Mededeling

Collapse
No announcement yet.

alle mappen in startmenu, vd programma's zijn leeg, in Window7

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • alle mappen in startmenu, vd programma's zijn leeg, in Window7

    pup.optional.searchgolt.b + pup.optional.mindspark.a

    bovenstaande pup. verwijdert met malwarebytes, mappen blijven leeg, ook aantal mappen onder C:\
    lijken te zijn hernoemd met lange cijfer reeksen en zijn ook leeg
    bestande en doc likjken intact.
    hierbij een log van dds en daaronder van Gmer
    misschien kunt u helpen met oplossen.
    of is schone installatie de enige optie ?

    DDS (Ver_2012-11-05.02) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.9.2
    Run by Frans at 21:39:48 on 2014-08-12
    .
    ============== Running Processes ================
    .
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Intel\AMT\LMS.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\PDF Complete\pdfupd.exe
    C:\Users\Frans\Desktop\Defogger.exe
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearch Page = hxxp://www.google.com
    mDefault_Page_URL = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:3
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    TCP: NameServer = 212.54.40.25 212.54.44.54
    TCP: Interfaces\{3CA27344-CE6A-4537-833A-C5C4D7BB3A3E} : DHCPNameServer = 212.54.40.25 212.54.44.54
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://www.google.com
    x64-mSearch Page = hxxp://www.google.com
    x64-mDefault_Page_URL = hxxp://www.google.com
    x64-mDefault_Search_URL = hxxp://www.google.com
    x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [picon] "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\ca6akjif.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com?pid=wtu&sg=&cid=%7Bcda3c2ab-f20f-4ba7-9a74-f1cc920faa16%7D&mid=ec72e3e7e1f747d09196d16a62f60a9b-822948d768622a6cd578604ef5edbcfb8a156f8e&ds=AVG&v=3.1.0.6&lang=nl&pr=fr&d=2014-08-04%2017%3A21%3A11&sap=hp
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: !HIDDEN! 2013-04-17 08:08; [email protected]_4z.com; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? BBSvc;Bing Bar Update Service
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? fssfltr;fssfltr
    R? fsssvc;De service Windows Live Family Safety
    R? IEEtwCollectorService;Internet Explorer ETW Collector Service
    R? rgsender;Remote Graphics Sender Service
    R? StorSvc;Storage Service
    R? TsUsbFlt;TsUsbFlt
    R? vToolbarUpdater3.1.0;vToolbarUpdater3.1.0
    R? WatAdminSvc;Windows Activation Technologies-service
    S? Avgdiska;AVG Disk Driver
    S? AVGIDSAgent;AVGIDSAgent
    S? AVGIDSDriver;AVGIDSDriver
    S? AVGIDSHA;AVGIDSHA
    S? Avgldx64;AVG AVI Loader Driver
    S? Avgloga;AVG Logging Driver
    S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
    S? Avgrkx64;AVG Anti-Rootkit Driver
    S? Avgtdia;AVG TDI Driver
    S? avgtp;avgtp
    S? avgwd;AVG WatchDog
    S? BBUpdate;BBUpdate
    S? DLABMFSE;DLABMFSE
    S? DLABOIOE;DLABOIOE
    S? DLACDBHE;DLACDBHE
    S? DLADResE;DLADResE
    S? DLAIFS_E;DLAIFS_E
    S? DLAOPIOE;DLAOPIOE
    S? DLAPoolE;DLAPoolE
    S? DLARTL_E;DLARTL_E
    S? DLAUDF_E;DLAUDF_E
    S? DLAUDFAE;DLAUDFAE
    S? DRVECDB;DRVECDB
    S? DRVEDDM;DRVEDDM
    S? e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K
    S? HECIx64;Intel(R) Management Engine Interface
    S? Hp.Skyroom.Windows.Service;HP SkyRoom
    S? MBAMSwissArmy;MBAMSwissArmy
    S? pdfcDispatcher;PDF Document Manager
    S? PxHlpa64;PxHlpa64
    S? TeamViewer9;TeamViewer 9
    S? UNS;Intel(R) Management and Security Application User Notification Service
    .
    =============== File Associations ===============
    .
    FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2014-08-12 18:32:19 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
    2014-08-12 18:21:55 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-08-12 18:21:40 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-08-12 18:21:40 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-08-12 18:21:40 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-08-12 18:21:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-12 18:16:30 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-08-12 15:33:31 -------- d-----w- C:\Windows\ERUNT
    2014-08-11 15:53:40 -------- d-----w- C:\50083a3bb34a0ba8bf
    2014-08-10 15:52:02 -------- d-----w- C:\9d457c2c9e744a598661f5e65d69
    2014-08-10 08:28:11 -------- d-----w- C:\3d15ca18e54a7a808c4e3425fb7b
    2014-08-09 19:41:47 -------- d-----w- C:\9481d9cbb2c90e85e1e6545b9f
    2014-08-08 18:27:32 -------- d-----w- C:\80f556f4d7f96adfda
    2014-08-08 16:09:14 -------- d-----w- C:\4d69c35cb8bfdebc23c960d49514
    2014-08-08 07:12:24 -------- d-----w- C:\51c9ed8982923371b006
    2014-08-08 06:58:30 -------- d-----w- C:\ed2f30bf66c4d2efc079a3531d13
    2014-08-07 16:24:42 -------- d-----w- C:\e39121e6407e003cf0e6a946
    2014-08-07 09:50:27 -------- d-----w- C:\a7cb19aaf276fafb42d162048d2affa3
    2014-08-06 23:53:30 -------- d-----w- C:\b67cbcb3b87de422f4e9eaaa0bf437
    2014-08-06 07:27:28 -------- d-----w- C:\7f0e22d29a344c0cf065ddc63bb86160
    2014-08-05 19:15:06 -------- d-----w- C:\5993f0d4da2d27be3162
    2014-08-05 13:53:40 -------- d-----w- C:\fe08ee2b064a34bdba8dfbdc1ec208
    2014-08-04 21:13:24 -------- d-----w- C:\6d286cc60848e01f6744ae27afac
    2014-08-04 16:03:12 -------- d-----w- C:\38358331b31af652d0
    2014-08-04 15:21:15 -------- d-----w- C:\Users\Frans\AppData\Local\AVG Web TuneUp
    2014-08-04 15:21:07 -------- d-----w- C:\ProgramData\AVG Web TuneUp
    2014-08-04 15:21:05 -------- d-----w- C:\Program Files (x86)\AVG Web TuneUp
    2014-08-04 07:31:29 -------- d-----w- C:\02578a94f4f8bf031b443f
    2014-08-03 09:03:17 -------- d-----w- C:\6f0ac7e9b7917d306ad3705e89966686
    2014-08-02 22:11:50 -------- d-----w- C:\0b7a4afe7d9e31add18148a1
    2014-07-31 20:43:59 -------- d-----w- C:\a2b1bd7f4791a8210b5de4
    2014-07-31 19:02:23 -------- d-----w- C:\fbf5fb86594324e5fac683ac
    2014-07-31 06:46:53 -------- d-----w- C:\c5bfb19bcee6517697401354db9d
    2014-07-30 21:33:49 -------- d-----w- C:\6afd063dfa66290adf77ee
    2014-07-29 21:16:00 -------- d-----w- C:\e1b5e7d8ca852248a89a
    2014-07-29 18:01:44 -------- d-----w- C:\223365bf41e36a59e84cd4
    2014-07-29 13:24:33 -------- d-----w- C:\1106a0faa6accd2abca9
    2014-07-29 06:46:32 -------- d-----w- C:\c6f7888ccab7387d110aead001bfb5
    2014-07-28 22:12:26 -------- d-----w- C:\c021fcc734237e05bb
    2014-07-28 15:57:22 -------- d-----w- C:\6a95f79b69e51fca5e2a20
    2014-07-28 15:34:36 -------- d-----w- C:\764729b28de1f97ad09e283c5d243a
    2014-07-28 11:12:40 -------- d-----w- C:\9b9989b987a2512d8f77efe5
    2014-07-27 15:13:32 -------- d-----w- C:\857d522302e42209b85a0cc249f6
    2014-07-27 09:01:27 -------- d-----w- C:\09fc02604c3d41b771ca
    2014-07-26 13:35:31 -------- d-----w- C:\3aed943288554d76339170
    2014-07-26 10:58:39 -------- d-----w- C:\f7704b094971c53e3f82b07624f1082e
    2014-07-24 21:05:19 -------- d-----w- C:\b70110c5b25e2718c4d64771b039dc54
    2014-07-24 07:08:44 -------- d-----w- C:\5ab7d6b5e38f3e0a7ac5bc
    2014-07-16 12:18:47 -------- d-----w- C:\c6d3970f4caa73b28755687faf713d
    2014-07-15 20:56:12 -------- d-----w- C:\e889683aaa9a275b28
    .
    ==================== Find3M ====================
    .
    2014-08-04 15:21:03 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2014-07-09 14:20:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-09 14:20:12 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-07-09 14:20:05 5659136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2014-06-30 10:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
    2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
    2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
    2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
    2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
    2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
    2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
    2014-06-17 14:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2014-06-17 14:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
    2014-06-17 14:06:58 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2014-06-17 14:06:24 190744 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2014-06-17 14:06:22 242968 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2014-06-17 14:06:20 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2014-06-17 14:06:06 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 21:41:52,75 ===============

