De GMER log is te lang voor een post, dus ik doe die in twee gedeeltes.


- GMER log

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-18 13:15:07
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400AAKS-22A7B2 rev.01.03B01 596,17GB
Running: yf9iu69r.exe; Driver: C:\Users\GEBRUI~1\AppData\Local\Temp\pgddrpow.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8D4EEBA6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8D4EF684]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8D4FB6F8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8D4FB744]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8D4FB8DE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8D4FB666]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8D5A5DF0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8D4FB6AE]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8D5A6080]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8D5A616A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8D4FB898]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8D4F0472]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8D4EEC0C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8D4F3C68]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8D4EE7F8]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8D5A5ED0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8D4EEC72]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8D4F405E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8D4F0F5A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8D4FB722]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8D4FB766]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8D4FB902]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8D4FB68C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8D4F3560]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8D4FB816]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8D4FB6D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8D4F394C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8D4FB8BC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8D5A5C6E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8D4F0DCE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8D4F0ADC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8D4EECD8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8D4EED3E]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8D5A5FCC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8D4EE892]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8D4EEA64]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8D4EE9F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8D4F063C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8D4F079E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8D4EEAEC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8D5A5D3C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8D4F02CC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8D4EEDA4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8D5A5BA0]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 8364CA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83686212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 8368D460 4 Bytes [A6, EB, 4E, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 8368D4E8 4 Bytes [84, F6, 4E, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 8368D53C 8 Bytes [F8, B6, 4F, 8D, 44, B7, 4F, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 8368D548 4 Bytes [DE, B8, 4F, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 8368D564 4 Bytes [66, B6, 4F, 8D]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 838484EF 4 Bytes CALL 8D4F1641 \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83862357 4 Bytes CALL 8D4F1657 \SystemRoot\system32\drivers\aswSnx.sys
? System32\drivers\sxginsju.sys Het systeem kan het opgegeven pad niet vinden. !
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xAC037400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xAC0DB620] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xAC0DB620]
.protectÿÿÿÿhardlockunknown last code section [0xAC0DB400, 0x5126, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xAC0DB400, 0x5126, 0xE0000020]
? C:\Users\GEBRUI~1\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven pad niet vinden. !

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\FsUsbExService.Exe[360] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Windows\system32\csrss.exe[428] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Windows\system32\csrss.exe[512] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[520] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[568] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1448] kernel32.dll!SetUnhandledExceptionFilter 76C0F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1448] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1488] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[1568] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Users\gebruiker\AppData\Local\FluxSoftware\Flux\flux.exe[1652] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2000] kernel32.dll!SetUnhandledExceptionFilter 76C0F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2000] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2092] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2116] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe[2272] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3364] kernel32.dll!SetUnhandledExceptionFilter 76C0F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3364] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] ntdll.dll!NtCreateFile 77425608 5 Bytes JMP 58A23D20 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] ntdll.dll!NtFlushBuffersFile 77425998 5 Bytes JMP 58A0C661 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] ntdll.dll!NtQueryFullAttributesFile 77426028 5 Bytes JMP 58A23820 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] ntdll.dll!NtReadFile 774262F8 5 Bytes JMP 58A0C750 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] ntdll.dll!NtReadFileScatter 77426308 5 Bytes JMP 592AE1FF C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] ntdll.dll!NtWriteFile 77426AA8 5 Bytes JMP 58A243D0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] ntdll.dll!NtWriteFileGather 77426AB8 5 Bytes JMP 592AE1AE C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] ntdll.dll!LdrUnloadDll 7743C8DE 5 Bytes JMP 000E03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] ntdll.dll!LdrLoadDll 774422AE 5 Bytes JMP 5E011F4C C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 76C094E6 7 Bytes JMP 5924F55F C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] KERNEL32.dll!QueryPerformanceCounter + 13 76C0C4E5 7 Bytes JMP 5924F582 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] KERNEL32.dll!LoadAppInitDlls + 355 76C0F5A6 7 Bytes JMP 58A206F3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] KERNEL32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] USER32.dll!GetWindowInfo 77074B5E 5 Bytes JMP 5915E5A9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] GDI32.dll!GetViewportOrgEx + 26C 76B7884B 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3428] GDI32.dll!GetViewportOrgEx + 26C 76B7884B 7 Bytes JMP 5924F4E0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3596] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3860] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[4020] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4092] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Windows\vVX1000.exe[4364] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text ...
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4472] USER32.dll!RegisterMessagePumpHook + 2F1 77068B9E 7 Bytes JMP 58C744B6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4472] USER32.dll!IsDialogMessageW + 340 77074444 7 Bytes JMP 58C74527 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4472] USER32.dll!GetWindowInfo 77074B5E 5 Bytes JMP 58C7825D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4472] USER32.dll!ToUnicodeEx + 71 77082223 7 Bytes JMP 58C71BFA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Windows\system32\wbem\unsecapp.exe[4488] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4560] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtCreateFile + 6 7742560E 4 Bytes [28, 90, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtCreateFile + B 77425613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtCreateKey + 6 7742564E 4 Bytes [68, 91, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtCreateKey + B 77425653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtCreateMutant + 6 7742568E 4 Bytes [68, 92, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtCreateMutant + B 77425693 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtCreateSection + 6 7742572E 4 Bytes [A8, 92, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtCreateSection + B 77425733 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtMapViewOfSection + 6 77425C6E 4 Bytes CALL 76426407 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtMapViewOfSection + B 77425C73 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenFile + 6 77425D1E 4 Bytes [68, 90, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenFile + B 77425D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenKey + 6 77425D4E 4 Bytes [A8, 91, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenKey + B 77425D53 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenKeyEx + 6 77425D5E 4 Bytes CALL 764264F4 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash

