Mededeling

**Emphyrio** · 15-09-14, 15:46

Hoi Artfuldesign en welkom op Nucia Security Forum,

Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
.

Log enkel in als beheerder met alle rechten.
Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
Volg aandachtig de instructies die door mij worden gegeven.
Volg enkel het door mij gegeven advies op
Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
Als je iets niet weet of verstaat, vraag het dan even aub.
Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
De logs niet als bijlage, noch tussen codetags zetten aub.

.
Opmerking: Alle tools steeds uitvoeren als admin.
De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....

Stap 1:

Malware scannen en verwijderen....

Installeer MBAM 2.0 (info & download link)

Start MBAM.
Klik bovenin het scherm van Malwarebytes Anti-Malware op Scan.
Kies in het scherm voor de Aangepaste scan en vink de partities aan die van toepassing zijn (c:\ d\ enz..)
Klik vervolgens op de knop Scan nu.

Voor het scannen wordt er altijd eerst automatisch gecontroleerd of er updates van de virusdefinities beschikbaar zijn, indien er een update beschikbaar is, moet je deze eerst laten installeren.

Wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijg je hier een overzicht van.
Selecteer om allen in quarantaine te plaatsen.
Bij de melding dat uw computer opnieuw opgestart moet worden klik je op Ja.

Na herstart van de PC, indien Malwarebytes heeft gevraagd om de PC opnieuw op te starten, open Malwarebytes opnieuw.
Klik de Historie knop bovenaan in het menu.
Klik vervolgens op de optie programmalogboeken en selecteer het Scanlogboek wat u wilt exporteren. Dit is de laatste scan die je hebt gedaan (kan je zien aan de datum en tijd).
Selecteer deze om te bekijken.
In een nieuw venster dat zal openen zal je de resultaten van je scan zien.

Onderaan, selecteer ofwel om te exporteren als tekstbestand en geef het tekstbestand een naam, bijvoorbeeld mbamlog.
Ofwel kan je selecteren om te kopieren naar het klembord, zodat de inhoud van de log naar je klembord wordt gekopieerd en je die zo in je volgende post kan plakken.

Stap 2:

Controle op slechte toolbars...

Download AdwCleaner by Xplode naar je Bureaublad.

Sluit alle openstaande vensters
Start AdwCleaner
Klik op Scannen
Klik op Verwijderen

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
Post deze inhoud hier op het Forum.

Enkel de log na de "Verwijderen" optie heb ik nodig.

Vergeet niet om je "smileys" uit te schakelen.

Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
Deze word standaard door AdwCleaner terug gezet naar Google.com

Stap 3:

Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:

DDS is een diagnosetool en maakt gebruik van scripts.
Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.

Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
Beide logfiles sla je op je bureaublad.

Post de inhoud van DDS.txt.

De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

Stap 4:

Download Security Check op je bureaublad via hier of hier

Start Security Check
Volg de Instructies in het scherm
Aan het eind verschijnt een log ( checkup.txt )
Plaats de inhoud ervan in je volgende antwoord.

In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
.

MBAM
AdwCleaner
DDS
checkup.txt

.
Deze logs NIET als bijlage of tussen codetags posten aub.
(Desnoods in meerdere postingen.)

Emphyrio

**Artfuldesign** · 15-09-14, 18:20

Hierbij de logjes:

MBAM:Malwarebytes Anti-Malware

Cyber Security Software & Anti-Malware | Malwarebytes

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from the latest cyber threats and malware, including ransomware.

Scan Date: 15-9-2014
Scan Time: 16:51:33
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.15.07
Rootkit Database: v2014.09.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Artful

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 509877
Time Elapsed: 1 hr, 46 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, Quarantined, [1cd767865a210f276624986c27dc19e7],
PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\RocketTab, Quarantined, [9f54fcf1e49783b3899ee7191ce7dd23],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [49aa5f8e661575c18a7b9acf7391d12f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, [797a5895a6d5320415b14eb447bcbf41],
PUP.Optional.RocketTab.A, HKU\S-1-5-21-1592524675-1410301248-110674532-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, Quarantined, [718288652d4e3df9fc2dbd435ca73fc1],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-1592524675-1410301248-110674532-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, Quarantined, [29cad419057665d19aeac73d0df6768a],

Registry Values: 2
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, smt, Quarantined, [797a5895a6d5320415b14eb447bcbf41]
PUP.Optional.RocketTab.A, HKU\S-1-5-21-1592524675-1410301248-110674532-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|RocketTab, 1, Quarantined, [ab487677e09b0d296abe05fb9a69847c]

