Mededeling

Collapse
No announcement yet.

Vastlopers en sysapcrt.dll

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Vastlopers en sysapcrt.dll

    Hoi,

    Sindskort loopt mijn computer af en toe vast. Niks meer aan te doen, behalve stekker eruit en erin. Heb hem een uur geleden gestofzuigd. (Geheugen, videokaart, processorcooler) Sindsdien "nog" geen vastloper gehad. Nog wel heb ik sinds in MBAM heb gebruikt een foutmelding, ik wilde herstarten na het "oplossen van problemen" maar toen liep hij compleet vast. Sinds die herstart krijg ik bij het opstarten foutmeldingen en bij allerlei applicaties. MBAM start niet meer op enz.

    \Settings manager\Systemk\sysapcrt.dll
    Is niet goed meer, niet geschikt voor windows, moet herinstalleerd worden bla bla. En dat met dingen bovenin zoals winlogon.exe, userinit.exe enzovoort.

    MBAM log was veranderd in een XML bestand, rare tekens erin dus die krijg ik hier niet gepost. Te veel tekens.


    DDS logje
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.67.2
    Run by Admin at 13:41:53 on 2014-08-13
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4094.1640 [GMT 2:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
    C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\Samsung\Kies\Kies.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Admin\Downloads\mpyx58jo.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    uDefault_Page_URL = www.google.com
    mStart Page = hxxp://start.qone8.com/?type=hp&ts=1399714338&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
    mSearch Page = hxxp://www.qone8.com/web/?type=ds&ts=1399714338&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72&q={searchTerms}
    mDefault_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1399714338&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
    mDefault_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1399714338&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72&q={searchTerms}
    mWinlogon: Userinit = userinit.exe
    BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -
    BHO: Linkey: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Freecorder extension: {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Spotify Web Helper] "C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    uRun: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
    mRun: [DT HWP] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HWP
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: C:\Windows\System32\RSLSP.dll
    TCP: NameServer = 192.168.2.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{29473292-AC46-43BB-882B-412A1BE96971} : DHCPNameServer = 62.140.140.251 62.140.138.233
    TCP: Interfaces\{B2D8EEB3-B8F8-4CCB-ABCD-908021C084D8} : DHCPNameServer = 192.168.2.254 195.241.77.55 195.241.77.58
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = scecli IVTCredentialProvider
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    IFEO: bitguard.exe - tasklist.exe
    IFEO: bprotect.exe - tasklist.exe
    IFEO: bpsvc.exe - tasklist.exe
    IFEO: browserdefender.exe - tasklist.exe
    IFEO: browserprotect.exe - tasklist.exe
    x64-mStart Page = hxxp://start.qone8.com/?type=hp&ts=1399714338&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
    x64-mSearch Page = hxxp://www.qone8.com/web/?type=ds&ts=1399714338&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72&q={searchTerms}
    x64-mDefault_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1399714338&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
    x64-mDefault_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1399714338&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72&q={searchTerms}
    x64-BHO: Linkey: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [AllShare Control] C:\Program Files\Samsung\AllShare Control\AllShare Control
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-IFEO: bitguard.exe - tasklist.exe
    x64-IFEO: bprotect.exe - tasklist.exe
    x64-IFEO: bpsvc.exe - tasklist.exe
    x64-IFEO: browserdefender.exe - tasklist.exe
    x64-IFEO: browserprotect.exe - tasklist.exe
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2011-12-21 25056]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-6-20 283064]
    R2 BsMobileCS;BsMobileCS;C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2013-1-8 273656]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 133928]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-5 1615192]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-5 20541216]
    R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2014-2-1 123688]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-5 411936]
    R3 IvtAudioBusSrv;IvtAudioBusSrv;C:\Windows\System32\drivers\IvtBtBus.sys [2012-12-24 27256]
    R3 IvtComBusSrv;IvtComBusSrv;C:\Windows\System32\drivers\btcombus.sys [2013-1-5 25720]
    R3 IvtPanBusSrv;IvtPanBusSrv;C:\Windows\System32\drivers\btnetBus.sys [2012-12-24 31480]
    R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-5 40392]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    S1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg [2014-7-12 41872]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 IePluginService;IePlugin Service;C:\ProgramData\IePluginService\PluginService.exe -service --> C:\ProgramData\IePluginService\PluginService.exe -service [?]
    S2 SystemkService;Systemk Service;C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [2014-6-22 3572240]
    S2 Wpm;Wpm Service;C:\ProgramData\WPM\wprotectmanager.exe -service --> C:\ProgramData\WPM\wprotectmanager.exe -service [?]
    S3 BTCOM;Bluetooth Serial port driver;C:\Windows\System32\drivers\btcomport.sys [2011-7-27 29576]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-12-11 103576]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-30 111616]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-13 19456]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-12-11 204568]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-8 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-08-13 11:16:44 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC71EFD2-A1D8-4272-8347-5B335EDB1BBE}\offreg.dll
    2014-08-13 11:16:28 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{575AB93D-CF04-48A3-9C9C-20E6F83E4834}\gapaengine.dll
    2014-08-13 11:16:16 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC71EFD2-A1D8-4272-8347-5B335EDB1BBE}\mpengine.dll
    2014-08-12 18:41:17 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-08-12 18:41:17 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-08-12 18:41:17 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-08-12 18:41:16 -------- d-----w- C:\Malwarebytes Anti-Malware
    2014-08-12 18:38:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-08-12 16:39:08 79064 ----a-w- C:\Windows\System32\drivers\hcpmq.sys
    2014-08-12 15:48:05 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-08-12 15:48:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-12 15:36:37 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-11 19:48:28 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-08-05 09:17:10 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F4AB13E5-9003-4DCE-BA7A-F68462AC6FF4}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2014-07-08 22:02:19 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-08 22:02:19 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-06-20 10:38:40 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    .
    ============= FINISH: 13:42:38,37 ===============
    GMER logje