\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenKeyEx + B 77425D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenMutant + 6 77425D9E 4 Bytes [28, 92, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenMutant + B 77425DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenProcess + 6 77425DCE 4 Bytes [68, 93, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenProcess + B 77425DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenProcessToken + 6 77425DDE 4 Bytes [A8, 93, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenProcessToken + B 77425DE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenProcessTokenEx + 6 77425DEE 4 Bytes [68, 94, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenProcessTokenEx + B 77425DF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenSection + 6 77425E0E 4 Bytes CALL 764265A5 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenSection + B 77425E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenThread + 6 77425E4E 4 Bytes [28, 93, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenThread + B 77425E53 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenThreadToken + 6 77425E5E 4 Bytes [28, 94, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenThreadToken + B 77425E63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenThreadTokenEx + 6 77425E6E 4 Bytes [A8, 94, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtOpenThreadTokenEx + B 77425E73 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtQueryAttributesFile + 6 77425F7E 4 Bytes [A8, 90, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtQueryAttributesFile + B 77425F83 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtQueryFullAttributesFile + 6 7742602E 4 Bytes CALL 764267C3 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtQueryFullAttributesFile + B 77426033 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtSetInformationFile + 6 7742667E 4 Bytes [28, 91, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtSetInformationFile + B 77426683 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtSetInformationThread + 6 774266DE 4 Bytes CALL 76426E76 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtSetInformationThread + B 774266E3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtUnmapViewOfSection + 6 774269FE 4 Bytes [28, 95, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ntdll.dll!NtUnmapViewOfSection + B 77426A03 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] kernel32.dll!CreateProcessW 76BC204D 5 Bytes JMP 00080030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] kernel32.dll!CreateProcessA 76BC2082 5 Bytes JMP 00080070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!ActivateKeyboardLayout 77068203 5 Bytes JMP 001304F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!ScreenToClient 7706A506 7 Bytes JMP 00130670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!RegisterClipboardFormatA 7706C091 5 Bytes JMP 001302F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!RegisterClipboardFormatW 7706DF8D 5 Bytes JMP 001302B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!SetCursor 77073075 5 Bytes JMP 00130530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!MonitorFromWindow 77073622 7 Bytes JMP 00130630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!PostMessageW 7707447B 5 Bytes JMP 001305F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!IsWindowVisible 77074D69 7 Bytes JMP 001306B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!GetClientRect 770754DD 7 Bytes JMP 001305B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!MapWindowPoints 77075CAA 5 Bytes JMP 00130570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!GetParent 77076029 7 Bytes JMP 001306F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!EmptyClipboard 7708290C 5 Bytes JMP 00130130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!SetClipboardData 77082962 5 Bytes JMP 00130170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!GetClipboardData 77082BA7 5 Bytes JMP 00130030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!GetClipboardFormatNameW 77085FD2 5 Bytes JMP 00130230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!SetClipboardViewer 77086FF6 5 Bytes JMP 001304B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!GetClipboardFormatNameA 7708700A 5 Bytes JMP 00130270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!ChangeClipboardChain 7709147C 5 Bytes JMP 00130430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!GetTopWindow 770924D9 7 Bytes JMP 00130730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!CloseClipboard 7709446C 5 Bytes JMP 001300B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!OpenClipboard 7709447E 5 Bytes JMP 00130070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!IsClipboardFormatAvailable 770944FF 5 Bytes JMP 001300F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!GetClipboardSequenceNumber 77094513 5 Bytes JMP 00130330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!GetClipboardOwner 77094525 5 Bytes JMP 00130370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!CountClipboardFormats 7709470A 5 Bytes JMP 001301F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!EnumClipboardFormats 770947EC 5 Bytes JMP 001301B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!GetOpenClipboardWindow 7709480B 5 Bytes JMP 001303F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!SetCursorPos 770AC1B0 5 Bytes JMP 00130770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!GetClipboardViewer 770C4AF7 5 Bytes JMP 00130470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] user32.DLL!GetPriorityClipboardFormat 770C4BF9 5 Bytes JMP 001303B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!DeleteObject 76B75F14 5 Bytes JMP 001401B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!SelectObject 76B76640 5 Bytes JMP 001405F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!SetTextColor 76B76906 5 Bytes JMP 00140A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!SetBkMode 76B769B1 5 Bytes JMP 001408F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!DeleteDC 76B76EAA 5 Bytes JMP 00140170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!GetDeviceCaps 76B76F7F 5 Bytes JMP 001403B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!ExtSelectClipRgn 76B77114 5 Bytes JMP 001402F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!SelectClipRgn 76B77242 5 Bytes JMP 001405B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!SetStretchBltMode 76B77705 5 Bytes JMP 001406B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!GetCurrentObject 76B77917 5 Bytes JMP 00140370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!GetTextMetricsW 76B77B8F 5 Bytes JMP 00140E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!GetTextAlign 76B77DAF 5 Bytes JMP 00140D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!IntersectClipRect 76B77DFE 5 Bytes JMP 001403F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!ExtTextOutW 76B78192 5 Bytes JMP 00140970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!SetTextAlign 76B7828E 5 Bytes JMP 001409F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!GetClipBox 76B78525 5 Bytes JMP 00140330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!MoveToEx 76B78C21 5 Bytes JMP 00140470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!StretchDIBits 76B7A53E 5 Bytes JMP 00140770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!RestoreDC 76B7A67B 5 Bytes JMP 00140530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!SaveDC 76B7A74B 5 Bytes JMP 00140570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!GetTextExtentPoint32W 76B7B4B5 5 Bytes JMP 00140670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!GetTextFaceW 76B7B73A 2 Bytes JMP 00140D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!GetTextFaceW + 3 76B7B73D 2 Bytes [5C, 89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!GetFontData 76B7BCC4 5 Bytes JMP 00140C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!SetWorldTransform 76B7C90A 5 Bytes JMP 001406F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!CreateDCA 76B7CCA9 5 Bytes JMP 001400B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!CreateDCW 76B7CF79 5 Bytes JMP 001400F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!CreateICW 76B7CFD0 5 Bytes JMP 00140130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!GetTextMetricsA 76B7D0F2 5 Bytes JMP 00140DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!Rectangle 76B7F1E7 5 Bytes JMP 001409B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!LineTo 76B7F583 5 Bytes JMP 00140430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!SetICMMode 76B7FA8C 5 Bytes JMP 00140DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!ExtTextOutA 76B80D08 5 Bytes JMP 00140930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!GetTextExtentPoint32A 76B81167 5 Bytes JMP 00140630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!ExtEscape 76B82D31 5 Bytes JMP 001402B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!Escape 76B833E8 5 Bytes JMP 00140270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!ResetDCW 76B83A83 5 Bytes JMP 00140AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!EndPage 76B840C2 5 Bytes JMP 00140230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!SetPolyFillMode 76B867C9 5 Bytes JMP 00140B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!SetMiterLimit 76B86985 5 Bytes JMP 00140B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!GetTextFaceA 76B90D12 5 Bytes JMP 00140CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!GetGlyphOutlineW 76B9C32A 5 Bytes JMP 00140CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!CreateScalableFontResourceW 76B9E987 5 Bytes JMP 00140BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!AddFontResourceW 76B9ED83 5 Bytes JMP 00140BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!RemoveFontResourceW 76B9F279 5 Bytes JMP 00140C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!AbortDoc 76BA4E79 5 Bytes JMP 00140030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!EndDoc 76BA52C0 5 Bytes JMP 001401F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!StartPage 76BA53AB 5 Bytes JMP 00140730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!StartDocW 76BA5DC6 5 Bytes JMP 001407F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!BeginPath 76BA656D 5 Bytes JMP 00140830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!SelectClipPath 76BA65C4 5 Bytes JMP 00140AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!CloseFigure 76BA661F 5 Bytes JMP 00140070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!EndPath 76BA6676 5 Bytes JMP 00140A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!StrokePath 76BA68A9 5 Bytes JMP 001407B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!FillPath 76BA6936 5 Bytes JMP 00140870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!PolylineTo 76BA6DA4 5 Bytes JMP 001404F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!PolyBezierTo 76BA6E35 5 Bytes JMP 001404B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] GDI32.dll!PolyDraw 76BA6EE7 5 Bytes JMP 001408B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ole32.dll!OleSetClipboard 767B0045 5 Bytes JMP 00160030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ole32.dll!OleIsCurrentClipboard 767B36B2 5 Bytes JMP 00160070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4624] ole32.dll!OleGetClipboard 767DFDCD 5 Bytes JMP 001600B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe[4628] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Users\gebruiker\Desktop\yf9iu69r.exe[4960] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[5016] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5092] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[5148] kernel32.dll!GetBinaryTypeW + 70 76C26AAC 1 Byte [62]
.text ...

