      [ Bestand : C:\Users\Harma\AppData\Roaming\Mozilla\Firefox\Profiles\9ddjsyrn.default\prefs.js ]


      [ Bestand : C:\Users\Harma\AppData\Roaming\Mozilla\Firefox\Profiles\tny943ou.default-1352550422159\prefs.js ]


      -\\ Google Chrome v

      [ Bestand : C:\Users\Harma\AppData\Local\Google\Chrome\User Data\Default\preferences ]


      *************************

      AdwCleaner[R0].txt - [4303 octets] - [02/01/2014 20:21:00]
      AdwCleaner[R1].txt - [1113 octets] - [02/01/2014 21:04:59]
      AdwCleaner[R2].txt - [1360 octets] - [08/01/2014 00:12:46]
      AdwCleaner[R3].txt - [1485 octets] - [25/01/2014 11:07:30]
      AdwCleaner[R4].txt - [5895 octets] - [26/06/2014 23:00:09]
      AdwCleaner[R5].txt - [1642 octets] - [26/06/2014 23:06:07]
      AdwCleaner[R6].txt - [1776 octets] - [27/06/2014 17:30:03]
      AdwCleaner[R7].txt - [4220 octets] - [08/07/2014 18:25:31]
      AdwCleaner[S0].txt - [4028 octets] - [02/01/2014 20:23:06]
      AdwCleaner[S1].txt - [1175 octets] - [02/01/2014 21:06:05]
      AdwCleaner[S2].txt - [1386 octets] - [08/01/2014 00:14:10]
      AdwCleaner[S3].txt - [1511 octets] - [25/01/2014 11:09:10]
      AdwCleaner[S4].txt - [4708 octets] - [26/06/2014 23:01:45]
      AdwCleaner[S5].txt - [1706 octets] - [26/06/2014 23:07:29]
      AdwCleaner[S6].txt - [1840 octets] - [27/06/2014 17:31:24]
      AdwCleaner[S7].txt - [3880 octets] - [08/07/2014 18:28:23]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [3940 octets] ##########


      DDS

      DDS (Ver_2012-11-20.01) - NTFS_AMD64
      Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.60.2
      Run by Harma at 18:35:04 on 2014-07-08
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4008.2024 [GMT 2:00]
      .
      AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\nvvsvc.exe
      C:\Windows\system32\svchost.exe -k RPCSS
      c:\Program Files\Microsoft Security Client\MsMpEng.exe
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k GPSvcGroup
      C:\Program Files\HitmanPro\hmpsched.exe
      C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
      C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
      C:\Windows\system32\nvvsvc.exe
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\system32\FBAgent.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\Dwm.exe
      C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
      C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
      C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
      C:\Program Files\P4G\BatteryLife.exe
      C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
      C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Program Files (x86)\Softland\FBackup 4\fbaSched.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
      C:\Windows\SysWOW64\ACEngSvr.exe
      C:\Windows\system32\igfxpers.exe
      C:\Program Files\Microsoft Security Client\msseces.exe
      C:\Windows\System32\hkcmd.exe
      C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
      C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
      C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
      C:\Program Files (x86)\iTunes\iTunesHelper.exe
      C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
      C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Windows\system32\SearchIndexer.exe
      c:\Program Files\Microsoft Security Client\NisSrv.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
      C:\Windows\System32\svchost.exe -k LocalServicePeerNet
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files (x86)\Secunia\PSI\PSIA.exe
      C:\Windows\system32\sppsvc.exe
      C:\Windows\system32\NOTEPAD.EXE
      C:\Program Files (x86)\Secunia\PSI\sua.exe
      C:\Program Files (x86)\Nero\Update\NASvc.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\servicing\TrustedInstaller.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-06-27&gen=cnet&ent=hp&u=AC77A87B663F859F144DD453ADE01EF1
      mStart Page = www.google.com
      mSearch Page = hxxp://www.google.com
      mDefault_Page_URL = www.google.com
      mDefault_Search_URL = www.google.com
      BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
      BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
      BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
      BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
      BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
      uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      uRun: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
      uRun: [FBackup Scheduler] <no file>
      mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
      mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      StartupFolder: C:\Users\Harma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MALWAR~1.LNK - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
      StartupFolder: C:\Users\Harma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PSI-SN~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi.exe
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files\Microsoft Security Client\msseces.exe
      uPolicies-Explorer: NoDrives = dword:0
      mPolicies-Explorer: NoDrives = dword:0
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableUIADesktopToggle = dword:0
      IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
      IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
      IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      .
      INFO: HKCU has more than 50 listed domains.
      If you wish to scan all of them, select the 'Force scan all domains' option.
      .
      DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
      TCP: NameServer = 192.168.1.1
      TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C} : DHCPNameServer = 192.168.1.1
      TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C}\0484F6D6566373139383 : DHCPNameServer = 192.168.1.1
      TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C}\05D474 : DHCPNameServer = 10.60.4.1 10.60.4.2
      TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C}\6716E6465627D6F6C656E6F5B6C616E64756E6 : DHCPNameServer = 192.168.2.254
      TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C}\7554C434F4D4540284F64756C637 : DHCPNameServer = 172.30.3.254
      TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C}\D656475627E65647775627B6 : DHCPNameServer = 212.54.44.54 192.168.1.1
      Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
      Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
      SSODL: WebCheck - <orphaned>
      SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
      x64-mStart Page = www.google.com
      x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
      x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
      x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
      x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
      x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
      x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
      x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
      x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
      x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
      x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
      x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
      x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
      x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
      x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
      x64-Notify: igfxcui - igfxdev.dll
      x64-SSODL: WebCheck - <orphaned>
      x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\Harma\AppData\Roaming\Mozilla\Firefox\Profiles\tny943ou.default-1352550422159\
      FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/
      FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
      FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
      FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
      FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
      FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
      FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
      FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
      FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
      FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
      FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
      FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
      R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-4-26 33736]
      R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
      R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-3-19 89536]
      R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-4-9 379520]
      R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
      R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-1-2 127752]
      R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-14 860472]
      R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2014-1-27 773968]
      R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
      R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-6 1631008]
      R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-14 21055432]
      R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
      R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
      R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-14 317440]
      R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-14 25816]
      R3 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-14 1809720]
      R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-14 122584]
      R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-14 63704]
      R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
      R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-22 20256]
      R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-22 40392]
      R3 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-11-27 479840]
      R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
      R3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
      R3 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
      S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
      S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-16 103448]
      S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-9 48488]
      S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
      S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-8-17 33736]
      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-12 111616]
      S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-4 19456]
      S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-4-9 290920]
      S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-9 333928]
      S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
      S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-16 203672]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-21 56832]
      S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-17 1255736]
      S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
      S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
      S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
      .
      =============== File Associations ===============
      .
      FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
      .
      =============== Created Last 30 ================
      .
      2014-07-07 20:09:11 -------- d-----w- C:\Users\Harma\AppData\Local\PMB Files
      2014-07-07 20:09:08 -------- d-----w- C:\ProgramData\PMB Files
      2014-07-07 18:21:03 388096 ----a-r- C:\Users\Harma\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
      2014-07-07 18:20:58 -------- d-----w- C:\Program Files (x86)\Trend Micro
      2014-07-07 17:05:42 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3972AC1-7331-41A1-80C5-17CB274ECF7A}\gapaengine.dll
      2014-07-07 17:04:44 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD478EA6-4D29-4801-94CC-9E4D2D8240EC}\mpengine.dll
      2014-07-07 16:52:19 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
      2014-06-29 15:28:29 -------- d-----w- C:\Users\Harma\AppData\Local\Nero_AG
      2014-06-29 15:24:08 -------- d-----w- C:\Users\Harma\AppData\Local\Nero
      2014-06-29 14:42:19 -------- d-----w- C:\Program Files (x86)\Nero
      2014-06-29 14:42:06 -------- d-----w- C:\ProgramData\Nero
      2014-06-29 14:37:45 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
      2014-06-29 14:36:39 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
      2014-06-28 09:20:28 -------- d-----w- C:\Program Files (x86)\VS Revo Group
      2014-06-27 21:23:24 -------- d-----w- C:\Program Files\Lavasoft
      2014-06-27 21:20:33 -------- d-----w- C:\Program Files (x86)\Lavasoft
      2014-06-27 21:18:19 -------- d-----w- C:\Users\Harma\AppData\Roaming\LavasoftStatistics
      2014-06-27 21:07:51 -------- d-----w- C:\ProgramData\Licenses
      2014-06-27 21:07:43 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
      2014-06-27 20:47:31 -------- d-sh--w- C:\$RECYCLE.BIN
      2014-06-27 10:56:17 -------- d-----r- C:\Program Files (x86)\Skype
      2014-06-26 21:53:52 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
      2014-06-26 21:45:26 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
      2014-06-26 21:00:47 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
      2014-06-26 06:25:07 687 ----a-w- C:\awh781B.tmp
      2014-06-25 20:13:14 687 ----a-w- C:\awhD44F.tmp
      2014-06-25 20:11:34 764416 --sh--w- C:\Windows\SysWow64\devil.dll
      2014-06-25 20:11:33 415744 --sh--w- C:\Windows\SysWow64\avisynth.dll
      2014-06-25 20:11:33 32256 --sh--w- C:\Windows\SysWow64\AVSredirect.dll
      2014-06-25 20:11:32 70656 --sh--w- C:\Windows\SysWow64\yv12vfw.dll
      2014-06-25 20:11:31 70656 --sh--w- C:\Windows\SysWow64\i420vfw.dll
      2014-06-25 20:11:24 -------- d-----w- C:\Program Files (x86)\AviSynth 2.6
      2014-06-25 20:08:48 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
      2014-06-25 20:08:48 327749 ----a-w- C:\Windows\SysWow64\drvc.dll
      2014-06-25 20:07:44 -------- d-----w- C:\Program Files (x86)\Common Files\Config
      2014-06-25 20:07:41 -------- d-----w- C:\Users\Harma\AppData\Local\255
      2014-06-25 20:07:40 -------- d-----w- C:\Program Files (x86)\eRightSoft
      2014-06-23 19:06:53 -------- d-----w- C:\Users\Harma\AppData\Local\Skype
      2014-06-22 08:50:16 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll
      2014-06-22 08:50:16 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
      2014-06-22 08:49:18 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
      2014-06-22 08:49:18 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
      2014-06-14 06:51:30 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
      2014-06-14 06:50:45 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
      2014-06-14 06:50:45 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
      2014-06-14 06:50:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
      2014-06-13 19:25:28 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
      2014-06-12 05:45:59 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
      2014-06-09 07:57:32 -------- d-----w- C:\Users\Harma\AppData\Roaming\Laruaville
      2014-06-09 07:54:25 626688 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\msvcr80.dll
      2014-06-09 07:54:25 548864 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\msvcp80.dll
      2014-06-09 07:54:25 474670 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\Mscapi110.dll
      2014-06-09 07:54:25 1210368 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\libvorbis.dll
      2014-06-09 07:54:25 110592 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\libvorbisfile.dll
      2014-06-09 07:54:24 61440 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\libogg.dll
      2014-06-09 07:54:23 1060864 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\Laruaville.exe
      .
      ==================== Find3M ====================
      .
      2014-07-08 16:30:15 45056 ----a-w- C:\Windows\System32\acovcnt.exe
      2014-06-29 14:38:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2014-06-28 11:49:07 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
      2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
      2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
      2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
      2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
      2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
      2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
      2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
      2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
      2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
      2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
      2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
      2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
      2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
      2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
      2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
      2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
      2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
      2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
      2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
      2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
      2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
      2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
      2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
      2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll
      2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll
      2014-05-12 05:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
      2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
      2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
      2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
      2014-04-15 00:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
      2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
      2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
      2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
      2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
      2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
      2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
      2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
      2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
      2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
      2009-09-27 07:39:26 415744 --sh--w- C:\Windows\SysWOW64\avisynth.dll
      2005-07-14 10:31:20 32256 --sh--w- C:\Windows\SysWOW64\AVSredirect.dll
      2004-02-22 08:11:08 764416 --sh--w- C:\Windows\SysWOW64\devil.dll
      2004-01-24 22:00:00 70656 --sh--w- C:\Windows\SysWOW64\i420vfw.dll
      2004-01-24 22:00:00 70656 --sh--w- C:\Windows\SysWOW64\yv12vfw.dll
      .
      ============= FINISH: 18:38:52,14 ===============