    MER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-08-12 21:33:54
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.P22O 149,01GB
    Running: 2tqo00de.exe; Driver: C:\Users\Frans\AppData\Local\Temp\fxldipog.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002dab000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff80002dab011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75]
    .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75]
    .text ... * 2
    .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75]
    .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75]
    .text ... * 2
    .text C:\Users\Frans\Desktop\Defogger.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75]
    .text C:\Users\Frans\Desktop\Defogger.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75]
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75]
    .text ... * 2
    ? C:\Windows\system32\mssprxy.dll [2880] entry point in ".rdata" section 0000000074ab71e6
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75]
    .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a21465 2 bytes [A2, 75]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a214bb 2 bytes [A2, 75]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4396:3656] 000007fefb402bf8

    ---- EOF - GMER 2.1 ----
    Last edited by ton54; 13-08-14, 10:16.

  • #2
    Hoi ton en welkom op Nucia Security Forum,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



    Stap 1:

    Malware scannen en verwijderen....

    Start MBAM.
    Klik bovenin het scherm van Malwarebytes Anti-Malware op Scan.
    Kies in het scherm voor de Aangepaste scan en vink de partities aan die van toepassing zijn (c:\ d\ enz..)
    Klik vervolgens op de knop Scan nu.

    Voor het scannen wordt er altijd eerst automatisch gecontroleerd of er updates van de virusdefinities beschikbaar zijn, indien er een update beschikbaar is, moet je deze eerst laten installeren.

    Wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijg je hier een overzicht van.
    Selecteer om allen in quarantaine te plaatsen.
    Bij de melding dat uw computer opnieuw opgestart moet worden klik je op Ja.

    Na herstart van de PC, indien Malwarebytes heeft gevraagd om de PC opnieuw op te starten, open Malwarebytes opnieuw.
    Klik de Historie knop bovenaan in het menu.
    Klik vervolgens op de optie programmalogboeken en selecteer het Scanlogboek wat u wilt exporteren. Dit is de laatste scan die je hebt gedaan (kan je zien aan de datum en tijd).
    Selecteer deze om te bekijken.
    In een nieuw venster dat zal openen zal je de resultaten van je scan zien.

    Onderaan, selecteer ofwel om te exporteren als tekstbestand en geef het tekstbestand een naam, bijvoorbeeld mbamlog.
    Ofwel kan je selecteren om te kopieren naar het klembord, zodat de inhoud van de log naar je klembord wordt gekopieerd en je die zo in je volgende post kan plakken.

    .___________________________________________________________

    Stap 2:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scannen
    • Klik op Verwijderen
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
    Post deze inhoud hier op het Forum.

    Enkel de log na de "Verwijderen" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
    Deze word standaard door AdwCleaner terug gezet naar Google.com
    ___________________________________________________________

    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


    ___________________________________________________________

    Stap 4:

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.


    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Malwarebytes Anti-Malware
      www.malwarebytes.org

      Scandatum: 13-8-2014
      Scantijd: 20:22:08
      Logbestand: malewarwe.txt
      Beheerder: Ja

      Versie: 2.00.2.1012
      Malwaredatabase: v2014.08.13.05
      Rootkitdatabase: v2014.08.04.01
      Licentie: Gratis
      Malwarebescherming: Uitgeschakeld
      Kwaadaardige Website Bescherming: Uitgeschakeld
      Self-protection: Uitgeschakeld

      Besturingssysteem: Windows 7 Service Pack 1
      Processor: x64
      Bestandssysteem: NTFS
      Gebruiker: Frans

      Scantype: Aangepaste Scan
      Resultaat: Voltooid
      Objecten Gescand: 555957
      Verstreken Tijd: 1 u, 52 m, 30 s

      Geheugen: Ingeschakeld
      Opstarten: Ingeschakeld
      Bestandssysteem: Ingeschakeld
      Archieven: Ingeschakeld
      Rootkits: Uitgeschakeld
      Heuristics: Ingeschakeld
      POP: Ingeschakeld
      POA: Ingeschakeld

      Processen: 0
      (No malicious items detected)

      Modules: 0
      (No malicious items detected)

      Registersleutels: 0
      (No malicious items detected)

      Registerwaardes: 0
      (No malicious items detected)

      Registerdata: 0
      (No malicious items detected)

      Mappen: 0
      (No malicious items detected)

      Bestanden: 19
      PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir, In Quarantaine, [43d69b2b5d1e5bdbf0b61d125ea2f709],
      PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Produtools_Manuals_2.1_B\hk64tbPro0.dll.vir, In Quarantaine, [8e8bc105bfbcff37683d49e63dc3e917],
      PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Produtools_Manuals_2.1_B\hktbPro0.dll.vir, In Quarantaine, [47d24a7c314abf778a1b290625dba858],
      PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Produtools_Manuals_2.1_B\ldrtbPro0.dll.vir, In Quarantaine, [0d0c6b5bd9a27eb8cdd8240be41c2fd1],
      PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Produtools_Manuals_2.1_B\Produtools_Manuals_2.1_BToolbarHelper1.exe.vir, In Quarantaine, [50c965615b20e551164030eef30d24dc],
      PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Produtools_Manuals_2.1_B\tbPro0.dll.vir, In Quarantaine, [9b7ea026ccaf2a0cb2f3e84760a032ce],
      PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe.vir, In Quarantaine, [28f105c1b2c9ba7c5dcde5c5ae5317e9],
      PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Frans\AppData\Local\Conduit\Community Alerts\Alert.dll.vir, In Quarantaine, [fe1b18ae2c4f16203febfdadd62ba858],
      PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Frans\AppData\LocalLow\Produtools_Manuals_2.1_B\hk64tbPro0.dll.vir, In Quarantaine, [0f0a576fd7a4d561da50129806fb6e92],
      PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Frans\AppData\LocalLow\Produtools_Manuals_2.1_B\hk64tbPro2.dll.vir, In Quarantaine, [c8513591ef8c8ea808222d7de61b6799],
      PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Frans\AppData\LocalLow\Produtools_Manuals_2.1_B\hktbPro0.dll.vir, In Quarantaine, [0b0e21a53348290dc565d2d8966be41c],
      PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Frans\AppData\LocalLow\Produtools_Manuals_2.1_B\hktbPro2.dll.vir, In Quarantaine, [da3f13b3dc9f2c0a81a9ecbe7d846898],
      PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Frans\AppData\LocalLow\Produtools_Manuals_2.1_B\ldrtbPro0.dll.vir, In Quarantaine, [b069f7cf5526191d28027b2f9b6621df],
      PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Frans\AppData\LocalLow\Produtools_Manuals_2.1_B\ldrtbPro2.dll.vir, In Quarantaine, [59c0dcea106bff378f9b941620e1e61a],
      PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Frans\AppData\LocalLow\Produtools_Manuals_2.1_B\prxtbPro0.dll.vir, In Quarantaine, [cc4d8c3afb801c1a96949c0e09f824dc],
      PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Frans\AppData\LocalLow\Produtools_Manuals_2.1_B\prxtbPro2.dll.vir, In Quarantaine, [b960279ff88370c6c3672e7c5ca5c838],
      PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Frans\AppData\LocalLow\Produtools_Manuals_2.1_B\tbPro0.dll.vir, In Quarantaine, [8d8ceed8bdbe7db90327961449b84ab6],
      PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Frans\AppData\LocalLow\Produtools_Manuals_2.1_B\tbPro1.dll.vir, In Quarantaine, [dc3dccfa92e9c96df03a575311f0af51],
      PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Frans\AppData\LocalLow\Produtools_Manuals_2.1_B\tbPro2.dll.vir, In Quarantaine, [2eebf0d63a413afc34f68a205ea3b64a],

      Fysieke Sectoren: 0
      (No malicious items detected)


      (end)

      # AdwCleaner v3.305 - Rapport aangemaakt 14/08/2014 op 07:46:12
      # Laatste Update 14/08/2014 door Xplode
      # Besturingssysteem : Windows 7 Professional Service Pack 1 (64 bits)
      # Gebruikersnaam : Frans - HP6000
      # Gestart vanuit : C:\Users\Frans\Downloads\adwcleaner_3.305.exe
      # Optie : Verwijderen

