Mededeling

Collapse
No announcement yet.

Computer blijft na precies een uur hangen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Computer blijft na precies een uur hangen

    Hooggeacht forum,

    Mijn computer blijft steeds "hangen" na precies een uur. Programma's zijn dan niet meer op te starten, cq af te sluiten, taakbeheer is niet te openen, kortom hij lijkt niet meer te reageren. Wel komt er een draaiend cirkeltje, alsof de computer zoekende is. De enige manier om de computer af te sluiten is de aan/uit knop. Daarna werkt de computer weer een uur lang zonder problemen tot een uur na opstarten. Ik heb de computer los gehad en schoongemaakt. Met de stofzuiger er door geweest. Het is ook niet dat de computer warm wordt. Er komt eerder een koele lucht uit. De computer "opgeruimd" met CCleaner, virusscan (Microsoft Security Essentials) uitgevoerd, gescand op malware met Malwarebytes Antimalware en Spybot (Search & Destroy 2.2) In principe zou de computer dus "schoon" moeten zijn. Opvallend is dat het steeds precies na een uur is.
    Het is een Medioncomputer, gekocht december 2011, Intel Core i7-2600, CPU 3.40 GHz, 64 bitsbesturingssysteem, Windows 7.
    Enig idee wat er aan de hand is?

    Dit probleem speelt al ongeveer een week. Ik heb dit ook al elders in dit forum besproken met Dorado. We hebben alles al zo'n beetje geprobeerd, allerlei updates uitgevoerd en dergelijke. De gehele geschiedenis kunt u hier vinden. http://www.nucia.eu/forum/threads/72...ot-hangen-quot. Dorado heeft mij naar jullie verwezen.

    Bij voorbaat dank voor uw antwoord.

  • #2
    Hoi dompie

    De eerste stap is het uitvoeren van deze richtlijn: !!! BELANGRIJK !!!: Lees dit eerst voor je een bericht plaatst!

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Beste Emphyrio,
      Dit alles heb ik al na instructies van Dorado gedaan, zonder resultaat helaas.

      Comment


      • #4
        Ik zou toch graag hebben dat je de instructies uitvoerd en de logs post.
        Volgens mij worden er geen antimalware en analyze tools ingezet in de Windows sectie. (Dat mag ook niet )
        Je bevind je hier in de Hulp bij Virusinfectie sectie, waar het plaatsen van de gevraagde logs een essentieel onderdeel is.

        Als je dat hebt gedaan, kunnen we voort....
        Last edited by Emphyrio; 21-08-14, 21:07.
        Malware Research [email protected]ytes (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Ok, ik heb eerst de handleiding voor een schone PC weer doorlopen.
          CCleaner gedraaid. (Gebruikte ik al)
          Met Kaspersky Virus Removal Tool gescand. Geen virussen ontdekt.
          Met Kaspersky Security Scan gecheckt. 12 threads bij Other issues ontdekt.
          Other issues (12)
          Information about vulnerabilities associated with the settings of installed applications and the operating system.
          1. "Autorun from hard drives is allowed"
          2. "Autorun from network drives is enabled"
          3. "CD/DVD autorun is enabled"
          4. "Removable media autorun is enabled"
          5. "Run command in the Start menu is blocked"
          6. "Windows Explorer - show extensions of known file types"
          7. "Microsoft Internet Explorer - disable caching data received via protected channel"
          8. "Microsoft Internet Explorer: disable sending error reports"
          9. "Microsoft Internet Explorer: clear the list of trusted domains"
          10. "Microsoft Internet Explorer: enable cache autocleanup on browser closing"
          11. "Windows Explorer: display of known file types extensions is disabled"
          12. "Microsoft Internet Explorer: start page reset"

          DMA resetten gedraaid. No resettable ATA channels with Windows drivers found. Nothing changed.
          Mijn computer heeft een SSD-schijf. Ik heb nu niet gedefragmenteerd omdat dit schadelijk kan zijn voor de harde schijf volgens jullie handleiding. Dit wist ik niet. Ik heb de harde schijf wel vaker gedefragmenteerd. Onlangs de harde schijf nog op fouten gecontroleerd via Eigenschappen. Er zijn toen geen fouten gevonden.

          Windows update uitgevoerd. Alleen een update van Microsoft Security Essentials. Verder geen updates.

          Medion updates uitgevoerd. Intel chipset update nog een keer uitgevoerd. Alle andere updates onlangs nog uitgevoerd naar aanleiding van deze storing.