Registry Data: 3
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&t...2XXXXX5YX1LT2X, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&t...LT2X),Replaced,[1cd701ecbbc039fd435d8b68ed1725db]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.istartsurf.com/web/?type=ds&ts=1410361078&from=smt&uid=ST95005620AS_5YX1LT2XXXXX5YX1LT2X&q={searchTerms}, Good: (www.google.com), Bad: (http://www.istartsurf.com/web/?type=ds&ts=1410361078&from=smt&uid=ST95005620AS_5YX1LT2XXXXX5YX1LT2X&q={searchTerms}),Replaced,[668d21cc9ae1c274aee8e013e32126da]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&t...2XXXXX5YX1LT2X, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&t...LT2X),Replaced,[a053a647f2890b2bd2ce589ba85c35cb]

Folders: 12
Adware.PicRec, C:\Windows\Microsoft\UpdatingService, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [cb28f0fd0b701c1a56a3536e1de5d828],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Quarantined, [ba3996573546f244cd82a7408d757f81],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [ba3996573546f244cd82a7408d757f81],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, [36bd9b524f2cf145f7c8e6032dd5c53b],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, Quarantined, [36bd9b524f2cf145f7c8e6032dd5c53b],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [36bd9b524f2cf145f7c8e6032dd5c53b],
PUP.Optional.IStartSurf.A, C:\Users\Artful\AppData\Roaming\istartsurf, Quarantined, [faf9bb3202793ff763059d5532d0eb15],
PUP.Optional.IStartSurf.A, C:\Users\Artful\AppData\Roaming\istartsurf\log, Quarantined, [faf9bb3202793ff763059d5532d0eb15],

Files: 40
PUP.Keygen.Intro, C:\Downloads\Ardfry PSD Codec v1430\KGN\CORE10k.EXE, No Action By User, [02f145a8f883092d4e51218905ff0000],
RiskWare.Tool.CK, C:\Downloads\Ardfry PSD Codec v1430\KGN\keygen.exe, No Action By User, [a25187666615a19528e0b8df04fcd828],
Hacktool.Agent, C:\Downloads\DAZ Loader 221\Windows Loader.exe, No Action By User, [6c8712dbbfbc6bcb6e57db7e4eb38f71],
PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\amtlib.dll, Quarantined, [40b36885700bde5878e9aa87976bb24e],
PUP.Optional.SearchHijacker.A, C:\Users\Artful\AppData\Local\Temp\smt_istartsurf.exe, Quarantined, [7b78bd3055261125402b614dab56db25],
Trojan.Agent, C:\Users\Artful\AppData\Local\Temp\3EA5.tmp, Quarantined, [4da6eeff86f5a98d9e07b4ce778b659b],
Adware.PicRec, C:\Windows\Microsoft\UpdatingService\BaseLibrary.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
Adware.PicRec, C:\Windows\Microsoft\UpdatingService\ConfigurationData.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
Adware.PicRec, C:\Windows\Microsoft\UpdatingService\InstallerLibrary.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
Adware.PicRec, C:\Windows\Microsoft\UpdatingService\LinqBridge.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
Adware.PicRec, C:\Windows\Microsoft\UpdatingService\NetServ.Net.Json.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
Adware.PicRec, C:\Windows\Microsoft\UpdatingService\NewVersionDownloader.exe, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
Adware.PicRec, C:\Windows\Microsoft\UpdatingService\SQLite.Interop.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
Adware.PicRec, C:\Windows\Microsoft\UpdatingService\System.Data.SQLite.dll, Quarantined, [b53e0edff685f3431bfe9f5f3fc3f30d],
Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\BaseLibrary.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\ConfigurationData.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\InstallerLibrary.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\Interop.SHDocVw.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\LinqBridge.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\NDde.DLL, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\SQLite.Interop.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\System.Data.SQLite.dll, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
Adware.PicRec, C:\Users\Artful\AppData\Local\PicRec\wsystem.exe, Quarantined, [e80bc32aa2d9b77f1cfe06f8a9596799],
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, Quarantined, [d61d86678eed72c42803d22efb0839c7],
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab Update Task, Quarantined, [e40f519c1368aa8c0d1e53adda29a65a],
Rogue.Multiple, C:\ProgramData\374311380\BIT3467.tmp, Quarantined, [cb28f0fd0b701c1a56a3536e1de5d828],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\config.dat, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\makecert.exe, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\TrustedRoot.cer, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\certutil.exe, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libnspr4.dll, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libplc4.dll, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libplds4.dll, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\nss3.dll, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\smime3.dll, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\softokn3.dll, Quarantined, [a74cc8254f2cf640b82ad8fd2fd3e11f],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, [ba3996573546f244cd82a7408d757f81],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-10[16-58-30-131].log, Quarantined, [36bd9b524f2cf145f7c8e6032dd5c53b],
PUP.Optional.IStartSurf.A, C:\Users\Artful\AppData\Roaming\istartsurf\UninstallManager.exe, Quarantined, [faf9bb3202793ff763059d5532d0eb15],
PUP.Optional.IStartSurf.A, C:\Users\Artful\AppData\Roaming\istartsurf\log\UninstallManager_2014-09-10[17-00-18-817].log, Quarantined, [faf9bb3202793ff763059d5532d0eb15],