      ***** [ Services ] *****


      ***** [ Bestanden / Mappen ] *****

      Bestand Verwijderd : C:\Windows\System32\GroupPolicy\Machine\Registry.pol

      ***** [ Taken ] *****


      ***** [ Snelkoppelingen ] *****


      ***** [ Register ] *****

      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

      ***** [ Browsers ] *****

      -\\ Internet Explorer v11.0.9600.17207


      -\\ Mozilla Firefox v30.0 (nl)

      [ Bestand : C:\Users\Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\liqulizm.default\prefs.js ]


      [ Bestand : C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\ca6akjif.default\prefs.js ]


      -\\ Google Chrome v36.0.1985.125

      [ Bestand : C:\Users\Agnes\AppData\Local\Google\Chrome\User Data\Default\preferences ]


      [ Bestand : C:\Users\Frans\AppData\Local\Google\Chrome\User Data\Default\preferences ]


      *************************

      AdwCleaner[R0].txt - [40023 octets] - [28/05/2014 16:41:14]
      AdwCleaner[R1].txt - [1497 octets] - [28/05/2014 18:41:37]
      AdwCleaner[R2].txt - [1429 octets] - [28/05/2014 20:04:42]
      AdwCleaner[R3].txt - [1496 octets] - [28/05/2014 20:19:15]
      AdwCleaner[R4].txt - [14928 octets] - [12/08/2014 17:01:10]
      AdwCleaner[R5].txt - [1730 octets] - [12/08/2014 17:05:04]
      AdwCleaner[R6].txt - [4283 octets] - [12/08/2014 17:37:48]
      AdwCleaner[R7].txt - [2142 octets] - [14/08/2014 07:42:31]
      AdwCleaner[S0].txt - [37101 octets] - [28/05/2014 16:42:24]
      AdwCleaner[S1].txt - [1565 octets] - [28/05/2014 18:42:24]
      AdwCleaner[S2].txt - [1562 octets] - [28/05/2014 20:20:09]
      AdwCleaner[S3].txt - [13249 octets] - [12/08/2014 17:01:56]
      AdwCleaner[S4].txt - [1796 octets] - [12/08/2014 17:06:20]
      AdwCleaner[S5].txt - [4257 octets] - [12/08/2014 17:38:58]
      AdwCleaner[S6].txt - [2070 octets] - [14/08/2014 07:46:12]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2130 octets] ##########
      DDS (Ver_2012-11-05.02) - NTFS_AMD64
      Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.9.2
      Run by Frans at 7:59:57 on 2014-08-14
      .
      ============== Running Processes ================
      .
      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
      C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
      C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
      C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
      C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
      C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files (x86)\Intel\AMT\LMS.exe
      C:\Program Files (x86)\PDF Complete\pdfsvc.exe
      C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
      C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
      C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
      C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
      C:\Program Files (x86)\AVG\AVG2014\avgui.exe
      C:\Program Files (x86)\PDF Complete\pdfupd.exe
      C:\Windows\SysWOW64\ctfmon.exe
      C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
      C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
      C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
      C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.google.com
      uDefault_Page_URL = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      mSearch Page = hxxp://www.google.com
      mDefault_Page_URL = hxxp://www.google.com
      mDefault_Search_URL = hxxp://www.google.com
      mWinlogon: Userinit = userinit.exe,
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
      BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
      TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
      TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
      mRun: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
      mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
      mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
      mPolicies-Explorer: NoActiveDesktop = dword:1
      mPolicies-Explorer: NoActiveDesktopChanges = dword:1
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableLUA = dword:0
      mPolicies-System: EnableUIADesktopToggle = dword:0
      mPolicies-System: PromptOnSecureDesktop = dword:0
      mPolicies-System: SoftwareSASGeneration = dword:3
      IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
      DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
      TCP: NameServer = 212.54.40.25 212.54.44.54
      TCP: Interfaces\{3CA27344-CE6A-4537-833A-C5C4D7BB3A3E} : DHCPNameServer = 212.54.40.25 212.54.44.54
      Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
      SSODL: WebCheck - <orphaned>
      mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
      x64-mStart Page = hxxp://www.google.com
      x64-mSearch Page = hxxp://www.google.com
      x64-mDefault_Page_URL = hxxp://www.google.com
      x64-mDefault_Search_URL = hxxp://www.google.com
      x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
      x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
      x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
      x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      x64-Run: [picon] "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
      x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
      x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
      x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
      x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
      x64-Notify: igfxcui - igfxdev.dll
      x64-SSODL: WebCheck - <orphaned>
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\ca6akjif.default\
      FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com?pid=wtu&sg=&cid=%7Bcda3c2ab-f20f-4ba7-9a74-f1cc920faa16%7D&mid=ec72e3e7e1f747d09196d16a62f60a9b-822948d768622a6cd578604ef5edbcfb8a156f8e&ds=AVG&v=3.1.0.6&lang=nl&pr=fr&d=2014-08-04%2017%3A21%3A11&sap=hp
      FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
      FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
      FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
      FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
      FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
      FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
      FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
      FF - ExtSQL: !HIDDEN! 2013-04-17 08:08; [email protected]_4z.com; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin
      .
      ============= SERVICES / DRIVERS ===============
      .
      R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
      R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
      R? fssfltr;fssfltr
      R? fsssvc;De service Windows Live Family Safety
      R? IEEtwCollectorService;Internet Explorer ETW Collector Service
      R? rgsender;Remote Graphics Sender Service
      R? StorSvc;Storage Service
      R? TsUsbFlt;TsUsbFlt
      R? vToolbarUpdater3.1.0;vToolbarUpdater3.1.0
      R? WatAdminSvc;Windows Activation Technologies-service
      S? Avgdiska;AVG Disk Driver
      S? AVGIDSAgent;AVGIDSAgent
      S? AVGIDSDriver;AVGIDSDriver
      S? AVGIDSHA;AVGIDSHA
      S? Avgldx64;AVG AVI Loader Driver
      S? Avgloga;AVG Logging Driver
      S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
      S? Avgrkx64;AVG Anti-Rootkit Driver
      S? Avgtdia;AVG TDI Driver
      S? avgtp;avgtp
      S? avgwd;AVG WatchDog
      S? BBSvc;Bing Bar Update Service
      S? BBUpdate;BBUpdate
      S? DLABMFSE;DLABMFSE
      S? DLABOIOE;DLABOIOE
      S? DLACDBHE;DLACDBHE
      S? DLADResE;DLADResE
      S? DLAIFS_E;DLAIFS_E
      S? DLAOPIOE;DLAOPIOE
      S? DLAPoolE;DLAPoolE
      S? DLARTL_E;DLARTL_E
      S? DLAUDF_E;DLAUDF_E
      S? DLAUDFAE;DLAUDFAE
      S? DRVECDB;DRVECDB
      S? DRVEDDM;DRVEDDM
      S? e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K
      S? HECIx64;Intel(R) Management Engine Interface
      S? Hp.Skyroom.Windows.Service;HP SkyRoom
      S? pdfcDispatcher;PDF Document Manager
      S? PxHlpa64;PxHlpa64
      S? TeamViewer9;TeamViewer 9
      S? UNS;Intel(R) Management and Security Application User Notification Service
      .
      =============== File Associations ===============
      .
      FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
      .
      =============== Created Last 30 ================
      .
      2014-08-12 18:32:19 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
      2014-08-12 18:21:55 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
      2014-08-12 18:21:40 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
      2014-08-12 18:21:40 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
      2014-08-12 18:21:40 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2014-08-12 18:21:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
      2014-08-12 18:16:30 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
      2014-08-12 15:33:31 -------- d-----w- C:\Windows\ERUNT
      2014-08-11 15:53:40 -------- d-----w- C:\50083a3bb34a0ba8bf
      2014-08-10 15:52:02 -------- d-----w- C:\9d457c2c9e744a598661f5e65d69
      2014-08-10 08:28:11 -------- d-----w- C:\3d15ca18e54a7a808c4e3425fb7b
      2014-08-09 19:41:47 -------- d-----w- C:\9481d9cbb2c90e85e1e6545b9f
      2014-08-08 18:27:32 -------- d-----w- C:\80f556f4d7f96adfda
      2014-08-08 16:09:14 -------- d-----w- C:\4d69c35cb8bfdebc23c960d49514
      2014-08-08 07:12:24 -------- d-----w- C:\51c9ed8982923371b006
      2014-08-08 06:58:30 -------- d-----w- C:\ed2f30bf66c4d2efc079a3531d13
      2014-08-07 16:24:42 -------- d-----w- C:\e39121e6407e003cf0e6a946
      2014-08-07 09:50:27 -------- d-----w- C:\a7cb19aaf276fafb42d162048d2affa3
      2014-08-06 23:53:30 -------- d-----w- C:\b67cbcb3b87de422f4e9eaaa0bf437
      2014-08-06 07:27:28 -------- d-----w- C:\7f0e22d29a344c0cf065ddc63bb86160
      2014-08-05 19:15:06 -------- d-----w- C:\5993f0d4da2d27be3162
      2014-08-05 13:53:40 -------- d-----w- C:\fe08ee2b064a34bdba8dfbdc1ec208
      2014-08-04 21:13:24 -------- d-----w- C:\6d286cc60848e01f6744ae27afac
      2014-08-04 16:03:12 -------- d-----w- C:\38358331b31af652d0
      2014-08-04 15:21:15 -------- d-----w- C:\Users\Frans\AppData\Local\AVG Web TuneUp
      2014-08-04 15:21:07 -------- d-----w- C:\ProgramData\AVG Web TuneUp
      2014-08-04 15:21:05 -------- d-----w- C:\Program Files (x86)\AVG Web TuneUp
      2014-08-04 07:31:29 -------- d-----w- C:\02578a94f4f8bf031b443f
      2014-08-03 09:03:17 -------- d-----w- C:\6f0ac7e9b7917d306ad3705e89966686
      2014-08-02 22:11:50 -------- d-----w- C:\0b7a4afe7d9e31add18148a1
      2014-07-31 20:43:59 -------- d-----w- C:\a2b1bd7f4791a8210b5de4
      2014-07-31 19:02:23 -------- d-----w- C:\fbf5fb86594324e5fac683ac
      2014-07-31 06:46:53 -------- d-----w- C:\c5bfb19bcee6517697401354db9d
      2014-07-30 21:33:49 -------- d-----w- C:\6afd063dfa66290adf77ee
      2014-07-29 21:16:00 -------- d-----w- C:\e1b5e7d8ca852248a89a
      2014-07-29 18:01:44 -------- d-----w- C:\223365bf41e36a59e84cd4
      2014-07-29 13:24:33 -------- d-----w- C:\1106a0faa6accd2abca9
      2014-07-29 06:46:32 -------- d-----w- C:\c6f7888ccab7387d110aead001bfb5
      2014-07-28 22:12:26 -------- d-----w- C:\c021fcc734237e05bb
      2014-07-28 15:57:22 -------- d-----w- C:\6a95f79b69e51fca5e2a20
      2014-07-28 15:34:36 -------- d-----w- C:\764729b28de1f97ad09e283c5d243a
      2014-07-28 11:12:40 -------- d-----w- C:\9b9989b987a2512d8f77efe5
      2014-07-27 15:13:32 -------- d-----w- C:\857d522302e42209b85a0cc249f6
      2014-07-27 09:01:27 -------- d-----w- C:\09fc02604c3d41b771ca
      2014-07-26 13:35:31 -------- d-----w- C:\3aed943288554d76339170
      2014-07-26 10:58:39 -------- d-----w- C:\f7704b094971c53e3f82b07624f1082e
      2014-07-24 21:05:19 -------- d-----w- C:\b70110c5b25e2718c4d64771b039dc54
      2014-07-24 07:08:44 -------- d-----w- C:\5ab7d6b5e38f3e0a7ac5bc
      2014-07-16 12:18:47 -------- d-----w- C:\c6d3970f4caa73b28755687faf713d
      2014-07-15 20:56:12 -------- d-----w- C:\e889683aaa9a275b28
      .
      ==================== Find3M ====================
      .
      2014-08-04 15:21:03 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
      2014-07-09 14:20:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2014-07-09 14:20:12 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2014-07-09 14:20:05 5659136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
      2014-06-30 10:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
      2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
      2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
      2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
      2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
      2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
      2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
      2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
      2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
      2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
      2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
      2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
      2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
      2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
      2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
      2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
      2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
      2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
      2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
      2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
      2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
      2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
      2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
      2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
      2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
      2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
      2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
      2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
      2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
      2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
      2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
      2014-06-17 14:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
      2014-06-17 14:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
      2014-06-17 14:06:58 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
      2014-06-17 14:06:24 190744 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
      2014-06-17 14:06:22 242968 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
      2014-06-17 14:06:20 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
      2014-06-17 14:06:06 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
      2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
      2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
      2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
      2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
      2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
      2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
      2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
      2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
      2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
      2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
      2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
      2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
      2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
      2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
      2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
      2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
      2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
      2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
      2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
      2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
      .
      ============= FINISH: 8:01:23,50 ===============