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D3249F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D15652] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D15710] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D3251A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D2857E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D24D32] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D250D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D251AE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73D266DB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D282D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73D28824] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D29085] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73D2E228] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D24C64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e85 3\gdiplus.dll

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- EOF - GMER 2.1 ----

Hoi Solo en welkom op Nucia Security Forum,

Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
.

• Log enkel in als beheerder met alle rechten.
• Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
• Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
• Volg aandachtig de instructies die door mij worden gegeven.
• Volg enkel het door mij gegeven advies op
• Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
• Als je iets niet weet of verstaat, vraag het dan even aub.
• Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
• Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
• Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
• De logs niet als bijlage, noch tussen codetags zetten aub.

.
Opmerking: Alle tools steeds uitvoeren als admin.
De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....

---

Controle op slechte toolbars...

Download AdwCleaner by Xplode naar je Bureaublad.

• Sluit alle openstaande vensters
• Start AdwCleaner
• Klik op Scannen
• Klik op Verwijderen
•  

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
Post deze inhoud hier op het Forum.

Enkel de log na de "Verwijderen" optie heb ik nodig.

Vergeet niet om je "smileys" uit te schakelen.

Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
Deze word standaard door AdwCleaner terug gezet naar Google.com
___________________________________________________________

In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
.

• AdwCleaner
• DDS

.
Deze logs NIET als bijlage of tussen codetags posten aub.
(Desnoods in meerdere postingen.)

Emphyrio

Alstublieft

- ADWCleaner log

# AdwCleaner v3.307 - Rapport aangemaakt 19/08/2014 op 12:22:55
# Laatste Update 17/08/2014 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Gebruikersnaam : gebruiker - ANJANI
# Gestart vanuit : C:\Users\gebruiker\Desktop\adwcleaner_3.307.exe
# Optie : Verwijderen

***** [ Services ] *****


***** [ Bestanden / Mappen ] *****

Map Verwijderd : C:\ProgramData\ParetoLogic
Map Verwijderd : C:\ProgramData\Premium
Map Verwijderd : C:\ProgramData\Viewpoint
Map Verwijderd : C:\Program Files\Viewpoint
Map Verwijderd : C:\Users\gebruiker\AppData\LocalLow\AskToolbar
Map Verwijderd : C:\Users\gebruiker\AppData\Roaming\DriverCure
Map Verwijderd : C:\Users\gebruiker\AppData\Roaming\ParetoLogic
Bestand Verwijderd : C:\Windows\Installer\5289e.msi
Bestand Verwijderd : C:\Windows\system32\hfpapi.dll
Bestand Verwijderd : C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Bestand Verwijderd : C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ Taken ] *****


***** [ Snelkoppelingen ] *****


***** [ Register ] *****

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_minitv-gadget_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_minitv-gadget_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Sleutel Verwijderd : HKCU\Software\Conduit
Sleutel Verwijderd : HKCU\Software\IM
Sleutel Verwijderd : HKCU\Software\Myfree Codec
Sleutel Verwijderd : HKCU\Software\ParetoLogic
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar
Sleutel Verwijderd : HKLM\SOFTWARE\Freeze.com
Sleutel Verwijderd : HKLM\SOFTWARE\Myfree Codec
Sleutel Verwijderd : HKLM\SOFTWARE\ParetoLogic
Sleutel Verwijderd : HKLM\SOFTWARE\systweak
Sleutel Verwijderd : HKLM\SOFTWARE\Viewpoint

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 nl)

[ Bestand : C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\wi2b71kq.default\prefs.js ]

Regel verwijderd : user_pref("extensions.brandthunder.websearchplus", false);
Regel verwijderd : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6,[email protected]:1.19.1,[email protected]:0.1.2,{b9db16a4-6edc-47ec-a1f4-b86
Regel verwijderd : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById('cblocker' )){document.getElementById('cblocker').parentNode.re
Regel verwijderd : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision=\"1.5.2\">\r\n <sites>\r\n <searchsite MatchesDomain=\"google.\" MatchesPath=\"/search\"
Regel verwijderd : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.1");
Regel verwijderd : user_pref("extensions.veohsearchrecs.id", "9d67ac0d1-9ad0-0998-40ad-a59490a5950");
Regel verwijderd : user_pref("extensions.veohsearchrecs.lastsitedate", "30");
Regel verwijderd : user_pref("extensions.veohsearchrecs.veohenabled", "false");
Regel verwijderd : user_pref("extensions.veohsearchrecs.veohfamilyfilteron", "true");