          PC Pitstop uitgevoerd. Er zijn 32 fixes gevonden en 4 Advice items. Ik heb de meldingen dmv printscreen in een wordbestand opgeslagen en de geupload naar mijnbestand.nl http://www.mijnbestand.nl/Bestand-DCHOERSJXNFS.doc (PC Pitstop report)

          Vervolgens Defogger uitgevoerd.
          PC met Malwarebytes Anti-Malware gescand. C-schijf geen malware aangetroffen.
          Op de D-schijf nog wel.
          www.malwarebytes.org

          Scandatum: 22-8-2014
          Scantijd: 15:32:22
          Logbestand: mbamlog.txt
          Beheerder: Ja

          Versie: 2.00.2.1012
          Malwaredatabase: v2014.08.22.05
          Rootkitdatabase: v2014.08.21.01
          Licentie: Gratis
          Malwarebescherming: Uitgeschakeld
          Kwaadaardige Website Bescherming: Uitgeschakeld
          Self-protection: Uitgeschakeld

          Besturingssysteem: Windows 7 Service Pack 1
          Processor: x64
          Bestandssysteem: NTFS
          Gebruiker: Kemna

          Scantype: Aangepaste Scan
          Resultaat: Voltooid
          Objecten Gescand: 508063
          Verstreken Tijd: 38 m, 56 s

          Geheugen: Ingeschakeld
          Opstarten: Ingeschakeld
          Bestandssysteem: Ingeschakeld
          Archieven: Ingeschakeld
          Rootkits: Uitgeschakeld
          Heuristics: Ingeschakeld
          POP: Ingeschakeld
          POA: Ingeschakeld

          Processen: 0
          (No malicious items detected)

          Modules: 0
          (No malicious items detected)

          Registersleutels: 1
          PUP.Optional.FileTypeAssistant, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Trusted Software Assistant_is1, In Quarantaine, [e7b634958dee34025184449f20e2946c],

          Registerwaardes: 0
          (No malicious items detected)

          Registerdata: 0
          (No malicious items detected)

          Mappen: 2
          PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant, In Quarantaine, [e7b634958dee34025184449f20e2946c],
          PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\temp, In Quarantaine, [e7b634958dee34025184449f20e2946c],

          Bestanden: 14
          PUP.Optional.CoolMirage, D:\Marja\Marja\Downloads\Backup Downloads\The_TimeBuilders_Pyramid_Rising_2_With_Guide_[ASG]_exe.exe, In Quarantaine, [95088841bcbf7db90d1f312a19eb847c],
          Trojan.Downloader, D:\Harry\Programma's\Frontpage\Microsoft Expression Web - FrontPage 2007\Microsoft Expression Web(FrontPage 2007)1\setup.exe, In Quarantaine, [405d8c3d4932ca6cbc70fe7d9f6530d0],
          Trojan.Downloader, D:\Harry\VWGE\Programma's\Frontpage\Microsoft Expression Web - FrontPage 2007\Microsoft Expression Web(FrontPage 2007)1\setup.exe, In Quarantaine, [1687ecddccafd660929ad1aa32d2619f],
          PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\ftacfg.exe, In Quarantaine, [e7b634958dee34025184449f20e2946c],
          PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\itdownload.dll, In Quarantaine, [e7b634958dee34025184449f20e2946c],
          PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\TSASetup.exe, In Quarantaine, [e7b634958dee34025184449f20e2946c],
          PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\tsassist.exe, In Quarantaine, [e7b634958dee34025184449f20e2946c],
          PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\tsassist.id, In Quarantaine, [e7b634958dee34025184449f20e2946c],
          PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\tsassist.pci, In Quarantaine, [e7b634958dee34025184449f20e2946c],
          PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\unins000.dat, In Quarantaine, [e7b634958dee34025184449f20e2946c],
          PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\unins000.exe, In Quarantaine, [e7b634958dee34025184449f20e2946c],
          PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\unins000.msg, In Quarantaine, [e7b634958dee34025184449f20e2946c],
          PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\unins000.ref, In Quarantaine, [e7b634958dee34025184449f20e2946c],
          PUP.Optional.FileTypeAssistant, C:\Program Files (x86)\File Type Assistant\temp\~tmp.exe, In Quarantaine, [e7b634958dee34025184449f20e2946c],

          Fysieke Sectoren: 0
          (No malicious items detected)


          (end)

          Vervolgens DDS-logbestand gemaakt.