      checkup txt lukte niet
      kreeg foutmelding:

      AUTO IT Error:
      error:variable must be of type object"

      gr.
      ton

      Comment


      • #4
        Download Unhide.exe naar het bureaublad, als u een melding krijgt dat het bestand mogelijk onveilig is kunt u dit negeren.
        • Dubbelklik op "Unhide.exe" om de tool te starten.
        • Let op!!! [i]Windows Vista & 7 gebruikers dienen "Unhide.exe" als administrator uit te voeren (rechtsklik en selecteer "Uitvoeren als admin".)
        • Wacht rustig af totdat de tool gereed is en doe in de tussentijd verder niets op de computer.
        • Als de tool gereed is krijgt u het onderstaande scherm te zien, met de melding "Your files should now be visible"


        • Vermeld in uw volgende bericht of u deze melding heeft gekregen.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          derdaad melding gekregen, echter de mappen blijven leeg
          eigenaar pc heeft vermoedelijk cc cleaner erop los gelaten.
          bijgaand de unhide log,
          merkte ook dat bij eigenschappen van deze computer
          onder systeem aangegeven wordt, \
          processoer: niet beschikbaar
          geinstalleerd geheugen : niet beschikbaar

          Unhide by Lawrence Abrams (Grinler)
          http://www.bleepingcomputer.com/
          Copyright 2008-2014 BleepingComputer.com
          More Information about Unhide.exe can be found at this link:
          http://www.bleepingcomputer.com/forums/topic405109.html

          Program started at: 08/14/2014 02:16:30 PM
          Windows Version: Windows 7

          Please be patient while your files are made visible again.

          Processing the C:\ drive
          Finished processing the C:\ drive. 255562 files processed.

          Processing the D:\ drive
          Finished processing the D:\ drive. 76 files processed.

          Processing the G:\ drive
          Finished processing the G:\ drive. 0 files processed.

          Processing the H:\ drive
          Finished processing the H:\ drive. 0 files processed.

          Processing the I:\ drive
          Finished processing the I:\ drive. 0 files processed.

          Processing the J:\ drive
          Finished processing the J:\ drive. 0 files processed.

          Processing the K:\ drive
          Finished processing the K:\ drive. 0 files processed.

          The C:\Users\Frans\AppData\Local\Temp\smtmp\ folder does not exist!!
          Unhide cannot restore your missing shortcuts!!
          Please see this topic in order to learn how to restore default
          Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

          Searching for Windows Registry changes made by FakeHDD rogues.
          - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
          - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
          - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
          - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
          No registry changes detected.

          Program finished at: 08/14/2014 02:28:23 PM
          Execution time: 0 hours(s), 11 minute(s), and 52 seconds(s)

          Comment


          • #6
            Als hij er Ccleaner (en God weet wat nog allemaal) erop los gelaten heeft, dan is de mogelijkheid dat we deze kunnen recupereren idd zeer beperkt.

            We gaan even Combofix inzetten....


            Download Combofix naar je bureaublad.
            (Dus niet naar een download map of temp map)

            Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
            Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

            Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

            Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
            Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

            Als Combofix vraagt om een update, dan staat je dit toe.

            Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
            Deze kan je vinden als C:\combofix.txt.

            Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

            * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
            • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
            • Illegal operation attempted on a registry key that has been marked for deletion.
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              hierbij lo combofix,
              ComboFix 14-08-14.02 - Frans 14-08-2014 15:45:57.1.2 - x64
              Gestart vanuit: c:\users\Frans\Desktop\ComboFix.exe
              .
              .
              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              c:\programdata\3rwir.bat
              c:\programdata\8wiod.bat
              c:\programdata\Qd7IEJ5r.exe.b
              c:\programdata\Qd7IEJ5r.exe_.b
              c:\programdata\wavav0bdtzbtb43b.bat
              c:\users\Frans\AppData\Roaming\.#
              c:\users\Frans\AppData\Roaming\Zifuo
              c:\users\Frans\AppData\Roaming\Zifuo\niidu.toa
              c:\users\Frans\Documents\~WRL0394.tmp
              c:\windows\IsUn0413.exe
              c:\windows\SysWow64\Cache
              c:\windows\SysWow64\Cache\26c630d098e22dd5.fb
              c:\windows\SysWow64\Cache\272512937d9e61a4.fb
              c:\windows\SysWow64\Cache\287204568329e189.fb
              c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
              c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb
              c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb
              c:\windows\SysWow64\Cache\3917078cb68ec657.fb
              c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
              c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
              c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
              c:\windows\SysWow64\Cache\6d03dad1035885d3.fb
              c:\windows\SysWow64\Cache\95f567698be8a182.fb
              c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
              c:\windows\SysWow64\Cache\c1fa887b03019701.fb
              c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
              c:\windows\SysWow64\Cache\c989c01cf60dfaee.fb
              c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
              c:\windows\SysWow64\Cache\d2e94710a5708128.fb
              c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
              c:\windows\SysWow64\Cache\f998975c9cc711ee.fb
              .
              .
              (((((((((((((((((((( Bestanden Gemaakt van 2014-07-14 to 2014-08-14 ))))))))))))))))))))))))))))))
              .
              .
              2014-08-14 13:52 . 2014-08-14 13:52 -------- d-----w- c:\users\Default\AppData\Local\temp
              2014-08-14 13:52 . 2014-08-14 13:52 -------- d-----w- c:\users\Agnes\AppData\Local\temp
              2014-08-12 18:32 . 2014-08-12 18:39 -------- d-----w- c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
              2014-08-12 18:21 . 2014-08-13 21:17 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
              2014-08-12 18:21 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
              2014-08-12 18:21 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
              2014-08-12 18:21 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
              2014-08-12 18:21 . 2014-08-12 18:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
              2014-08-12 18:16 . 2014-08-12 18:23 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
              2014-08-12 15:33 . 2014-08-12 15:33 -------- d-----w- c:\windows\ERUNT
              2014-08-11 15:53 . 2014-08-11 15:54 -------- d-----w- C:\50083a3bb34a0ba8bf
              2014-08-11 14:10 . 2014-08-11 14:10 -------- d-----w- c:\users\Agnes\AppData\Local\AVG Web TuneUp
              2014-08-10 15:52 . 2014-08-10 15:52 -------- d-----w- C:\9d457c2c9e744a598661f5e65d69
              2014-08-10 08:28 . 2014-08-10 08:28 -------- d-----w- C:\3d15ca18e54a7a808c4e3425fb7b
              2014-08-09 19:41 . 2014-08-09 19:42 -------- d-----w- C:\9481d9cbb2c90e85e1e6545b9f
              2014-08-08 18:27 . 2014-08-08 18:28 -------- d-----w- C:\80f556f4d7f96adfda
              2014-08-08 16:09 . 2014-08-08 16:09 -------- d-----w- C:\4d69c35cb8bfdebc23c960d49514
              2014-08-08 07:12 . 2014-08-08 07:12 -------- d-----w- C:\51c9ed8982923371b006
              2014-08-08 06:58 . 2014-08-08 06:59 -------- d-----w- C:\ed2f30bf66c4d2efc079a3531d13
              2014-08-07 16:24 . 2014-08-07 16:25 -------- d-----w- C:\e39121e6407e003cf0e6a946
              2014-08-07 09:50 . 2014-08-07 09:51 -------- d-----w- C:\a7cb19aaf276fafb42d162048d2affa3
              2014-08-06 23:53 . 2014-08-06 23:53 -------- d-----w- C:\b67cbcb3b87de422f4e9eaaa0bf437
              2014-08-06 07:27 . 2014-08-06 07:27 -------- d-----w- C:\7f0e22d29a344c0cf065ddc63bb86160
              2014-08-05 19:15 . 2014-08-05 19:15 -------- d-----w- C:\5993f0d4da2d27be3162
              2014-08-05 13:53 . 2014-08-05 13:54 -------- d-----w- C:\fe08ee2b064a34bdba8dfbdc1ec208
              2014-08-04 21:13 . 2014-08-04 21:14 -------- d-----w- C:\6d286cc60848e01f6744ae27afac
              2014-08-04 16:03 . 2014-08-04 16:03 -------- d-----w- C:\38358331b31af652d0
              2014-08-04 15:21 . 2014-08-05 09:21 -------- d-----w- c:\users\Frans\AppData\Local\AVG Web TuneUp
              2014-08-04 15:21 . 2014-08-04 15:21 -------- d-----w- c:\programdata\AVG Web TuneUp
              2014-08-04 15:21 . 2014-08-04 15:21 -------- d-----w- c:\program files (x86)\AVG Web TuneUp
              2014-08-04 07:31 . 2014-08-04 07:32 -------- d-----w- C:\02578a94f4f8bf031b443f
              2014-08-03 09:03 . 2014-08-03 09:03 -------- d-----w- C:\6f0ac7e9b7917d306ad3705e89966686
              2014-08-02 22:11 . 2014-08-02 22:12 -------- d-----w- C:\0b7a4afe7d9e31add18148a1
              2014-07-31 20:43 . 2014-07-31 20:44 -------- d-----w- C:\a2b1bd7f4791a8210b5de4
              2014-07-31 19:02 . 2014-07-31 19:03 -------- d-----w- C:\fbf5fb86594324e5fac683ac
              2014-07-31 06:46 . 2014-07-31 06:47 -------- d-----w- C:\c5bfb19bcee6517697401354db9d
              2014-07-30 21:33 . 2014-07-30 21:34 -------- d-----w- C:\6afd063dfa66290adf77ee
              2014-07-29 21:16 . 2014-07-29 21:16 -------- d-----w- C:\e1b5e7d8ca852248a89a
              2014-07-29 18:01 . 2014-07-29 18:02 -------- d-----w- C:\223365bf41e36a59e84cd4
              2014-07-29 13:24 . 2014-07-29 13:25 -------- d-----w- C:\1106a0faa6accd2abca9
              2014-07-29 06:46 . 2014-07-29 06:47 -------- d-----w- C:\c6f7888ccab7387d110aead001bfb5
              2014-07-28 22:12 . 2014-07-28 22:12 -------- d-----w- C:\c021fcc734237e05bb
              2014-07-28 15:57 . 2014-07-28 15:58 -------- d-----w- C:\6a95f79b69e51fca5e2a20
              2014-07-28 15:34 . 2014-07-28 15:35 -------- d-----w- C:\764729b28de1f97ad09e283c5d243a
              2014-07-28 11:12 . 2014-07-28 11:13 -------- d-----w- C:\9b9989b987a2512d8f77efe5
              2014-07-27 15:13 . 2014-07-27 15:14 -------- d-----w- C:\857d522302e42209b85a0cc249f6
              2014-07-27 09:01 . 2014-07-27 09:01 -------- d-----w- C:\09fc02604c3d41b771ca
              2014-07-26 13:35 . 2014-07-26 13:36 -------- d-----w- C:\3aed943288554d76339170
              2014-07-26 10:58 . 2014-07-26 10:59 -------- d-----w- C:\f7704b094971c53e3f82b07624f1082e
              2014-07-24 21:05 . 2014-07-24 21:06 -------- d-----w- C:\b70110c5b25e2718c4d64771b039dc54
              2014-07-24 07:08 . 2014-07-24 07:09 -------- d-----w- C:\5ab7d6b5e38f3e0a7ac5bc
              2014-07-19 17:44 . 2014-07-19 17:44 -------- d-----w- c:\users\Agnes\AppData\Local\ElevatedDiagnostics
              2014-07-16 12:18 . 2014-07-16 12:19 -------- d-----w- C:\c6d3970f4caa73b28755687faf713d
              2014-07-15 20:56 . 2014-07-15 20:57 -------- d-----w- C:\e889683aaa9a275b28
              .
              .
              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2014-08-04 15:21 . 2012-08-27 08:04 50464 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
              2014-07-10 08:43 . 2012-06-06 18:38 96441528 ----a-w- c:\windows\system32\MRT.exe
              2014-07-09 14:20 . 2012-06-08 07:24 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
              2014-07-09 14:20 . 2012-06-08 07:24 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
              2014-07-09 14:20 . 2014-07-09 14:20 5659136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
              2014-06-30 10:43 . 2014-06-30 10:43 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
              2014-06-30 02:09 . 2014-07-10 07:12 519168 ----a-w- c:\windows\system32\aepdu.dll
              2014-06-30 02:04 . 2014-07-10 07:12 424448 ----a-w- c:\windows\system32\aeinv.dll
              2014-06-20 20:14 . 2014-07-10 07:11 266424 ----a-w- c:\windows\system32\iedkcs32.dll
              2014-06-19 01:39 . 2014-07-10 07:11 23464448 ----a-w- c:\windows\system32\mshtml.dll
              2014-06-19 01:06 . 2014-07-10 07:11 2724864 ----a-w- c:\windows\system32\mshtml.tlb
              2014-06-19 01:06 . 2014-07-10 07:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
              2014-06-19 00:48 . 2014-07-10 07:11 2768384 ----a-w- c:\windows\system32\iertutil.dll
              2014-06-19 00:42 . 2014-07-10 07:11 548352 ----a-w- c:\windows\system32\vbscript.dll
              2014-06-19 00:42 . 2014-07-10 07:11 66048 ----a-w- c:\windows\system32\iesetup.dll
              2014-06-19 00:41 . 2014-07-10 07:11 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
              2014-06-19 00:41 . 2014-07-10 07:11 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
              2014-06-19 00:32 . 2014-07-10 07:11 51200 ----a-w- c:\windows\system32\jsproxy.dll
              2014-06-19 00:31 . 2014-07-10 07:11 33792 ----a-w- c:\windows\system32\iernonce.dll
              2014-06-19 00:26 . 2014-07-10 07:11 598016 ----a-w- c:\windows\system32\ieui.dll
              2014-06-19 00:24 . 2014-07-10 07:11 139264 ----a-w- c:\windows\system32\ieUnatt.exe
              2014-06-19 00:24 . 2014-07-10 07:11 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
              2014-06-19 00:23 . 2014-07-10 07:11 752640 ----a-w- c:\windows\system32\jscript9diag.dll
              2014-06-19 00:14 . 2014-07-10 07:11 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
              2014-06-19 00:09 . 2014-07-10 07:11 452608 ----a-w- c:\windows\system32\dxtmsft.dll
              2014-06-18 23:59 . 2014-07-10 07:11 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
              2014-06-18 23:56 . 2014-07-10 07:11 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
              2014-06-18 23:53 . 2014-07-10 07:11 195584 ----a-w- c:\windows\system32\msrating.dll
              2014-06-18 23:51 . 2014-07-10 07:11 5721088 ----a-w- c:\windows\system32\jscript9.dll
              2014-06-18 23:50 . 2014-07-10 07:11 85504 ----a-w- c:\windows\system32\mshtmled.dll
              2014-06-18 23:48 . 2014-07-10 07:11 292864 ----a-w- c:\windows\system32\dxtrans.dll
              2014-06-18 23:39 . 2014-07-10 07:11 608768 ----a-w- c:\windows\system32\ie4uinit.exe
              2014-06-18 23:38 . 2014-07-10 07:11 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
              2014-06-18 23:37 . 2014-07-10 07:11 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
              2014-06-18 23:36 . 2014-07-10 07:11 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
              2014-06-18 23:35 . 2014-07-10 07:11 62464 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
              2014-06-18 23:33 . 2014-07-10 07:11 631808 ----a-w- c:\windows\system32\msfeeds.dll
              2014-06-18 23:27 . 2014-07-10 07:11 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
              2014-06-18 23:27 . 2014-07-10 07:11 2040832 ----a-w- c:\windows\system32\inetcpl.cpl
              2014-06-18 23:23 . 2014-07-10 07:11 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
              2014-06-18 23:22 . 2014-07-10 07:11 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
              2014-06-18 23:06 . 2014-07-10 07:11 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
              2014-06-18 22:58 . 2014-07-10 07:11 2266112 ----a-w- c:\windows\system32\wininet.dll
              2014-06-18 22:52 . 2014-07-10 07:11 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
              2014-06-18 22:51 . 2014-07-10 07:11 13527040 ----a-w- c:\windows\system32\ieframe.dll
              2014-06-18 22:46 . 2014-07-10 07:11 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
              2014-06-18 22:45 . 2014-07-10 07:11 1964544 ----a-w- c:\windows\SysWow64\inetcpl.cpl
              2014-06-18 22:34 . 2014-07-10 07:11 1393664 ----a-w- c:\windows\system32\urlmon.dll
              2014-06-18 22:15 . 2014-07-10 07:11 846336 ----a-w- c:\windows\system32\ieapfltr.dll