-\\ Google Chrome v

[ Bestand : C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Verwijderd [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [6573 octets] - [19/08/2014 12:21:08]
AdwCleaner[S0].txt - [6637 octets] - [19/08/2014 12:22:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6697 octets] ##########

- DDS log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17239
Run by gebruiker at 12:37:31 on 2014-08-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3582.1969 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\vVX1000.exe
D:\Program files D\iTunes\iTunesHelper.exe
C:\Users\gebruiker\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Users\gebruiker\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\gebruiker\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Users\gebruiker\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\GEBRUI~1\AppData\Local\Temp\nsm84DA.tmp\ns9E15.tmp
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\GEBRUI~1\AppData\Local\Temp\nsm84DA.tmp\PEV.DAT
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = <local>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
uRun: [Akamai NetSession Interface] "c:\users\gebruiker\appdata\local\akamai\netsession_win.exe"
uRun: [Google Update] "c:\users\gebruiker\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Rainlendar2] d:\program files d\rainlendar2\Rainlendar2.exe
uRun: [F.lux] "c:\users\gebruiker\appdata\local\fluxsoftware\flux\flux.exe" /noshow
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Pushbullet] "d:\program files d\pushbullet\pushbullet_app.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdcBase.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [iTunesHelper] "d:\program files d\itunes\iTunesHelper.exe"
StartupFolder: c:\users\gebrui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\gebrui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\gebrui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - d:\program files d\Rainmeter.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 213.46.228.196 62.179.104.196
TCP: Interfaces\{02865029-FF93-40B4-BC93-3C2D9FA2349A} : DHCPNameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{C9B06480-F092-4C16-B5CA-905DD451E4BC} : DHCPNameServer = 213.46.228.196 62.179.104.196
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - d:\program files d\stardock\object desktop\iconpackager\iprepair.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gebruiker\appdata\roaming\mozilla\firefox\profiles\wi2b71kq.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?q=
FF - plugin: c:\program files\adobe\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\threeships shared\dll\npTSHelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\gebruiker\appdata\local\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\users\gebruiker\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\gebruiker\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\gebruiker\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - plugin: d:\program files d\itunes\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2014-7-10 270752]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-10 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-10 192352]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-1-10 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-1-10 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-1-10 414520]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-15 242240]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-4 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-1-10 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-10 71944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-7-10 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-7-10 106488]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-6-25 233472]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-8-18 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-8-18 860472]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\McSACore.exe [2014-8-2 133696]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-6-25 37344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-8-18 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-8-18 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-8-18 51928]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-12 260640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [2011-6-23 1068216]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-8-13 108032]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2013-6-25 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2013-6-25 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2013-6-25 153672]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-9 1343400]
S4 fttxr5_O;fttxr5_O;c:\windows\system32\drivers\fttxr5_O.sys [2008-6-16 185352]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-08-19 10:22:52 8581864 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c86a4cdc-b931-4969-9d31-631f8ab9cdf5}\mpengine.dll
2014-08-19 10:22:29 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-19 10:21:00 -------- d-----w- C:\AdwCleaner
2014-08-18 14:00:40 -------- d-sh--w- C:\$RECYCLE.BIN
2014-08-18 11:33:14 -------- d-s---w- C:\ComboFix
2014-08-18 01:31:24 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-18 01:31:01 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-18 01:31:01 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-18 01:31:01 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-18 01:31:01 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-15 11:33:38 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-13 10:22:59 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-02 22:48:32 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-02 22:48:24 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-02 22:48:11 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-02 22:48:11 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-07-28 05:35:02 108544 ----a-w- c:\windows\system32\hfnapi.dll
.
==================== Find3M ====================
.
2014-08-07 01:43:38 412160 ----a-w- c:\windows\system32\aepdu.dll
2014-08-07 01:39:08 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-08-05 07:20:02 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-25 13:04:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 13:03:54 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-07-25 12:34:49 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-07-25 12:10:15 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-07-25 12:10:12 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-07-25 12:08:47 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- c:\windows\system32\jscript9.dll
2014-07-25 11:59:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 11:43:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 11:07:49 2001920 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-07-25 10:05:23 1792512 ----a-w- c:\windows\system32\wininet.dll
2014-07-16 02:46:02 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 01:47:53 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-10 20:32:51 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-10 20:32:51 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-10 20:32:51 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-10 20:32:50 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-10 20:32:50 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-10 20:32:50 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-10 20:32:49 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-10 20:32:49 43152 ----a-w- c:\windows\avastSS.scr
2014-07-10 20:32:41 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-07-10 20:32:36 270752 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-09 13:49:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 13:49:16 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 01:29:32 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29:31 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-16 01:44:49 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-06-16 01:44:49 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-06-16 01:40:20 107520 ----a-w- c:\windows\system32\cdd.dll
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-03 09:30:10 101824 ----a-w- c:\windows\system32\consent.exe
2014-06-03 09:29:50 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- c:\windows\system32\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- c:\windows\system32\authui.dll
2014-05-30 12:51:20 205 ----a-w- c:\windows\system32\lsprst7.dll
2014-05-30 12:33:37 1024 ----a-w- c:\windows\system32\clauth2.dll
2014-05-30 12:33:37 1024 ----a-w- c:\windows\system32\clauth1.dll
2014-05-30 12:33:37 0 ----a-w- c:\windows\system32\ssprs.dll
2014-05-30 12:33:37 0 ----a-w- c:\windows\system32\serauth2.dll
2014-05-30 12:33:37 0 ----a-w- c:\windows\system32\serauth1.dll
2014-05-30 12:33:37 0 ----a-w- c:\windows\system32\nsprs.dll
2014-05-30 12:32:40 1025 ----a-w- c:\windows\system32\sysprs7.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-26 00:32:46 202144 ----a-w- c:\windows\UTP.exe
2014-05-26 00:17:07 249856 ----a-w- c:\windows\system32\uxtheme.dll
2014-05-26 00:17:05 2755072 ----a-w- c:\windows\system32\themeui.dll
2014-05-26 00:17:03 37376 ----a-w- c:\windows\system32\themeservice.dll
.
============= FINISH: 12:39:46,32 ===============

Prima.

Download of Update Ccleaner

Start CCleaner op.