      Checkup

      Results of screen317's Security Check version 0.99.85
      Windows 7 Service Pack 1 x64 (UAC is enabled)
      Internet Explorer 11
      ``````````````Antivirus/Firewall Check:``````````````
      Microsoft Security Essentials
      Antivirus up to date!
      `````````Anti-malware/Other Utilities Check:`````````
      SpywareBlaster 5.0
      Secunia PSI (3.0.0.4001)
      Java(TM) 6 Update 39
      Java 7 Update 60
      Adobe Flash Player 14.0.0.125
      Adobe Reader XI
      Mozilla Firefox (30.0)
      Google Chrome 21.0.1180.83
      Google Chrome 21.0.1180.89
      ````````Process Check: objlist.exe by Laurent````````
      Microsoft Security Essentials MSMpEng.exe
      Microsoft Security Essentials msseces.exe
      Malwarebytes Anti-Malware mbamservice.exe
      Malwarebytes Anti-Malware mbam.exe
      Malwarebytes Anti-Malware mbamscheduler.exe
      `````````````````System Health check`````````````````
      Total Fragmentation on Drive C: 10%
      ````````````````````End of Log``````````````````````

      Comment


      • #4
        Download of Update Ccleaner

        Start CCleaner op.
        • Run Ccleaner en klik in de linkse kolom op Opties
        • Selecteer het tabblad Geavanceerd
        • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
        • Selecteer het tabblad Instellingen
        • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
        • Klik in de linkse kolom op Cleaner.
        • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
        • Klik vervolgens in de linkse kolom op Register
        • Klik op Scan naar problemen.
        • Op de vraag of je een backup wil maken van het register, klik je "Ja".
        • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK



        Open MBAM en kies de optie "Aangepaste Scan".
        Klik op "Scan nu"
        Vink de aangesloten Hard Drives (en partities) aan in het rechterschermpje.
        Klik op Scan en post dit rapport.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          scan malware duurde nog al even
          Mijn mail ondertussen gecheckt

          Krijg bij het openen van een mail de volgende melding

          Click image for larger version

Name:	Na openen IE vanuit Outlook de volgende melding.PNG
Views:	1
Size:	23,9 KB
ID:	1067775


          Click image for larger version

Name:	Na openen IE vanuit Outlook de volgende  2.PNG
Views:	1
Size:	70,5 KB
ID:	1067776

          Malware


          Malwarebytes Anti-Malware
          www.malwarebytes.org

          Scandatum: 8-7-2014
          Scantijd: 20:20:52
          Logbestand: Malware bytes C en D schijf.txt
          Beheerder: Ja

          Versie: 2.00.2.1012
          Malwaredatabase: v2014.07.08.08
          Rootkitdatabase: v2014.07.07.01
          Licentie: Premium
          Malwarebescherming: Ingeschakeld
          Kwaadaardige Website Bescherming: Ingeschakeld
          Self-protection: Uitgeschakeld