              2014-06-18 22:13 . 2014-07-10 07:11 1791488 ----a-w- c:\windows\SysWow64\wininet.dll
              2014-06-18 02:18 . 2014-07-10 07:12 692736 ----a-w- c:\windows\system32\osk.exe
              2014-06-18 01:51 . 2014-07-10 07:12 646144 ----a-w- c:\windows\SysWow64\osk.exe
              2014-06-18 01:10 . 2014-07-10 07:12 3157504 ----a-w- c:\windows\system32\win32k.sys
              2014-06-17 14:21 . 2014-06-17 14:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
              2014-06-17 14:07 . 2014-06-17 14:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys
              2014-06-17 14:06 . 2014-06-17 14:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys
              2014-06-17 14:06 . 2014-06-17 14:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys
              2014-06-17 14:06 . 2014-06-17 14:06 242968 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
              2014-06-17 14:06 . 2014-06-17 14:06 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
              2014-06-17 14:06 . 2014-06-17 14:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
              2014-06-06 10:10 . 2014-07-10 07:12 624128 ----a-w- c:\windows\system32\qedit.dll
              2014-06-06 09:44 . 2014-07-10 07:12 509440 ----a-w- c:\windows\SysWow64\qedit.dll
              2014-06-05 14:45 . 2014-07-10 07:11 1460736 ----a-w- c:\windows\system32\lsasrv.dll
              2014-06-05 14:26 . 2014-07-10 07:11 22016 ----a-w- c:\windows\SysWow64\secur32.dll
              2014-06-05 14:25 . 2014-07-10 07:11 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
              2014-05-30 08:08 . 2014-07-10 07:11 210944 ----a-w- c:\windows\system32\wdigest.dll
              2014-05-30 08:08 . 2014-07-10 07:11 86528 ----a-w- c:\windows\system32\TSpkg.dll
              2014-05-30 08:08 . 2014-07-10 07:11 340992 ----a-w- c:\windows\system32\schannel.dll
              2014-05-30 08:08 . 2014-07-10 07:11 314880 ----a-w- c:\windows\system32\msv1_0.dll
              2014-05-30 08:08 . 2014-07-10 07:11 307200 ----a-w- c:\windows\system32\ncrypt.dll
              2014-05-30 08:08 . 2014-07-10 07:11 728064 ----a-w- c:\windows\system32\kerberos.dll
              2014-05-30 08:08 . 2014-07-10 07:11 22016 ----a-w- c:\windows\system32\credssp.dll
              2014-05-30 07:52 . 2014-07-10 07:11 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
              2014-05-30 07:52 . 2014-07-10 07:11 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
              2014-05-30 07:52 . 2014-07-10 07:11 247808 ----a-w- c:\windows\SysWow64\schannel.dll
              2014-05-30 07:52 . 2014-07-10 07:11 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
              2014-05-30 07:52 . 2014-07-10 07:11 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
              2014-05-30 07:52 . 2014-07-10 07:11 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
              2014-05-30 07:52 . 2014-07-10 07:11 17408 ----a-w- c:\windows\SysWow64\credssp.dll
              2014-05-30 06:45 . 2014-07-10 07:13 497152 ----a-w- c:\windows\system32\drivers\afd.sys
              .
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
              REGEDIT4
              .
              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-06 39408]
              "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
              "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-06-18 563736]
              "RoxioDragToDisc"="c:\program files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
              "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
              "AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-07-10 5187088]
              "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
              .
              c:\users\Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
              OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
              "ConsentPromptBehaviorAdmin"= 0 (0x0)
              "ConsentPromptBehaviorUser"= 3 (0x3)
              "EnableLUA"= 0 (0x0)
              "EnableUIADesktopToggle"= 0 (0x0)
              "PromptOnSecureDesktop"= 0 (0x0)
              "SoftwareSASGeneration"= 3 (0x3)
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
              "LoadAppInit_DLLs"=1 (0x1)
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
              "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
              "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
              "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
              .
              R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
              R2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [x]
              R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
              R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
              R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
              S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
              S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
              S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
              S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
              S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS;c:\windows\SYSNATIVE\Drivers\DRVECDB.SYS [x]
              S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
              S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
              S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS \avgidsdrivera.sys [x]
              S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
              S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
              S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
              S1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS;c:\windows\SYSNATIVE\Drivers\DLACDBHE.SYS [x]
              S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS;c:\windows\SYSNATIVE\Drivers\DLARTL_E.SYS [x]
              S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
              S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
              S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
              S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
              S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS;c:\windows\SYSNATIVE\DLA\DLABMFSE.SYS [x]
              S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS;c:\windows\SYSNATIVE\DLA\DLABOIOE.SYS [x]
              S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS;c:\windows\SYSNATIVE\DLA\DLADResE.SYS [x]
              S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS;c:\windows\SYSNATIVE\DLA\DLAIFS_E.SYS [x]
              S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS;c:\windows\SYSNATIVE\DLA\DLAOPIOE.SYS [x]
              S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS;c:\windows\SYSNATIVE\DLA\DLAPoolE.SYS [x]
              S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS;c:\windows\SYSNATIVE\DLA\DLAUDF_E.SYS [x]
              S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS;c:\windows\SYSNATIVE\DLA\DLAUDFAE.SYS [x]
              S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS;c:\windows\SYSNATIVE\Drivers\DRVEDDM.SYS [x]
              S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [x]
              S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
              S2 rgsender;Remote Graphics Sender Service;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [x]
              S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
              S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
              S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
              S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
              .
              .
              --- Andere Services/Drivers In Geheugen ---
              .
              *NewlyCreated* - WS2IFSL
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
              2009-10-16 10:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
              2014-07-18 10:54 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
              .
              Inhoud van de 'Gedeelde Taken' map
              .
              2014-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
              - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 14:20]
              .
              2014-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06 15:39]
              .
              2014-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06 15:39]
              .
              .
              --------- X64 Entries -----------
              .
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-02 7938080]
              "picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]
              "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
              "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
              "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
              .
              ------- Bijkomende Scan -------
              .
              uStart Page = hxxp://www.google.com
              uLocal Page = c:\windows\system32\blank.htm
              mDefault_Search_URL = hxxp://www.google.com
              mDefault_Page_URL = hxxp://www.google.com
              mStart Page = hxxp://www.google.com
              mLocal Page = c:\windows\SysWOW64\blank.htm
              mSearch Page = hxxp://www.google.com
              IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
              TCP: DhcpNameServer = 212.54.40.25 212.54.44.54
              FF - ProfilePath - c:\users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\ca6akjif.default\
              FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com?pid=wtu&sg=&cid=%7Bcda3c2ab-f20f-4ba7-9a74-f1cc920faa16%7D&mid=ec72e3e7e1f747d09196d16a62f60a9b-822948d768622a6cd578604ef5edbcfb8a156f8e&ds=AVG&v=3.1.0.6&lang=nl&pr=fr&d=2014-08-04%2017%3A21%3A11&sap=hp
              FF - ExtSQL: !HIDDEN! 2013-04-17 08:08; [email protected]_4z.com; c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin
              .
              - - - - ORPHANS VERWIJDERD - - - -
              .
              Toolbar-{0307351f-b2d7-41f2-b44a-8af7d9d90a18} - (no file)
              Toolbar-10 - (no file)
              HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
              Toolbar-10 - (no file)
              AddRemove-Activeris AntiMalware_is1 - c:\program files (x86)\Activeris AntiMalware\unins000.exe
              AddRemove-Routeplanner Europa - c:\windows\IsUn0413.exe
              AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
              .
              .
              .
              [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
              "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
              .
              --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
              @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker5"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Shockwave Flash Object"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
              @="0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
              @="ShockwaveFlash.ShockwaveFlash.14"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="ShockwaveFlash.ShockwaveFlash"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Macromedia Flash Factory Object"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
              @="FlashFactory.FlashFactory.1"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="FlashFactory.FlashFactory"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker5"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
              @Denied: (A) (Users)
              @Denied: (A) (Everyone)
              @Allowed: (B 1 2 3 4 5) (S-1-5-20)
              "BlindDial"=dword:00000000
              .
              [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
              @Denied: (Full) (Everyone)
              .
              ------------------------ Andere Aktieve Processen ------------------------
              .
              c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
              c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
              c:\program files (x86)\Intel\AMT\LMS.exe
              c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
              .
              **************************************************************************
              .
              Voltooingstijd: 2014-08-14 16:02:30 - machine werd herstart
              ComboFix-quarantined-files.txt 2014-08-14 14:02
              .
              Pre-Run: 65.847.103.488 bytes beschikbaar
              Post-Run: 66.645.651.456 bytes beschikbaar
              .
              - - End Of File - - B997247C5B38A5D8B35803F0C220FB12
              A36C5E4F47E84449FF07ED3517B43A31