          DDS (Ver_2012-11-20.01) - NTFS_AMD64
          Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.67.2
          Run by Kemna at 16:19:58 on 2014-08-22
          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8174.5866 [GMT 2:00]
          .
          AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
          SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
          SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
          .
          ============== Running Processes ===============
          .
          C:\Windows\system32\lsm.exe
          C:\Windows\system32\svchost.exe -k DcomLaunch
          C:\Windows\system32\nvvsvc.exe
          C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
          C:\Windows\system32\svchost.exe -k RPCSS
          C:\Program Files\Microsoft Security Client\MsMpEng.exe
          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
          C:\Windows\system32\svchost.exe -k LocalService
          C:\Windows\system32\svchost.exe -k netsvcs
          C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
          C:\Windows\system32\svchost.exe -k GPSvcGroup
          C:\Program Files\HitmanPro\hmpsched.exe
          C:\Windows\system32\svchost.exe -k NetworkService
          C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
          C:\Windows\system32\nvvsvc.exe
          C:\Windows\system32\taskeng.exe
          C:\Windows\System32\spoolsv.exe
          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
          C:\Program Files (x86)\DirectLife\DLupdateService.exe
          C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
          C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
          C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
          c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
          C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
          C:\Windows\system32\svchost.exe -k imgsvc
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
          C:\Windows\system32\SearchIndexer.exe
          C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
          C:\Windows\system32\SearchProtocolHost.exe
          C:\Windows\system32\SearchFilterHost.exe
          C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
          C:\Program Files\Microsoft Security Client\NisSrv.exe
          C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
          C:\Windows\System32\WUDFHost.exe
          C:\Windows\servicing\TrustedInstaller.exe
          C:\Windows\system32\taskhost.exe
          C:\Windows\system32\taskeng.exe
          C:\Windows\system32\Dwm.exe
          C:\Windows\Explorer.EXE
          C:\Program Files\Microsoft Security Client\msseces.exe
          C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
          C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
          C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
          D:\Downloads\Spybot - Search & Destroy\TeaTimer.exe
          C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
          C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
          C:\Program Files (x86)\DirectLife\DLconnect.exe
          C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
          C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
          C:\Users\Kemna\AppData\Roaming\Dropbox\bin\Dropbox.exe
          C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
          C:\Program Files\Windows Media Player\wmpnetwk.exe
          C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
          C:\Windows\System32\svchost.exe -k LocalServicePeerNet
          C:\Windows\system32\wbem\wmiprvse.exe
          C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
          C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
          C:\Windows\system32\wbem\wmiprvse.exe
          C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
          C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
          C:\Windows\System32\cscript.exe
          .
          ============== Pseudo HJT Report ===============
          .
          uStart Page = www.google.com
          uSearch Bar = www.google.com
          uSearch Page = www.google.com
          uDefault_Page_URL = hxxp://www.google.com
          mStart Page = hxxp://www.google.com
          mDefault_Page_URL = hxxp://www.google.com
          mDefault_Search_URL = hxxp://www.google.com
          uSearchAssistant = www.google.com
          mWinlogon: Userinit = userinit.exe,
          BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
          BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
          BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
          uRun: [SpybotSD TeaTimer] D:\Downloads\Spybot - Search & Destroy\TeaTimer.exe
          uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
          mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
          mRun: [DLconnect] C:\Program Files (x86)\DirectLife\DLconnect.exe
          mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
          mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
          mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
          mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
          mRun: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
          StartupFolder: C:\Users\Kemna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kemna\AppData\Roaming\Dropbox\bin\Dropbox.exe
          mPolicies-Explorer: NoActiveDesktop = dword:1
          mPolicies-Explorer: NoActiveDesktopChanges = dword:1
          mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
          mPolicies-System: ConsentPromptBehaviorUser = dword:3
          mPolicies-System: EnableUIADesktopToggle = dword:0
          IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
          IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
          IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
          IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4
          IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
          IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
          IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
          .
          INFO: HKCU has more than 50 listed domains.
          If you wish to scan all of them, select the 'Force scan all domains' option.
          .
          DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
          TCP: NameServer = 213.197.28.3 213.197.30.28
          TCP: Interfaces\{5B90CD70-E56C-4456-B65F-11601705E13B} : DHCPNameServer = 213.197.28.3 213.197.30.28
          Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
          Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
          Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
          Notify: SDWinLogon - SDWinLogon.dll
          SSODL: WebCheck - <orphaned>
          SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
          mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
          x64-mStart Page = www.google.com
          x64-mDefault_Page_URL = www.google.com
          x64-mDefault_Search_URL = www.google.com
          x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
          x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
          x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
          x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
          x64-IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4
          x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
          x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
          x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
          x64-SSODL: WebCheck - <orphaned>
          .
          ============= SERVICES / DRIVERS ===============
          .
          R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-7 644968]
          R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-7 28008]
          R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
          R1 wStLibG64;wStLibG64;C:\Windows\System32\drivers\wStLibG64.sys [2014-3-7 61112]
          R2 DLupdater;DLupdater;C:\Program Files (x86)\DirectLife\DLupdateService.exe [2011-12-6 174312]
          R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-8-15 127752]
          R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
          R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2014-6-15 202080]
          R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-14 1809720]
          R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
          R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2014-8-22 86656]
          R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-5-14 3921880]
          R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-5-14 1042272]
          R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-5-14 171416]
          R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
          R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
          R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-8-1 129000]
          R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-8-1 391144]
          R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-14 25816]
          R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
          R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-11 533096]
          R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2011-7-18 694888]
          S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