Physical Sectors: 0
(No malicious items detected)

(end)

AdwCleaner:
# AdwCleaner v3.310 - Rapport aangemaakt 15/09/2014 op 19:11:29
# Laatste Update 12/09/2014 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : Artful - ARTFUL-PC
# Gestart vanuit : C:\Users\Artful\Desktop\adwcleaner_3.310.exe
# Optie : Verwijderen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

***** [ Taken ] *****

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Google Chrome v37.0.2062.120

[ Bestand : C:\Users\Artful\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1708 octets] - [15/09/2014 19:00:12]
AdwCleaner[R1].txt - [1768 octets] - [15/09/2014 19:01:56]
AdwCleaner[R2].txt - [1014 octets] - [15/09/2014 19:09:55]
AdwCleaner[S0].txt - [1732 octets] - [15/09/2014 19:03:48]
AdwCleaner[S1].txt - [940 octets] - [15/09/2014 19:11:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [999 octets] ##########

DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
Run by Artful at 19:14:33 on 2014-09-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.16384.13844 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\igfxTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO.dll
uRun: [Hyperdesktop] C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
TCP: NameServer = 212.54.40.25 212.54.44.54 192.168.1.1
TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C} : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C}\3557E636C6163737 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C}\A45627F656E60256E602441616E6D25374 : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
TCP: Interfaces\{E1035564-32BE-440A-8F4F-373AEDB8FD86} : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
AppInit_DLLs= c:\windows\syswow64\nvinit.dll, C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = www.google.com
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO64.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-24 19264]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-8-8 32544]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-1-28 32336]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 314696]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-15 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-15 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-8 1720792]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-8 18973144]
R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-24 357184]
R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-24 789824]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-15 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-15 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-15 63704]
R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-8 20440]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-8 40392]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2014-8-8 295056]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-8-8 685160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2014-8-8 977088]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-8 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-8 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-8-8 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-8-8 1255736]
.
=============== Created Last 30 ================
.
2014-09-15 17:01:21 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-09-15 16:59:53 -------- d-----w- C:\AdwCleaner
2014-09-15 15:28:30 -------- d-----w- C:\ProgramData\Movavi Video Suite 12
2014-09-15 15:02:39 -------- d-----w- C:\Program Files (x86)\Movavi Core 5.1.0
2014-09-15 14:58:58 -------- d-----w- C:\ProgramData\Movavi
2014-09-15 14:58:45 -------- d-----w- C:\Program Files (x86)\Movavi Video Suite 12
2014-09-15 14:50:56 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-15 14:50:30 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-15 14:50:30 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-15 14:50:30 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-15 14:50:30 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-15 14:50:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 14:36:48 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{249CE6B4-A54A-44A5-AA9F-53F7D15FE8B3}\mpengine.dll
2014-09-13 10:01:39 -------- d-----w- C:\Users\Artful\AppData\Roaming\Wise Uninstaller
2014-09-13 09:59:29 -------- d-----w- C:\Program Files\Wise Program Uninstaller
2014-09-13 09:45:17 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-12 16:37:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Movavi
2014-09-12 16:37:26 -------- d-----w- C:\Users\Artful\AppData\Local\Movavi
2014-09-11 17:43:02 -------- d-----w- C:\Users\Artful\.swt
2014-09-11 17:42:05 -------- d-----w- C:\Users\Artful\AppData\Roaming\Azureus
2014-09-11 17:42:02 -------- d-----w- C:\Program Files (x86)\Vuze
2014-09-11 11:02:07 -------- d-----w- C:\Program Files\HitmanPro
2014-09-11 11:01:09 -------- d-----w- C:\ProgramData\HitmanPro
