Mededeling

Collapse
No announcement yet.

taskeng.exe is missing

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • taskeng.exe is missing

    Hoi,

    Ik ben van een ander topic hierheen gestuur. Hier mijn probleem:


    Ik krijg met opstarten van de laptop deze melding in een zwart venster: taskeng.exe is missing.

    Ik heb al: msconfig geprobeerd om te kijken of dit bestand met opstarten word geladen maar ik kan niets vinden.

    Hierbij het logje:
    "Silent Runners.vbs", revision 64, http://www.silentrunners.org/
    Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit)
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    Hyperdesktop = C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe [Hyperdesktop]
    AdobeBridge = (empty string) [file not found]
    RocketDock = "C:\Program Files (x86)\RocketDock\RocketDock.exe" [null data]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    MSC = "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS]
    RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
    NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [NVIDIA Corporation]
    ShadowPlay = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [MS]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
    USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [Intel Corporation]
    SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]
    SwitchBoard = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [Adobe Systems Incorporated]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Lync Click to Call BHO
    -> {HKLM…CLSID} = Lync Browser Helper
    \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS]

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
    -> {HKLM…CLSID} = Office Document Cache Handler
    \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\URLREDIR.DLL [MS]

    {E1499FE7-129D-4B6E-B681-DDF21E14172C}\(Default) = iToolsBHO
    -> {HKLM…CLSID} = BHOImpl Class
    \InProcServer32\(Default) = C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO64.dll [iTools.hk]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM…Wow…CLSID} = Java(tm) Plug-In SSV Helper
    \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
    -> {HKLM…Wow…CLSID} = Office Document Cache Handler
    \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [MS]

    {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
    -> {HKLM…Wow…CLSID} = Microsoft SkyDrive Pro Browser Helper
    \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [MS]

    {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
    -> {HKLM…Wow…CLSID} = Java(tm) Plug-In 2 SSV Helper
    \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

    {E1499FE7-129D-4B6E-B681-DDF21E14172C}\(Default) = iToolsBHO
    -> {HKLM…Wow…CLSID} = BHOImpl Class
    \InProcServer32\(Default) = C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO.dll [iTools.hk]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

    SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7}
    -> {HKLM…Wow…CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
    \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [MS]

    SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
    -> {HKLM…Wow…CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
    \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [MS]

    SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
    -> {HKLM…Wow…CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
    \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [MS]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    <<!>> AppInit_DLLs = C:\Windows\system32\nvinitx.dll [NVIDIA Corporation]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\
    <<!>> AppInit_DLLs = c:\windows\syswow64\nvinit.dll,C:\Windows\SysWOW64\nvinit.dll [file not found]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

    <<!>> text/xml\CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
    -> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter
    \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL [MS]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

    <<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}
    -> {HKLM…CLSID} = HxProtocol Class
    \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS]

    <<!>> osf\CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
    -> {HKLM…CLSID} = Protocol Class
    \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [MS]

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

    ANotepad++64\(Default) = {B298D29A-A6ED-11DE-BA8C-A68E55D89593}
    -> {HKLM…CLSID} = ANotepad++64
    \InProcServer32\(Default) = C:\Program Files (x86)\Notepad++\NppShell_06.dll [null data]

    EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
    -> {HKLM…CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\shellext.dll [MS]

    WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
    -> {HKLM…CLSID} = WinRAR
    \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]

    HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\

    {FA507C3F-30C6-4DCA-9EE5-2656072EEC14}\(Default) = (no title provided)
    -> {HKLM…CLSID} = TheAdvOSPropPage Class
    \InProcServer32\(Default) = C:\Windows\system32\igfxOSP.dll [Intel Corporation]

    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

    EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
    -> {HKLM…CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\shellext.dll [MS]

    UltraISO\(Default) = {AD392E40-428C-459F-961E-9B147782D099}
    -> {HKLM…CLSID} = UIContextMenu Class
    \InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]

    HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

    FileZilla3CopyHook\(Default) = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}
    -> {HKLM…CLSID} = FileZilla 3 Shell Extension
    \InProcServer32\(Default) = C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll [null data]

    HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

    igfxDTCM\(Default) = {9B5F5829-A529-4B12-814A-E81BCB8D93FC}
    -> {HKLM…CLSID} = TheDeskTopContextMenu Class
    \InProcServer32\(Default) = C:\Windows\system32\igfxDTCM.dll [Intel Corporation]

    igfxOSP\(Default) = {FA507C3F-30C6-4DCA-9EE5-2656072EEC14}
    -> {HKLM…CLSID} = TheAdvOSPropPage Class
    \InProcServer32\(Default) = C:\Windows\system32\igfxOSP.dll [Intel Corporation]

    NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
    -> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension
    \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

    UltraISO\(Default) = {AD392E40-428C-459F-961E-9B147782D099}
    -> {HKLM…CLSID} = UIContextMenu Class
    \InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]

    WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
    -> {HKLM…CLSID} = WinRAR
    \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]

    HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

    WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
    -> {HKLM…CLSID} = WinRAR
    \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]


    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------

    Note: detected settings may not have any effect.

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

    ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000000
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

    EnableLUA = (REG_DWORD) dword:0x00000000
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Run All Administrators In Admin Approval Mode}

    PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    User Account Control: Switch to the secure desktop when prompting for elevation}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    Wallpaper = C:\Users\Artful\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


    Windows Portable Device AutoPlay Handlers
    -----------------------------------------

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

    BridgeCS5.1ImportMediaOnArrival\
    Provider = Adobe Bridge CS5.1
    InvokeProgID = Adobe.adobebridgeCS5.1
    InvokeVerb = launch
    HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS5.1\shell\launch\command\(Default) = C:\Program Files (x86)\adobe\Adobe Bridge CS5.1\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]

    BridgeCS5.1NonVolumeHandler\
    Provider = Adobe Bridge CS5.1
    ProgID = Adobe.adobebridgeMTP_1
    HKLM\SOFTWARE\Classes\Adobe.adobebridgeMTP_1\CLSID\(Default) = {1E6C711B-6D70-4a65-8AB6-745DC19BE2A6}
    -> {HKLM…CLSID} = Adobe Bridge CS6
    \LocalServer32\(Default) = C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\bridgeproxy.exe -m [Adobe Systems, Inc.]

    BridgeCS6ImportMediaOnArrival\
    Provider = Adobe Bridge CS6
    InvokeProgID = Adobe.adobebridgeCS6
    InvokeVerb = launch
    HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS6\shell\launch\command\(Default) = C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]

    BridgeCS6NonVolumeHandler\
    Provider = Adobe Bridge CS6
    ProgID = Adobe.adobebridgeMTP_1
    HKLM\SOFTWARE\Classes\Adobe.adobebridgeMTP_1\CLSID\(Default) = {1E6C711B-6D70-4a65-8AB6-745DC19BE2A6}
    -> {HKLM…CLSID} = Adobe Bridge CS6
    \LocalServer32\(Default) = C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\bridgeproxy.exe -m [Adobe Systems, Inc.]

    iTunesBurnCDOnArrival\
    Provider = iTunes
    InvokeProgID = iTunes.BurnCD
    InvokeVerb = burn
    HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

    iTunesImportSongsOnArrival\
    Provider = iTunes
    InvokeProgID = iTunes.ImportSongsOnCD
    InvokeVerb = import
    HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

    iTunesPlaySongsOnArrival\
    Provider = iTunes
    InvokeProgID = iTunes.PlaySongsOnCD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

    iTunesShowSongsOnArrival\
    Provider = iTunes
    InvokeProgID = iTunes.ShowSongsOnCD
    InvokeVerb = showsongs
    HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

    MSPlayCDAudioOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.AudioCD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

    MSPlayDVDMovieOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.DVD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L" [MS]

    MSPlaySuperVideoCDMovieOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.VCD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

    MSPlayVideoCDMovieOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.VCD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

    MSWMPBurnCDOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.BurnCD
    InvokeVerb = Burn
    HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

    VLCPlayCDAudioOnArrival\
    Provider = VideoLAN VLC media player
    InvokeProgID = VLC.CDAudio
    InvokeVerb = Open
    HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]

    VLCPlayDVDAudioOnArrival\
    Provider = VideoLAN VLC media player
    InvokeProgID = VLC.OPENFolder
    InvokeVerb = Open
    HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

    VLCPlayDVDMovieOnArrival\
    Provider = VideoLAN VLC media player
    InvokeProgID = VLC.DVDMovie
    InvokeVerb = Open
    HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]

    VLCPlayMusicFilesOnArrival\
    Provider = VideoLAN VLC media player
    InvokeProgID = VLC.OPENFolder
    InvokeVerb = Open
    HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

    VLCPlaySVCDMovieOnArrival\
    Provider = VideoLAN VLC media player
    InvokeProgID = VLC.SVCDMovie
    InvokeVerb = Open
    HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

    VLCPlayVCDMovieOnArrival\
    Provider = VideoLAN VLC media player
    InvokeProgID = VLC.VCDMovie
    InvokeVerb = Open
    HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

    VLCPlayVideoFilesOnArrival\
    Provider = VideoLAN VLC media player
    InvokeProgID = VLC.OPENFolder
    InvokeVerb = Open
    HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

    WIA_{6CD14C66-A7DA-41C7-B015-1C9B7F7075D5}\
    Provider = Photoshop
    CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
    InitCmdLine = /WiaCmd;C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe /StiDevice:%1 /StiEvent:%2;
    -> {HKLM…CLSID} = WPDShextAutoplay
    \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]


    Non-disabled Scheduled Tasks:
    -----------------------------

    C:\Users\Artful\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

    C:\Windows\System32\Tasks
    AutoPico Daily Restart -> launches: "C:\Program Files\KMSpico\AutoPico.exe" /silent [null data]
    CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]
    GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
    GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
    RocketTab -> launches: cmd.exe /C start "" "C:\Program Files (x86)\RocketTab\Client.exe" /Preferred=true [MS]
    RocketTab Update Task -> launches: C:\Program Files (x86)\RocketTab\uninstall.exe /CheckUpdate=true [file not found]
    {1928F456-9BE3-4B5C-A581-74C7E929609C} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Artful\AppData\Local\Temp\Temp1_Install_Win7_7088_07242014.zip\Install_Win7_7088_07242014\s etup.exe [MS]

    C:\Windows\System32\Tasks\Apple
    AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]

    C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware
    Microsoft Antimalware Scheduled Scan -> launches: C:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS]

    C:\Windows\System32\Tasks\Microsoft\Office
    Office 15 Subscription Heartbeat -> launches: %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
    AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
    -> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
    \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
    -> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
    \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
    AitAgent -> launches: aitagent [MS]
    Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS]
    ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
    Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
    UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
    SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
    -> {HKLM…CLSID} = Certificate Services Client Task Handler
    \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
    -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
    \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
    UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
    -> {HKLM…CLSID} = Certificate Services Client Task Handler
    \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
    -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
    \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
    Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
    KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
    -> {HKLM…CLSID} = KernelCeipCustomHandler
    \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
    UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
    -> {HKLM…CLSID} = UsbCeip
    \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
    -> {HKLM…Wow…CLSID} = UsbCeip
    \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
    ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
    Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
    -> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler
    \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Location
    Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
    WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
    -> {HKLM…CLSID} = WinSAT Task Manger Task
    \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
    -> {HKLM…Wow…CLSID} = WinSAT Task Manger Task
    \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
    ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
    ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
    DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
    ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
    InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
    mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
    MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
    ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
    OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
    OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
    PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
    PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
    PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
    PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
    PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
    RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
    ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
    SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
    UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
    CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
    -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
    \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
    DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
    -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
    \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
    HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
    -> {HKLM…CLSID} = HotStart User Agent
    \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\MUI
    LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
    SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
    -> {HKLM…CLSID} = Microsoft PlaySoundService Class
    \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
    -> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class
    \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
    GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