          S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
          S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-14 860472]
          S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
          S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-11 2656280]
          S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-13 111616]
          S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
          S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
          S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-14 63704]
          S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-4 19456]
          S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-11 56832]
          S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-4 30208]
          S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-12 1255736]
          S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2010-9-23 129008]
          S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
          .
          =============== Created Last 30 ================
          .
          2014-08-22 09:42:18 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3AAA0D1E-A8D6-4A06-A7A3-88F25B1F840D}\mpengine.dll
          2014-08-22 07:08:22 -------- d-----w- C:\ProgramData\Kaspersky Lab
          2014-08-22 07:08:22 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
          2014-08-22 05:12:03 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
          2014-08-20 10:18:07 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4482C8A1-5A44-4597-994E-14F00C49BFFB}\gapaengine.dll
          2014-08-18 18:58:17 -------- d-----w- C:\Users\Kemna\AppData\Local\{F1BBF14F-EFE9-4A23-9409-35ABCBF43175}
          2014-08-15 11:50:52 -------- d-----w- C:\Program Files\HitmanPro
          2014-08-15 11:49:57 -------- d-----w- C:\ProgramData\HitmanPro
          2014-08-15 08:12:01 -------- d-----w- C:\Windows\SysWow64\RTCOM
          2014-08-15 08:12:01 -------- d-----w- C:\Program Files\Realtek
          2014-08-14 18:28:59 -------- d-----w- C:\Users\Kemna\Intel
          2014-08-14 18:00:50 -------- d-----w- C:\Intel
          2014-08-14 17:41:44 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
          2014-08-14 17:41:44 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
          2014-08-14 17:41:44 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
          2014-08-14 17:41:44 1482600 ----a-w- C:\Windows\System32\nvdispgenco64.dll
          2014-08-14 17:35:15 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
          2014-08-14 14:51:24 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
          2014-08-14 14:51:14 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
          2014-08-14 14:51:14 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
          2014-08-14 14:51:14 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
          2014-08-14 14:51:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
          2014-08-14 11:37:17 -------- d-----w- C:\Users\Kemna\AppData\Local\Sparta
          2014-08-14 08:54:38 -------- d-----w- C:\Medion
          2014-08-13 19:55:32 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
          2014-08-13 19:55:32 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
          2014-08-13 19:55:32 171160 ----a-w- C:\Windows\System32\infocardapi.dll
          2014-08-13 19:55:32 1389208 ----a-w- C:\Windows\System32\icardagt.exe
          2014-08-13 19:55:31 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
          2014-08-13 19:55:31 8856 ----a-w- C:\Windows\System32\icardres.dll
          2014-08-13 19:55:22 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
          2014-08-13 19:55:22 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
          2014-08-12 20:14:02 -------- d-----w- C:\Windows\pss
          2014-08-12 09:13:24 -------- d-----w- C:\ProgramData\PCPitstop
          2014-08-12 09:13:23 -------- d-----w- C:\Program Files (x86)\PCPitstop
          2014-08-11 21:37:10 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
          2014-08-11 21:31:49 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
          2014-08-11 20:41:27 -------- d-----w- C:\Users\Kemna\AppData\Roaming\DriverCure
          2014-08-11 20:32:39 -------- d-----w- C:\Program Files (x86)\RegistryNuke 2014
          2014-08-11 17:59:16 -------- d-----w- C:\Program Files (x86)\NKProds
          2014-08-11 09:50:53 6574592 ----a-w- C:\Windows\System32\mstscax.dll
          2014-08-11 09:50:53 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
          2014-08-05 17:20:22 227728 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
          .
          ==================== Find3M ====================
          .
          2014-08-14 11:38:45 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
          2014-08-14 11:38:45 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
          2014-08-07 02:06:41 529920 ----a-w- C:\Windows\System32\aepdu.dll
          2014-08-07 02:01:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
          2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
          2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
          2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
          2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
          2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
          2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
          2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
          2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
          2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
          2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
          2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
          2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
          2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
          2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
          2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
          2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
          2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
          2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
          2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
          2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
          2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
          2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
          2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
          2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
          2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
          2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
          2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
          2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
          2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
          2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
          2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
          2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
          2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
          2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
          2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
          2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
          2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
          2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
          2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
          2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
          2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
          2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
          2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
          2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
          2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
          2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
          2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
          2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
          2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
          2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
          2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
          2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
          2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
          2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
          2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
          2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
          2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
          2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
          2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
          2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
          2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
          2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
          2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
          2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
          2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
          2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
          2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
          2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
          .
          ============= FINISH: 16:20:15,70 ===============