          Besturingssysteem: Windows 7 Service Pack 1
          Processor: x64
          Bestandssysteem: NTFS
          Gebruiker: Harma

          Scantype: Aangepaste Scan
          Resultaat: Voltooid
          Objecten Gescand: 545817
          Verstreken Tijd: 3 u, 22 m, 12 s

          Geheugen: Ingeschakeld
          Opstarten: Ingeschakeld
          Bestandssysteem: Ingeschakeld
          Archieven: Ingeschakeld
          Rootkits: Uitgeschakeld
          Heuristics: Ingeschakeld
          POP: Ingeschakeld
          POA: Ingeschakeld

          Processen: 0
          (No malicious items detected)

          Modules: 0
          (No malicious items detected)

          Registersleutels: 0
          (No malicious items detected)

          Registerwaardes: 0
          (No malicious items detected)

          Registerdata: 0
          (No malicious items detected)

          Mappen: 0
          (No malicious items detected)

          Bestanden: 1
          PUP.Downloader.ZYL, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Zylom 1 - 10 Spelen\2.0\10talismansdownload.exe, , [dd3bb2eb2457fe381ed48c387b859a66],

          Fysieke Sectoren: 0
          (No malicious items detected)


          (end)

          Duurde vrij lag maar goed er was voetbal op TV
          Ongeloofelijke uitslag trouwens

          Comment


          • #6
            Waarom moet Rootkits trouwens niet aangevinkt zijn.
            Heb het niet als vraag vooraf gesteld maar ben wel benieuwd

            Comment


            • #7
              Oorspronkelijk geplaatst door Kram Bekijk Berichten
              Waarom moet Rootkits trouwens niet aangevinkt zijn.
              Heb het niet als vraag vooraf gesteld maar ben wel benieuwd
              Omdat ik geen tekenen van een rootkit zie



              Download Combofix naar je bureaublad.
              (Dus niet naar een download map of temp map)

              Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
              Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

              Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

              Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
              Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

              Als Combofix vraagt om een update, dan staat je dit toe.

              Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
              Deze kan je vinden als C:\combofix.txt.

              Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

              * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
              • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
              • Illegal operation attempted on a registry key that has been marked for deletion.
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                ComboFix 14-07-08.01 - Harma 09-07-2014 8:06.2.4 - x64
                Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4008.2551 [GMT 2:00]
                Gestart vanuit: c:\users\Harma\Desktop\ComboFix.exe
                AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
                SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
                SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                .
                .
                (((((((((((((((((((( Bestanden Gemaakt van 2014-06-09 to 2014-07-09 ))))))))))))))))))))))))))))))
                .
                .
                2014-07-09 06:18 . 2014-07-09 06:18 -------- d-----w- c:\users\Default\AppData\Local\temp
                2014-07-09 05:47 . 2014-07-09 05:47 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44824905-B06E-46D8-A202-3B1C2CE8D570}\offreg.dll
                2014-07-08 18:24 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44824905-B06E-46D8-A202-3B1C2CE8D570}\mpengine.dll
                2014-07-07 20:09 . 2014-07-08 19:05 -------- d-----w- c:\users\Harma\AppData\Local\PMB Files
                2014-07-07 20:09 . 2014-07-08 19:05 -------- d-----w- c:\programdata\PMB Files
                2014-07-07 18:21 . 2014-07-07 18:21 388096 ----a-r- c:\users\Harma\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                2014-07-07 18:20 . 2014-07-07 18:20 -------- d-----w- c:\program files (x86)\Trend Micro
                2014-07-07 17:05 . 2014-05-02 06:51 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3972AC1-7331-41A1-80C5-17CB274ECF7A}\gapaengine.dll
                2014-07-07 17:04 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                2014-06-29 15:24 . 2014-06-29 19:23 -------- d-----w- c:\users\Harma\AppData\Local\Nero
                2014-06-29 14:59 . 2014-06-29 15:24 -------- d-----w- c:\users\Harma\AppData\Roaming\Nero
                2014-06-29 14:42 . 2014-06-29 14:52 -------- d-----w- c:\program files (x86)\Common Files\Nero
                2014-06-29 14:42 . 2014-06-29 14:49 -------- d-----w- c:\program files (x86)\Nero
                2014-06-29 14:42 . 2014-06-29 14:59 -------- d-----w- c:\programdata\Nero
                2014-06-29 14:37 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
                2014-06-29 14:36 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
                2014-06-28 09:20 . 2014-06-28 11:11 -------- d-----w- c:\program files (x86)\VS Revo Group
                2014-06-28 09:15 . 2014-06-28 09:15 -------- d-----w- c:\users\Harma\AppData\Roaming\Oracle
                2014-06-27 21:28 . 2014-06-28 07:31 -------- d-----w- c:\users\Harma\AppData\Roaming\Lavasoft
                2014-06-27 21:23 . 2014-06-27 21:23 -------- d-----w- c:\program files\Lavasoft
                2014-06-27 21:20 . 2014-06-28 11:10 -------- d-----w- c:\program files (x86)\Lavasoft
                2014-06-27 21:16 . 2014-06-27 21:16 -------- d-----w- c:\programdata\Lavasoft
                2014-06-27 21:07 . 2014-06-27 21:07 -------- d-----w- c:\programdata\Licenses
                2014-06-27 21:07 . 2014-06-28 07:49 -------- d-----w- c:\program files (x86)\SpywareBlaster
                2014-06-27 10:56 . 2014-06-27 10:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
                2014-06-27 10:56 . 2014-06-28 07:29 -------- d-----r- c:\program files (x86)\Skype
                2014-06-26 21:53 . 2014-05-07 13:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
                2014-06-26 21:45 . 2014-06-26 21:45 313256 ----a-w- c:\windows\system32\javaws.exe
                2014-06-26 21:45 . 2014-06-26 21:45 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
                2014-06-26 21:45 . 2014-06-26 21:45 189352 ----a-w- c:\windows\system32\javaw.exe
                2014-06-26 21:45 . 2014-06-26 21:45 189352 ----a-w- c:\windows\system32\java.exe
                2014-06-26 21:44 . 2014-06-26 21:44 -------- d-----w- c:\program files\Java
                2014-06-26 21:00 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
                2014-06-26 06:25 . 2014-06-26 06:25 687 ----a-w- C:\awh781B.tmp
                2014-06-25 20:13 . 2014-06-25 20:13 687 ----a-w- C:\awhD44F.tmp
                2014-06-25 20:11 . 2004-02-22 08:11 764416 --sh--w- c:\windows\SysWow64\devil.dll
                2014-06-25 20:11 . 2009-09-27 07:39 415744 --sh--w- c:\windows\SysWow64\avisynth.dll
                2014-06-25 20:11 . 2005-07-14 10:31 32256 --sh--w- c:\windows\SysWow64\AVSredirect.dll
                2014-06-25 20:11 . 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWow64\yv12vfw.dll
                2014-06-25 20:11 . 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWow64\i420vfw.dll
                2014-06-25 20:11 . 2014-06-25 20:11 -------- d-----w- c:\program files (x86)\AviSynth 2.6
                2014-06-25 20:08 . 2004-07-02 15:33 327749 ----a-w- c:\windows\SysWow64\drvc.dll
                2014-06-25 20:08 . 2004-04-05 08:31 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
                2014-06-25 20:07 . 2014-06-25 20:07 -------- d-----w- c:\program files (x86)\Common Files\Config
                2014-06-25 20:07 . 2014-07-07 16:50 -------- d-----w- c:\users\Harma\AppData\Local\255
                2014-06-25 20:07 . 2014-06-26 20:28 -------- d-----w- c:\program files (x86)\eRightSoft
                2014-06-23 19:06 . 2014-06-23 19:06 -------- d-----w- c:\users\Harma\AppData\Local\Skype
                2014-06-23 19:06 . 2014-07-09 05:57 -------- d-----w- c:\users\Harma\AppData\Roaming\Skype
                2014-06-23 19:06 . 2014-06-27 10:56 -------- d-----w- c:\programdata\Skype
                2014-06-22 08:50 . 2014-05-29 23:07 1291232 ----a-w- c:\windows\SysWow64\nvspbridge.dll
                2014-06-22 08:50 . 2014-05-29 23:07 1715176 ----a-w- c:\windows\system32\nvspbridge64.dll
                2014-06-22 08:49 . 2014-03-31 16:42 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
                2014-06-22 08:49 . 2014-03-31 16:42 34760 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
                2014-06-14 06:51 . 2014-07-09 05:56 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
                2014-06-14 06:50 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
                2014-06-14 06:50 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
                2014-06-14 06:50 . 2014-06-14 06:50 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
                2014-06-13 19:25 . 2014-07-09 05:59 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
                2014-06-12 05:45 . 2014-05-30 09:21 139264 ----a-w- c:\windows\system32\ieUnatt.exe
                2014-06-09 07:57 . 2014-06-09 07:58 -------- d-----w- c:\users\Harma\AppData\Roaming\Laruaville
                2014-06-09 07:54 . 2014-05-23 12:29 626688 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\msvcr80.dll
                2014-06-09 07:54 . 2014-05-23 12:29 548864 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\msvcp80.dll
                2014-06-09 07:54 . 2014-05-23 12:29 1210368 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\libvorbis.dll
                2014-06-09 07:54 . 2014-05-23 12:29 110592 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\libvorbisfile.dll
                2014-06-09 07:54 . 2014-04-03 17:14 474670 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\Mscapi110.dll
                2014-06-09 07:54 . 2014-05-23 12:29 61440 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\libogg.dll
                2014-06-09 07:54 . 2014-05-29 07:23 1060864 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\Laruaville.exe
                .
                .
                .
                ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2014-07-08 21:47 . 2011-07-16 11:25 45056 ----a-w- c:\windows\system32\acovcnt.exe
                2014-07-08 18:12 . 2012-03-29 18:40 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                2014-07-08 18:12 . 2011-07-17 20:57 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                2014-06-12 22:44 . 2011-07-17 11:05 95414520 ----a-w- c:\windows\system32\MRT.exe
                2014-05-29 23:07 . 2013-11-03 06:33 1122312 ----a-w- c:\windows\SysWow64\nvspcap.dll
                2014-05-29 23:07 . 2013-11-03 06:33 1279480 ----a-w- c:\windows\system32\nvspcap64.dll
                2014-05-12 05:25 . 2013-07-14 12:58 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
                2014-05-02 06:51 . 2011-08-12 08:53 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
                2014-04-15 00:34 . 2014-04-15 00:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
                2014-04-12 02:22 . 2014-05-14 06:24 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
                2014-04-12 02:22 . 2014-05-14 06:24 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
                2014-04-12 02:19 . 2014-05-14 06:24 136192 ----a-w- c:\windows\system32\sspicli.dll
                2014-04-12 02:19 . 2014-05-14 06:24 29184 ----a-w- c:\windows\system32\sspisrv.dll
                2014-04-12 02:19 . 2014-05-14 06:24 28160 ----a-w- c:\windows\system32\secur32.dll
                2014-04-12 02:19 . 2014-05-14 06:24 1460736 ----a-w- c:\windows\system32\lsasrv.dll
                2014-04-12 02:19 . 2014-05-14 06:24 31232 ----a-w- c:\windows\system32\lsass.exe
                2014-04-12 02:12 . 2014-05-14 06:24 22016 ----a-w- c:\windows\SysWow64\secur32.dll
                2014-04-12 02:10 . 2014-05-14 06:24 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
                2009-09-27 07:39 415744 --sh--w- c:\windows\SysWOW64\avisynth.dll
                2005-07-14 10:31 32256 --sh--w- c:\windows\SysWOW64\AVSredirect.dll
                2004-02-22 08:11 764416 --sh--w- c:\windows\SysWOW64\devil.dll
                2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\i420vfw.dll
                2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\yv12vfw.dll
                .
                .
                ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                REGEDIT4
                .
                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
                "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
                "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
                "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
                .
                c:\users\Harma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                Malwarebytes Anti-Malware.lnk - c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-6-14 6970168]
                psi - Snelkoppeling.lnk - c:\program files (x86)\Secunia\PSI\psi.exe [2012-9-24 1950304]
                .