    C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
    AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\RAC
    RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
    -> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler
    \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
    -> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler
    \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Ras
    MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
    -> {HKLM…CLSID} = RasMobilityManager
    \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Registry
    RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
    -> {HKLM…CLSID} = RegistryIdleBackupHandler
    \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
    RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
    GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
    -> {HKLM…CLSID} = GadgetsManager Class
    \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
    SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
    Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
    -> {HKLM…CLSID} = RunTask
    \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
    -> {HKLM…Wow…CLSID} = RunTask
    \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
    IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
    IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
    MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
    -> {HKLM…CLSID} = MsCtfMonitor task handler
    \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
    -> {HKLM…Wow…CLSID} = MsCtfMonitor task handler
    \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
    SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
    UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\WDI
    ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
    -> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
    \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
    -> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler
    \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
    ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
    ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
    QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
    BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
    UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
    ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
    CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
    -> {HKLM…CLSID} = Wininet Cache task object
    \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
    -> {HKLM…Wow…CLSID} = Wininet Cache task object
    \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

    C:\Windows\System32\Tasks\WPD
    SqmUpload_S-1-5-21-1592524675-1410301248-110674532-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
    000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
    000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
    000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
    000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
    000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
    000000000007\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]

    Transport Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 10


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
    ButtonText = Lync - klikken om te bellen
    MenuText = Lync - klikken om te bellen
    CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
    -> {HKLM…CLSID} = Lync Browser Helper
    \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS]


    Miscellaneous IE Hijack Points
    ------------------------------

    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
    <<H>> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
    Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
    Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
    DYMO PnP Service, DymoPnpService, "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe" [null data]
    Intel(R) HD Graphics Control Panel Service, igfxCUIService1.0.0.0, C:\Windows\system32\igfxCUIService.exe [Intel Corporation]
    Microsoft Antimalware Service, MsMpSvc, "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS]
    Microsoft Netwerkinspectie, NisSrv, "C:\Program Files\Microsoft Security Client\NisSrv.exe" [MS]
    NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation]
    NVIDIA Network Service, NvNetworkService, "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [NVIDIA Corporation]
    NVIDIA Streamer Service, NvStreamSvc, "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" [NVIDIA Corporation]
    Office Software Protection Platform, osppsvc, "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [MS]
    Remote Procedure Call (RPC) Net, rpcnet, C:\Windows\SysWOW64\rpcnet.exe [Absolute Software Corp.]


    Safe Mode Drivers & Services (subkey name, subkey default value):
    -----------------------------------------------------------------

    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

    <<!>> hitmanpro37,
    <<!>> hitmanpro37.sys,
    <<!>> HitmanPro37Crusader,
    <<!>> HitmanPro37CrusaderBoot,
    <<!>> MsMpSvc, Service

    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

    <<!>> hitmanpro37,
    <<!>> hitmanpro37.sys,
    <<!>> HitmanPro37Crusader,
    <<!>> HitmanPro37CrusaderBoot,
    <<!>> MsMpSvc, Service


    Print Monitors:
    ---------------

    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
    DYMO LabelWriter Monitor\Driver = LW400MON.DLL [DYMO Corp.]


    ---------- (launch time: 2014-09-15 16:28:43)
    <<!>>: Suspicious data at a malware launch point.
    <<H>>: Suspicious data at a browser hijack point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 67 seconds, including 16 seconds for message boxes)


    Zou iemand me verder kunnen helpen?

    Bedankt!

    Groeten,
    Jeroen

  • #2
    Hoi Artfuldesign en welkom op Nucia Security Forum,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



    Stap 1:

    Malware scannen en verwijderen....

    Installeer MBAM 2.0 (info & download link)

    Start MBAM.
    Klik bovenin het scherm van Malwarebytes Anti-Malware op Scan.
    Kies in het scherm voor de Aangepaste scan en vink de partities aan die van toepassing zijn (c:\ d\ enz..)
    Klik vervolgens op de knop Scan nu.

    Voor het scannen wordt er altijd eerst automatisch gecontroleerd of er updates van de virusdefinities beschikbaar zijn, indien er een update beschikbaar is, moet je deze eerst laten installeren.

    Wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijg je hier een overzicht van.
    Selecteer om allen in quarantaine te plaatsen.
    Bij de melding dat uw computer opnieuw opgestart moet worden klik je op Ja.

    Na herstart van de PC, indien Malwarebytes heeft gevraagd om de PC opnieuw op te starten, open Malwarebytes opnieuw.
    Klik de Historie knop bovenaan in het menu.
    Klik vervolgens op de optie programmalogboeken en selecteer het Scanlogboek wat u wilt exporteren. Dit is de laatste scan die je hebt gedaan (kan je zien aan de datum en tijd).
    Selecteer deze om te bekijken.
    In een nieuw venster dat zal openen zal je de resultaten van je scan zien.

    Onderaan, selecteer ofwel om te exporteren als tekstbestand en geef het tekstbestand een naam, bijvoorbeeld mbamlog.
    Ofwel kan je selecteren om te kopieren naar het klembord, zodat de inhoud van de log naar je klembord wordt gekopieerd en je die zo in je volgende post kan plakken.


    Stap 2:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scannen
    • Klik op Verwijderen
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
    Post deze inhoud hier op het Forum.

    Enkel de log na de "Verwijderen" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
    Deze word standaard door AdwCleaner terug gezet naar Google.com


    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


    Stap 4:

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.


    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Last edited by Emphyrio; 15-09-14, 15:55. Reden: typo
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Hierbij de logjes:

      MBAM:Malwarebytes Anti-Malware
      www.malwarebytes.org

      Scan Date: 15-9-2014
      Scan Time: 16:51:33
      Logfile:
      Administrator: Yes

      Version: 2.00.2.1012
      Malware Database: v2014.09.15.07
      Rootkit Database: v2014.09.15.01
      License: Trial
      Malware Protection: Enabled
      Malicious Website Protection: Enabled
      Self-protection: Disabled

      OS: Windows 7 Service Pack 1
      CPU: x64
      File System: NTFS
      User: Artful

      Scan Type: Custom Scan
      Result: Completed
      Objects Scanned: 509877
      Time Elapsed: 1 hr, 46 min, 34 sec

      Memory: Enabled
      Startup: Enabled
      Filesystem: Enabled
      Archives: Enabled
      Rootkits: Disabled
      Heuristics: Enabled
      PUP: Enabled
      PUM: Enabled

      Processes: 0
      (No malicious items detected)

      Modules: 0
      (No malicious items detected)

      Registry Keys: 6
      PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, Quarantined, [1cd767865a210f276624986c27dc19e7],
      PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\RocketTab, Quarantined, [9f54fcf1e49783b3899ee7191ce7dd23],
      PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [49aa5f8e661575c18a7b9acf7391d12f],
      PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, [797a5895a6d5320415b14eb447bcbf41],
      PUP.Optional.RocketTab.A, HKU\S-1-5-21-1592524675-1410301248-110674532-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, Quarantined, [718288652d4e3df9fc2dbd435ca73fc1],
      PUP.Optional.WebSearches.A, HKU\S-1-5-21-1592524675-1410301248-110674532-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, Quarantined, [29cad419057665d19aeac73d0df6768a],

      Registry Values: 2
      PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, smt, Quarantined, [797a5895a6d5320415b14eb447bcbf41]
      PUP.Optional.RocketTab.A, HKU\S-1-5-21-1592524675-1410301248-110674532-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|RocketTab, 1, Quarantined, [ab487677e09b0d296abe05fb9a69847c]

      Registry Data: 3
      PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&t...2XXXXX5YX1LT2X, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&t...LT2X),Replaced,[1cd701ecbbc039fd435d8b68ed1725db]
      PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.istartsurf.com/web/?type=ds&ts=1410361078&from=smt&uid=ST95005620AS_5YX1LT2XXXXX5YX1LT2X&q={searchTerms}, Good: (www.google.com), Bad: (http://www.istartsurf.com/web/?type=ds&ts=1410361078&from=smt&uid=ST95005620AS_5YX1LT2XXXXX5YX1LT2X&q={searchTerms}),Replaced,[668d21cc9ae1c274aee8e013e32126da]
      PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&t...2XXXXX5YX1LT2X, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&t...LT2X),Replaced,[a053a647f2890b2bd2ce589ba85c35cb]

      Folders: 12
      Adware.PicRec, C:\Windows\Microsoft\UpdatingService, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
      Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
      Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [cb28f0fd0b701c1a56a3536e1de5d828],
      PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
      PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
      PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Quarantined, [ba3996573546f244cd82a7408d757f81],
      PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [ba3996573546f244cd82a7408d757f81],
      PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, [36bd9b524f2cf145f7c8e6032dd5c53b],
      PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, Quarantined, [36bd9b524f2cf145f7c8e6032dd5c53b],
      PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [36bd9b524f2cf145f7c8e6032dd5c53b],
      PUP.Optional.IStartSurf.A, C:\Users\Artful\AppData\Roaming\istartsurf, Quarantined, [faf9bb3202793ff763059d5532d0eb15],
      PUP.Optional.IStartSurf.A, C:\Users\Artful\AppData\Roaming\istartsurf\log, Quarantined, [faf9bb3202793ff763059d5532d0eb15],