          Vervolgens Gmer gedraaid:
          Log gepost via mijnbestand.nl

          http://www.mijnbestand.nl/Bestand-B6GWLV6TDU66.log

          Ik hoop dat je er iets aan hebt.

          Comment


          • #6
            Hoi dompie,

            Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
            .
            • Log enkel in als beheerder met alle rechten.
            • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
            • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
            • Volg aandachtig de instructies die door mij worden gegeven.
            • Volg enkel het door mij gegeven advies op
            • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
            • Als je iets niet weet of verstaat, vraag het dan even aub.
            • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
            • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
            • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
            • De logs niet als bijlage, noch tussen codetags zetten aub.

            .
            Opmerking: Alle tools steeds uitvoeren als admin.
            De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

            Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



            Stap 1:

            Controle op slechte toolbars...

            Download AdwCleaner by Xplode naar je Bureaublad.
            • Sluit alle openstaande vensters
            • Start AdwCleaner
            • Klik op Scannen
            • Klik op Verwijderen
            • KLIK HIER voor een vergroting! 

            Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
            Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
            Post deze inhoud hier op het Forum.

            Enkel de log na de "Verwijderen" optie heb ik nodig.

            Vergeet niet om je "smileys" uit te schakelen.

            Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
            Deze word standaard door AdwCleaner terug gezet naar Google.com
            ___________________________________________________________

            Stap 2:
            Post een verse DDS log.
            ___________________________________________________________

            Stap 3:

            Download Security Check op je bureaublad via hier of hier

            Start Security Check
            Volg de Instructies in het scherm
            Aan het eind verschijnt een log ( checkup.txt )
            Plaats de inhoud ervan in je volgende antwoord.


            In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
            .
            • AdwCleaner
            • DDS
            • checkup.txt

            .
            Deze logs NIET als bijlage of tussen codetags posten aub.
            (Desnoods in meerdere postingen.)

            Emphyrio
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              Ok. Stap 1 AdwCleaner uitgevoerd.

              # AdwCleaner v3.308 - Rapport aangemaakt 22/08/2014 op 19:44:23
              # Laatste Update 20/08/2014 door Xplode
              # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
              # Gebruikersnaam : Kemna - KEMNA-LIVING
              # Gestart vanuit : C:\Users\Kemna\Desktop\adwcleaner_3.308.exe
              # Optie : Verwijderen

              ***** [ Services ] *****

              Service Verwijderd : wStLibG64

              ***** [ Bestanden / Mappen ] *****

              Map Verwijderd : C:\ProgramData\ParetoLogic
              Map Verwijderd : C:\ProgramData\AlawarWrapper
              Map Verwijderd : C:\Program Files (x86)\FinalMediaPlayer
              Map Verwijderd : C:\Program Files (x86)\ParetoLogic
              Map Verwijderd : C:\Program Files (x86)\Common Files\ParetoLogic
              Map Verwijderd : C:\Users\Kemna\AppData\Local\FileTypeAssistant
              Map Verwijderd : C:\Users\Kemna\AppData\Local\FinalMediaPlayer
              Map Verwijderd : C:\Users\Kemna\AppData\Roaming\DriverCure
              Map Verwijderd : C:\Users\Kemna\AppData\Roaming\DSite
              Map Verwijderd : C:\Users\Kemna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OnlineHD.TV
              Map Verwijderd : C:\Users\Marja\AppData\Local\FileTypeAssistant
              Map Verwijderd : C:\Users\Marja\AppData\Local\PackageAware
              Map Verwijderd : C:\Users\Marja\AppData\Roaming\DriverCure
              Map Verwijderd : C:\Users\Marja\AppData\Roaming\goforfiles
              Map Verwijderd : C:\Users\Marja\AppData\Roaming\ParetoLogic
              Map Verwijderd : C:\Users\Marja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
              Bestand Verwijderd : C:\Windows\System32\drivers\wStLibG64.sys
              Bestand Verwijderd : C:\Users\Kemna\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
              Bestand Verwijderd : C:\Users\Marja\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
              Bestand Verwijderd : C:\Users\Marja\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js

              ***** [ Taken ] *****


              ***** [ Snelkoppelingen ] *****

              Snelkoppeling Gedesinfecteerd : C:\Users\Kemna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
              Snelkoppeling Gedesinfecteerd : C:\Users\Kemna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
              Snelkoppeling Gedesinfecteerd : C:\Users\Kemna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

              ***** [ Register ] *****

              Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih
              Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
              Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
              Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
              Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
              Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
              Sleutel Verwijderd : HKCU\Software\speedypc software
              Sleutel Verwijderd : HKLM\SOFTWARE\GoforFiles
              Sleutel Verwijderd : HKLM\SOFTWARE\ParetoLogic
              Sleutel Verwijderd : HKLM\SOFTWARE\PIP
              Sleutel Verwijderd : HKLM\SOFTWARE\speedypc software
              Sleutel Verwijderd : HKLM\SOFTWARE\systweak
              Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
              Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

              ***** [ Browsers ] *****

              -\\ Internet Explorer v11.0.9600.17239


              -\\ Mozilla Firefox v

              [ Bestand : C:\Users\Kemna\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


              [ Bestand : C:\Users\Marja\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


              [ Bestand : C:\Users\Marja\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


              -\\ Google Chrome v36.0.1985.143

              [ Bestand : C:\Users\Kemna\AppData\Local\Google\Chrome\User Data\Default\preferences ]