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-08-13 13:45:12
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST1000DM003-1CH162 rev.CC47 931,51GB
    Running: mpyx58jo.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uxdiqpoc.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003201000 76 bytes [B9, FF, FF, FF, FF, 0F, 00, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 605 fffff8000320104d 59 bytes [F0, 41, 0F, BA, 6E, 10, 00, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076961465 2 bytes [96, 76]
    .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769614bb 2 bytes [96, 76]
    .text ... * 2
    .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076961465 2 bytes [96, 76]
    .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769614bb 2 bytes [96, 76]
    .text ... * 2

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001583b76ef2
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x8F 0xA0 0x17 0x84 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001583b76ef2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x8F 0xA0 0x17 0x84 ...

    ---- EOF - GMER 2.1 ----

    Heel erg bedankt alvast.
    Jensen

  • #2
    Hoi jensen en welkom op Nucia Security Forum,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



    Stap 1:

    Malware scannen en verwijderen....

    Start MBAM.
    Klik bovenin het scherm van Malwarebytes Anti-Malware op Scan.
    Kies in het scherm voor de Aangepaste scan en vink de partities aan die van toepassing zijn (c:\ d\ enz..)
    Klik vervolgens op de knop Scan nu.

    Voor het scannen wordt er altijd eerst automatisch gecontroleerd of er updates van de virusdefinities beschikbaar zijn, indien er een update beschikbaar is, moet je deze eerst laten installeren.

    Wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijg je hier een overzicht van.
    Selecteer om allen in quarantaine te plaatsen.
    Bij de melding dat uw computer opnieuw opgestart moet worden klik je op Ja.

    Na herstart van de PC, indien Malwarebytes heeft gevraagd om de PC opnieuw op te starten, open Malwarebytes opnieuw.
    Klik de Historie knop bovenaan in het menu.
    Klik vervolgens op de optie programmalogboeken en selecteer het Scanlogboek wat u wilt exporteren. Dit is de laatste scan die je hebt gedaan (kan je zien aan de datum en tijd).
    Selecteer deze om te bekijken.
    In een nieuw venster dat zal openen zal je de resultaten van je scan zien.