• Run Ccleaner en klik in de linkse kolom op Opties
• Selecteer het tabblad Geavanceerd
• Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
• Selecteer het tabblad Instellingen
• Haal het vinkje weg bij "Computer automatisch schoonmaken...."
• Klik in de linkse kolom op Cleaner.
• Klik dan achtereenvolgens op Analyseer en Schoonmaken.
• Klik vervolgens in de linkse kolom op Register
• Klik op Scan naar problemen.
• Op de vraag of je een backup wil maken van het register, klik je "Ja".
• Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

.

---

Download Combofix naar je bureaublad.
(Dus niet naar een download map of temp map)

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.
Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Deze kan je vinden als C:\combofix.txt.

Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

* OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.

• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
• Illegal operation attempted on a registry key that has been marked for deletion.

Alstu!

- Combofix log

ComboFix 14-08-19.01 - gebruiker i 19-08-14 13:36:34.7.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3582.2001 [GMT 2:00]
Gestart vanuit: c:\users\gebruiker\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2014-07-19 to 2014-08-19 ))))))))))))))))))))))))))))))
.
.
2014-08-19 11:50 . 2014-08-19 11:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-08-19 11:50 . 2014-08-19 11:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-19 11:50 . 2014-08-19 11:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-19 11:50 . 2014-08-19 11:50 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-19 10:22 . 2014-08-07 09:05 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C86A4CDC-B931-4969-9D31-631F8AB9CDF5}\mpengine.dll
2014-08-19 10:22 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-19 10:21 . 2014-08-19 10:23 -------- d-----w- C:\AdwCleaner
2014-08-18 01:31 . 2014-08-19 10:57 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-18 01:31 . 2014-08-18 01:31 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-18 01:31 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-18 01:31 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-18 01:31 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-15 11:33 . 2014-08-15 11:34 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-13 10:22 . 2014-07-16 02:47 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-02 22:48 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-08-02 22:48 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-02 22:48 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-02 22:48 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-02 22:48 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-08-02 22:48 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-08-02 22:48 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-02 22:48 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-02 22:48 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-07-28 05:35 . 2014-07-28 05:35 108544 ----a-w- c:\windows\system32\hfnapi.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-05 07:20 . 2009-10-03 08:01 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-10 20:35 . 2014-01-09 23:59 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-10 20:32 . 2014-01-09 23:59 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-10 20:32 . 2014-01-09 23:59 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-10 20:32 . 2014-01-09 23:59 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-10 20:32 . 2014-05-04 11:09 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-10 20:32 . 2014-01-09 23:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-10 20:32 . 2014-01-09 23:58 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-10 20:32 . 2014-07-10 20:32 43152 ----a-w- c:\windows\avastSS.scr
2014-07-10 20:32 . 2014-01-09 23:58 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-10 20:32 . 2014-01-09 23:58 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-10 20:32 . 2014-01-09 23:58 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-07-10 20:32 . 2014-07-10 20:32 270752 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-09 13:49 . 2012-03-31 20:16 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 13:49 . 2011-05-16 12:20 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-18 01:51 . 2014-07-09 12:07 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-06 09:44 . 2014-07-09 12:06 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-09 12:06 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52 . 2014-07-09 12:06 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52 . 2014-07-09 12:06 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 12:06 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52 . 2014-07-09 12:06 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 12:06 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 12:06 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52 . 2014-07-09 12:06 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36 . 2014-07-09 12:06 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-26 00:32 . 2014-05-26 00:27 202144 ----a-w- c:\windows\UTP.exe
2014-05-26 00:17 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2014-05-26 00:17 . 2011-06-20 22:14 2755072 ----a-w- c:\windows\system32\themeui.dll
2014-05-26 00:17 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2009-05-01 21:02 . 2014-07-23 12:53 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2014-07-23 12:53 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-10-26 18:12 . 2014-07-23 12:53 16192 ----a-w- c:\program files\mozilla firefox\plugins\XNPOFF12.DLL
2013-02-15 22:04 . 2014-07-23 12:53 208448 ----a-w- c:\program files\mozilla firefox\plugins\Xnppdf32-2.dll
2009-02-27 10:13 . 2014-07-23 12:53 103792 ----a-w- c:\program files\mozilla firefox\plugins\Xnppdf32.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin2.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin3.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin4.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin5.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin6.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin7.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-10 20:32 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\gebruiker\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"Rainlendar2"="d:\program files d\Rainlendar2\Rainlendar2.exe" [2013-03-10 2598496]
"F.lux"="c:\users\gebruiker\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"Pushbullet"="d:\program files d\Pushbullet\pushbullet_app.exe" [2014-07-09 822320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-12 225280]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"VX1000"="c:\windows\vVX1000.exe" [2009-07-24 762208]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"iTunesHelper"="d:\program files d\iTunes\iTunesHelper.exe" [2014-08-01 152392]
.
c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
Rainmeter.lnk - d:\program files d\Rainmeter.exe [2014-5-25 36024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-01-03 13:10 815512 ----a-w- c:\program files\Adobe\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-01-03 13:10 36760 ----a-w- c:\program files\Adobe\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2013-04-25 01:50 1075296 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-07-31 10:15 43816 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2012-04-26 12:33 3111744 ----a-w- d:\program files d\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-02-12 02:24 109304 ----a-w- c:\program files\Roxio\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-08-01 14:18 152392 ----a-w- d:\program files d\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2013-11-06 01:55 845168 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-11-06 01:55 1564528 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-11-06 01:55 311152 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 14:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 15:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2007-03-13 08:05 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2009-07-24 14:05 762208 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"VX1000"=c:\windows\vVX1000.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2011-06-23 1068216]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-25 3489788]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-01-31 47360]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2013-05-02 136904]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2013-05-02 17864]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2013-05-02 153672]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1343400]
R4 fttxr5_O;fttxr5_O;c:\windows\system32\drivers\fttxr5_o.sys [2007-10-25 185352]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-07-10 270752]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-07-10 26136]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-07-10 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-07-10 414520]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-14 242240]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-07-10 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-07-10 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-07-10 71944]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-07-10 106488]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-05-22 233472]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [2014-07-28 133696]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2013-05-22 37344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-08-19 110296]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-02-09 260640]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 13:49]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-21 18:36]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-21 18:36]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419608459-42819607-2235241362-1000Core.job
- c:\users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-14 20:57]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419608459-42819607-2235241362-1000UA.job
- c:\users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-14 20:57]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
FF - ProfilePath - c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\wi2b71kq.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-uTorrent - c:\users\gebruiker\AppData\Roaming\uTorrent\uTorrent.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(4976)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Voltooingstijd: 2014-08-19 14:00:37 - machine werd herstart
ComboFix-quarantined-files.txt 2014-08-19 12:00
ComboFix2.txt 2012-09-25 18:15
.
Pre-Run: 16.284.667.904 bytes beschikbaar
Post-Run: 15.490.932.736 bytes beschikbaar
.
- - End Of File - - F2A26DDB93FE5620590950E5F1D9428F
A36C5E4F47E84449FF07ED3517B43A31