2014-09-11 06:07:08 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 06:07:07 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 21:12:11 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 21:12:11 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-10 21:11:58 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-10 21:11:57 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 21:11:44 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 21:11:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-10 21:11:44 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 21:11:44 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 21:11:44 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-10 21:11:39 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-10 21:11:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-10 17:43:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-09-10 17:43:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 17:04:17 -------- d-----w- C:\Users\Artful\AppData\Roaming\iFunbox_UserCache
2014-09-10 17:04:11 -------- d-----w- C:\Program Files (x86)\i-Funbox DevTeam
2014-09-10 15:00:55 -------- d-----w- C:\Users\Artful\AppData\Local\pangu
2014-09-10 14:57:40 -------- d-----w- C:\ProgramData\PicRec
2014-09-10 14:57:37 -------- d-----w- C:\http_filter
2014-09-10 14:57:36 -------- d-----w- C:\Program Files\Common Files\PicRec
2014-09-10 14:57:30 49880 ----a-w- C:\Windows\System32\drivers\netmon_wfp.sys
2014-09-10 14:57:30 -------- d-----w- C:\Windows\Microsoft
2014-09-10 14:57:18 -------- d-----w- C:\Program Files (x86)\PicRec (x86)
2014-09-09 18:14:17 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-09-09 18:13:19 -------- d-----w- C:\Program Files\iPod
2014-09-09 18:13:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-09 18:13:18 -------- d-----w- C:\Program Files\iTunes
2014-09-09 18:13:18 -------- d-----w- C:\Program Files (x86)\iTunes
2014-09-09 18:12:24 -------- d-----w- C:\Program Files\Bonjour
2014-09-09 18:12:24 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-09-08 19:24:45 -------- d-----w- C:\Users\Artful\AppData\Roaming\MPC-HC
2014-09-08 19:23:29 -------- d-----w- C:\Program Files\MPC-HC
2014-09-08 17:09:47 -------- d-----w- C:\Users\Artful\AppData\Local\Apple Computer
2014-09-08 17:09:47 -------- d-----w- C:\ProgramData\boost_interprocess
2014-09-08 17:09:45 -------- d-----w- C:\Users\Artful\AppData\Local\Plex Media Server
2014-09-08 17:08:45 -------- d-----w- C:\Program Files (x86)\Plex
2014-09-08 17:08:33 -------- d-----w- C:\ProgramData\Package Cache
2014-09-08 16:57:54 580096 ----a-w- C:\Windows\System32\ac3filter.acm.old
2014-09-08 16:57:54 2231296 ----a-w- C:\Windows\System32\ac3filter.acm.new
2014-09-08 16:57:45 1679360 ----a-w- C:\Windows\SysWow64\ac3filter.acm.new
2014-09-08 16:57:27 -------- d-----w- C:\Users\Artful\AppData\Roaming\Standard
2014-09-08 16:57:27 -------- d-----w- C:\Program Files (x86)\Shark007
2014-09-08 16:57:02 -------- d-----w- C:\ProgramData\Standard
2014-09-08 16:52:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Shark007
2014-09-08 16:52:29 -------- d-----w- C:\ProgramData\Shark007
2014-09-08 16:52:25 2231296 ----a-w- C:\Windows\System32\ac3filter.acm
2014-09-08 16:52:24 2050560 ----a-w- C:\Windows\System32\VSFilter.dll
2014-09-08 16:52:24 -------- d-----w- C:\Program Files\Shark007
2014-09-03 08:36:08 -------- d-----w- C:\Users\Artful\AppData\Local\Mozilla
2014-09-03 08:36:08 -------- d-----w- C:\ProgramData\Acunetix WVS 9
2014-08-29 21:11:00 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D9CF5FE-2C18-40F8-B90E-307F647477FD}\gapaengine.dll
2014-08-27 18:00:16 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-27 18:00:16 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-27 18:00:16 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-25 13:51:29 -------- d-----w- C:\Program Files\CCleaner
2014-08-22 08:52:22 -------- d-----w- C:\Program Files (x86)\Bigasoft
2014-08-19 11:01:29 -------- d-----w- C:\Users\Artful\AppData\Local\Sanford,_L.P
2014-08-19 10:59:46 -------- d-----w- C:\Users\Artful\AppData\Local\DYMO
2014-08-19 10:58:00 -------- d-----w- C:\Program Files (x86)\DYMO
2014-08-19 10:57:58 -------- d-----w- C:\ProgramData\DYMO
.
==================== Find3M ====================
.
2014-09-15 17:12:48 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2014-09-15 17:12:44 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-09 00:22:16 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-08-09 00:22:16 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-08-09 00:22:05 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-08-09 00:22:05 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-08-08 21:11:36 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2014-08-08 21:11:15 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2014-08-08 18:14:28 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-08 13:00:37 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-08 10:40:01 69792 ------w- C:\Windows\SysWow64\rpcnet.exe
2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-17 16:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 16:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 18:55:41 2559960 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-07-02 18:55:41 1084704 ----a-w- C:\Windows\System32\nv3dappshext.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
.
============= FINISH: 19:15:35,17 ===============