    Onderaan, selecteer ofwel om te exporteren als tekstbestand en geef het tekstbestand een naam, bijvoorbeeld mbamlog.
    Ofwel kan je selecteren om te kopieren naar het klembord, zodat de inhoud van de log naar je klembord wordt gekopieerd en je die zo in je volgende post kan plakken.

    .___________________________________________________________

    Stap 2:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scannen
    • Klik op Verwijderen
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
    Post deze inhoud hier op het Forum.

    Enkel de log na de "Verwijderen" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
    Deze word standaard door AdwCleaner terug gezet naar Google.com
    ___________________________________________________________

    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


    ___________________________________________________________

    Stap 4:

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.


    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      MBAM krijg ik niet gestart. Probeer het zo nogmaals.
      En de security Check site kan ik niet bezoeken...

      AdwCleaner:

      # AdwCleaner v3.304 - Rapport aangemaakt 13/08/2014 op 14:02:11
      # Laatste Update 08/08/2014 door Xplode
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Gebruikersnaam : Admin - JENSEN-PC
      # Gestart vanuit : C:\Users\Admin\Desktop\adwcleaner_3.304.exe
      # Optie : Verwijderen

      ***** [ Services ] *****

      [#] Service Verwijderd : F06DEFF2-5B9C-490D-910F-35D3A9119622
      [#] Service Verwijderd : IePluginService
      [#] Service Verwijderd : SystemkService
      [#] Service Verwijderd : Wpm
      [#] Service Verwijderd : {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64
      [#] Service Verwijderd : {a3f28269-ad17-41a8-b032-3e0313ef8979}w64

      ***** [ Bestanden / Mappen ] *****

      Map Verwijderd : C:\ProgramData\IePluginService
      Map Verwijderd : C:\ProgramData\WPM
      Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
      Map Verwijderd : C:\Program Files (x86)\Settings Manager
      Map Verwijderd : C:\Program Files (x86)\SupTab
      Map Verwijderd : C:\Users\Admin\AppData\Local\Temp\Greener Web
      Map Verwijderd : C:\Users\Admin\AppData\Roaming\FlvPlayer
      Map Verwijderd : C:\Users\Admin\AppData\Roaming\qone8
      Bestand Verwijderd : C:\Users\Public\Desktop\FlvPlayer.lnk

      ***** [ Taken ] *****


      ***** [ Snelkoppelingen ] *****


      ***** [ Register ] *****

      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Linkey.Linkey
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
      Waarde Verwijderd : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
      Waarde Verwijderd : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
      Waarde Verwijderd : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
      Waarde Verwijderd : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
      Gegevens Hersteld : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
      Sleutel Verwijderd : HKCU\Software\Conduit
      Sleutel Verwijderd : HKCU\Software\Linkey
      Sleutel Verwijderd : HKLM\Software\Conduit
      Sleutel Verwijderd : HKLM\Software\FlvPlayer
      Sleutel Verwijderd : HKLM\Software\Linkey
      Sleutel Verwijderd : HKLM\Software\qone8Software
      Sleutel Verwijderd : HKLM\Software\SupTab
      Sleutel Verwijderd : HKLM\Software\supWPM
      Sleutel Verwijderd : HKLM\Software\SystemK
      Sleutel Verwijderd : HKLM\Software\Wpm
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FlvPlayer
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Conduit
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Linkey
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

      ***** [ Browsers ] *****

      -\\ Internet Explorer v11.0.9600.16521

      Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
      Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
      Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
      Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
      Instelling Hersteld : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
      Instelling Hersteld : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
      Instelling Hersteld : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
      Instelling Hersteld : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