      Files: 40
      PUP.Keygen.Intro, C:\Downloads\Ardfry PSD Codec v1430\KGN\CORE10k.EXE, No Action By User, [02f145a8f883092d4e51218905ff0000],
      RiskWare.Tool.CK, C:\Downloads\Ardfry PSD Codec v1430\KGN\keygen.exe, No Action By User, [a25187666615a19528e0b8df04fcd828],
      Hacktool.Agent, C:\Downloads\DAZ Loader 221\Windows Loader.exe, No Action By User, [6c8712dbbfbc6bcb6e57db7e4eb38f71],
      PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\amtlib.dll, Quarantined, [40b36885700bde5878e9aa87976bb24e],
      PUP.Optional.SearchHijacker.A, C:\Users\Artful\AppData\Local\Temp\smt_istartsurf.exe, Quarantined, [7b78bd3055261125402b614dab56db25],
      Trojan.Agent, C:\Users\Artful\AppData\Local\Temp\3EA5.tmp, Quarantined, [4da6eeff86f5a98d9e07b4ce778b659b],
      Adware.PicRec, C:\Windows\Microsoft\UpdatingService\BaseLibrary.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
      Adware.PicRec, C:\Windows\Microsoft\UpdatingService\ConfigurationData.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
      Adware.PicRec, C:\Windows\Microsoft\UpdatingService\InstallerLibrary.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
      Adware.PicRec, C:\Windows\Microsoft\UpdatingService\LinqBridge.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
      Adware.PicRec, C:\Windows\Microsoft\UpdatingService\NetServ.Net.Json.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
      Adware.PicRec, C:\Windows\Microsoft\UpdatingService\NewVersionDownloader.exe, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
      Adware.PicRec, C:\Windows\Microsoft\UpdatingService\SQLite.Interop.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
      Adware.PicRec, C:\Windows\Microsoft\UpdatingService\System.Data.SQLite.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
      Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\BaseLibrary.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
      Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\ConfigurationData.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
      Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\InstallerLibrary.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
      Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\Interop.SHDocVw.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
      Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\LinqBridge.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
      Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\NDde.DLL, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
      Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\SQLite.Interop.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
      Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\System.Data.SQLite.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
      Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\wsystem.exe, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
      PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, Quarantined, [d61d86678eed72c42803d22efb0839c7],
      PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab Update Task, Quarantined, [e40f519c1368aa8c0d1e53adda29a65a],
      Rogue.Multiple, C:\ProgramData\374311380\BIT3467.tmp, Quarantined, [cb28f0fd0b701c1a56a3536e1de5d828],
      PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\config.dat, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
      PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\makecert.exe, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
      PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\TrustedRoot.cer, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
      PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\certutil.exe, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
      PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libnspr4.dll, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
      PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libplc4.dll, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
      PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libplds4.dll, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
      PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\nss3.dll, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
      PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\smime3.dll, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
      PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\softokn3.dll, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
      PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, [ba3996573546f244cd82a7408d757f81],
      PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-10[16-58-30-131].log, Quarantined, [36bd9b524f2cf145f7c8e6032dd5c53b],
      PUP.Optional.IStartSurf.A, C:\Users\Artful\AppData\Roaming\istartsurf\UninstallManager.exe, Quarantined, [faf9bb3202793ff763059d5532d0eb15],
      PUP.Optional.IStartSurf.A, C:\Users\Artful\AppData\Roaming\istartsurf\log\UninstallManager_2014-09-10[17-00-18-817].log, Quarantined, [faf9bb3202793ff763059d5532d0eb15],

      Physical Sectors: 0
      (No malicious items detected)


      (end)


      AdwCleaner:
      # AdwCleaner v3.310 - Rapport aangemaakt 15/09/2014 op 19:11:29
      # Laatste Update 12/09/2014 door Xplode
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Gebruikersnaam : Artful - ARTFUL-PC
      # Gestart vanuit : C:\Users\Artful\Desktop\adwcleaner_3.310.exe
      # Optie : Verwijderen

      ***** [ Services ] *****


      ***** [ Bestanden / Mappen ] *****


      ***** [ Taken ] *****


      ***** [ Snelkoppelingen ] *****


      ***** [ Register ] *****


      ***** [ Browsers ] *****

      -\\ Internet Explorer v11.0.9600.17280


      -\\ Google Chrome v37.0.2062.120

      [ Bestand : C:\Users\Artful\AppData\Local\Google\Chrome\User Data\Default\preferences ]


      *************************

      AdwCleaner[R0].txt - [1708 octets] - [15/09/2014 19:00:12]
      AdwCleaner[R1].txt - [1768 octets] - [15/09/2014 19:01:56]
      AdwCleaner[R2].txt - [1014 octets] - [15/09/2014 19:09:55]
      AdwCleaner[S0].txt - [1732 octets] - [15/09/2014 19:03:48]
      AdwCleaner[S1].txt - [940 octets] - [15/09/2014 19:11:29]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [999 octets] ##########

      DDS:
      DDS (Ver_2012-11-20.01) - NTFS_AMD64
      Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
      Run by Artful at 19:14:33 on 2014-09-15
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.16384.13844 [GMT 2:00]
      .
      AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
      SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\nvvsvc.exe
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Program Files\Microsoft Security Client\MsMpEng.exe
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k GPSvcGroup
      C:\Windows\system32\igfxCUIService.exe
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
      C:\Windows\system32\nvvsvc.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Windows\Explorer.EXE
      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Program Files\Microsoft Security Client\msseces.exe
      C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
      C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
      C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
      C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
      C:\Program Files (x86)\RocketDock\RocketDock.exe
      C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
      C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      C:\Windows\SysWOW64\rpcnet.exe
      C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\Microsoft Security Client\NisSrv.exe
      C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Windows\system32\igfxEM.exe
      C:\Windows\system32\sppsvc.exe
      C:\Windows\system32\igfxHK.exe
      C:\Windows\system32\igfxTray.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Windows\System32\svchost.exe -k WerSvcGroup
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uProxyOverride = <-loopback>
      mWinlogon: Userinit = userinit.exe,
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
      BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
      BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
      BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO.dll
      uRun: [Hyperdesktop] C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
      uRun: [AdobeBridge] <no file>
      mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
      mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
      mPolicies-Explorer: NoActiveDesktop = dword:1
      mPolicies-Explorer: NoActiveDesktopChanges = dword:1
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableLUA = dword:0
      mPolicies-System: EnableUIADesktopToggle = dword:0
      mPolicies-System: PromptOnSecureDesktop = dword:0
      mPolicies-Windows\System: EnableSmartScreen = dword:0
      IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
      TCP: NameServer = 212.54.40.25 212.54.44.54 192.168.1.1
      TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C} : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
      TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C}\3557E636C6163737 : DHCPNameServer = 8.8.8.8 8.8.4.4
      TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C}\A45627F656E60256E602441616E6D25374 : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
      TCP: Interfaces\{E1035564-32BE-440A-8F4F-373AEDB8FD86} : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
      Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
      Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
      AppInit_DLLs= c:\windows\syswow64\nvinit.dll, C:\Windows\SysWOW64\nvinit.dll
      SSODL: WebCheck - <orphaned>
      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
      x64-mStart Page = about:blank
      x64-mSearch Page = hxxp://www.google.com
      x64-mDefault_Page_URL = about:blank
      x64-mDefault_Search_URL = www.google.com
      x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
      x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
      x64-BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO64.dll
      x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
      x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
      x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
      x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
      x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
      x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
      x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
      x64-SSODL: WebCheck - <orphaned>
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-24 19264]
      R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
      R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-8-8 32544]
      R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-1-28 32336]
      R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 314696]
      R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-15 1809720]
      R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-15 860472]
      R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
      R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-8 1720792]
      R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-8 18973144]
      R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-24 357184]
      R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-24 789824]
      R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-15 25816]
      R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-15 122584]
      R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-15 63704]
      R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
      R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-8 20440]
      R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-8 40392]
      R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2014-8-8 295056]
      R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-8-8 685160]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
      S2 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2014-8-8 977088]
      S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
      S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
      S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-8 19456]
      S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-8 56832]
      S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-8-8 30208]
      S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-6-10 54784]
      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-8-8 1255736]
      .
      =============== Created Last 30 ================
      .
      2014-09-15 17:01:21 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
      2014-09-15 16:59:53 -------- d-----w- C:\AdwCleaner
      2014-09-15 15:28:30 -------- d-----w- C:\ProgramData\Movavi Video Suite 12
      2014-09-15 15:02:39 -------- d-----w- C:\Program Files (x86)\Movavi Core 5.1.0
      2014-09-15 14:58:58 -------- d-----w- C:\ProgramData\Movavi
      2014-09-15 14:58:45 -------- d-----w- C:\Program Files (x86)\Movavi Video Suite 12
      2014-09-15 14:50:56 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
      2014-09-15 14:50:30 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
      2014-09-15 14:50:30 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
      2014-09-15 14:50:30 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2014-09-15 14:50:30 -------- d-----w- C:\ProgramData\Malwarebytes
      2014-09-15 14:50:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
      2014-09-15 14:36:48 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{249CE6B4-A54A-44A5-AA9F-53F7D15FE8B3}\mpengine.dll
      2014-09-13 10:01:39 -------- d-----w- C:\Users\Artful\AppData\Roaming\Wise Uninstaller
      2014-09-13 09:59:29 -------- d-----w- C:\Program Files\Wise Program Uninstaller
      2014-09-13 09:45:17 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
      2014-09-12 16:37:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Movavi
      2014-09-12 16:37:26 -------- d-----w- C:\Users\Artful\AppData\Local\Movavi
      2014-09-11 17:43:02 -------- d-----w- C:\Users\Artful\.swt
      2014-09-11 17:42:05 -------- d-----w- C:\Users\Artful\AppData\Roaming\Azureus
      2014-09-11 17:42:02 -------- d-----w- C:\Program Files (x86)\Vuze
      2014-09-11 11:02:07 -------- d-----w- C:\Program Files\HitmanPro
      2014-09-11 11:01:09 -------- d-----w- C:\ProgramData\HitmanPro
      2014-09-11 06:07:08 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
      2014-09-11 06:07:07 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
      2014-09-10 21:12:11 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
      2014-09-10 21:12:11 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
      2014-09-10 21:11:58 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
      2014-09-10 21:11:57 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
      2014-09-10 21:11:44 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
      2014-09-10 21:11:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
      2014-09-10 21:11:44 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
      2014-09-10 21:11:44 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
      2014-09-10 21:11:44 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
      2014-09-10 21:11:39 578048 ----a-w- C:\Windows\System32\aepdu.dll
      2014-09-10 21:11:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
      2014-09-10 17:43:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
      2014-09-10 17:43:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
      2014-09-10 17:04:17 -------- d-----w- C:\Users\Artful\AppData\Roaming\iFunbox_UserCache
      2014-09-10 17:04:11 -------- d-----w- C:\Program Files (x86)\i-Funbox DevTeam
      2014-09-10 15:00:55 -------- d-----w- C:\Users\Artful\AppData\Local\pangu
      2014-09-10 14:57:40 -------- d-----w- C:\ProgramData\PicRec
      2014-09-10 14:57:37 -------- d-----w- C:\http_filter
      2014-09-10 14:57:36 -------- d-----w- C:\Program Files\Common Files\PicRec
      2014-09-10 14:57:30 49880 ----a-w- C:\Windows\System32\drivers\netmon_wfp.sys
      2014-09-10 14:57:30 -------- d-----w- C:\Windows\Microsoft
      2014-09-10 14:57:18 -------- d-----w- C:\Program Files (x86)\PicRec (x86)
      2014-09-09 18:14:17 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
      2014-09-09 18:13:19 -------- d-----w- C:\Program Files\iPod
      2014-09-09 18:13:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
      2014-09-09 18:13:18 -------- d-----w- C:\Program Files\iTunes
      2014-09-09 18:13:18 -------- d-----w- C:\Program Files (x86)\iTunes
      2014-09-09 18:12:24 -------- d-----w- C:\Program Files\Bonjour
      2014-09-09 18:12:24 -------- d-----w- C:\Program Files (x86)\Bonjour
      2014-09-08 19:24:45 -------- d-----w- C:\Users\Artful\AppData\Roaming\MPC-HC
      2014-09-08 19:23:29 -------- d-----w- C:\Program Files\MPC-HC
      2014-09-08 17:09:47 -------- d-----w- C:\Users\Artful\AppData\Local\Apple Computer
      2014-09-08 17:09:47 -------- d-----w- C:\ProgramData\boost_interprocess
      2014-09-08 17:09:45 -------- d-----w- C:\Users\Artful\AppData\Local\Plex Media Server
      2014-09-08 17:08:45 -------- d-----w- C:\Program Files (x86)\Plex
      2014-09-08 17:08:33 -------- d-----w- C:\ProgramData\Package Cache
      2014-09-08 16:57:54 580096 ----a-w- C:\Windows\System32\ac3filter.acm.old
      2014-09-08 16:57:54 2231296 ----a-w- C:\Windows\System32\ac3filter.acm.new
      2014-09-08 16:57:45 1679360 ----a-w- C:\Windows\SysWow64\ac3filter.acm.new
      2014-09-08 16:57:27 -------- d-----w- C:\Users\Artful\AppData\Roaming\Standard
      2014-09-08 16:57:27 -------- d-----w- C:\Program Files (x86)\Shark007
      2014-09-08 16:57:02 -------- d-----w- C:\ProgramData\Standard
      2014-09-08 16:52:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Shark007
      2014-09-08 16:52:29 -------- d-----w- C:\ProgramData\Shark007
      2014-09-08 16:52:25 2231296 ----a-w- C:\Windows\System32\ac3filter.acm
      2014-09-08 16:52:24 2050560 ----a-w- C:\Windows\System32\VSFilter.dll
      2014-09-08 16:52:24 -------- d-----w- C:\Program Files\Shark007
      2014-09-03 08:36:08 -------- d-----w- C:\Users\Artful\AppData\Local\Mozilla
      2014-09-03 08:36:08 -------- d-----w- C:\ProgramData\Acunetix WVS 9
      2014-08-29 21:11:00 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D9CF5FE-2C18-40F8-B90E-307F647477FD}\gapaengine.dll
      2014-08-27 18:00:16 404480 ----a-w- C:\Windows\System32\gdi32.dll
      2014-08-27 18:00:16 3163648 ----a-w- C:\Windows\System32\win32k.sys
      2014-08-27 18:00:16 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
      2014-08-25 13:51:29 -------- d-----w- C:\Program Files\CCleaner
      2014-08-22 08:52:22 -------- d-----w- C:\Program Files (x86)\Bigasoft
      2014-08-19 11:01:29 -------- d-----w- C:\Users\Artful\AppData\Local\Sanford,_L.P
      2014-08-19 10:59:46 -------- d-----w- C:\Users\Artful\AppData\Local\DYMO
      2014-08-19 10:58:00 -------- d-----w- C:\Program Files (x86)\DYMO
      2014-08-19 10:57:58 -------- d-----w- C:\ProgramData\DYMO
      .
      ==================== Find3M ====================
      .
      2014-09-15 17:12:48 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
      2014-09-15 17:12:44 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
      2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
      2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
      2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
      2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
      2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
      2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
      2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
      2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
      2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
      2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
      2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
      2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
      2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
      2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
      2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
      2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
      2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
      2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
      2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
      2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
      2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
      2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
      2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
      2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
      2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
      2014-08-09 00:22:16 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
      2014-08-09 00:22:16 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
      2014-08-09 00:22:05 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
      2014-08-09 00:22:05 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
      2014-08-08 21:11:36 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
      2014-08-08 21:11:15 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
      2014-08-08 18:14:28 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
      2014-08-08 13:00:37 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
      2014-08-08 10:40:01 69792 ------w- C:\Windows\SysWow64\rpcnet.exe
      2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
      2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
      2014-07-17 16:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
      2014-07-17 16:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
      2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
      2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
      2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
      2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
      2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
      2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
      2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
      2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
      2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
      2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
      2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
      2014-07-02 18:55:41 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
      2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
      2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
      2014-07-02 18:55:41 2559960 ----a-w- C:\Windows\System32\nvsvcr.dll
      2014-07-02 18:55:41 1084704 ----a-w- C:\Windows\System32\nv3dappshext.dll
      2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
      2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
      2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
      2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
      2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
      .
      ============= FINISH: 19:15:35,17 ===============