                c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                Microsoft Security Essentials.lnk - c:\program files\Microsoft Security Client\msseces.exe [2014-3-11 1271072]
                .
                [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                "ConsentPromptBehaviorAdmin"= 5 (0x5)
                "ConsentPromptBehaviorUser"= 3 (0x3)
                "EnableUIADesktopToggle"= 0 (0x0)
                .
                [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                "LoadAppInit_DLLs"=1 (0x1)
                "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
                .
                [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
                "mixer2"=wdmaud.drv
                .
                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
                @=""
                .
                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
                @=""
                .
                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
                @=""
                .
                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
                @=""
                .
                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                @="Service"
                .
                R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
                R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
                R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
                R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
                R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
                R3 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
                R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\ drivers\mwac.sys [x]
                R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
                R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
                R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
                R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
                R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
                R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
                R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
                R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
                R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
                R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
                S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
                S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
                S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
                S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
                S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
                S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
                S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
                S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
                S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
                S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
                S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
                S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
                S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
                S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
                S3 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
                S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
                S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
                S3 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
                .
                .
                --- Andere Services/Drivers In Geheugen ---
                .
                *NewlyCreated* - HITMANPRO37
                *Deregistered* - hitmanpro37
                .
                Inhoud van de 'Gedeelde Taken' map
                .
                2014-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
                - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 18:12]
                .
                2014-07-07 c:\windows\Tasks\fba_Bestanden Jan.job
                - c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2013-04-21 07:30]
                .
                2014-07-07 c:\windows\Tasks\fba_Bestanden Mark.job
                - c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2013-04-21 07:30]
                .
                .
                --------- X64 Entries -----------
                .
                .
                [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_B]
                @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
                [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
                2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
                .
                [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_O]
                @="{64174815-8D98-4CE6-8646-4C039977D808}"
                [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
                2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
                "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
                "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
                "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
                "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
                "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
                .
                ------- Bijkomende Scan -------
                .
                uLocal Page = c:\windows\system32\blank.htm
                uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-06-27&gen=cnet&ent=hp&u=AC77A87B663F859F144DD453ADE01EF1
                mDefault_Search_URL = www.google.com
                mDefault_Page_URL = www.google.com
                mStart Page = www.google.com
                mLocal Page = c:\windows\SysWOW64\blank.htm
                mSearch Page = hxxp://www.google.com
                uInternet Settings,ProxyOverride = *.local
                IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
                IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
                Trusted Zone: gasunie.nl\remote
                TCP: DhcpNameServer = 192.168.1.1
                FF - ProfilePath - c:\users\Harma\AppData\Roaming\Mozilla\Firefox\Profiles\tny943ou.default-1352550422159\
                FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/
                FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
                .
                - - - - ORPHANS VERWIJDERD - - - -
                .
                Toolbar-Locked - (no file)
                Wow6432Node-HKCU-Run-FBackup Scheduler - (no file)
                AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
                AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
                .
                .
                .
                --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                .
                [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                @Denied: (A 2) (Everyone)
                @="FlashBroker"
                "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                "Enabled"=dword:00000001
                .
                [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                @Denied: (A 2) (Everyone)
                @="IFlashBroker5"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                @="{00020424-0000-0000-C000-000000000046}"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                "Version"="1.0"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                @Denied: (A 2) (Everyone)
                @="FlashBroker"
                "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                "Enabled"=dword:00000001
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                @Denied: (A 2) (Everyone)
                @="Shockwave Flash Object"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
                "ThreadingModel"="Apartment"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                @="0"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                @="ShockwaveFlash.ShockwaveFlash.14"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                @="1.0"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                @="ShockwaveFlash.ShockwaveFlash"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                @Denied: (A 2) (Everyone)
                @="Macromedia Flash Factory Object"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
                "ThreadingModel"="Apartment"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                @="FlashFactory.FlashFactory.1"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                @="1.0"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                @="FlashFactory.FlashFactory"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                @Denied: (A 2) (Everyone)
                @="IFlashBroker5"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                @="{00020424-0000-0000-C000-000000000046}"
                .
                [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                "Version"="1.0"
                .
                [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
                @Denied: (A) (Everyone)
                "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
                .
                [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
                @Denied: (A) (Everyone)
                .
                [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
                "Key"="ActionsPane3"
                "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
                .
                [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
                @Denied: (A) (Users)
                @Denied: (A) (Everyone)
                @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                "BlindDial"=dword:00000000
                .
                [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
                @Denied: (A) (Users)
                @Denied: (A) (Everyone)
                @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                "BlindDial"=dword:00000000
                .
                [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
                @Denied: (Full) (Everyone)
                .
                Voltooingstijd: 2014-07-09 08:23:43
                ComboFix-quarantined-files.txt 2014-07-09 06:23
                ComboFix2.txt 2014-06-27 19:59
                .
                Pre-Run: 329.020.936.192 bytes beschikbaar
                Post-Run: 328.946.851.840 bytes beschikbaar
                .
                - - End Of File - - 54226483106B3096A8E4244F95FF5686