      -\\ Google Chrome v36.0.1985.125

      [ Bestand : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

      Verwijderd [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
      Verwijderd [Search Provider] : hxxp://nl.softonic.com/s/{searchTerms}
      Verwijderd [Search Provider] : hxxp://www.default-search.net/search?sid=492&aid=155&itype=a&ver=13337&tm=386&src=ds&p={searchTerms}
      Verwijderd [Search Provider] : hxxp://www.qone8.com/web/?type=dspp&ts=1407229876&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72&q={searchTerms}
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399873981&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1399900782&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400011723&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400054040&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1400769655&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401034160&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401092420&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401174246&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401276099&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401364897&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401382272&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401732536&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401876826&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1401969096&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402251469&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402319335&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402390741&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402742312&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402826999&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402927939&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1402996496&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403092820&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403186455&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403247649&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403442449&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403464495&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403464556&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403554374&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1403974003&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1404149937&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1404294519&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1404755971&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1404835627&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1405171938&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1405174966&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1405178599&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1405241040&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1407229876&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1407321008&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1407401707&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1407520540&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1407681262&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1407747095&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1407832531&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1407833731&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72
      Verwijderd [Startup_urls] : hxxp://start.qone8.com/?type=hppp&ts=1407856786&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72

      *************************

      AdwCleaner[R0].txt - [21180 octets] - [13/08/2014 14:01:04]
      AdwCleaner[S0].txt - [19874 octets] - [13/08/2014 14:02:11]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19935 octets] ##########


      DDS (Ver_2012-11-20.01) - NTFS_AMD64
      Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.67.2
      Run by Admin at 14:12:49 on 2014-08-13
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4094.2587 [GMT 2:00]
      .
      AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\nvvsvc.exe
      C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
      C:\Windows\system32\svchost.exe -k RPCSS
      c:\Program Files\Microsoft Security Client\MsMpEng.exe
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k GPSvcGroup
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
      C:\Windows\system32\nvvsvc.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
      C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
      C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
      c:\Program Files\Microsoft Security Client\NisSrv.exe
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Windows\System32\WUDFHost.exe
      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\Microsoft Security Client\msseces.exe
      C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
      C:\Program Files (x86)\Samsung\Kies\Kies.exe
      C:\Windows\system32\NOTEPAD.EXE
      C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
      C:\Program Files (x86)\iTunes\iTunesHelper.exe
      C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
      C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
      C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\System32\svchost.exe -k WerSvcGroup
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Windows\system32\sppsvc.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = www.google.com
      uDefault_Page_URL = www.google.com
      mStart Page = hxxp://www.google.com
      mSearch Page = hxxp://www.google.com
      mDefault_Page_URL = hxxp://www.google.com
      mDefault_Search_URL = hxxp://www.google.com
      mWinlogon: Userinit = userinit.exe
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
      BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
      TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      uRun: [Spotify Web Helper] "C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
      uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
      uRun: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
      mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
      mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
      mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
      mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
      mRun: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
      mRun: [DT HWP] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HWP
      mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
      mPolicies-Explorer: NoActiveDesktop = dword:1
      mPolicies-Explorer: NoActiveDesktopChanges = dword:1
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableUIADesktopToggle = dword:0
      IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
      LSP: C:\Windows\System32\RSLSP.dll
      TCP: NameServer = 192.168.2.254 195.241.77.55 195.241.77.58
      TCP: Interfaces\{29473292-AC46-43BB-882B-412A1BE96971} : DHCPNameServer = 62.140.140.251 62.140.138.233
      TCP: Interfaces\{B2D8EEB3-B8F8-4CCB-ABCD-908021C084D8} : DHCPNameServer = 192.168.2.254 195.241.77.55 195.241.77.58
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
      SSODL: WebCheck - <orphaned>
      LSA: Notification Packages = scecli IVTCredentialProvider
      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
      x64-mStart Page = hxxp://www.google.com
      x64-mSearch Page = hxxp://www.google.com
      x64-mDefault_Page_URL = hxxp://www.google.com
      x64-mDefault_Search_URL = hxxp://www.google.com
      x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
      x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
      x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
      x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
      x64-Run: [AllShare Control] C:\Program Files\Samsung\AllShare Control\AllShare Control
      x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
      x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
      x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
      x64-SSODL: WebCheck - <orphaned>
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2011-12-21 25056]
      R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
      R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-6-20 283064]
      R2 BsMobileCS;BsMobileCS;C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2013-1-8 273656]
      R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 133928]
      R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-5 1615192]
      R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-5 20541216]
      R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2014-2-1 123688]
      R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-5 411936]
      R3 IvtAudioBusSrv;IvtAudioBusSrv;C:\Windows\System32\drivers\IvtBtBus.sys [2012-12-24 27256]
      R3 IvtComBusSrv;IvtComBusSrv;C:\Windows\System32\drivers\btcombus.sys [2013-1-5 25720]
      R3 IvtPanBusSrv;IvtPanBusSrv;C:\Windows\System32\drivers\btnetBus.sys [2012-12-24 31480]
      R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
      R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-5 40392]
      R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
      S3 BTCOM;Bluetooth Serial port driver;C:\Windows\System32\drivers\btcomport.sys [2011-7-27 29576]
      S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-12-11 103576]
      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-30 111616]
      S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
      S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-13 19456]
      S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
      S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-12-11 204568]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
      S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-8 1255736]
      .
      =============== Created Last 30 ================
      .
      2014-08-13 12:01:24 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
      2014-08-13 12:01:03 -------- d-----w- C:\AdwCleaner
      2014-08-13 11:16:28 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{575AB93D-CF04-48A3-9C9C-20E6F83E4834}\gapaengine.dll
      2014-08-13 11:16:16 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC71EFD2-A1D8-4272-8347-5B335EDB1BBE}\mpengine.dll
      2014-08-12 18:41:17 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
      2014-08-12 18:41:17 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
      2014-08-12 18:41:17 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2014-08-12 18:41:16 -------- d-----w- C:\Malwarebytes Anti-Malware
      2014-08-12 18:38:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
      2014-08-12 16:39:08 79064 ----a-w- C:\Windows\System32\drivers\hcpmq.sys
      2014-08-12 15:48:05 -------- d-----w- C:\ProgramData\Malwarebytes
      2014-08-12 15:48:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
      2014-08-12 15:36:37 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
      2014-08-11 19:48:28 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
      .
      ==================== Find3M ====================
      .
      2014-07-08 22:02:19 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2014-07-08 22:02:19 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2014-06-20 10:38:40 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
      .
      ============= FINISH: 14:13:38,05 ===============