- DDS log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17239
Run by gebruiker at 14:02:08 on 2014-08-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3582.1964 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = <local>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
uRun: [Akamai NetSession Interface] "c:\users\gebruiker\appdata\local\akamai\netsession_win.exe"
uRun: [Rainlendar2] d:\program files d\rainlendar2\Rainlendar2.exe
uRun: [F.lux] "c:\users\gebruiker\appdata\local\fluxsoftware\flux\flux.exe" /noshow
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Pushbullet] "d:\program files d\pushbullet\pushbullet_app.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdcBase.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [iTunesHelper] "d:\program files d\itunes\iTunesHelper.exe"
StartupFolder: c:\users\gebrui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\gebrui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\gebrui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - d:\program files d\Rainmeter.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 213.46.228.196 62.179.104.196
TCP: Interfaces\{02865029-FF93-40B4-BC93-3C2D9FA2349A} : DHCPNameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{C9B06480-F092-4C16-B5CA-905DD451E4BC} : DHCPNameServer = 213.46.228.196 62.179.104.196
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - d:\program files d\stardock\object desktop\iconpackager\iprepair.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gebruiker\appdata\roaming\mozilla\firefox\profiles\wi2b71kq.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?q=
FF - plugin: c:\program files\adobe\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\threeships shared\dll\npTSHelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\gebruiker\appdata\local\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\users\gebruiker\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\gebruiker\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\gebruiker\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - plugin: d:\program files d\itunes\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2014-7-10 270752]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-10 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-10 192352]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-1-10 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-1-10 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-1-10 414520]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-15 242240]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-4 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-1-10 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-10 71944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-7-10 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-7-10 106488]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-6-25 233472]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-8-18 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-8-18 860472]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\McSACore.exe [2014-8-2 133696]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-6-25 37344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-8-18 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-8-18 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-8-18 51928]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-12 260640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [2011-6-23 1068216]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-8-13 108032]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2013-6-25 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2013-6-25 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2013-6-25 153672]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-9 1343400]
S4 fttxr5_O;fttxr5_O;c:\windows\system32\drivers\fttxr5_O.sys [2008-6-16 185352]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-08-19 11:54:11 -------- d-sh--w- C:\$RECYCLE.BIN
2014-08-19 11:34:40 -------- d-----w- C:\ComboFix
2014-08-19 10:22:52 8581864 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c86a4cdc-b931-4969-9d31-631f8ab9cdf5}\mpengine.dll
2014-08-19 10:22:29 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-19 10:21:00 -------- d-----w- C:\AdwCleaner
2014-08-18 01:31:24 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-18 01:31:01 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-18 01:31:01 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-18 01:31:01 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-18 01:31:01 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-15 11:33:38 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-13 10:22:59 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-02 22:48:32 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-02 22:48:24 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-02 22:48:11 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-02 22:48:11 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-07-28 05:35:02 108544 ----a-w- c:\windows\system32\hfnapi.dll
.
==================== Find3M ====================
.
2014-08-07 01:43:38 412160 ----a-w- c:\windows\system32\aepdu.dll
2014-08-07 01:39:08 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-08-05 07:20:02 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-25 13:04:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 13:03:54 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-07-25 12:34:49 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-07-25 12:10:15 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-07-25 12:10:12 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-07-25 12:08:47 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- c:\windows\system32\jscript9.dll
2014-07-25 11:59:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 11:43:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 11:07:49 2001920 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-07-25 10:05:23 1792512 ----a-w- c:\windows\system32\wininet.dll
2014-07-16 02:46:02 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 01:47:53 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-10 20:32:51 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-10 20:32:51 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-10 20:32:51 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-10 20:32:50 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-10 20:32:50 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-10 20:32:50 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-10 20:32:49 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-10 20:32:49 43152 ----a-w- c:\windows\avastSS.scr
2014-07-10 20:32:41 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-07-10 20:32:36 270752 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-09 13:49:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 13:49:16 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 01:29:32 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29:31 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-16 01:44:49 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-06-16 01:44:49 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-06-16 01:40:20 107520 ----a-w- c:\windows\system32\cdd.dll
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-03 09:30:10 101824 ----a-w- c:\windows\system32\consent.exe
2014-06-03 09:29:50 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- c:\windows\system32\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- c:\windows\system32\authui.dll
2014-05-30 12:33:37 1024 ----a-w- c:\windows\system32\clauth2.dll
2014-05-30 12:33:37 1024 ----a-w- c:\windows\system32\clauth1.dll
2014-05-30 12:32:40 1025 ----a-w- c:\windows\system32\sysprs7.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-26 00:32:46 202144 ----a-w- c:\windows\UTP.exe
2014-05-26 00:17:07 249856 ----a-w- c:\windows\system32\uxtheme.dll
2014-05-26 00:17:05 2755072 ----a-w- c:\windows\system32\themeui.dll
2014-05-26 00:17:03 37376 ----a-w- c:\windows\system32\themeservice.dll
.
============= FINISH: 14:04:08,38 ===============

Schakel je beveiligingssoftware uit.

Note: Dit script is speciaal bedoeld voor deze PC,
gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

Open een kladblokbestand.
Kopieer het onderstaande en plak dit in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt
Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe



ComboFix zal opnieuw starten.
Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

Maak een nieuwe DDS log en post deze ook.