                Comment


                • #9
                  Schakel je beveiligingssoftware uit.

                  Note: Dit script is speciaal bedoeld voor deze PC,
                  gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.


                  Open een kladblokbestand.
                  Kopieer het onderstaande en plak dit in het kladblokbestand.
                  Sla het kladblokbestand op als CFScript.txt
                  Code:
                  KillAll::
                  ClearJavaCache::
                  File::
                  C:\awh781B.tmp
                  C:\awhD44F.tmp
                  Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe



                  ComboFix zal opnieuw starten.
                  Als Combofix vraagt om een update, dan staat je dit toe.

                  Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

                  Maak een nieuwe DDS log en post deze ook.
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    ComboFix 14-07-08.01 - Harma 09-07-2014 18:02:23.3.4 - x64
                    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4008.2339 [GMT 2:00]
                    Gestart vanuit: c:\users\Harma\Desktop\ComboFix.exe
                    gebruikte Opdracht switches :: c:\users\Harma\Desktop\CFScript.txt
                    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
                    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
                    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                    .
                    FILE ::
                    "C:\awh781B.tmp"
                    "C:\awhD44F.tmp"
                    .
                    .
                    (((((((((((((((((((( Bestanden Gemaakt van 2014-06-09 to 2014-07-09 ))))))))))))))))))))))))))))))
                    .
                    .
                    2014-07-09 16:16 . 2014-07-09 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp
                    2014-07-09 06:37 . 2014-07-09 06:37 -------- d-----w- c:\users\Harma\AppData\Roaming\iWin
                    2014-07-09 06:25 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35EEEA1B-68A5-4218-9E43-63F97C98715A}\mpengine.dll
                    2014-07-07 20:09 . 2014-07-09 12:47 -------- d-----w- c:\users\Harma\AppData\Local\PMB Files
                    2014-07-07 20:09 . 2014-07-08 19:05 -------- d-----w- c:\programdata\PMB Files
                    2014-07-07 18:21 . 2014-07-07 18:21 388096 ----a-r- c:\users\Harma\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                    2014-07-07 18:20 . 2014-07-07 18:20 -------- d-----w- c:\program files (x86)\Trend Micro
                    2014-07-07 17:05 . 2014-05-02 06:51 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3972AC1-7331-41A1-80C5-17CB274ECF7A}\gapaengine.dll
                    2014-07-07 17:04 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                    2014-06-29 15:24 . 2014-06-29 19:23 -------- d-----w- c:\users\Harma\AppData\Local\Nero
                    2014-06-29 14:59 . 2014-06-29 15:24 -------- d-----w- c:\users\Harma\AppData\Roaming\Nero
                    2014-06-29 14:42 . 2014-06-29 14:52 -------- d-----w- c:\program files (x86)\Common Files\Nero
                    2014-06-29 14:42 . 2014-06-29 14:49 -------- d-----w- c:\program files (x86)\Nero
                    2014-06-29 14:42 . 2014-06-29 14:59 -------- d-----w- c:\programdata\Nero
                    2014-06-29 14:37 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
                    2014-06-29 14:36 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
                    2014-06-28 09:20 . 2014-06-28 11:11 -------- d-----w- c:\program files (x86)\VS Revo Group
                    2014-06-28 09:15 . 2014-06-28 09:15 -------- d-----w- c:\users\Harma\AppData\Roaming\Oracle
                    2014-06-27 21:28 . 2014-06-28 07:31 -------- d-----w- c:\users\Harma\AppData\Roaming\Lavasoft
                    2014-06-27 21:23 . 2014-06-27 21:23 -------- d-----w- c:\program files\Lavasoft
                    2014-06-27 21:20 . 2014-06-28 11:10 -------- d-----w- c:\program files (x86)\Lavasoft
                    2014-06-27 21:16 . 2014-06-27 21:16 -------- d-----w- c:\programdata\Lavasoft
                    2014-06-27 21:07 . 2014-06-27 21:07 -------- d-----w- c:\programdata\Licenses
                    2014-06-27 21:07 . 2014-06-28 07:49 -------- d-----w- c:\program files (x86)\SpywareBlaster
                    2014-06-27 10:56 . 2014-06-27 10:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
                    2014-06-27 10:56 . 2014-06-28 07:29 -------- d-----r- c:\program files (x86)\Skype
                    2014-06-26 21:53 . 2014-05-07 13:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
                    2014-06-26 21:45 . 2014-06-26 21:45 313256 ----a-w- c:\windows\system32\javaws.exe
                    2014-06-26 21:45 . 2014-06-26 21:45 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
                    2014-06-26 21:45 . 2014-06-26 21:45 189352 ----a-w- c:\windows\system32\javaw.exe
                    2014-06-26 21:45 . 2014-06-26 21:45 189352 ----a-w- c:\windows\system32\java.exe
                    2014-06-26 21:44 . 2014-06-26 21:44 -------- d-----w- c:\program files\Java
                    2014-06-26 21:00 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
                    2014-06-26 06:25 . 2014-06-26 06:25 687 ----a-w- C:\awh781B.tmp
                    2014-06-25 20:13 . 2014-06-25 20:13 687 ----a-w- C:\awhD44F.tmp
                    2014-06-25 20:11 . 2004-02-22 08:11 764416 --sh--w- c:\windows\SysWow64\devil.dll
                    2014-06-25 20:11 . 2009-09-27 07:39 415744 --sh--w- c:\windows\SysWow64\avisynth.dll
                    2014-06-25 20:11 . 2005-07-14 10:31 32256 --sh--w- c:\windows\SysWow64\AVSredirect.dll
                    2014-06-25 20:11 . 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWow64\yv12vfw.dll
                    2014-06-25 20:11 . 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWow64\i420vfw.dll
                    2014-06-25 20:11 . 2014-06-25 20:11 -------- d-----w- c:\program files (x86)\AviSynth 2.6
                    2014-06-25 20:08 . 2004-07-02 15:33 327749 ----a-w- c:\windows\SysWow64\drvc.dll
                    2014-06-25 20:08 . 2004-04-05 08:31 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
                    2014-06-25 20:07 . 2014-06-25 20:07 -------- d-----w- c:\program files (x86)\Common Files\Config
                    2014-06-25 20:07 . 2014-07-07 16:50 -------- d-----w- c:\users\Harma\AppData\Local\255
                    2014-06-25 20:07 . 2014-06-26 20:28 -------- d-----w- c:\program files (x86)\eRightSoft
                    2014-06-23 19:06 . 2014-06-23 19:06 -------- d-----w- c:\users\Harma\AppData\Local\Skype
                    2014-06-23 19:06 . 2014-07-09 05:57 -------- d-----w- c:\users\Harma\AppData\Roaming\Skype
                    2014-06-23 19:06 . 2014-06-27 10:56 -------- d-----w- c:\programdata\Skype
                    2014-06-22 08:50 . 2014-05-29 23:07 1291232 ----a-w- c:\windows\SysWow64\nvspbridge.dll
                    2014-06-22 08:50 . 2014-05-29 23:07 1715176 ----a-w- c:\windows\system32\nvspbridge64.dll
                    2014-06-22 08:49 . 2014-03-31 16:42 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
                    2014-06-22 08:49 . 2014-03-31 16:42 34760 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
                    2014-06-14 06:51 . 2014-07-09 16:19 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
                    2014-06-14 06:50 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
                    2014-06-14 06:50 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
                    2014-06-14 06:50 . 2014-06-14 06:50 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
                    2014-06-12 05:45 . 2014-05-30 09:21 139264 ----a-w- c:\windows\system32\ieUnatt.exe
                    .
                    .
                    .
                    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2014-07-09 05:59 . 2014-06-13 19:25 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
                    2014-07-08 21:47 . 2011-07-16 11:25 45056 ----a-w- c:\windows\system32\acovcnt.exe
                    2014-07-08 18:12 . 2012-03-29 18:40 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                    2014-07-08 18:12 . 2011-07-17 20:57 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                    2014-06-12 22:44 . 2011-07-17 11:05 95414520 ----a-w- c:\windows\system32\MRT.exe
                    2014-05-29 23:07 . 2013-11-03 06:33 1122312 ----a-w- c:\windows\SysWow64\nvspcap.dll
                    2014-05-29 23:07 . 2013-11-03 06:33 1279480 ----a-w- c:\windows\system32\nvspcap64.dll
                    2014-05-29 07:23 . 2014-06-09 07:54 1060864 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\Laruaville.exe
                    2014-05-23 12:29 . 2014-06-09 07:54 626688 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\msvcr80.dll
                    2014-05-23 12:29 . 2014-06-09 07:54 548864 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\msvcp80.dll
                    2014-05-23 12:29 . 2014-06-09 07:54 1210368 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\libvorbis.dll
                    2014-05-23 12:29 . 2014-06-09 07:54 110592 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\libvorbisfile.dll
                    2014-05-23 12:29 . 2014-06-09 07:54 61440 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Games\Nieuwe map\Laruaville Deluxe\libogg.dll
                    2014-05-12 05:25 . 2013-07-14 12:58 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
                    2014-05-02 06:51 . 2011-08-12 08:53 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
                    2014-04-15 00:34 . 2014-04-15 00:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
                    2014-04-12 02:22 . 2014-05-14 06:24 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
                    2014-04-12 02:22 . 2014-05-14 06:24 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
                    2014-04-12 02:19 . 2014-05-14 06:24 136192 ----a-w- c:\windows\system32\sspicli.dll
                    2014-04-12 02:19 . 2014-05-14 06:24 29184 ----a-w- c:\windows\system32\sspisrv.dll
                    2014-04-12 02:19 . 2014-05-14 06:24 28160 ----a-w- c:\windows\system32\secur32.dll
                    2014-04-12 02:19 . 2014-05-14 06:24 1460736 ----a-w- c:\windows\system32\lsasrv.dll
                    2014-04-12 02:19 . 2014-05-14 06:24 31232 ----a-w- c:\windows\system32\lsass.exe
                    2014-04-12 02:12 . 2014-05-14 06:24 22016 ----a-w- c:\windows\SysWow64\secur32.dll
                    2014-04-12 02:10 . 2014-05-14 06:24 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
                    .
                    .
                    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                    REGEDIT4
                    .
                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
                    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
                    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
                    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
                    .