      Comment


      • #4
        De link van Securirty Check is een directe download link (best even je security software uitzetten)
        Als je de MBAM scan hebt uitgevoerd en gepost, dan ook even een verse DDS log.

        Het is belangrijk dat je de VOLGORDE van de richtlijnen handhaaft, gaat er iets niet dan meld je dit even en stopt de verdere uitvoering.
        Last edited by Emphyrio; 13-08-14, 14:07.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Krijg MBAM nog steeds niet opgestart. En het lijkt alsof die site plat ligt van Security Check. (Virusscanner uitgeschakeld)

          Comment


          • #6
            Oorspronkelijk geplaatst door jensen122 Bekijk Berichten
            Krijg MBAM nog steeds niet opgestart. En het lijkt alsof die site plat ligt van Security Check. (Virusscanner uitgeschakeld)
            Die MBAM log moet ik toch hebben en de site van Security Check ligt niet "plat"

            Ga naar de bestandslocatie van MBAM (gewoonlijk is dit C:\Program Files\Malwarebytes Anti-Malware\
            Daar navigeer je naar Chameleon\Windows en dubbelklik je op mbam-chameleon (Toepassing)
            Volg de instructies die op het (DOS)schermpje verschijnen.

            Wees geduldig en laat het tool zijn werk doen.
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              MBAM niet te openen, tool deed het wel maar opende hem ook niet na zijn acties.

              Results of screen317's Security Check version 0.99.86
              Windows 7 Service Pack 1 x64 (UAC is enabled)
              Internet Explorer 11
              ``````````````Antivirus/Firewall Check:``````````````
              Microsoft Security Essentials
              (On Access scanning disabled!)
              Error obtaining update status for antivirus!
              `````````Anti-malware/Other Utilities Check:`````````
              Java 7 Update 67
              Java version out of Date!
              Adobe Reader XI
              Google Chrome 35.0.1916.153
              Google Chrome 36.0.1985.125
              ````````Process Check: objlist.exe by Laurent````````
              Microsoft Security Essentials MSMpEng.exe
              Microsoft Security Essentials msseces.exe
              `````````````````System Health check`````````````````
              Total Fragmentation on Drive C: 5%
              ````````````````````End of Log``````````````````````