              Comment


              • #8
                en log dds
                ps, systeem info geeft nu wel cpu em memory weer.

                DDS (Ver_2012-11-05.02) - NTFS_AMD64
                Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.9.2
                Run by Frans at 16:06:18 on 2014-08-14
                Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3991.2679 [GMT 2:00]
                .
                AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
                SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
                FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
                .
                ============== Running Processes ===============
                .
                c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
                C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
                C:\Windows\system32\lsm.exe
                C:\Windows\system32\svchost.exe -k DcomLaunch
                C:\Windows\system32\svchost.exe -k RPCSS
                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                C:\Windows\system32\svchost.exe -k LocalService
                C:\Windows\system32\svchost.exe -k netsvcs
                C:\Windows\system32\svchost.exe -k NetworkService
                C:\Windows\System32\spoolsv.exe
                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
                C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
                C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
                C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
                C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
                C:\Windows\system32\taskhost.exe
                C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
                C:\Program Files (x86)\Intel\AMT\LMS.exe
                C:\Program Files (x86)\PDF Complete\pdfsvc.exe
                C:\Windows\system32\Dwm.exe
                C:\Windows\system32\svchost.exe -k imgsvc
                C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
                C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
                C:\Windows\system32\fxssvc.exe
                c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
                c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
                C:\Windows\servicing\TrustedInstaller.exe
                C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                C:\Windows\System32\igfxtray.exe
                C:\Windows\System32\hkcmd.exe
                C:\Windows\System32\igfxpers.exe
                C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
                C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
                C:\Program Files (x86)\AVG\AVG2014\avgui.exe
                C:\Windows\system32\SearchIndexer.exe
                C:\Program Files\Windows Media Player\wmpnetwk.exe
                C:\Windows\System32\WUDFHost.exe
                C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                C:\Windows\SysWOW64\ctfmon.exe
                C:\Windows\system32\notepad.exe
                C:\Windows\explorer.exe
                C:\Windows\system32\SearchProtocolHost.exe
                C:\Windows\system32\SearchFilterHost.exe
                C:\Windows\system32\wbem\wmiprvse.exe
                C:\Windows\System32\cscript.exe
                .
                ============== Pseudo HJT Report ===============
                .
                uStart Page = hxxp://www.google.com
                mStart Page = hxxp://www.google.com
                mSearch Page = hxxp://www.google.com
                mDefault_Page_URL = hxxp://www.google.com
                mDefault_Search_URL = hxxp://www.google.com
                BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
                BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
                BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
                TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
                TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
                uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
                uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
                mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
                mRun: [RoxioDragToDisc] "C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe"
                mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
                mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
                uPolicies-Explorer: NoDrives = dword:0
                mPolicies-Explorer: NoDrives = dword:0
                mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
                mPolicies-System: ConsentPromptBehaviorUser = dword:3
                mPolicies-System: EnableLUA = dword:0
                mPolicies-System: EnableUIADesktopToggle = dword:0
                mPolicies-System: PromptOnSecureDesktop = dword:0
                mPolicies-System: SoftwareSASGeneration = dword:3
                IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
                IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
                IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
                TCP: NameServer = 212.54.40.25 212.54.44.54
                TCP: Interfaces\{3CA27344-CE6A-4537-833A-C5C4D7BB3A3E} : DHCPNameServer = 212.54.40.25 212.54.44.54
                Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
                SSODL: WebCheck - <orphaned>
                mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
                mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                x64-mStart Page = hxxp://www.google.com
                x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
                x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
                x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
                x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                x64-Run: [picon] "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
                x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
                x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
                x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
                x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
                x64-Notify: igfxcui - igfxdev.dll
                x64-SSODL: WebCheck - <orphaned>
                .
                ================= FIREFOX ===================
                .
                FF - ProfilePath - C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\ca6akjif.default\
                FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com?pid=wtu&sg=&cid=%7Bcda3c2ab-f20f-4ba7-9a74-f1cc920faa16%7D&mid=ec72e3e7e1f747d09196d16a62f60a9b-822948d768622a6cd578604ef5edbcfb8a156f8e&ds=AVG&v=3.1.0.6&lang=nl&pr=fr&d=2014-08-04%2017%3A21%3A11&sap=hp
                FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
                FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
                FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
                FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
                FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
                FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
                FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
                FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
                FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
                FF - ExtSQL: !HIDDEN! 2013-04-17 08:08; [email protected]_4z.com; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin
                .
                ============= SERVICES / DRIVERS ===============
                .
                R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
                R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
                R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-6-17 123672]
                R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
                R0 DRVECDB;DRVECDB;C:\Windows\System32\drivers\DRVECDB.SYS [2012-6-7 122776]
                R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-7 52664]
                R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
                R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-6-17 242968]
                R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
                R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
                R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-27 50464]
                R1 DLACDBHE;DLACDBHE;C:\Windows\System32\drivers\DLACDBHE.SYS [2012-6-7 15864]
                R1 DLARTL_E;DLARTL_E;C:\Windows\System32\drivers\DLARTL_E.SYS [2012-6-7 39160]
                R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-7-10 3244048]
                R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-7-10 289328]
                R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
                R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
                R2 DLABMFSE;DLABMFSE;C:\Windows\System32\DLA\DLABMFSE.SYS [2012-6-7 43888]
                R2 DLABOIOE;DLABOIOE;C:\Windows\System32\DLA\DLABOIOE.SYS [2012-6-7 41712]
                R2 DLADResE;DLADResE;C:\Windows\System32\DLA\DLADResE.SYS [2012-6-7 10096]
                R2 DLAIFS_E;DLAIFS_E;C:\Windows\System32\DLA\DLAIFS_E.SYS [2012-6-7 141296]
                R2 DLAOPIOE;DLAOPIOE;C:\Windows\System32\DLA\DLAOPIOE.SYS [2012-6-7 33904]
                R2 DLAPoolE;DLAPoolE;C:\Windows\System32\DLA\DLAPoolE.SYS [2012-6-7 17776]
                R2 DLAUDF_E;DLAUDF_E;C:\Windows\System32\DLA\DLAUDF_E.SYS [2012-6-7 142832]
                R2 DLAUDFAE;DLAUDFAE;C:\Windows\System32\DLA\DLAUDFAE.SYS [2012-6-7 136816]
                R2 DRVEDDM;DRVEDDM;C:\Windows\System32\drivers\DRVEDDM.SYS [2012-6-7 63608]
                R2 Hp.Skyroom.Windows.Service;HP SkyRoom;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2010-3-3 124472]
                R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-6-6 635416]
                R2 rgsender;Remote Graphics Sender Service;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2012-6-6 379904]
                R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-5-5 5052224]
                R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2012-6-6 2066968]
                R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-6-6 273584]
                R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-6-6 56344]
                S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                S2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [?]
                S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-6 61288]
                S3 fsssvc;De service Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