      checkup.txt:
      Results of screen317's Security Check version 0.99.87
      Windows 7 Service Pack 1 x64 (UAC is disabled!)
      Internet Explorer 11
      ``````````````Antivirus/Firewall Check:``````````````
      Microsoft Security Essentials
      Antivirus up to date!
      `````````Anti-malware/Other Utilities Check:`````````
      Java 7 Update 67
      Adobe Reader XI
      Google Chrome 37.0.2062.103
      Google Chrome 37.0.2062.120
      ````````Process Check: objlist.exe by Laurent````````
      Microsoft Security Essentials MSMpEng.exe
      Microsoft Security Essentials msseces.exe
      Malwarebytes Anti-Malware mbamservice.exe
      Malwarebytes Anti-Malware mbam.exe
      Malwarebytes Anti-Malware mbamscheduler.exe
      `````````````````System Health check`````````````````
      Total Fragmentation on Drive C: 5%
      ````````````````````End of Log``````````````````````


      Bedankt!

      Comment


      • #4
        Download Combofix naar je bureaublad.
        (Dus niet naar een download map of temp map)

        Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
        Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

        Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

        Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
        Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

        Als Combofix vraagt om een update, dan staat je dit toe.

        Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
        Deze kan je vinden als C:\combofix.txt.

        Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

        * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
        • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
        • Illegal operation attempted on a registry key that has been marked for deletion.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Combofix:
          ComboFix 14-09-16.01 - Artful 15-09-2014 19:41:46.1.8 - x64
          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.16384.14019 [GMT 2:00]
          Gestart vanuit: C:\Users\Artful\Desktop\ComboFix.exe
          AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
          SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
          SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))


          C:\Windows\MICROSOFT
          C:\Windows\MICROSOFT\sogr\BaseLibrary.dll
          C:\Windows\MICROSOFT\sogr\ConfigurationData.dll
          C:\Windows\MICROSOFT\sogr\InstallerLibrary.dll
          C:\Windows\MICROSOFT\sogr\Ionic.Zip.dll
          C:\Windows\MICROSOFT\sogr\LinqBridge.dll
          C:\Windows\MICROSOFT\sogr\NetServ.Net.Json.dll
          C:\Windows\MICROSOFT\sogr\SQLite.Interop.dll
          C:\Windows\MICROSOFT\sogr\System.Data.SQLite.dll


          ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          -------\Service_Service KMSELDI


          (((((((((((((((((((( Bestanden Gemaakt van 2014-08-15 to 2014-09-15 ))))))))))))))))))))))))))))))