              Verwijderd [Search Provider] : hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hozzvrn_pVD2Ocg4bSN2yx8K7F_oxIpnZzfu7seMOB_-jQwYMTl4dMJTVZUf487obSmvF35zlFepw4VAmiafduj2QzpuUljIN8aTk0kH9li-68fUmg9cazhJ6YdbYbSEAHO-kXR8mAUB8l0BzGjRIylv1cEpEVSkhcSg,,&q={searchTerms}

              [ Bestand : C:\Users\Marja\AppData\Local\Google\Chrome\User Data\Default\preferences ]

              Verwijderd [Search Provider] : hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hozzvrn_pVD2Ocg4bSN2yx8K7F_oxIpnZzfu7seMOB_-jQwYMTl4dMJTVZUf487obSmvF35zlFepw4VAmiafduj2QzpuUljIN8aTk0kH9li-68fUmg9cazhJ6YdbYbSEAHO-kXR8mAUB8l0BzGjRIylv1cEpEVSkhcSg,,&q={searchTerms}

              *************************

              AdwCleaner[R0].txt - [5806 octets] - [22/08/2014 19:43:01]
              AdwCleaner[S0].txt - [5454 octets] - [22/08/2014 19:44:23]

              ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5514 octets] ##########

              Comment


              • #8
                Stap 2: DDS log.