              Comment


              • #8
                Verwijder MBAM via "Programma's en onderdelen".
                Herstart je pc


                Download of Update Ccleaner

                Start CCleaner op.
                • Run Ccleaner en klik in de linkse kolom op Opties
                • Selecteer het tabblad Geavanceerd
                • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                • Selecteer het tabblad Instellingen
                • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                • Klik in de linkse kolom op Cleaner.
                • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                • Klik vervolgens in de linkse kolom op Register
                • Klik op Scan naar problemen.
                • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                .


                Download Malwarebytes Anti-Malware 2.0 naar je bureaublad .
                Instaleer MBAM 2.0 (zie info)
                Plaats een log van MBAM, volg hiervoor de eerder gegeven instructies betreffende MBAM.


                Plaats eveneens een verse DDS log.
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Click image for larger version

Name:	fout.jpg
Views:	1
Size:	148,4 KB
ID:	1067830

                  "Oke" een paar keer geklikt en dan gaat hij door maar MBAM start weer niet.

                  Comment


                  • #10
                    MBAM terug verwijderen van je programmalijst (als deze er staat)

                    Vervolgens....

                    Download mbam-clean utility naar je bureaublad.
                    Dubbelklik op mbam-clean utility.
                    Op het einde (dit gaat snel) zal deze tool vragen om je pc te herstarten.
                    Doe dit.

                    Download en BEWAAR (niet runnen dus) MBAM 2.0 naar je bureaublad.
                    Selecteer MBAM Setup, rechtsklik en kies "UItvoeren als Admin".
                    Wanneer MBAM is geinstalleerd ga je naar het Dashboard en klik je op "Update now".

                    Als dit is gelukt herstart je je pc en doe je verder niets.
                    Meldt even het resultaat.
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Hij is gestart en geupdate.

                      Comment


                      • #12
                        Mooi zo

                        Dan voer je nu de "Aangepaste scan" uit zoals eerder beschreven.
                        Post deze log én een verse DDS log.
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          MBAM:

                          Malwarebytes Anti-Malware
                          www.malwarebytes.org

                          Scan Date: 13-8-2014
                          Scan Time: 17:45:18
                          Logfile: logmbam.txt
                          Administrator: Yes

                          Version: 2.00.2.1012
                          Malware Database: v2014.08.13.04
                          Rootkit Database: v2014.08.04.01
                          License: Free
                          Malware Protection: Disabled
                          Malicious Website Protection: Disabled
                          Self-protection: Disabled

                          OS: Windows 7 Service Pack 1
                          CPU: x64
                          File System: NTFS
                          User: Admin

                          Scan Type: Custom Scan
                          Result: Completed
                          Objects Scanned: 491530
                          Time Elapsed: 1 hr, 5 min, 33 sec

                          Memory: Enabled
                          Startup: Enabled
                          Filesystem: Enabled
                          Archives: Enabled
                          Rootkits: Disabled
                          Heuristics: Enabled
                          PUP: Enabled
                          PUM: Enabled

                          Processes: 0
                          (No malicious items detected)

                          Modules: 0
                          (No malicious items detected)

                          Registry Keys: 0
                          (No malicious items detected)

                          Registry Values: 0
                          (No malicious items detected)

                          Registry Data: 2
                          PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[45d300c6ea9131054dcb18b62fd5f60a]
                          PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[52c6f5d1c8b3bf770216c806d82c9967]

                          Folders: 0
                          (No malicious items detected)