          2014-09-15 17:49:55 . 2014-09-15 17:49:55 144 ----a-w- C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
          2014-09-15 17:48:31 . 2014-09-15 17:48:31 -------- d-----w- C:\Users\Default\AppData\Local\temp
          2014-09-15 17:01:21 . 2010-08-30 06:34:16 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
          2014-09-15 16:59:53 . 2014-09-15 17:11:45 -------- d-----w- C:\AdwCleaner
          2014-09-15 15:28:30 . 2014-09-15 15:28:30 -------- d-----w- C:\ProgramData\Movavi Video Suite 12
          2014-09-15 15:02:39 . 2014-09-15 15:02:52 -------- d-----w- C:\Program Files (x86)\Movavi Core 5.1.0
          2014-09-15 14:58:58 . 2014-09-15 14:58:58 -------- d-----w- C:\ProgramData\Movavi
          2014-09-15 14:58:45 . 2014-09-15 15:02:52 -------- d-----w- C:\Program Files (x86)\Movavi Video Suite 12
          2014-09-15 14:50:56 . 2014-09-15 17:50:09 122584 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
          2014-09-15 14:50:30 . 2014-09-15 14:50:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
          2014-09-15 14:50:30 . 2014-09-15 14:50:30 -------- d-----w- C:\ProgramData\Malwarebytes
          2014-09-15 14:50:30 . 2014-05-12 05:26:10 63704 ----a-w- C:\Windows\system32\drivers\mwac.sys
          2014-09-15 14:50:30 . 2014-05-12 05:26:00 91352 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
          2014-09-15 14:50:30 . 2014-05-12 05:25:56 25816 ----a-w- C:\Windows\system32\drivers\mbam.sys
          2014-09-15 14:36:48 . 2014-08-21 03:43:42 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{249CE6B4-A54A-44A5-AA9F-53F7D15FE8B3}\mpengine.dll
          2014-09-13 10:01:39 . 2014-09-13 10:02:28 -------- d-----w- C:\Users\Artful\AppData\Roaming\Wise Uninstaller
          2014-09-13 09:59:29 . 2014-09-13 10:01:23 -------- d-----w- C:\Program Files\Wise Program Uninstaller
          2014-09-13 09:45:17 . 2014-08-21 03:43:42 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
          2014-09-12 16:37:29 . 2014-09-12 16:37:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Movavi
          2014-09-12 16:37:26 . 2014-09-12 16:37:26 -------- d-----w- C:\Users\Artful\AppData\Local\Movavi
          2014-09-11 17:43:02 . 2014-09-11 17:43:02 -------- d-----w- C:\Users\Artful\.swt
          2014-09-11 17:42:05 . 2014-09-12 17:20:40 -------- d-----w- C:\Users\Artful\AppData\Roaming\Azureus
          2014-09-11 17:42:02 . 2014-09-11 17:42:24 -------- d-----w- C:\Program Files (x86)\Vuze
          2014-09-11 11:02:07 . 2014-09-11 11:02:07 -------- d-----w- C:\Program Files\HitmanPro
          2014-09-11 11:01:09 . 2014-09-11 11:06:22 -------- d-----w- C:\ProgramData\HitmanPro
          2014-09-11 06:45:03 . 2014-09-11 06:45:04 -------- d-----w- C:\Program Files (x86)\7-Zip
          2014-09-11 06:07:08 . 2014-06-27 02:08:12 2777088 ----a-w- C:\Windows\system32\msmpeg2vdec.dll
          2014-09-11 06:07:07 . 2014-06-27 01:45:52 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
          2014-09-10 21:12:11 . 2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\system32\TSWorkspace.dll
          2014-09-10 21:12:11 . 2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
          2014-09-10 21:11:58 . 2014-06-24 03:29:36 2565120 ----a-w- C:\Windows\system32\d3d10warp.dll
          2014-09-10 21:11:57 . 2014-06-24 02:59:49 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
          2014-09-10 21:11:44 . 2014-07-07 02:06:35 728064 ----a-w- C:\Windows\system32\kerberos.dll
          2014-09-10 21:11:44 . 2014-07-07 02:06:35 1460736 ----a-w- C:\Windows\system32\lsasrv.dll
          2014-09-10 21:11:44 . 2014-07-07 01:40:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
          2014-09-10 21:11:44 . 2014-07-07 01:40:12 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
          2014-09-10 21:11:44 . 2014-07-07 01:39:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
          2014-09-10 21:11:39 . 2014-09-05 02:10:43 578048 ----a-w- C:\Windows\system32\aepdu.dll
          2014-09-10 21:11:38 . 2014-09-05 02:05:42 424448 ----a-w- C:\Windows\system32\aeinv.dll
          2014-09-10 17:43:43 . 2014-09-11 09:55:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
          2014-09-10 17:43:35 . 2014-09-11 11:07:58 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
          2014-09-10 17:04:17 . 2014-09-10 20:22:49 -------- d-----w- C:\Users\Artful\AppData\Roaming\iFunbox_UserCache
          2014-09-10 17:04:11 . 2014-09-10 20:02:58 -------- d-----w- C:\Program Files (x86)\i-Funbox DevTeam
          2014-09-10 15:00:55 . 2014-09-10 15:10:30 -------- d-----w- C:\Users\Artful\AppData\Local\pangu
          2014-09-10 14:57:40 . 2014-09-10 14:57:40 -------- d-----w- C:\ProgramData\PicRec
          2014-09-10 14:57:37 . 2014-09-10 15:00:01 -------- d-----w- C:\http_filter
          2014-09-10 14:57:36 . 2014-09-10 15:00:22 -------- d-----w- C:\Program Files\Common Files\PicRec
          2014-09-10 14:57:30 . 2014-08-25 10:11:32 49880 ----a-w- C:\Windows\system32\drivers\netmon_wfp.sys
          2014-09-10 14:57:18 . 2014-09-10 14:57:18 -------- d-----w- C:\Program Files (x86)\PicRec (x86)
          2014-09-09 18:14:17 . 2014-09-09 18:14:17 -------- dc----w- C:\Windows\system32\DRVSTORE
          2014-09-09 18:14:17 . 2012-08-21 11:01:20 33240 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
          2014-09-09 18:13:19 . 2014-09-09 18:13:19 -------- d-----w- C:\Program Files\iPod
          2014-09-09 18:13:18 . 2014-09-09 18:14:11 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
          2014-09-09 18:13:18 . 2014-09-09 18:14:07 -------- d-----w- C:\Program Files\iTunes
          2014-09-09 18:13:18 . 2014-09-09 18:14:00 -------- d-----w- C:\Program Files (x86)\iTunes
          2014-09-09 18:12:40 . 2014-09-09 18:12:40 -------- d-----w- C:\Program Files\Common Files\Apple
          2014-09-09 18:12:24 . 2014-09-09 18:12:25 -------- d-----w- C:\Program Files\Bonjour
          2014-09-09 18:12:24 . 2014-09-09 18:12:25 -------- d-----w- C:\Program Files (x86)\Bonjour
          2014-09-08 19:24:45 . 2014-09-08 19:24:45 -------- d-----w- C:\Users\Artful\AppData\Roaming\MPC-HC
          2014-09-08 19:23:29 . 2014-09-08 19:23:32 -------- d-----w- C:\Program Files\MPC-HC
          2014-09-08 17:09:47 . 2014-09-09 18:14:23 -------- d-----w- C:\Users\Artful\AppData\Local\Apple Computer
          2014-09-08 17:09:47 . 2014-09-08 17:09:47 -------- d-----w- C:\ProgramData\boost_interprocess
          2014-09-08 17:09:45 . 2014-09-08 17:13:15 -------- d-----w- C:\Users\Artful\AppData\Local\Plex Media Server
          2014-09-08 17:08:45 . 2014-09-08 17:08:45 -------- d-----w- C:\Program Files (x86)\Plex
          2014-09-08 17:08:33 . 2014-09-08 17:15:44 -------- d-----w- C:\ProgramData\Package Cache
          2014-09-08 16:57:45 . 2013-04-05 22:26:24 1679360 ----a-w- C:\Windows\SysWow64\ac3filter.acm.new
          2014-09-08 16:57:27 . 2014-09-08 16:57:53 -------- d-----w- C:\Users\Artful\AppData\Roaming\Standard
          2014-09-08 16:57:27 . 2014-09-08 16:57:27 -------- d-----w- C:\Program Files (x86)\Shark007
          2014-09-08 16:57:02 . 2014-09-08 16:57:53 -------- d-----w- C:\ProgramData\Standard
          2014-09-08 16:52:29 . 2014-09-08 16:58:07 -------- d-----w- C:\Users\Artful\AppData\Roaming\Shark007
          2014-09-08 16:52:29 . 2014-09-08 16:58:07 -------- d-----w- C:\ProgramData\Shark007
          2014-09-08 16:52:25 . 2013-04-05 22:27:32 2231296 ----a-w- C:\Windows\system32\ac3filter.acm
          2014-09-08 16:52:24 . 2014-09-08 16:57:53 -------- d-----w- C:\Program Files\Shark007
          2014-09-08 16:52:24 . 2014-06-05 12:00:00 2050560 ----a-w- C:\Windows\system32\VSFilter.dll
          2014-09-03 08:36:08 . 2014-09-03 08:36:08 -------- d-----w- C:\Users\Artful\AppData\Local\Mozilla
          2014-09-03 08:36:08 . 2014-09-03 08:36:08 -------- d-----w- C:\ProgramData\Acunetix WVS 9
          2014-08-29 21:11:00 . 2014-08-20 17:13:28 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D9CF5FE-2C18-40F8-B90E-307F647477FD}\gapaengine.dll
          2014-08-27 18:00:16 . 2014-08-23 02:07:00 404480 ----a-w- C:\Windows\system32\gdi32.dll
          2014-08-27 18:00:16 . 2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
          2014-08-27 18:00:16 . 2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\system32\win32k.sys
          2014-08-25 13:51:29 . 2014-08-25 13:51:31 -------- d-----w- C:\Program Files\CCleaner