Zoals gevraagd:

- Combofix log

ComboFix 14-08-19.01 - gebruiker i 19-08-14 18:30:34.8.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3582.2087 [GMT 2:00]
Gestart vanuit: c:\users\gebruiker\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\gebruiker\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2014-07-19 to 2014-08-19 ))))))))))))))))))))))))))))))
.
.
2014-08-19 16:45 . 2014-08-19 16:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-08-19 16:45 . 2014-08-19 16:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-19 16:45 . 2014-08-19 16:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-19 16:45 . 2014-08-19 16:45 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-19 16:42 . 2014-08-19 16:42 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C86A4CDC-B931-4969-9D31-631F8AB9CDF5}\offreg.dll
2014-08-19 10:22 . 2014-08-07 09:05 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C86A4CDC-B931-4969-9D31-631F8AB9CDF5}\mpengine.dll
2014-08-19 10:22 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-19 10:21 . 2014-08-19 10:23 -------- d-----w- C:\AdwCleaner
2014-08-18 01:31 . 2014-08-19 15:14 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-18 01:31 . 2014-08-18 01:31 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-18 01:31 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-18 01:31 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-18 01:31 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-15 11:33 . 2014-08-15 11:34 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-13 10:22 . 2014-07-16 02:47 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-02 22:48 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-08-02 22:48 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-02 22:48 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-02 22:48 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-02 22:48 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-08-02 22:48 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-08-02 22:48 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-02 22:48 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-02 22:48 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-07-28 05:35 . 2014-07-28 05:35 108544 ----a-w- c:\windows\system32\hfnapi.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-05 07:20 . 2009-10-03 08:01 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-10 20:35 . 2014-01-09 23:59 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-10 20:32 . 2014-01-09 23:59 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-10 20:32 . 2014-01-09 23:59 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-10 20:32 . 2014-01-09 23:59 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-10 20:32 . 2014-05-04 11:09 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-10 20:32 . 2014-01-09 23:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-10 20:32 . 2014-01-09 23:58 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-10 20:32 . 2014-07-10 20:32 43152 ----a-w- c:\windows\avastSS.scr
2014-07-10 20:32 . 2014-01-09 23:58 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-10 20:32 . 2014-01-09 23:58 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-10 20:32 . 2014-01-09 23:58 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-07-10 20:32 . 2014-07-10 20:32 270752 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-09 13:49 . 2012-03-31 20:16 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 13:49 . 2011-05-16 12:20 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-18 01:51 . 2014-07-09 12:07 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-06 09:44 . 2014-07-09 12:06 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-09 12:06 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52 . 2014-07-09 12:06 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52 . 2014-07-09 12:06 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 12:06 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52 . 2014-07-09 12:06 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 12:06 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 12:06 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52 . 2014-07-09 12:06 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36 . 2014-07-09 12:06 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-26 00:32 . 2014-05-26 00:27 202144 ----a-w- c:\windows\UTP.exe
2014-05-26 00:17 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2014-05-26 00:17 . 2011-06-20 22:14 2755072 ----a-w- c:\windows\system32\themeui.dll
2014-05-26 00:17 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2009-05-01 21:02 . 2014-07-23 12:53 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2014-07-23 12:53 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-10-26 18:12 . 2014-07-23 12:53 16192 ----a-w- c:\program files\mozilla firefox\plugins\XNPOFF12.DLL
2013-02-15 22:04 . 2014-07-23 12:53 208448 ----a-w- c:\program files\mozilla firefox\plugins\Xnppdf32-2.dll
2009-02-27 10:13 . 2014-07-23 12:53 103792 ----a-w- c:\program files\mozilla firefox\plugins\Xnppdf32.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin2.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin3.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin4.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin5.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin6.dll
2009-07-02 17:56 . 2014-07-23 12:53 143360 ----a-w- c:\program files\mozilla firefox\plugins\Xnpqtplugin7.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-10 20:32 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\gebruiker\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"Rainlendar2"="d:\program files d\Rainlendar2\Rainlendar2.exe" [2013-03-10 2598496]
"F.lux"="c:\users\gebruiker\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"Pushbullet"="d:\program files d\Pushbullet\pushbullet_app.exe" [2014-07-09 822320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-12 225280]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"VX1000"="c:\windows\vVX1000.exe" [2009-07-24 762208]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"iTunesHelper"="d:\program files d\iTunes\iTunesHelper.exe" [2014-08-01 152392]
.
c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
Rainmeter.lnk - d:\program files d\Rainmeter.exe [2014-5-25 36024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-01-03 13:10 815512 ----a-w- c:\program files\Adobe\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-01-03 13:10 36760 ----a-w- c:\program files\Adobe\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2013-04-25 01:50 1075296 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-07-31 10:15 43816 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2012-04-26 12:33 3111744 ----a-w- d:\program files d\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-02-12 02:24 109304 ----a-w- c:\program files\Roxio\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-08-01 14:18 152392 ----a-w- d:\program files d\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2013-11-06 01:55 845168 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-11-06 01:55 1564528 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-11-06 01:55 311152 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 14:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 15:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2007-03-13 08:05 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2009-07-24 14:05 762208 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"VX1000"=c:\windows\vVX1000.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2011-06-23 1068216]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-25 3489788]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-01-31 47360]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2013-05-02 136904]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2013-05-02 17864]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2013-05-02 153672]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1343400]
R4 fttxr5_O;fttxr5_O;c:\windows\system32\drivers\fttxr5_o.sys [2007-10-25 185352]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-07-10 270752]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-07-10 26136]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-07-10 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-07-10 414520]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-14 242240]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-07-10 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-07-10 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-07-10 71944]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-07-10 106488]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-05-22 233472]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [2014-07-28 133696]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2013-05-22 37344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-08-19 110296]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-02-09 260640]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 13:49]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-21 18:36]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-21 18:36]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419608459-42819607-2235241362-1000Core.job
- c:\users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-14 20:57]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-419608459-42819607-2235241362-1000UA.job
- c:\users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-14 20:57]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
FF - ProfilePath - c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\wi2b71kq.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(4388)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Voltooingstijd: 2014-08-19 18:56:06 - machine werd herstart
ComboFix-quarantined-files.txt 2014-08-19 16:56
ComboFix2.txt 2014-08-19 12:00
ComboFix3.txt 2012-09-25 18:15
.
Pre-Run: 15.302.721.536 bytes beschikbaar
Post-Run: 16.703.684.608 bytes beschikbaar
.
- - End Of File - - 64BB059475294D27BEDC5DCC7E8971FC
A36C5E4F47E84449FF07ED3517B43A31