                S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-10 111616]
                S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
                S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-6-7 59392]
                S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-7 1255736]
                .
                =============== File Associations ===============
                .
                FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
                .
                =============== Created Last 30 ================
                .
                2014-08-14 13:56:21 -------- d-sh--w- C:\$RECYCLE.BIN
                2014-08-14 13:42:31 98816 ----a-w- C:\Windows\sed.exe
                2014-08-14 13:42:31 256000 ----a-w- C:\Windows\PEV.exe
                2014-08-14 13:42:31 208896 ----a-w- C:\Windows\MBR.exe
                2014-08-12 18:32:19 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
                2014-08-12 18:21:55 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
                2014-08-12 18:21:40 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
                2014-08-12 18:21:40 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
                2014-08-12 18:21:40 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
                2014-08-12 18:21:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
                2014-08-12 18:16:30 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
                2014-08-12 15:33:31 -------- d-----w- C:\Windows\ERUNT
                2014-08-11 15:53:40 -------- d-----w- C:\50083a3bb34a0ba8bf
                2014-08-10 15:52:02 -------- d-----w- C:\9d457c2c9e744a598661f5e65d69
                2014-08-10 08:28:11 -------- d-----w- C:\3d15ca18e54a7a808c4e3425fb7b
                2014-08-09 19:41:47 -------- d-----w- C:\9481d9cbb2c90e85e1e6545b9f
                2014-08-08 18:27:32 -------- d-----w- C:\80f556f4d7f96adfda
                2014-08-08 16:09:14 -------- d-----w- C:\4d69c35cb8bfdebc23c960d49514
                2014-08-08 07:12:24 -------- d-----w- C:\51c9ed8982923371b006
                2014-08-08 06:58:30 -------- d-----w- C:\ed2f30bf66c4d2efc079a3531d13
                2014-08-07 16:24:42 -------- d-----w- C:\e39121e6407e003cf0e6a946
                2014-08-07 09:50:27 -------- d-----w- C:\a7cb19aaf276fafb42d162048d2affa3
                2014-08-06 23:53:30 -------- d-----w- C:\b67cbcb3b87de422f4e9eaaa0bf437
                2014-08-06 07:27:28 -------- d-----w- C:\7f0e22d29a344c0cf065ddc63bb86160
                2014-08-05 19:15:06 -------- d-----w- C:\5993f0d4da2d27be3162
                2014-08-05 13:53:40 -------- d-----w- C:\fe08ee2b064a34bdba8dfbdc1ec208
                2014-08-04 21:13:24 -------- d-----w- C:\6d286cc60848e01f6744ae27afac
                2014-08-04 16:03:12 -------- d-----w- C:\38358331b31af652d0
                2014-08-04 15:21:15 -------- d-----w- C:\Users\Frans\AppData\Local\AVG Web TuneUp
                2014-08-04 15:21:07 -------- d-----w- C:\ProgramData\AVG Web TuneUp
                2014-08-04 15:21:05 -------- d-----w- C:\Program Files (x86)\AVG Web TuneUp
                2014-08-04 07:31:29 -------- d-----w- C:\02578a94f4f8bf031b443f
                2014-08-03 09:03:17 -------- d-----w- C:\6f0ac7e9b7917d306ad3705e89966686
                2014-08-02 22:11:50 -------- d-----w- C:\0b7a4afe7d9e31add18148a1
                2014-07-31 20:43:59 -------- d-----w- C:\a2b1bd7f4791a8210b5de4
                2014-07-31 19:02:23 -------- d-----w- C:\fbf5fb86594324e5fac683ac
                2014-07-31 06:46:53 -------- d-----w- C:\c5bfb19bcee6517697401354db9d
                2014-07-30 21:33:49 -------- d-----w- C:\6afd063dfa66290adf77ee
                2014-07-29 21:16:00 -------- d-----w- C:\e1b5e7d8ca852248a89a
                2014-07-29 18:01:44 -------- d-----w- C:\223365bf41e36a59e84cd4
                2014-07-29 13:24:33 -------- d-----w- C:\1106a0faa6accd2abca9
                2014-07-29 06:46:32 -------- d-----w- C:\c6f7888ccab7387d110aead001bfb5
                2014-07-28 22:12:26 -------- d-----w- C:\c021fcc734237e05bb
                2014-07-28 15:57:22 -------- d-----w- C:\6a95f79b69e51fca5e2a20
                2014-07-28 15:34:36 -------- d-----w- C:\764729b28de1f97ad09e283c5d243a
                2014-07-28 11:12:40 -------- d-----w- C:\9b9989b987a2512d8f77efe5
                2014-07-27 15:13:32 -------- d-----w- C:\857d522302e42209b85a0cc249f6
                2014-07-27 09:01:27 -------- d-----w- C:\09fc02604c3d41b771ca
                2014-07-26 13:35:31 -------- d-----w- C:\3aed943288554d76339170
                2014-07-26 10:58:39 -------- d-----w- C:\f7704b094971c53e3f82b07624f1082e
                2014-07-24 21:05:19 -------- d-----w- C:\b70110c5b25e2718c4d64771b039dc54
                2014-07-24 07:08:44 -------- d-----w- C:\5ab7d6b5e38f3e0a7ac5bc
                2014-07-16 12:18:47 -------- d-----w- C:\c6d3970f4caa73b28755687faf713d
                2014-07-15 20:56:12 -------- d-----w- C:\e889683aaa9a275b28
                .
                ==================== Find3M ====================
                .
                2014-08-04 15:21:03 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
                2014-07-09 14:20:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                2014-07-09 14:20:12 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                2014-07-09 14:20:05 5659136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
                2014-06-30 10:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
                2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
                2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
                2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
                2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
                2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
                2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
                2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
                2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
                2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
                2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
                2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
                2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
                2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
                2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
                2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
                2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
                2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
                2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
                2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
                2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
                2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
                2014-06-17 14:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
                2014-06-17 14:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
                2014-06-17 14:06:58 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
                2014-06-17 14:06:24 190744 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
                2014-06-17 14:06:22 242968 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
                2014-06-17 14:06:20 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
                2014-06-17 14:06:06 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
                2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
                2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
                2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
                2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
                2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
                2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
                2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
                2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
                2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
                2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
                2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
                2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
                2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
                2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
                2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
                2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
                2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
                2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
                2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
                2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
                .
                ============= FINISH: 16:06:30,12 ===============

                Comment


                • #9
                  Na zorgvuldig de Combofix log geanalyzeerd te hebben, lijkt het me niet oppertuun hier verder aan te werken.
                  Dit OS systeem is, op z'n zachts gezegd, naar de haaien en krijgen we nooit volledig terug werkend.

                  Of dit nu komt door malware of door ondeskundig geklungel laat ik in het midden.

                  Mijn advies:

                  Maak backups van belangrijkste docs, emails, paswoorden, enz.
                  Herinstalleer Windows.
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    Dit dacht ik al een beetje, zie mijn eerste reactie..
                    helaas , back-up vd mail en bestanden had ik reeds gemaakt
                    zal dus inderdaad herinstallatie worden
                    bedankt voor de tijd en moeite
                    m vr groet
                    ton

                    Comment


                    • #11
                      Graag gedaan, Ton


                      1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                      2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                      Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                      3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                      4) Allerlei tips en hints kan je hier raadplegen.


                      Ik zet het topic op opgelost.

                      Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
                      naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                      Dit is gedaan om het forum netjes en overzichtelijk te houden.

                      Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                      Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                      Emphyrio
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X