          2014-08-22 08:52:22 . 2014-08-22 08:52:22 -------- d-----w- C:\Program Files (x86)\Bigasoft
          2014-08-19 14:20:24 . 2014-09-14 16:41:31 -------- d-----w- C:\Users\Artful\AppData\Roaming\FileZilla
          2014-08-19 14:20:19 . 2014-09-13 15:49:19 -------- d-----w- C:\Program Files (x86)\FileZilla FTP Client
          2014-08-19 11:01:29 . 2014-08-19 11:01:29 -------- d-----w- C:\Users\Artful\AppData\Local\Sanford,_L.P
          2014-08-19 10:59:46 . 2014-08-19 11:01:31 -------- d-----w- C:\Users\Artful\AppData\Local\DYMO
          2014-08-19 10:58:00 . 2014-08-19 10:58:00 -------- d-----w- C:\Program Files (x86)\DYMO
          2014-08-19 10:57:58 . 2014-08-19 10:57:58 -------- d-----w- C:\ProgramData\DYMO
          .


          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

          2014-09-15 17:49:53 . 2014-08-08 10:04:48 17920 ----a-w- C:\Windows\system32\rpcnetp.exe
          2014-09-15 17:49:51 . 2014-08-08 10:40:12 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
          2014-09-11 06:08:28 . 2014-08-08 12:31:44 101694776 ----a-w- C:\Windows\system32\MRT.exe
          2014-08-20 17:13:28 . 2014-08-13 14:38:11 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
          2014-08-09 00:22:16 . 2014-08-08 17:46:26 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
          2014-08-09 00:22:16 . 2014-08-08 17:46:26 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
          2014-08-09 00:22:05 . 2014-08-08 17:46:26 1715224 ----a-w- C:\Windows\system32\nvspbridge64.dll
          2014-08-09 00:22:05 . 2014-08-08 17:46:26 1283136 ----a-w- C:\Windows\system32\nvspcap64.dll
          2014-08-08 21:11:36 . 2014-08-08 10:05:48 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
          2014-08-08 21:11:15 . 2014-08-08 10:04:48 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
          2014-08-08 18:14:28 . 2014-08-08 18:14:33 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
          2014-08-08 13:04:59 . 2014-08-08 13:04:59 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
          2014-08-08 13:04:58 . 2014-08-08 13:04:58 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
          2014-08-08 13:04:58 . 2014-08-08 13:04:58 645120 ----a-w- C:\Windows\SysWow64\jsIntl.dll
          2014-08-08 13:04:58 . 2014-08-08 13:04:58 235008 ----a-w- C:\Windows\system32\elshyph.dll
          2014-08-08 13:04:58 . 2014-08-08 13:04:58 182272 ----a-w- C:\Windows\SysWow64\msls31.dll
          2014-08-08 13:04:57 . 2014-08-08 13:04:57 86016 ----a-w- C:\Windows\SysWow64\iesysprep.dll
          2014-08-08 13:04:57 . 2014-08-08 13:04:57 74240 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
          2014-08-08 13:04:57 . 2014-08-08 13:04:57 62464 ----a-w- C:\Windows\SysWow64\tdc.ocx
          2014-08-08 13:04:57 . 2014-08-08 13:04:57 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
          2014-08-08 13:04:57 . 2014-08-08 13:04:57 36352 ----a-w- C:\Windows\SysWow64\imgutil.dll
          2014-08-08 13:04:57 . 2014-08-08 13:04:57 337408 ----a-w- C:\Windows\SysWow64\html.iec
          2014-08-08 13:04:57 . 2014-08-08 13:04:57 24576 ----a-w- C:\Windows\SysWow64\licmgr10.dll
          2014-08-08 13:04:57 . 2014-08-08 13:04:57 151552 ----a-w- C:\Windows\SysWow64\iexpress.exe
          2014-08-08 13:04:57 . 2014-08-08 13:04:57 139264 ----a-w- C:\Windows\SysWow64\wextract.exe
          2014-08-08 13:04:57 . 2014-08-08 13:04:57 13312 ----a-w- C:\Windows\SysWow64\mshta.exe
          2014-08-08 13:04:57 . 2014-08-08 13:04:57 111616 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 942592 ----a-w- C:\Windows\system32\jsIntl.dll
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 90112 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 86016 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 81408 ----a-w- C:\Windows\system32\icardie.dll
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 77312 ----a-w- C:\Windows\system32\tdc.ocx
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 616104 ----a-w- C:\Windows\system32\ieapfltr.dat
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 48640 ----a-w- C:\Windows\system32\mshtmler.dll
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 413696 ----a-w- C:\Windows\system32\html.iec
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 30208 ----a-w- C:\Windows\system32\licmgr10.dll
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 247808 ----a-w- C:\Windows\system32\msls31.dll
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 243200 ----a-w- C:\Windows\system32\webcheck.dll
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 235520 ----a-w- C:\Windows\system32\url.dll
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 167424 ----a-w- C:\Windows\system32\iexpress.exe
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 143872 ----a-w- C:\Windows\system32\wextract.exe
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 13312 ----a-w- C:\Windows\system32\msfeedssync.exe
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 131072 ----a-w- C:\Windows\system32\IEAdvpack.dll
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 105984 ----a-w- C:\Windows\system32\iesysprep.dll
          2014-08-08 13:04:56 . 2014-08-08 13:04:56 101376 ----a-w- C:\Windows\system32\inseng.dll
          2014-08-08 13:04:55 . 2014-08-08 13:04:55 774144 ----a-w- C:\Windows\system32\jscript.dll
          2014-08-08 13:04:55 . 2014-08-08 13:04:55 62464 ----a-w- C:\Windows\system32\pngfilt.dll
          2014-08-08 13:04:55 . 2014-08-08 13:04:55 48128 ----a-w- C:\Windows\system32\imgutil.dll
          2014-08-08 13:04:55 . 2014-08-08 13:04:55 147968 ----a-w- C:\Windows\system32\occache.dll
          2014-08-08 13:04:55 . 2014-08-08 13:04:55 13824 ----a-w- C:\Windows\system32\mshta.exe
          2014-08-08 13:04:55 . 2014-08-08 13:04:55 135680 ----a-w- C:\Windows\system32\iepeers.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 9728 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 5632 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 5632 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 4096 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 3584 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 3072 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 3072 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 2560 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:37 10752 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
          2014-08-08 13:00:37 . 2014-08-08 13:00:36 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 648192 ----a-w- C:\Windows\system32\d3d10level9.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 522752 ----a-w- C:\Windows\system32\XpsGdiConverter.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 363008 ----a-w- C:\Windows\system32\dxgi.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 333312 ----a-w- C:\Windows\system32\d3d10_1core.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 296960 ----a-w- C:\Windows\system32\d3d10core.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 245248 ----a-w- C:\Windows\system32\WindowsCodecsExt.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 221184 ----a-w- C:\Windows\system32\UIAnimation.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 194560 ----a-w- C:\Windows\system32\d3d10_1.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 1682432 ----a-w- C:\Windows\system32\XpsPrint.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 1643520 ----a-w- C:\Windows\system32\DWrite.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 1238528 ----a-w- C:\Windows\system32\d3d10.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 1175552 ----a-w- C:\Windows\system32\FntCache.dll
          2014-08-08 13:00:36 . 2014-08-08 13:00:36 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
          2014-08-08 10:40:01 . 2014-08-08 10:40:12 69792 ------w- C:\Windows\SysWow64\rpcnet.exe
          2014-07-25 00:35:46 . 2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
          2014-07-24 21:47:06 . 2014-07-24 21:47:06 869544 ----a-w- C:\Windows\system32\msvcr120_clr0400.dll
          2014-07-17 16:05:06 . 2014-07-17 16:05:06 269008 ----a-w- C:\Windows\system32\drivers\MpFilter.sys
          2014-07-17 16:05:06 . 2014-03-11 07:52:30 125584 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys
          2014-07-16 03:23:41 . 2014-08-15 13:58:41 2048 ----a-w- C:\Windows\system32\tzres.dll
          2014-07-16 02:46:02 . 2014-08-15 13:58:41 2048 ----a-w- C:\Windows\SysWow64\tzres.dll