                          Files: 1
                          PUP.Optional.Qone8.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.google.nl/", "http://start.qone8.com/?type=hppp&ts=1399873981&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1399900782&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1400011723&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1400054040&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1400769655&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1401034160&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1401092420&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1401174246&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1401276099&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1401364897&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1401382272&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1401732536&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1401876826&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1401969096&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1402251469&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1402319335&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1402390741&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1402742312&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1402826999&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1402927939&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1402996496&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1403092820&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1403186455&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1403247649&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1403442449&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1403464495&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1403464556&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1403554374&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1403974003&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1404149937&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1404294519&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1404755971&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1404835627&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1405171938&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1405174966&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1405178599&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1405241040&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1407229876&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1407321008&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1407401707&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1407520540&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1407681262&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1407747095&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1407832531&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1407833731&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72", "http://start.qone8.com/?type=hppp&ts=1407856786&from=adks&uid=ST1000DM003-1CH162_S1DEBD72XXXXS1DEBD72" ],), Replaced,[799f1aacbfbc6dc935817a8556ae649c]

                          Physical Sectors: 0
                          (No malicious items detected)


                          (end)

                          DDS:

                          DDS (Ver_2012-11-20.01) - NTFS_AMD64
                          Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.67.2
                          Run by Admin at 19:02:43 on 2014-08-13
                          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4094.3305 [GMT 2:00]
                          .
                          AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
                          SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                          SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
                          .
                          ============== Running Processes ===============
                          .
                          C:\Windows\system32\lsm.exe
                          C:\Windows\system32\svchost.exe -k DcomLaunch
                          C:\Windows\system32\nvvsvc.exe
                          C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
                          C:\Windows\system32\svchost.exe -k RPCSS
                          c:\Program Files\Microsoft Security Client\MsMpEng.exe
                          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                          C:\Windows\system32\svchost.exe -k LocalService
                          C:\Windows\system32\svchost.exe -k netsvcs
                          C:\Windows\system32\svchost.exe -k GPSvcGroup
                          C:\Windows\system32\svchost.exe -k NetworkService
                          C:\Windows\System32\spoolsv.exe
                          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                          C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                          C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
                          C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
                          C:\Program Files\Bonjour\mDNSResponder.exe
                          C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
                          C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
                          C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                          C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
                          C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
                          C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                          C:\Windows\system32\nvvsvc.exe
                          C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
                          C:\Windows\system32\svchost.exe -k imgsvc
                          C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
                          C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
                          C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                          C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
                          C:\Windows\system32\taskhost.exe
                          C:\Windows\system32\Dwm.exe
                          C:\Windows\System32\WUDFHost.exe
                          C:\Windows\Explorer.EXE
                          C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
                          C:\Program Files\Microsoft Security Client\msseces.exe
                          C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                          C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
                          C:\Program Files (x86)\Samsung\Kies\Kies.exe
                          C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
                          C:\Program Files (x86)\iTunes\iTunesHelper.exe
                          C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
                          C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                          C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
                          C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                          C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
                          C:\Program Files\iPod\bin\iPodService.exe
                          C:\Windows\system32\SearchIndexer.exe
                          C:\Program Files\Windows Media Player\wmpnetwk.exe
                          C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
                          C:\Windows\system32\wuauclt.exe
                          C:\Windows\system32\SearchProtocolHost.exe
                          C:\Windows\system32\SearchFilterHost.exe
                          C:\Windows\system32\wbem\wmiprvse.exe
                          C:\Windows\System32\cscript.exe
                          .
                          ============== Pseudo HJT Report ===============
                          .
                          uStart Page = www.google.com
                          uDefault_Page_URL = www.google.com
                          mStart Page = hxxp://www.google.com
                          mSearch Page = hxxp://www.google.com
                          mDefault_Page_URL = hxxp://www.google.com
                          mDefault_Search_URL = hxxp://www.google.com
                          mWinlogon: Userinit = userinit.exe,
                          BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                          BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
                          BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                          TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
                          TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
                          uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
                          uRun: [Spotify Web Helper] "C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
                          uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