                DDS (Ver_2012-11-20.01) - NTFS_AMD64
                Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.67.2
                Run by Kemna at 19:58:54 on 2014-08-22
                Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8174.5648 [GMT 2:00]
                .
                AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
                SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
                SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
                .
                ============== Running Processes ===============
                .
                C:\Windows\system32\lsm.exe
                C:\Windows\system32\svchost.exe -k DcomLaunch
                C:\Windows\system32\nvvsvc.exe
                C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
                C:\Windows\system32\svchost.exe -k RPCSS
                C:\Program Files\Microsoft Security Client\MsMpEng.exe
                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                C:\Windows\system32\svchost.exe -k LocalService
                C:\Windows\system32\svchost.exe -k netsvcs
                C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
                C:\Windows\system32\svchost.exe -k GPSvcGroup
                C:\Program Files\HitmanPro\hmpsched.exe
                C:\Windows\system32\svchost.exe -k NetworkService
                C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                C:\Windows\system32\nvvsvc.exe
                C:\Windows\system32\taskeng.exe
                C:\Windows\System32\spoolsv.exe
                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                C:\Program Files (x86)\DirectLife\DLupdateService.exe
                C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
                C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
                C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
                c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
                C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
                C:\Windows\system32\svchost.exe -k imgsvc
                C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                C:\Windows\system32\SearchIndexer.exe
                C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
                C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
                C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                C:\Windows\System32\WUDFHost.exe
                C:\Windows\servicing\TrustedInstaller.exe
                C:\Windows\system32\taskhost.exe
                C:\Windows\system32\Dwm.exe
                C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
                C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
                C:\Windows\Explorer.EXE
                C:\Program Files\Microsoft Security Client\msseces.exe
                C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                D:\Downloads\Spybot - Search & Destroy\TeaTimer.exe
                C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
                C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
                C:\Program Files (x86)\DirectLife\DLconnect.exe
                C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
                C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
                C:\Users\Kemna\AppData\Roaming\Dropbox\bin\Dropbox.exe
                C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                C:\Program Files\Windows Media Player\wmpnetwk.exe
                C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                C:\Program Files\Microsoft Security Client\NisSrv.exe
                C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
                C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
                C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                C:\Windows\system32\wbem\wmiprvse.exe
                C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
                C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
                C:\Windows\system32\svchost.exe -k SDRSVC
                C:\Windows\system32\SearchProtocolHost.exe
                C:\Windows\system32\SearchFilterHost.exe
                C:\Windows\System32\cscript.exe
                .
                ============== Pseudo HJT Report ===============
                .
                uStart Page = www.google.com
                uSearch Bar = www.google.com
                uSearch Page = www.google.com
                uDefault_Page_URL = hxxp://www.google.com
                mStart Page = hxxp://www.google.com
                mDefault_Page_URL = hxxp://www.google.com
                mDefault_Search_URL = hxxp://www.google.com
                uSearchAssistant = www.google.com
                mWinlogon: Userinit = userinit.exe,
                BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
                BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                uRun: [SpybotSD TeaTimer] D:\Downloads\Spybot - Search & Destroy\TeaTimer.exe
                uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
                mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
                mRun: [DLconnect] C:\Program Files (x86)\DirectLife\DLconnect.exe
                mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
                mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
                mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
                mRun: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe
                StartupFolder: C:\Users\Kemna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kemna\AppData\Roaming\Dropbox\bin\Dropbox.exe
                mPolicies-Explorer: NoActiveDesktop = dword:1
                mPolicies-Explorer: NoActiveDesktopChanges = dword:1
                mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                mPolicies-System: ConsentPromptBehaviorUser = dword:3
                mPolicies-System: EnableUIADesktopToggle = dword:0
                IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
                IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
                IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
                IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4
                IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
                IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
                IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                .
                INFO: HKCU has more than 50 listed domains.
                If you wish to scan all of them, select the 'Force scan all domains' option.
                .
                DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
                TCP: NameServer = 213.197.28.3 213.197.30.28
                TCP: Interfaces\{5B90CD70-E56C-4456-B65F-11601705E13B} : DHCPNameServer = 213.197.28.3 213.197.30.28
                Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
                Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
                Notify: SDWinLogon - SDWinLogon.dll
                SSODL: WebCheck - <orphaned>
                SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
                mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                x64-mStart Page = www.google.com
                x64-mDefault_Page_URL = www.google.com
                x64-mDefault_Search_URL = www.google.com
                x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
                x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
                x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
                x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                x64-IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4
                x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
                x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                x64-SSODL: WebCheck - <orphaned>
                .
                ============= SERVICES / DRIVERS ===============
                .
                R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-7 644968]
                R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-7 28008]
                R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
                R2 DLupdater;DLupdater;C:\Program Files (x86)\DirectLife\DLupdateService.exe [2011-12-6 174312]
                R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-8-15 127752]
                R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
                R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2014-6-15 202080]
                R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-14 1809720]
                R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
                R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2014-8-22 86656]
                R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-5-14 3921880]
                R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-5-14 1042272]
                R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-5-14 171416]
                R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
                R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
                R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-11 2656280]
                R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-8-1 129000]
                R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-8-1 391144]
                R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-14 25816]
                R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-14 122584]
                R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
                R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-11 533096]
                R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2011-7-18 694888]
                S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-14 860472]
                S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
                S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-13 111616]
                S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
                S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
                S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-14 63704]
                S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-4 19456]
                S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-11 56832]
                S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-4 30208]
                S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-12 1255736]
                S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2010-9-23 129008]
                S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
                .
                =============== Created Last 30 ================
                .
                2014-08-22 17:43:20 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
                2014-08-22 17:42:54 -------- d-----w- C:\AdwCleaner
                2014-08-22 09:42:18 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3AAA0D1E-A8D6-4A06-A7A3-88F25B1F840D}\mpengine.dll
                2014-08-22 07:08:22 -------- d-----w- C:\ProgramData\Kaspersky Lab
                2014-08-22 07:08:22 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
                2014-08-22 05:12:03 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                2014-08-20 10:18:07 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4482C8A1-5A44-4597-994E-14F00C49BFFB}\gapaengine.dll
                2014-08-18 18:58:17 -------- d-----w- C:\Users\Kemna\AppData\Local\{F1BBF14F-EFE9-4A23-9409-35ABCBF43175}
                2014-08-15 11:50:52 -------- d-----w- C:\Program Files\HitmanPro
                2014-08-15 11:49:57 -------- d-----w- C:\ProgramData\HitmanPro
                2014-08-15 08:12:01 -------- d-----w- C:\Windows\SysWow64\RTCOM
                2014-08-15 08:12:01 -------- d-----w- C:\Program Files\Realtek
                2014-08-14 18:28:59 -------- d-----w- C:\Users\Kemna\Intel
                2014-08-14 18:00:50 -------- d-----w- C:\Intel
                2014-08-14 17:41:44 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
                2014-08-14 17:41:44 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
                2014-08-14 17:41:44 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
                2014-08-14 17:41:44 1482600 ----a-w- C:\Windows\System32\nvdispgenco64.dll
                2014-08-14 17:35:15 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
                2014-08-14 14:51:24 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
                2014-08-14 14:51:14 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
                2014-08-14 14:51:14 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
                2014-08-14 14:51:14 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
                2014-08-14 14:51:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
                2014-08-14 11:37:17 -------- d-----w- C:\Users\Kemna\AppData\Local\Sparta
                2014-08-14 08:54:38 -------- d-----w- C:\Medion
                2014-08-13 19:55:32 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
                2014-08-13 19:55:32 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
                2014-08-13 19:55:32 171160 ----a-w- C:\Windows\System32\infocardapi.dll
                2014-08-13 19:55:32 1389208 ----a-w- C:\Windows\System32\icardagt.exe
                2014-08-13 19:55:31 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
                2014-08-13 19:55:31 8856 ----a-w- C:\Windows\System32\icardres.dll
                2014-08-13 19:55:22 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
                2014-08-13 19:55:22 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
                2014-08-12 20:14:02 -------- d-----w- C:\Windows\pss
                2014-08-12 09:13:24 -------- d-----w- C:\ProgramData\PCPitstop
                2014-08-12 09:13:23 -------- d-----w- C:\Program Files (x86)\PCPitstop
                2014-08-11 21:37:10 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
                2014-08-11 21:31:49 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                2014-08-11 20:32:39 -------- d-----w- C:\Program Files (x86)\RegistryNuke 2014
                2014-08-11 17:59:16 -------- d-----w- C:\Program Files (x86)\NKProds
                2014-08-11 09:50:53 6574592 ----a-w- C:\Windows\System32\mstscax.dll
                2014-08-11 09:50:53 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
                2014-08-05 17:20:22 227728 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
                .
                ==================== Find3M ====================
                .
                2014-08-14 11:38:45 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                2014-08-14 11:38:45 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                2014-08-07 02:06:41 529920 ----a-w- C:\Windows\System32\aepdu.dll
                2014-08-07 02:01:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
                2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
                2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
                2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
                2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
                2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
                2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
                2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
                2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
                2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
                2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
                2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
                2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
                2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
                2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
                2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
                2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
                2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
                2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
                2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
                2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
                2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
                2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
                2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
                2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
                2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
                2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
                2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
                2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
                2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
                2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
                2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
                2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
                2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
                2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
                2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
                2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
                2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
                2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
                2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
                2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
                2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
                2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
                2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
                2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
                2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
                2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
                2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
                2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
                2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
                2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
                2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
                2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
                2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
                2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
                2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
                2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
                2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
                .
                ============= FINISH: 19:59:06,58 ===============