                    c:\users\Harma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                    Malwarebytes Anti-Malware.lnk - c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-6-14 6970168]
                    psi - Snelkoppeling.lnk - c:\program files (x86)\Secunia\PSI\psi.exe [2012-9-24 1950304]
                    .
                    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                    Microsoft Security Essentials.lnk - c:\program files\Microsoft Security Client\msseces.exe [2014-3-11 1271072]
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                    "ConsentPromptBehaviorAdmin"= 5 (0x5)
                    "ConsentPromptBehaviorUser"= 3 (0x3)
                    "EnableUIADesktopToggle"= 0 (0x0)
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
                    "LoadAppInit_DLLs"=1 (0x1)
                    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
                    "mixer2"=wdmaud.drv
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
                    @=""
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
                    @=""
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
                    @=""
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
                    @=""
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                    @="Service"
                    .
                    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
                    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
                    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
                    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
                    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
                    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
                    R3 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
                    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\ drivers\mwac.sys [x]
                    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
                    R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
                    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
                    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
                    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
                    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
                    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
                    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
                    R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
                    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
                    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
                    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
                    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
                    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
                    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
                    S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
                    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
                    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
                    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
                    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
                    S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
                    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
                    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
                    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
                    S3 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
                    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
                    S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
                    S3 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
                    .
                    .
                    Inhoud van de 'Gedeelde Taken' map
                    .
                    2014-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
                    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 18:12]
                    .
                    2014-07-07 c:\windows\Tasks\fba_Bestanden Jan.job
                    - c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2013-04-21 07:30]
                    .
                    2014-07-07 c:\windows\Tasks\fba_Bestanden Mark.job
                    - c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2013-04-21 07:30]
                    .
                    .
                    --------- X64 Entries -----------
                    .
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_B]
                    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
                    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
                    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_O]
                    @="{64174815-8D98-4CE6-8646-4C039977D808}"
                    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
                    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
                    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
                    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
                    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
                    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
                    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
                    .
                    ------- Bijkomende Scan -------
                    .
                    uLocal Page = c:\windows\system32\blank.htm
                    uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-06-27&gen=cnet&ent=hp&u=AC77A87B663F859F144DD453ADE01EF1
                    mDefault_Search_URL = www.google.com
                    mDefault_Page_URL = www.google.com
                    mStart Page = www.google.com
                    mLocal Page = c:\windows\SysWOW64\blank.htm
                    mSearch Page = hxxp://www.google.com
                    uInternet Settings,ProxyOverride = *.local
                    IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
                    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
                    Trusted Zone: gasunie.nl\remote
                    TCP: DhcpNameServer = 212.54.44.54 192.168.1.1
                    FF - ProfilePath - c:\users\Harma\AppData\Roaming\Mozilla\Firefox\Profiles\tny943ou.default-1352550422159\
                    FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/
                    FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
                    .
                    - - - - ORPHANS VERWIJDERD - - - -
                    .
                    Toolbar-Locked - (no file)
                    AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
                    AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
                    .
                    .
                    .
                    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                    @Denied: (A 2) (Everyone)
                    @="FlashBroker"
                    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                    "Enabled"=dword:00000001
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                    @Denied: (A 2) (Everyone)
                    @="IFlashBroker5"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                    @="{00020424-0000-0000-C000-000000000046}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    "Version"="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                    @Denied: (A 2) (Everyone)
                    @="FlashBroker"
                    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                    "Enabled"=dword:00000001
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                    @Denied: (A 2) (Everyone)
                    @="Shockwave Flash Object"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
                    "ThreadingModel"="Apartment"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                    @="0"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                    @="ShockwaveFlash.ShockwaveFlash.14"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                    @="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                    @="ShockwaveFlash.ShockwaveFlash"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                    @Denied: (A 2) (Everyone)
                    @="Macromedia Flash Factory Object"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
                    "ThreadingModel"="Apartment"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                    @="FlashFactory.FlashFactory.1"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                    @="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                    @="FlashFactory.FlashFactory"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                    @Denied: (A 2) (Everyone)
                    @="IFlashBroker5"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                    @="{00020424-0000-0000-C000-000000000046}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    "Version"="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
                    @Denied: (A) (Everyone)
                    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
                    .
                    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
                    @Denied: (A) (Everyone)
                    .
                    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
                    "Key"="ActionsPane3"
                    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
                    @Denied: (A) (Users)
                    @Denied: (A) (Everyone)
                    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                    "BlindDial"=dword:00000000
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
                    @Denied: (Full) (Everyone)
                    .
                    ------------------------ Andere Aktieve Processen ------------------------
                    .
                    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
                    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
                    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                    c:\program files (x86)\Softland\FBackup 4\fbaSched.exe
                    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
                    c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                    .
                    **************************************************************************
                    .
                    Voltooingstijd: 2014-07-09 18:29:44 - machine werd herstart
                    ComboFix-quarantined-files.txt 2014-07-09 16:29
                    ComboFix2.txt 2014-07-09 06:23
                    ComboFix3.txt 2014-06-27 19:59
                    .
                    Pre-Run: 324.990.607.360 bytes beschikbaar
                    Post-Run: 324.843.700.224 bytes beschikbaar
                    .
                    - - End Of File - - 82F953CFAC665A438F244C553E8E694C