checkup.txt:
Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 67
Adobe Reader XI
Google Chrome 37.0.2062.103
Google Chrome 37.0.2062.120
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

Bedankt!

**Emphyrio** · 15-09-14, 18:23

Download Combofix naar je bureaublad.
(Dus niet naar een download map of temp map)

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.
Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Deze kan je vinden als C:\combofix.txt.

Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

* OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.

Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
Illegal operation attempted on a registry key that has been marked for deletion.

**Artfuldesign** · 15-09-14, 18:59

Combofix:
ComboFix 14-09-16.01 - Artful 15-09-2014 19:41:46.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.16384.14019 [GMT 2:00]
Gestart vanuit: C:\Users\Artful\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Windows\MICROSOFT
C:\Windows\MICROSOFT\sogr\BaseLibrary.dll
C:\Windows\MICROSOFT\sogr\ConfigurationData.dll
C:\Windows\MICROSOFT\sogr\InstallerLibrary.dll
C:\Windows\MICROSOFT\sogr\Ionic.Zip.dll
C:\Windows\MICROSOFT\sogr\LinqBridge.dll
C:\Windows\MICROSOFT\sogr\NetServ.Net.Json.dll
C:\Windows\MICROSOFT\sogr\SQLite.Interop.dll
C:\Windows\MICROSOFT\sogr\System.Data.SQLite.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Service KMSELDI

(((((((((((((((((((( Bestanden Gemaakt van 2014-08-15 to 2014-09-15 ))))))))))))))))))))))))))))))