- DDS log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17239
Run by gebruiker at 19:00:45 on 2014-08-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3582.2132 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = <local>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
uRun: [Akamai NetSession Interface] "c:\users\gebruiker\appdata\local\akamai\netsession_win.exe"
uRun: [Rainlendar2] d:\program files d\rainlendar2\Rainlendar2.exe
uRun: [F.lux] "c:\users\gebruiker\appdata\local\fluxsoftware\flux\flux.exe" /noshow
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Pushbullet] "d:\program files d\pushbullet\pushbullet_app.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdcBase.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [iTunesHelper] "d:\program files d\itunes\iTunesHelper.exe"
StartupFolder: c:\users\gebrui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\gebrui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\gebrui~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - d:\program files d\Rainmeter.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 213.46.228.196 62.179.104.196
TCP: Interfaces\{02865029-FF93-40B4-BC93-3C2D9FA2349A} : DHCPNameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{C9B06480-F092-4C16-B5CA-905DD451E4BC} : DHCPNameServer = 213.46.228.196 62.179.104.196
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - d:\program files d\stardock\object desktop\iconpackager\iprepair.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gebruiker\appdata\roaming\mozilla\firefox\profiles\wi2b71kq.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?q=
FF - plugin: c:\program files\adobe\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\threeships shared\dll\npTSHelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\gebruiker\appdata\local\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\users\gebruiker\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\gebruiker\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\gebruiker\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - plugin: d:\program files d\itunes\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2014-7-10 270752]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-10 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-10 192352]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-1-10 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-1-10 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-1-10 414520]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-15 242240]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-4 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-1-10 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-10 71944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-7-10 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-7-10 106488]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-6-25 233472]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-8-18 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-8-18 860472]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\McSACore.exe [2014-8-2 133696]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-6-25 37344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-8-18 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-8-18 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-8-18 51928]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-12 260640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [2011-6-23 1068216]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-8-13 108032]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2013-6-25 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2013-6-25 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2013-6-25 153672]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-9 1343400]
S4 fttxr5_O;fttxr5_O;c:\windows\system32\drivers\fttxr5_O.sys [2008-6-16 185352]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-08-19 16:48:41 -------- d-----w- C:\$RECYCLE.BIN
2014-08-19 16:42:04 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c86a4cdc-b931-4969-9d31-631f8ab9cdf5}\offreg.dll
2014-08-19 16:28:54 -------- d-----w- C:\ComboFix
2014-08-19 10:22:52 8581864 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c86a4cdc-b931-4969-9d31-631f8ab9cdf5}\mpengine.dll
2014-08-19 10:22:29 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-19 10:21:00 -------- d-----w- C:\AdwCleaner
2014-08-18 01:31:24 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-18 01:31:01 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-18 01:31:01 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-18 01:31:01 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-18 01:31:01 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-15 11:33:38 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-13 10:22:59 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-02 22:48:32 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-02 22:48:24 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-02 22:48:11 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-02 22:48:11 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-07-28 05:35:02 108544 ----a-w- c:\windows\system32\hfnapi.dll
.
==================== Find3M ====================
.
2014-08-07 01:43:38 412160 ----a-w- c:\windows\system32\aepdu.dll
2014-08-07 01:39:08 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-08-05 07:20:02 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-25 13:04:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 13:03:54 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-07-25 12:34:49 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-07-25 12:10:15 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-07-25 12:10:12 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-07-25 12:08:47 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- c:\windows\system32\jscript9.dll
2014-07-25 11:59:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 11:43:16 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 11:07:49 2001920 ----a-w- c:\windows\system32\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-07-25 10:05:23 1792512 ----a-w- c:\windows\system32\wininet.dll
2014-07-16 02:46:02 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 01:47:53 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-10 20:32:51 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-10 20:32:51 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-10 20:32:51 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-10 20:32:50 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-10 20:32:50 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-10 20:32:50 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-10 20:32:49 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-10 20:32:49 43152 ----a-w- c:\windows\avastSS.scr
2014-07-10 20:32:41 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-07-10 20:32:36 270752 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-09 13:49:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 13:49:16 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 01:29:32 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29:31 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-16 01:44:49 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-06-16 01:44:49 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-06-16 01:40:20 107520 ----a-w- c:\windows\system32\cdd.dll
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-03 09:30:10 101824 ----a-w- c:\windows\system32\consent.exe
2014-06-03 09:29:50 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- c:\windows\system32\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- c:\windows\system32\authui.dll
2014-05-30 12:33:37 1024 ----a-w- c:\windows\system32\clauth2.dll
2014-05-30 12:33:37 1024 ----a-w- c:\windows\system32\clauth1.dll
2014-05-30 12:32:40 1025 ----a-w- c:\windows\system32\sysprs7.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-26 00:32:46 202144 ----a-w- c:\windows\UTP.exe
2014-05-26 00:17:07 249856 ----a-w- c:\windows\system32\uxtheme.dll
2014-05-26 00:17:05 2755072 ----a-w- c:\windows\system32\themeui.dll
2014-05-26 00:17:03 37376 ----a-w- c:\windows\system32\themeservice.dll
.
============= FINISH: 19:05:43,22 ===============

Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

ComboFix /Uninstall

Zorg ervoor dat er dus een spatie is tussen Combofix en /
Daarna klik je op Enter.


Klik op de afbeelding om te vergroten....


Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw,
verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen
en reset je Systeemherstel opnieuw.

---

Download of Update Ccleaner

Start CCleaner op.

• Run Ccleaner en klik in de linkse kolom op Opties
• Selecteer het tabblad Geavanceerd
• Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
• Selecteer het tabblad Instellingen
• Haal het vinkje weg bij "Computer automatisch schoonmaken...."
• Klik in de linkse kolom op Cleaner.
• Klik dan achtereenvolgens op Analyseer en Schoonmaken.
• Klik vervolgens in de linkse kolom op Register
• Klik op Scan naar problemen.
• Op de vraag of je een backup wil maken van het register, klik je "Ja".
• Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

.


Vertel nu eens even of er nog problemen zijn?

Emphyrio

Alles werkt weer naar behoren! Hartstikke bedankt Emphyrio!!

Graag gedaan

1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

4) Allerlei tips en hints kan je hier raadplegen.


Ik zet het topic op opgelost.

Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
Dit is gedaan om het forum netjes en overzichtelijk te houden.

Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.


Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

Emphyrio