                    Comment


                    • #11
                      DDS (Ver_2012-11-20.01) - NTFS_AMD64
                      Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.60.2
                      Run by Harma at 18:30:36 on 2014-07-09
                      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4008.2275 [GMT 2:00]
                      .
                      AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
                      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                      SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
                      .
                      ============== Running Processes ===============
                      .
                      C:\Windows\system32\lsm.exe
                      C:\Windows\system32\svchost.exe -k DcomLaunch
                      C:\Windows\system32\nvvsvc.exe
                      C:\Windows\system32\svchost.exe -k RPCSS
                      c:\Program Files\Microsoft Security Client\MsMpEng.exe
                      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                      C:\Windows\system32\svchost.exe -k LocalService
                      C:\Windows\system32\svchost.exe -k netsvcs
                      C:\Windows\system32\svchost.exe -k GPSvcGroup
                      C:\Program Files\HitmanPro\hmpsched.exe
                      C:\Windows\system32\svchost.exe -k NetworkService
                      C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                      C:\Windows\system32\nvvsvc.exe
                      C:\Windows\system32\FBAgent.exe
                      C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
                      C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
                      C:\Windows\System32\spoolsv.exe
                      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                      C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                      C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
                      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
                      C:\Windows\system32\svchost.exe -k imgsvc
                      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
                      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                      C:\Windows\system32\taskhost.exe
                      C:\Windows\system32\Dwm.exe
                      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
                      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                      C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
                      C:\Windows\system32\igfxpers.exe
                      C:\Windows\System32\rundll32.exe
                      C:\Windows\system32\taskeng.exe
                      C:\Program Files (x86)\Softland\FBackup 4\fbaSched.exe
                      C:\Windows\system32\taskeng.exe
                      C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
                      C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
                      C:\Program Files\P4G\BatteryLife.exe
                      C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
                      C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
                      C:\Program Files\Bonjour\mDNSResponder.exe
                      C:\Windows\SysWOW64\ACEngSvr.exe
                      C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
                      C:\Program Files (x86)\Secunia\PSI\PSIA.exe
                      C:\Program Files (x86)\Secunia\PSI\sua.exe
                      C:\Windows\system32\SearchIndexer.exe
                      C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                      C:\Program Files (x86)\Nero\Update\NASvc.exe
                      C:\Program Files\Windows Media Player\wmpnetwk.exe
                      C:\Windows\system32\wbem\wmiprvse.exe
                      C:\Windows\servicing\TrustedInstaller.exe
                      C:\Windows\system32\wbem\wmiprvse.exe
                      C:\Windows\explorer.exe
                      C:\Windows\System32\cscript.exe
                      .
                      ============== Pseudo HJT Report ===============
                      .
                      uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-06-27&gen=cnet&ent=hp&u=AC77A87B663F859F144DD453ADE01EF1
                      mStart Page = www.google.com
                      mSearch Page = hxxp://www.google.com
                      mDefault_Page_URL = www.google.com
                      mDefault_Search_URL = www.google.com
                      BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
                      BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
                      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                      BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
                      BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
                      BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
                      BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
                      BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
                      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                      uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
                      uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
                      mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
                      mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                      mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                      StartupFolder: C:\Users\Harma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MALWAR~1.LNK - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
                      StartupFolder: C:\Users\Harma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PSI-SN~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi.exe
                      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files\Microsoft Security Client\msseces.exe
                      uPolicies-Explorer: NoDrives = dword:0
                      mPolicies-Explorer: NoDrives = dword:0
                      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                      mPolicies-System: ConsentPromptBehaviorUser = dword:3
                      mPolicies-System: EnableUIADesktopToggle = dword:0
                      IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
                      IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
                      IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
                      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
                      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                      .
                      INFO: HKCU has more than 50 listed domains.
                      If you wish to scan all of them, select the 'Force scan all domains' option.
                      .
                      DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
                      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
                      DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
                      DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
                      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
                      TCP: NameServer = 192.168.1.1
                      TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C} : DHCPNameServer = 192.168.1.1
                      TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C}\0484F6D6566373139383 : DHCPNameServer = 192.168.1.1
                      TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C}\05D474 : DHCPNameServer = 10.60.4.1 10.60.4.2
                      TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C}\6716E6465627D6F6C656E6F5B6C616E64756E6 : DHCPNameServer = 192.168.2.254
                      TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C}\7554C434F4D4540284F64756C637 : DHCPNameServer = 172.30.3.254
                      TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C}\D656475627E65647775627B6 : DHCPNameServer = 212.54.44.54 192.168.1.1
                      TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C}\E45647775627B673 : DHCPNameServer = 192.168.1.1
                      Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
                      Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                      AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
                      SSODL: WebCheck - <orphaned>
                      SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
                      x64-mStart Page = www.google.com
                      x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
                      x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
                      x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
                      x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
                      x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
                      x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
                      x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
                      x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
                      x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
                      x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
                      x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
                      x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
                      x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                      x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
                      x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                      x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                      x64-Notify: igfxcui - igfxdev.dll
                      x64-SSODL: WebCheck - <orphaned>
                      x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
                      .
                      ================= FIREFOX ===================
                      .
                      FF - ProfilePath - C:\Users\Harma\AppData\Roaming\Mozilla\Firefox\Profiles\tny943ou.default-1352550422159\
                      FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/
                      FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
                      FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
                      FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
                      FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
                      FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
                      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
                      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
                      FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
                      FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
                      FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
                      FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
                      FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
                      FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
                      .
                      ============= SERVICES / DRIVERS ===============
                      .
                      R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
                      R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-4-26 33736]
                      R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
                      R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-3-19 89536]
                      R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-4-9 379520]
                      R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
                      R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-1-2 127752]
                      R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2014-1-27 773968]
                      R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-6 1631008]
                      R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-14 21055432]
                      R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
                      R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
                      R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-14 317440]
                      R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-22 20256]
                      R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-22 40392]
                      R3 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-11-27 479840]
                      R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
                      R3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
                      R3 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
                      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                      S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-14 860472]
                      S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
                      S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-16 103448]
                      S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-9 48488]
                      S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
                      S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-8-17 33736]
                      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-12 111616]
                      S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-14 25816]
                      S3 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-14 1809720]
                      S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-14 63704]
                      S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
                      S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
                      S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-4 19456]
                      S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-4-9 290920]
                      S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-9 333928]
                      S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
                      S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-16 203672]
                      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-21 56832]
                      S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
                      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-17 1255736]
                      S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
                      S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
                      S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
                      .
                      =============== File Associations ===============
                      .
                      FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
                      .
                      =============== Created Last 30 ================
                      .
                      2014-07-09 16:19:41 -------- d-sh--w- C:\$RECYCLE.BIN
                      2014-07-09 06:37:50 -------- d-----w- C:\Users\Harma\AppData\Roaming\iWin
                      2014-07-09 06:25:54 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{35EEEA1B-68A5-4218-9E43-63F97C98715A}\mpengine.dll
                      2014-07-09 06:02:22 98816 ----a-w- C:\Windows\sed.exe
                      2014-07-09 06:02:22 256000 ----a-w- C:\Windows\PEV.exe
                      2014-07-09 06:02:22 208896 ----a-w- C:\Windows\MBR.exe
                      2014-07-07 20:09:11 -------- d-----w- C:\Users\Harma\AppData\Local\PMB Files
                      2014-07-07 20:09:08 -------- d-----w- C:\ProgramData\PMB Files
                      2014-07-07 18:21:03 388096 ----a-r- C:\Users\Harma\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                      2014-07-07 18:20:58 -------- d-----w- C:\Program Files (x86)\Trend Micro
                      2014-07-07 17:05:42 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3972AC1-7331-41A1-80C5-17CB274ECF7A}\gapaengine.dll
                      2014-07-07 17:04:44 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                      2014-06-29 15:28:29 -------- d-----w- C:\Users\Harma\AppData\Local\Nero_AG
                      2014-06-29 15:24:08 -------- d-----w- C:\Users\Harma\AppData\Local\Nero
                      2014-06-29 14:42:19 -------- d-----w- C:\Program Files (x86)\Nero
                      2014-06-29 14:42:06 -------- d-----w- C:\ProgramData\Nero
                      2014-06-29 14:37:45 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
                      2014-06-29 14:36:39 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
                      2014-06-28 09:20:28 -------- d-----w- C:\Program Files (x86)\VS Revo Group
                      2014-06-27 21:23:24 -------- d-----w- C:\Program Files\Lavasoft
                      2014-06-27 21:20:33 -------- d-----w- C:\Program Files (x86)\Lavasoft
                      2014-06-27 21:18:19 -------- d-----w- C:\Users\Harma\AppData\Roaming\LavasoftStatistics
                      2014-06-27 21:07:51 -------- d-----w- C:\ProgramData\Licenses
                      2014-06-27 21:07:43 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
                      2014-06-27 10:56:17 -------- d-----r- C:\Program Files (x86)\Skype
                      2014-06-26 21:53:52 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                      2014-06-26 21:45:26 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
                      2014-06-26 21:00:47 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
                      2014-06-26 06:25:07 687 ----a-w- C:\awh781B.tmp
                      2014-06-25 20:13:14 687 ----a-w- C:\awhD44F.tmp
                      2014-06-25 20:11:34 764416 --sh--w- C:\Windows\SysWow64\devil.dll
                      2014-06-25 20:11:33 415744 --sh--w- C:\Windows\SysWow64\avisynth.dll
                      2014-06-25 20:11:33 32256 --sh--w- C:\Windows\SysWow64\AVSredirect.dll
                      2014-06-25 20:11:32 70656 --sh--w- C:\Windows\SysWow64\yv12vfw.dll
                      2014-06-25 20:11:31 70656 --sh--w- C:\Windows\SysWow64\i420vfw.dll
                      2014-06-25 20:11:24 -------- d-----w- C:\Program Files (x86)\AviSynth 2.6
                      2014-06-25 20:08:48 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
                      2014-06-25 20:08:48 327749 ----a-w- C:\Windows\SysWow64\drvc.dll
                      2014-06-25 20:07:44 -------- d-----w- C:\Program Files (x86)\Common Files\Config
                      2014-06-25 20:07:41 -------- d-----w- C:\Users\Harma\AppData\Local\255
                      2014-06-25 20:07:40 -------- d-----w- C:\Program Files (x86)\eRightSoft
                      2014-06-23 19:06:53 -------- d-----w- C:\Users\Harma\AppData\Local\Skype
                      2014-06-22 08:50:16 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll
                      2014-06-22 08:50:16 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
                      2014-06-22 08:49:18 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
                      2014-06-22 08:49:18 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
                      2014-06-14 06:51:30 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
                      2014-06-14 06:50:45 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
                      2014-06-14 06:50:45 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
                      2014-06-14 06:50:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
                      2014-06-13 19:25:28 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
                      2014-06-12 05:45:59 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
                      .
                      ==================== Find3M ====================
                      .
                      2014-07-08 21:47:10 45056 ----a-w- C:\Windows\System32\acovcnt.exe
                      2014-07-08 18:12:45 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                      2014-07-08 18:12:45 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                      2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
                      2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
                      2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                      2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                      2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
                      2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
                      2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                      2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                      2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                      2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
                      2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
                      2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                      2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
                      2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
                      2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                      2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                      2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                      2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                      2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
                      2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
                      2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
                      2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
                      2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
                      2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
                      2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                      2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
                      2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll
                      2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll
                      2014-05-12 05:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
                      2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
                      2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
                      2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
                      2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
                      2014-04-15 00:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
                      2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
                      2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
                      2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
                      2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
                      2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
                      2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
                      2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
                      2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
                      2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
                      2009-09-27 07:39:26 415744 --sh--w- C:\Windows\SysWOW64\avisynth.dll
                      2005-07-14 10:31:20 32256 --sh--w- C:\Windows\SysWOW64\AVSredirect.dll
                      2004-02-22 08:11:08 764416 --sh--w- C:\Windows\SysWOW64\devil.dll
                      2004-01-24 22:00:00 70656 --sh--w- C:\Windows\SysWOW64\i420vfw.dll
                      2004-01-24 22:00:00 70656 --sh--w- C:\Windows\SysWOW64\yv12vfw.dll
                      .
                      ============= FINISH: 18:31:27,75 ===============

                      Comment


                      • #12
                        moest hem verdelen
                        was te groot in 1 reactie

                        Comment


                        • #13
                          Prima

                          Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                          ComboFix /Uninstall

                          Zorg ervoor dat er dus een spatie is tussen Combofix en /
                          Daarna klik je op Enter.


                          Klik op de afbeelding om te vergroten....


                          Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw,
                          verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen
                          en reset je Systeemherstel opnieuw.



                          Start CCleaner op.
                          • Run Ccleaner en klik in de linkse kolom op Opties
                          • Selecteer het tabblad Geavanceerd
                          • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                          • Selecteer het tabblad Instellingen
                          • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                          • Klik in de linkse kolom op Cleaner.
                          • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                          • Klik vervolgens in de linkse kolom op Register
                          • Klik op Scan naar problemen.
                          • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                          • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                          .
                          Vertel nu eens even of er nog problemen zijn?

                          Emphyrio
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            HAD MIJN VIRUS scanner malware in firewall aangezet na dat ik mijn vorige info poste
                            Combifix uninstall met deze installing gestart.
                            Combifix melde dit nadat die klaar was met uninstalllen

                            nog geen cleaner gedraaid

                            Nog een keer combifix met scanner etc uit?

                            Comment


                            • #15
                              nog een keer combifix /uninstall met de scanner uit bedoelde ik

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X