          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))


          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
          REGEDIT4

          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrivePro1 (ErrorConflict)]
          @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
          [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
          2014-08-12 07:58:12 1729232 ----a-w- C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL

          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrivePro2 (SyncInProgress)]
          @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
          [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
          2014-08-12 07:58:12 1729232 ----a-w- C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL

          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrivePro3 (InSync)]
          @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
          [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
          2014-08-12 07:58:12 1729232 ----a-w- C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Hyperdesktop"="C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe" [2014-08-08 10:33:32 316000]
          "AdobeBridge"="" [BU]
          "RocketDock"="C:\Program Files (x86)\RocketDock\RocketDock.exe" [2007-09-02 12:58:52 495616]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
          "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-06-10 14:11:00 291648]
          "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 10:29:36 256896]
          "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 11:37:14 517096]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "ConsentPromptBehaviorAdmin"= 0 (0x0)
          "ConsentPromptBehaviorUser"= 3 (0x3)
          "EnableLUA"= 0 (0x0)
          "EnableUIADesktopToggle"= 0 (0x0)
          "PromptOnSecureDesktop"= 0 (0x0)

          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
          "LoadAppInit_DLLs"=1 (0x1)
          "AppInit_DLLs"=c:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\nvinit.dll

          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
          "mixer2"=wdmaud.drv

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
          @=""

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
          @=""

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
          @=""

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
          @=""

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
          @="Service"

          R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
          R3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
          R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
          R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys;C:\Windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
          R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe;C:\Program Files\Microsoft Security Client\NisSrv.exe [x]
          R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
          R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
          R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
          R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
          R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
          R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
          R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
          S0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\system32\DRIVERS\iusb3hcs.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
          S0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys;C:\Windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
          S2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
          S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\system32\igfxCUIService.exe;C:\Windows\SYSNATIVE\igfxCUIService.exe [x]
          S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
          S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
          S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
          S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
          S3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\system32\DRIVERS\iusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
          S3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\system32\DRIVERS\iusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
          S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.s ys [x]
          S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\MBAMSwissArmy.sys;C:\Windows\SYSNATIVE\drive rs\MBAMSwissArmy.sys [x]
          S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\system32\drivers\mwac.sys;C:\Windows\SYSNATIVE\ drivers\mwac.sys [x]
          S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
          S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\system32\drivers\nvvad64v.sys;C:\Windows\SYSNATIVE\drivers\nvvad64v.sys [x]
          S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\system32\DRIVERS\RtsBaStor.sys;C:\Windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
          S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]


          --- Andere Services/Drivers In Geheugen ---

          *NewlyCreated* - MBAMSWISSARMY
          *NewlyCreated* - WS2IFSL

          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
          2014-09-10 20:36:33 1096520 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe

          Inhoud van de 'Gedeelde Taken' map

          2014-09-15 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
          - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-08 12:23:31 . 2014-08-08 12:23:29]

          2014-09-15 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
          - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-08 12:23:31 . 2014-08-08 12:23:29]


          --------- X64 Entries -----------


          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2014-08-22 13:14:48 1331288]
          "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-08 10:13:44 12921488]
          "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-09 00:23:48 2403288]
          "ShadowPlay"="C:\Windows\system32\nvspcap64.dll" [2014-08-09 00:22:05 1283136]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
          "AppInit_DLLs"=C:\Windows\System32\nvinitx.dll

          ------- Bijkomende Scan -------

          uLocal Page = C:\Windows\system32\blank.htm
          mLocal Page = C:\Windows\SYSTEM32\blank.htm
          uInternet Settings,ProxyOverride = <-loopback>
          IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
          TCP: DhcpNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
          Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

          Comment


          • #6
            DDS:
            DDS (Ver_2012-11-20.01) - NTFS_AMD64
            Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
            Run by Artful at 19:55:28 on 2014-09-15
            Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.16384.13734 [GMT 2:00]
            .
            AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
            SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
            SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
            .
            ============== Running Processes ===============
            .
            C:\Windows\system32\lsm.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            C:\Windows\system32\nvvsvc.exe
            C:\Windows\system32\svchost.exe -k RPCSS
            C:\Program Files\Microsoft Security Client\MsMpEng.exe
            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
            C:\Windows\system32\svchost.exe -k LocalService
            C:\Windows\system32\svchost.exe -k netsvcs
            C:\Windows\system32\svchost.exe -k GPSvcGroup
            C:\Windows\system32\igfxCUIService.exe
            C:\Windows\system32\svchost.exe -k NetworkService
            C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
            C:\Windows\system32\nvvsvc.exe
            C:\Windows\System32\spoolsv.exe
            C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
            C:\Windows\system32\taskhost.exe
            C:\Windows\system32\Dwm.exe
            C:\Windows\Explorer.EXE
            C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
            C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
            C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
            C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
            C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
            C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
            C:\Windows\SysWOW64\rpcnet.exe
            C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
            C:\Windows\system32\svchost.exe -k imgsvc
            C:\Program Files\Microsoft Security Client\msseces.exe
            C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
            C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
            C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
            C:\Program Files (x86)\RocketDock\RocketDock.exe
            C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
            C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
            C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
            C:\Windows\system32\SearchIndexer.exe
            C:\Program Files\Windows Media Player\wmpnetwk.exe
            C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
            C:\Windows\system32\sppsvc.exe
            C:\Windows\system32\wbem\wmiprvse.exe
            C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            C:\Windows\system32\wbem\wmiprvse.exe
            C:\Windows\System32\cscript.exe
            .
            ============== Pseudo HJT Report ===============
            .
            uProxyOverride = <-loopback>
            BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
            BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
            BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
            BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
            BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO.dll
            uRun: [Hyperdesktop] C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
            uRun: [AdobeBridge] <no file>
            mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
            mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
            mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
            uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
            uPolicies-Explorer: NoDrives = dword:0
            mPolicies-Explorer: NoDrives = dword:0
            mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
            mPolicies-System: ConsentPromptBehaviorUser = dword:3
            mPolicies-System: EnableLUA = dword:0
            mPolicies-System: EnableUIADesktopToggle = dword:0
            mPolicies-System: PromptOnSecureDesktop = dword:0
            mPolicies-Windows\System: EnableSmartScreen = dword:0
            IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
            TCP: NameServer = 212.54.40.25 212.54.44.54 192.168.1.1
            TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C} : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
            TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C}\3557E636C6163737 : DHCPNameServer = 8.8.8.8 8.8.4.4
            TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C}\A45627F656E60256E602441616E6D25374 : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
            TCP: Interfaces\{E1035564-32BE-440A-8F4F-373AEDB8FD86} : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
            Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
            Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
            AppInit_DLLs= c:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\nvinit.dll
            SSODL: WebCheck - <orphaned>
            mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
            x64-mStart Page = about:blank
            x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
            x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
            x64-BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO64.dll
            x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
            x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
            x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
            x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
            x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
            x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
            x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
            x64-SSODL: WebCheck - <orphaned>
            .
            ============= SERVICES / DRIVERS ===============
            .
            R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-24 19264]
            R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
            R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-8-8 32544]
            R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-1-28 32336]
            R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 314696]
            R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-15 1809720]
            R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-15 860472]
            R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-8 1720792]
            R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-8 18973144]
            R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-24 357184]
            R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-24 789824]
            R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-15 25816]
            R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-15 122584]
            R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-15 63704]
            R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-8 20440]
            R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-8 40392]
            R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2014-8-8 295056]
            R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-8-8 685160]
            S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
            S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
            S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
            S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
            S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
            S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
            S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
            S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-8 19456]
            S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
            S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-8 56832]
            S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-8-8 30208]
            S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-6-10 54784]
            S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-8-8 1255736]
            .
            =============== Created Last 30 ================
            .
            2014-09-15 17:53:47 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FFDD97A-F2D3-46C2-929C-A4421014A217}\mpengine.dll
            2014-09-15 17:49:55 144 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
            2014-09-15 17:49:55 -------- d-----w- C:\$RECYCLE.BIN
            2014-09-15 17:39:58 98816 ----a-w- C:\Windows\sed.exe
            2014-09-15 17:39:58 256000 ----a-w- C:\Windows\PEV.exe
            2014-09-15 17:39:58 208896 ----a-w- C:\Windows\MBR.exe
            2014-09-15 17:39:53 -------- d-----w- C:\ComboFix
            2014-09-15 17:01:21 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
            2014-09-15 16:59:53 -------- d-----w- C:\AdwCleaner
            2014-09-15 15:28:30 -------- d-----w- C:\ProgramData\Movavi Video Suite 12
            2014-09-15 15:02:39 -------- d-----w- C:\Program Files (x86)\Movavi Core 5.1.0
            2014-09-15 14:58:58 -------- d-----w- C:\ProgramData\Movavi
            2014-09-15 14:58:45 -------- d-----w- C:\Program Files (x86)\Movavi Video Suite 12
            2014-09-15 14:50:56 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
            2014-09-15 14:50:30 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
            2014-09-15 14:50:30 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
            2014-09-15 14:50:30 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
            2014-09-15 14:50:30 -------- d-----w- C:\ProgramData\Malwarebytes
            2014-09-15 14:50:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
            2014-09-13 10:01:39 -------- d-----w- C:\Users\Artful\AppData\Roaming\Wise Uninstaller
            2014-09-13 09:59:29 -------- d-----w- C:\Program Files\Wise Program Uninstaller
            2014-09-13 09:45:17 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
            2014-09-12 16:37:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Movavi
            2014-09-12 16:37:26 -------- d-----w- C:\Users\Artful\AppData\Local\Movavi
            2014-09-11 17:43:02 -------- d-----w- C:\Users\Artful\.swt
            2014-09-11 17:42:05 -------- d-----w- C:\Users\Artful\AppData\Roaming\Azureus
            2014-09-11 17:42:02 -------- d-----w- C:\Program Files (x86)\Vuze
            2014-09-11 11:02:07 -------- d-----w- C:\Program Files\HitmanPro
            2014-09-11 11:01:09 -------- d-----w- C:\ProgramData\HitmanPro
            2014-09-11 06:07:08 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
            2014-09-11 06:07:07 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
            2014-09-10 21:12:11 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
            2014-09-10 21:12:11 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
            2014-09-10 21:11:58 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
            2014-09-10 21:11:57 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
            2014-09-10 21:11:44 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
            2014-09-10 21:11:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
            2014-09-10 21:11:44 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
            2014-09-10 21:11:44 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
            2014-09-10 21:11:44 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
            2014-09-10 21:11:39 578048 ----a-w- C:\Windows\System32\aepdu.dll
            2014-09-10 21:11:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
            2014-09-10 17:43:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
            2014-09-10 17:43:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
            2014-09-10 17:04:17 -------- d-----w- C:\Users\Artful\AppData\Roaming\iFunbox_UserCache
            2014-09-10 17:04:11 -------- d-----w- C:\Program Files (x86)\i-Funbox DevTeam
            2014-09-10 15:00:55 -------- d-----w- C:\Users\Artful\AppData\Local\pangu
            2014-09-10 14:57:40 -------- d-----w- C:\ProgramData\PicRec
            2014-09-10 14:57:37 -------- d-----w- C:\http_filter
            2014-09-10 14:57:36 -------- d-----w- C:\Program Files\Common Files\PicRec
            2014-09-10 14:57:30 49880 ----a-w- C:\Windows\System32\drivers\netmon_wfp.sys
            2014-09-10 14:57:18 -------- d-----w- C:\Program Files (x86)\PicRec (x86)
            2014-09-09 18:14:17 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
            2014-09-09 18:13:19 -------- d-----w- C:\Program Files\iPod
            2014-09-09 18:13:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
            2014-09-09 18:13:18 -------- d-----w- C:\Program Files\iTunes
            2014-09-09 18:13:18 -------- d-----w- C:\Program Files (x86)\iTunes
            2014-09-09 18:12:24 -------- d-----w- C:\Program Files\Bonjour
            2014-09-09 18:12:24 -------- d-----w- C:\Program Files (x86)\Bonjour
            2014-09-08 19:24:45 -------- d-----w- C:\Users\Artful\AppData\Roaming\MPC-HC
            2014-09-08 19:23:29 -------- d-----w- C:\Program Files\MPC-HC
            2014-09-08 17:09:47 -------- d-----w- C:\Users\Artful\AppData\Local\Apple Computer
            2014-09-08 17:09:47 -------- d-----w- C:\ProgramData\boost_interprocess
            2014-09-08 17:09:45 -------- d-----w- C:\Users\Artful\AppData\Local\Plex Media Server
            2014-09-08 17:08:45 -------- d-----w- C:\Program Files (x86)\Plex
            2014-09-08 17:08:33 -------- d-----w- C:\ProgramData\Package Cache
            2014-09-08 16:57:54 580096 ----a-w- C:\Windows\System32\ac3filter.acm.old
            2014-09-08 16:57:54 2231296 ----a-w- C:\Windows\System32\ac3filter.acm.new
            2014-09-08 16:57:45 1679360 ----a-w- C:\Windows\SysWow64\ac3filter.acm.new
            2014-09-08 16:57:27 -------- d-----w- C:\Users\Artful\AppData\Roaming\Standard
            2014-09-08 16:57:27 -------- d-----w- C:\Program Files (x86)\Shark007
            2014-09-08 16:57:02 -------- d-----w- C:\ProgramData\Standard
            2014-09-08 16:52:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Shark007
            2014-09-08 16:52:29 -------- d-----w- C:\ProgramData\Shark007
            2014-09-08 16:52:25 2231296 ----a-w- C:\Windows\System32\ac3filter.acm
            2014-09-08 16:52:24 2050560 ----a-w- C:\Windows\System32\VSFilter.dll
            2014-09-08 16:52:24 -------- d-----w- C:\Program Files\Shark007
            2014-09-03 08:36:08 -------- d-----w- C:\Users\Artful\AppData\Local\Mozilla
            2014-09-03 08:36:08 -------- d-----w- C:\ProgramData\Acunetix WVS 9
            2014-08-29 21:11:00 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D9CF5FE-2C18-40F8-B90E-307F647477FD}\gapaengine.dll
            2014-08-27 18:00:16 404480 ----a-w- C:\Windows\System32\gdi32.dll
            2014-08-27 18:00:16 3163648 ----a-w- C:\Windows\System32\win32k.sys
            2014-08-27 18:00:16 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
            2014-08-25 13:51:29 -------- d-----w- C:\Program Files\CCleaner
            2014-08-22 08:52:22 -------- d-----w- C:\Program Files (x86)\Bigasoft
            2014-08-19 11:01:29 -------- d-----w- C:\Users\Artful\AppData\Local\Sanford,_L.P
            2014-08-19 10:59:46 -------- d-----w- C:\Users\Artful\AppData\Local\DYMO
            2014-08-19 10:58:00 -------- d-----w- C:\Program Files (x86)\DYMO
            2014-08-19 10:57:58 -------- d-----w- C:\ProgramData\DYMO
            .
            ==================== Find3M ====================
            .
            2014-09-15 17:49:53 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
            2014-09-15 17:49:51 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
            2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
            2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
            2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
            2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
            2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
            2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
            2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
            2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
            2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
            2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
            2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
            2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
            2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
            2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
            2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
            2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
            2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
            2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
            2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
            2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
            2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
            2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
            2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
            2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
            2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
            2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
            2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
            2014-08-09 00:22:16 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
            2014-08-09 00:22:16 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
            2014-08-09 00:22:05 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
            2014-08-09 00:22:05 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
            2014-08-08 21:11:36 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
            2014-08-08 21:11:15 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
            2014-08-08 18:14:28 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
            2014-08-08 13:00:37 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
            2014-08-08 10:40:01 69792 ------w- C:\Windows\SysWow64\rpcnet.exe
            2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
            2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
            2014-07-17 16:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
            2014-07-17 16:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
            2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
            2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
            2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
            2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
            2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
            2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
            2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
            2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
            2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
            2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
            2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
            2014-07-02 18:55:41 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
            2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
            2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
            2014-07-02 18:55:41 2559960 ----a-w- C:\Windows\System32\nvsvcr.dll
            2014-07-02 18:55:41 1084704 ----a-w- C:\Windows\System32\nv3dappshext.dll
            2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
            2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
            2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
            2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
            2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
            .
            ============= FINISH: 19:56:04,53 ===============