                          uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
                          uRun: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
                          mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                          mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
                          mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
                          mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
                          mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                          mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                          mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
                          mRun: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
                          mRun: [DT HWP] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HWP
                          mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                          dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
                          mPolicies-Explorer: NoActiveDesktop = dword:1
                          mPolicies-Explorer: NoActiveDesktopChanges = dword:1
                          mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                          mPolicies-System: ConsentPromptBehaviorUser = dword:3
                          mPolicies-System: EnableUIADesktopToggle = dword:0
                          IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
                          IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                          LSP: C:\Windows\System32\RSLSP.dll
                          TCP: NameServer = 192.168.2.254 195.241.77.55 195.241.77.58
                          TCP: Interfaces\{29473292-AC46-43BB-882B-412A1BE96971} : DHCPNameServer = 62.140.140.251 62.140.138.233
                          TCP: Interfaces\{B2D8EEB3-B8F8-4CCB-ABCD-908021C084D8} : DHCPNameServer = 192.168.2.254 195.241.77.55 195.241.77.58
                          Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
                          SSODL: WebCheck - <orphaned>
                          LSA: Notification Packages = scecli IVTCredentialProvider
                          mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                          x64-mStart Page = hxxp://www.google.com
                          x64-mSearch Page = hxxp://www.google.com
                          x64-mDefault_Page_URL = hxxp://www.google.com
                          x64-mDefault_Search_URL = hxxp://www.google.com
                          x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
                          x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
                          x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
                          x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
                          x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
                          x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                          x64-SSODL: WebCheck - <orphaned>
                          .
                          ============= SERVICES / DRIVERS ===============
                          .
                          R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2011-12-21 25056]
                          R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
                          R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-6-20 283064]
                          R2 BsMobileCS;BsMobileCS;C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2013-1-8 273656]
                          R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-5 1615192]
                          R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-5 20541216]
                          R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2014-2-1 123688]
                          R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-5 411936]
                          R3 IvtAudioBusSrv;IvtAudioBusSrv;C:\Windows\System32\drivers\IvtBtBus.sys [2012-12-24 27256]
                          R3 IvtComBusSrv;IvtComBusSrv;C:\Windows\System32\drivers\btcombus.sys [2013-1-5 25720]
                          R3 IvtPanBusSrv;IvtPanBusSrv;C:\Windows\System32\drivers\btnetBus.sys [2012-12-24 31480]
                          R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-5 40392]
                          R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
                          S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                          S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                          S3 BTCOM;Bluetooth Serial port driver;C:\Windows\System32\drivers\btcomport.sys [2011-7-27 29576]
                          S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-12-11 103576]
                          S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-30 111616]
                          S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
                          S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 133928]
                          S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
                          S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-13 19456]
                          S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
                          S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-12-11 204568]
                          S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
                          S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
                          S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-8 1255736]
                          .
                          =============== Created Last 30 ================
                          .
                          2014-08-13 14:08:54 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
                          2014-08-13 14:08:44 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
                          2014-08-13 14:08:44 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
                          2014-08-13 14:08:44 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
                          2014-08-13 14:08:44 -------- d-----w- C:\ProgramData\Malwarebytes
                          2014-08-13 13:43:17 -------- d-----w- C:\Program Files\CCleaner
                          2014-08-13 12:01:24 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
                          2014-08-13 12:01:03 -------- d-----w- C:\AdwCleaner
                          2014-08-13 11:16:28 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{575AB93D-CF04-48A3-9C9C-20E6F83E4834}\gapaengine.dll
                          2014-08-13 11:16:16 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC71EFD2-A1D8-4272-8347-5B335EDB1BBE}\mpengine.dll
                          2014-08-12 16:39:08 79064 ----a-w- C:\Windows\System32\drivers\hcpmq.sys
                          2014-08-12 15:36:37 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                          2014-08-11 19:48:28 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                          .
                          ==================== Find3M ====================
                          .
                          2014-07-08 22:02:19 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                          2014-07-08 22:02:19 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                          2014-06-20 10:38:40 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
                          .
                          ============= FINISH: 19:03:00,99 ===============




                          Hoefde niet opnieuw op te starten....

                          Comment


                          • #14
                            Mooi zo.

                            Download Combofix naar je bureaublad.
                            (Dus niet naar een download map of temp map)

                            Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                            Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

                            Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                            Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                            Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                            Als Combofix vraagt om een update, dan staat je dit toe.

                            Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                            Deze kan je vinden als C:\combofix.txt.

                            Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                            * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                            • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                            • Illegal operation attempted on a registry key that has been marked for deletion.
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              Wil het lukken?
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X