                Comment


                • #9
                  Stap 3: Security check

                  Results of screen317's Security Check version 0.99.87
                  Windows 7 Service Pack 1 x64 (UAC is enabled)
                  Internet Explorer 11
                  ``````````````Antivirus/Firewall Check:``````````````
                  Microsoft Security Essentials
                  Antivirus up to date!
                  `````````Anti-malware/Other Utilities Check:`````````
                  Spybot - Search & Destroy
                  JavaFX 2.1.0
                  Java 7 Update 67
                  Java(TM) 7 Update 5
                  Adobe Reader XI
                  Google Chrome 36.0.1985.125
                  Google Chrome 36.0.1985.143
                  ````````Process Check: objlist.exe by Laurent````````
                  Microsoft Security Essentials MSMpEng.exe
                  Microsoft Security Essentials msseces.exe
                  Malwarebytes Anti-Malware mbam.exe
                  Malwarebytes Anti-Malware mbamscheduler.exe
                  Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe
                  `````````````````System Health check`````````````````
                  Total Fragmentation on Drive C: 1%
                  ````````````````````End of Log``````````````````````

                  Comment


                  • #10
                    Deze mag je verwijderen via Software: Java(TM) 7 Update 5
                    PC herstarten hierna.


                    Start CCleaner op.
                    • Run Ccleaner en klik in de linkse kolom op Opties
                    • Selecteer het tabblad Geavanceerd
                    • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                    • Selecteer het tabblad Instellingen
                    • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                    • Klik in de linkse kolom op Cleaner.
                    • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                    • Klik vervolgens in de linkse kolom op Register
                    • Klik op Scan naar problemen.
                    • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                    • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                    .

                    Hoe is het nu?
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Bovenstaande stappen uitgevoerd: Java(TM) 7 Update 5 verwijderd. CCleaner gedraaid volgens de aanwijzingen.

                      Helaas, het heeft nog niet geholpen.
                      Na een uur blijft de computer toch weer hangen.
                      Via Taakbeheer, Broncontrole zie ik in het Display van schijf een blauwe lijn die steeds circa 4 a 5 seconden tot het maximum gaat.
                      Na twee minuten een crash dump om te voorkomen dat de schijf beschadigd raakt.

                      Melding in de crashdump:

                      A process or thread crucial to system operation has unexpectedly exited or been terminated.

                      Technical information: STOP: 0X000000F4 (0X0000000000000003, 0XFFFFFA800CC10B30, 0XFFFFFA800CC10E10, 0XFFFFF8000397C270)

                      Soortgelijke melding als eens paar keer eerder gehad ( op 20 augustus): betrof toen KERNAL_DATA_INPAGE_ERROR. 0X0000007A (etc.)

                      Comment


                      • #12
                        Je pc is malware vrij.
                        Vermits het hier om een Windows probleem gaat, advizeer ik om in de Windows sectie verder te gaan.

                        Persoonlijk zou ik een herinstallatie in overweging nemen.



                        1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                        2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                        Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                        3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                        4) Allerlei tips en hints kan je hier raadplegen.


                        Ik zet het topic op opgelost.

                        Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
                        naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                        Dit is gedaan om het forum netjes en overzichtelijk te houden.

                        Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                        Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                        Emphyrio
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Dank je voor jouw inspanningen. Ik neem even in overweging of ik het probleem in de Windows sectie plaats of dat ik een herinstallatie zal doorvoeren.
                          Dank je voor alle hulp en tips.

                          Dompie

                          Comment


                          • #14
                            Graag gedaan, Dompie
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X