            Comment


            • #7
              Deze tools mag je verwijderen via Programma's en oderdelen:
              .
              • Vuze
              • Azureus

              .
              PC herstartten.


              Download of Update Ccleaner

              Start CCleaner op.
              • Run Ccleaner en klik in de linkse kolom op Opties
              • Selecteer het tabblad Geavanceerd
              • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
              • Selecteer het tabblad Instellingen
              • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
              • Klik in de linkse kolom op Cleaner.
              • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
              • Klik vervolgens in de linkse kolom op Register
              • Klik op Scan naar problemen.
              • Op de vraag of je een backup wil maken van het register, klik je "Ja".
              • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

              .


              Post een verse DDS log.
              Post de attached.txt als bijlage.
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                DDS (Ver_2012-11-20.01) - NTFS_AMD64
                Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
                Run by Artful at 20:51:43 on 2014-09-15
                Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.16384.13332 [GMT 2:00]
                .
                AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
                SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
                SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                .
                ============== Running Processes ===============
                .
                C:\Windows\system32\lsm.exe
                C:\Windows\system32\svchost.exe -k DcomLaunch
                C:\Windows\system32\nvvsvc.exe
                C:\Windows\system32\svchost.exe -k RPCSS
                C:\Program Files\Microsoft Security Client\MsMpEng.exe
                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                C:\Windows\system32\svchost.exe -k LocalService
                C:\Windows\system32\svchost.exe -k netsvcs
                C:\Windows\system32\svchost.exe -k GPSvcGroup
                C:\Windows\system32\igfxCUIService.exe
                C:\Windows\system32\svchost.exe -k NetworkService
                C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                C:\Windows\system32\nvvsvc.exe
                C:\Windows\System32\spoolsv.exe
                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                C:\Windows\system32\taskhost.exe
                C:\Windows\system32\Dwm.exe
                C:\Windows\Explorer.EXE
                C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                C:\Program Files\Bonjour\mDNSResponder.exe
                C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
                C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
                C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
                C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
                C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
                C:\Windows\SysWOW64\rpcnet.exe
                C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
                C:\Windows\system32\svchost.exe -k imgsvc
                C:\Program Files\Microsoft Security Client\msseces.exe
                C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
                C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
                C:\Program Files (x86)\RocketDock\RocketDock.exe
                C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
                C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                C:\Windows\system32\SearchIndexer.exe
                C:\Program Files\Windows Media Player\wmpnetwk.exe
                C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                C:\Program Files (x86)\Spotnet\Spotnet.exe
                C:\Windows\system32\taskhost.exe
                C:\Program Files (x86)\Spotnet\SABnzbd.exe
                C:\Windows\system32\wbem\wmiprvse.exe
                C:\Windows\system32\SearchProtocolHost.exe
                C:\Windows\system32\SearchFilterHost.exe
                C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                C:\Windows\system32\wbem\wmiprvse.exe
                C:\Windows\System32\cscript.exe
                .
                ============== Pseudo HJT Report ===============
                .
                uProxyOverride = <-loopback>
                BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
                BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
                BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO.dll
                uRun: [Hyperdesktop] C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
                uRun: [AdobeBridge] <no file>
                mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
                mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
                uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
                uPolicies-Explorer: NoDrives = dword:0
                mPolicies-Explorer: NoDrives = dword:0
                mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
                mPolicies-System: ConsentPromptBehaviorUser = dword:3
                mPolicies-System: EnableLUA = dword:0
                mPolicies-System: EnableUIADesktopToggle = dword:0
                mPolicies-System: PromptOnSecureDesktop = dword:0
                mPolicies-Windows\System: EnableSmartScreen = dword:0
                IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
                TCP: NameServer = 212.54.40.25 212.54.44.54 192.168.1.1
                TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C} : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
                TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C}\3557E636C6163737 : DHCPNameServer = 8.8.8.8 8.8.4.4
                TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C}\A45627F656E60256E602441616E6D25374 : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
                TCP: Interfaces\{E1035564-32BE-440A-8F4F-373AEDB8FD86} : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
                Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
                Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
                AppInit_DLLs= c:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\nvinit.dll
                SSODL: WebCheck - <orphaned>
                mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                x64-mStart Page = about:blank
                x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
                x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
                x64-BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO64.dll
                x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
                x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
                x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
                x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
                x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
                x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
                x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
                x64-SSODL: WebCheck - <orphaned>
                .
                ============= SERVICES / DRIVERS ===============
                .
                R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-24 19264]
                R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
                R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-8-8 32544]
                R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-1-28 32336]
                R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 314696]
                R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-15 1809720]
                R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-15 860472]
                R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-8 1720792]
                R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-8 18973144]
                R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-24 357184]
                R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-24 789824]
                R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-15 25816]
                R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-15 122584]
                R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-15 63704]
                R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-8 20440]
                R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-8 40392]
                R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2014-8-8 295056]
                R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-8-8 685160]
                S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
                S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
                S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
                S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
                S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
                S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-8 19456]
                S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
                S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-8 56832]
                S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-8-8 30208]
                S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-6-10 54784]
                S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-8-8 1255736]
                .
                =============== Created Last 30 ================
                .
                2014-09-15 17:53:47 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FFDD97A-F2D3-46C2-929C-A4421014A217}\mpengine.dll
                2014-09-15 17:49:55 144 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
                2014-09-15 17:49:55 -------- d-----w- C:\$RECYCLE.BIN
                2014-09-15 17:39:58 98816 ----a-w- C:\Windows\sed.exe
                2014-09-15 17:39:58 256000 ----a-w- C:\Windows\PEV.exe
                2014-09-15 17:39:58 208896 ----a-w- C:\Windows\MBR.exe
                2014-09-15 17:39:53 -------- d-----w- C:\ComboFix
                2014-09-15 17:01:21 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
                2014-09-15 16:59:53 -------- d-----w- C:\AdwCleaner
                2014-09-15 15:28:30 -------- d-----w- C:\ProgramData\Movavi Video Suite 12
                2014-09-15 15:02:39 -------- d-----w- C:\Program Files (x86)\Movavi Core 5.1.0
                2014-09-15 14:58:58 -------- d-----w- C:\ProgramData\Movavi
                2014-09-15 14:58:45 -------- d-----w- C:\Program Files (x86)\Movavi Video Suite 12
                2014-09-15 14:50:56 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
                2014-09-15 14:50:30 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
                2014-09-15 14:50:30 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
                2014-09-15 14:50:30 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
                2014-09-15 14:50:30 -------- d-----w- C:\ProgramData\Malwarebytes
                2014-09-15 14:50:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
                2014-09-13 10:01:39 -------- d-----w- C:\Users\Artful\AppData\Roaming\Wise Uninstaller
                2014-09-13 09:59:29 -------- d-----w- C:\Program Files\Wise Program Uninstaller
                2014-09-13 09:45:17 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                2014-09-12 16:37:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Movavi
                2014-09-12 16:37:26 -------- d-----w- C:\Users\Artful\AppData\Local\Movavi
                2014-09-11 17:43:02 -------- d-----w- C:\Users\Artful\.swt
                2014-09-11 17:42:05 -------- d-----w- C:\Users\Artful\AppData\Roaming\Azureus
                2014-09-11 11:02:07 -------- d-----w- C:\Program Files\HitmanPro
                2014-09-11 11:01:09 -------- d-----w- C:\ProgramData\HitmanPro
                2014-09-11 06:07:08 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
                2014-09-11 06:07:07 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
                2014-09-10 21:12:11 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
                2014-09-10 21:12:11 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
                2014-09-10 21:11:58 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
                2014-09-10 21:11:57 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
                2014-09-10 21:11:44 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
                2014-09-10 21:11:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
                2014-09-10 21:11:44 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
                2014-09-10 21:11:44 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
                2014-09-10 21:11:44 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
                2014-09-10 21:11:39 578048 ----a-w- C:\Windows\System32\aepdu.dll
                2014-09-10 21:11:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
                2014-09-10 17:43:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
                2014-09-10 17:43:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
                2014-09-10 17:04:17 -------- d-----w- C:\Users\Artful\AppData\Roaming\iFunbox_UserCache
                2014-09-10 17:04:11 -------- d-----w- C:\Program Files (x86)\i-Funbox DevTeam
                2014-09-10 15:00:55 -------- d-----w- C:\Users\Artful\AppData\Local\pangu
                2014-09-10 14:57:40 -------- d-----w- C:\ProgramData\PicRec
                2014-09-10 14:57:37 -------- d-----w- C:\http_filter
                2014-09-10 14:57:36 -------- d-----w- C:\Program Files\Common Files\PicRec
                2014-09-10 14:57:30 49880 ----a-w- C:\Windows\System32\drivers\netmon_wfp.sys
                2014-09-10 14:57:18 -------- d-----w- C:\Program Files (x86)\PicRec (x86)
                2014-09-09 18:14:17 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
                2014-09-09 18:13:19 -------- d-----w- C:\Program Files\iPod
                2014-09-09 18:13:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
                2014-09-09 18:13:18 -------- d-----w- C:\Program Files\iTunes
                2014-09-09 18:13:18 -------- d-----w- C:\Program Files (x86)\iTunes
                2014-09-09 18:12:24 -------- d-----w- C:\Program Files\Bonjour
                2014-09-09 18:12:24 -------- d-----w- C:\Program Files (x86)\Bonjour
                2014-09-08 19:24:45 -------- d-----w- C:\Users\Artful\AppData\Roaming\MPC-HC
                2014-09-08 19:23:29 -------- d-----w- C:\Program Files\MPC-HC
                2014-09-08 17:09:47 -------- d-----w- C:\Users\Artful\AppData\Local\Apple Computer
                2014-09-08 17:09:47 -------- d-----w- C:\ProgramData\boost_interprocess
                2014-09-08 17:09:45 -------- d-----w- C:\Users\Artful\AppData\Local\Plex Media Server
                2014-09-08 17:08:45 -------- d-----w- C:\Program Files (x86)\Plex
                2014-09-08 17:08:33 -------- d-----w- C:\ProgramData\Package Cache
                2014-09-08 16:57:54 580096 ----a-w- C:\Windows\System32\ac3filter.acm.old
                2014-09-08 16:57:54 2231296 ----a-w- C:\Windows\System32\ac3filter.acm.new
                2014-09-08 16:57:45 1679360 ----a-w- C:\Windows\SysWow64\ac3filter.acm.new
                2014-09-08 16:57:27 -------- d-----w- C:\Users\Artful\AppData\Roaming\Standard
                2014-09-08 16:57:27 -------- d-----w- C:\Program Files (x86)\Shark007
                2014-09-08 16:57:02 -------- d-----w- C:\ProgramData\Standard
                2014-09-08 16:52:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Shark007
                2014-09-08 16:52:29 -------- d-----w- C:\ProgramData\Shark007
                2014-09-08 16:52:25 2231296 ----a-w- C:\Windows\System32\ac3filter.acm
                2014-09-08 16:52:24 2050560 ----a-w- C:\Windows\System32\VSFilter.dll
                2014-09-08 16:52:24 -------- d-----w- C:\Program Files\Shark007
                2014-09-03 08:36:08 -------- d-----w- C:\Users\Artful\AppData\Local\Mozilla
                2014-09-03 08:36:08 -------- d-----w- C:\ProgramData\Acunetix WVS 9
                2014-08-29 21:11:00 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D9CF5FE-2C18-40F8-B90E-307F647477FD}\gapaengine.dll
                2014-08-27 18:00:16 404480 ----a-w- C:\Windows\System32\gdi32.dll
                2014-08-27 18:00:16 3163648 ----a-w- C:\Windows\System32\win32k.sys
                2014-08-27 18:00:16 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
                2014-08-25 13:51:29 -------- d-----w- C:\Program Files\CCleaner
                2014-08-22 08:52:22 -------- d-----w- C:\Program Files (x86)\Bigasoft
                2014-08-19 11:01:29 -------- d-----w- C:\Users\Artful\AppData\Local\Sanford,_L.P
                2014-08-19 10:59:46 -------- d-----w- C:\Users\Artful\AppData\Local\DYMO
                2014-08-19 10:58:00 -------- d-----w- C:\Program Files (x86)\DYMO
                2014-08-19 10:57:58 -------- d-----w- C:\ProgramData\DYMO
                .
                ==================== Find3M ====================
                .
                2014-09-15 17:49:53 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
                2014-09-15 17:49:51 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
                2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
                2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
                2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
                2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
                2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
                2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
                2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
                2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
                2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
                2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
                2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
                2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
                2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
                2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
                2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
                2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
                2014-08-09 00:22:16 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
                2014-08-09 00:22:16 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
                2014-08-09 00:22:05 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
                2014-08-09 00:22:05 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
                2014-08-08 21:11:36 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
                2014-08-08 21:11:15 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
                2014-08-08 18:14:28 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                2014-08-08 13:00:37 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
                2014-08-08 10:40:01 69792 ------w- C:\Windows\SysWow64\rpcnet.exe
                2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
                2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
                2014-07-17 16:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
                2014-07-17 16:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
                2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
                2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
                2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
                2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
                2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
                2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
                2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
                2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
                2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
                2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
                2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
                2014-07-02 18:55:41 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
                2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
                2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
                2014-07-02 18:55:41 2559960 ----a-w- C:\Windows\System32\nvsvcr.dll
                2014-07-02 18:55:41 1084704 ----a-w- C:\Windows\System32\nv3dappshext.dll
                2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
                2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
                2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
                2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
                2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
                .
                ============= FINISH: 20:52:07,05 ===============
                Bijgevoegde Bestanden

                Comment


                • #9
                  Prima.

                  Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                  ComboFix /Uninstall

                  Zorg ervoor dat er dus een spatie is tussen Combofix en /
                  Daarna klik je op Enter.


                  Klik op de afbeelding om te vergroten....


                  Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw,
                  verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen
                  en reset je Systeemherstel opnieuw.



                  Start CCleaner op.
                  • Run Ccleaner en klik in de linkse kolom op Opties
                  • Selecteer het tabblad Geavanceerd
                  • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                  • Selecteer het tabblad Instellingen
                  • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                  • Klik in de linkse kolom op Cleaner.
                  • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                  • Klik vervolgens in de linkse kolom op Register
                  • Klik op Scan naar problemen.
                  • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                  • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                  .

                  Vertel nu eens even of er nog problemen zijn?

                  Emphyrio
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    Alles uitgevoerd!

                    Ik zal het deze dagen gaan ondervinden

                    Voor nu heel erg bedankt! Top service!

                    Groeten,
                    Jeroen

                    Comment


                    • #11
                      1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                      2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                      Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                      3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                      4) Allerlei tips en hints kan je hier raadplegen.


                      Ik zet het topic op opgelost.

                      Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
                      naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                      Dit is gedaan om het forum netjes en overzichtelijk te houden.

                      Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                      Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                      Emphyrio
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment


                      • #12
                        Hoi Emphyrio,

                        Ik vind dat na al deze handelingen hier internet erg langzaam opstart,laad, etc. Kan dit hiermee te maken hebben?

                        Groeten,
                        Jeroen

                        Comment


                        • #13
                          Oorspronkelijk geplaatst door Artfuldesign Bekijk Berichten
                          Hoi Emphyrio,

                          Ik vind dat na al deze handelingen hier internet erg langzaam opstart,laad, etc. Kan dit hiermee te maken hebben?

                          Groeten,
                          Jeroen
                          Nee, integedeel er is een hoop malware verwijderdt geweest van je pc.


                          Voer de stappen eens uit beschreven op deze pagina's:

                          Handleiding voor een schone PC.

                          Schijfopruiming met CCleaner.

                          Vertel dan eens even of je problemen opgelost zijn.

                          Emphyrio
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            Hoi Emphyrio,

                            De handelingen hierboven beschreven had ik al allemaal uitgevoerd. Het laden duurt echt langer als voorheen.

                            Groeten,
                            Jeroen

                            Comment


                            • #15
                              Ik zal nog eens even kijken....

                              Download E-PeekSetup.exe naar je bureaublad.
                              Dubbelklik erop en volg de instructies.
                              Op het einde van de installatie, zal E-Peek opstarten.
                              Klik OK op het eerste scherm en vervolgens "Scan".
                              Post de log.
                              Last edited by Emphyrio; 18-09-14, 19:54.
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X