2014-09-15 17:49:55 . 2014-09-15 17:49:55 144 ----a-w- C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-09-15 17:48:31 . 2014-09-15 17:48:31 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-09-15 17:01:21 . 2010-08-30 06:34:16 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-09-15 16:59:53 . 2014-09-15 17:11:45 -------- d-----w- C:\AdwCleaner
2014-09-15 15:28:30 . 2014-09-15 15:28:30 -------- d-----w- C:\ProgramData\Movavi Video Suite 12
2014-09-15 15:02:39 . 2014-09-15 15:02:52 -------- d-----w- C:\Program Files (x86)\Movavi Core 5.1.0
2014-09-15 14:58:58 . 2014-09-15 14:58:58 -------- d-----w- C:\ProgramData\Movavi
2014-09-15 14:58:45 . 2014-09-15 15:02:52 -------- d-----w- C:\Program Files (x86)\Movavi Video Suite 12
2014-09-15 14:50:56 . 2014-09-15 17:50:09 122584 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-09-15 14:50:30 . 2014-09-15 14:50:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 14:50:30 . 2014-09-15 14:50:30 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-15 14:50:30 . 2014-05-12 05:26:10 63704 ----a-w- C:\Windows\system32\drivers\mwac.sys
2014-09-15 14:50:30 . 2014-05-12 05:26:00 91352 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2014-09-15 14:50:30 . 2014-05-12 05:25:56 25816 ----a-w- C:\Windows\system32\drivers\mbam.sys
2014-09-15 14:36:48 . 2014-08-21 03:43:42 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{249CE6B4-A54A-44A5-AA9F-53F7D15FE8B3}\mpengine.dll
2014-09-13 10:01:39 . 2014-09-13 10:02:28 -------- d-----w- C:\Users\Artful\AppData\Roaming\Wise Uninstaller
2014-09-13 09:59:29 . 2014-09-13 10:01:23 -------- d-----w- C:\Program Files\Wise Program Uninstaller
2014-09-13 09:45:17 . 2014-08-21 03:43:42 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-12 16:37:29 . 2014-09-12 16:37:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Movavi
2014-09-12 16:37:26 . 2014-09-12 16:37:26 -------- d-----w- C:\Users\Artful\AppData\Local\Movavi
2014-09-11 17:43:02 . 2014-09-11 17:43:02 -------- d-----w- C:\Users\Artful\.swt
2014-09-11 17:42:05 . 2014-09-12 17:20:40 -------- d-----w- C:\Users\Artful\AppData\Roaming\Azureus
2014-09-11 17:42:02 . 2014-09-11 17:42:24 -------- d-----w- C:\Program Files (x86)\Vuze
2014-09-11 11:02:07 . 2014-09-11 11:02:07 -------- d-----w- C:\Program Files\HitmanPro
2014-09-11 11:01:09 . 2014-09-11 11:06:22 -------- d-----w- C:\ProgramData\HitmanPro
2014-09-11 06:45:03 . 2014-09-11 06:45:04 -------- d-----w- C:\Program Files (x86)\7-Zip
2014-09-11 06:07:08 . 2014-06-27 02:08:12 2777088 ----a-w- C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 06:07:07 . 2014-06-27 01:45:52 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 21:12:11 . 2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\system32\TSWorkspace.dll
2014-09-10 21:12:11 . 2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 21:11:58 . 2014-06-24 03:29:36 2565120 ----a-w- C:\Windows\system32\d3d10warp.dll
2014-09-10 21:11:57 . 2014-06-24 02:59:49 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 21:11:44 . 2014-07-07 02:06:35 728064 ----a-w- C:\Windows\system32\kerberos.dll
2014-09-10 21:11:44 . 2014-07-07 02:06:35 1460736 ----a-w- C:\Windows\system32\lsasrv.dll
2014-09-10 21:11:44 . 2014-07-07 01:40:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 21:11:44 . 2014-07-07 01:40:12 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 21:11:44 . 2014-07-07 01:39:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 21:11:39 . 2014-09-05 02:10:43 578048 ----a-w- C:\Windows\system32\aepdu.dll
2014-09-10 21:11:38 . 2014-09-05 02:05:42 424448 ----a-w- C:\Windows\system32\aeinv.dll
2014-09-10 17:43:43 . 2014-09-11 09:55:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-09-10 17:43:35 . 2014-09-11 11:07:58 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 17:04:17 . 2014-09-10 20:22:49 -------- d-----w- C:\Users\Artful\AppData\Roaming\iFunbox_UserCache
2014-09-10 17:04:11 . 2014-09-10 20:02:58 -------- d-----w- C:\Program Files (x86)\i-Funbox DevTeam
2014-09-10 15:00:55 . 2014-09-10 15:10:30 -------- d-----w- C:\Users\Artful\AppData\Local\pangu
2014-09-10 14:57:40 . 2014-09-10 14:57:40 -------- d-----w- C:\ProgramData\PicRec
2014-09-10 14:57:37 . 2014-09-10 15:00:01 -------- d-----w- C:\http_filter
2014-09-10 14:57:36 . 2014-09-10 15:00:22 -------- d-----w- C:\Program Files\Common Files\PicRec
2014-09-10 14:57:30 . 2014-08-25 10:11:32 49880 ----a-w- C:\Windows\system32\drivers\netmon_wfp.sys
2014-09-10 14:57:18 . 2014-09-10 14:57:18 -------- d-----w- C:\Program Files (x86)\PicRec (x86)
2014-09-09 18:14:17 . 2014-09-09 18:14:17 -------- dc----w- C:\Windows\system32\DRVSTORE
2014-09-09 18:14:17 . 2012-08-21 11:01:20 33240 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2014-09-09 18:13:19 . 2014-09-09 18:13:19 -------- d-----w- C:\Program Files\iPod
2014-09-09 18:13:18 . 2014-09-09 18:14:11 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-09 18:13:18 . 2014-09-09 18:14:07 -------- d-----w- C:\Program Files\iTunes
2014-09-09 18:13:18 . 2014-09-09 18:14:00 -------- d-----w- C:\Program Files (x86)\iTunes
2014-09-09 18:12:40 . 2014-09-09 18:12:40 -------- d-----w- C:\Program Files\Common Files\Apple
2014-09-09 18:12:24 . 2014-09-09 18:12:25 -------- d-----w- C:\Program Files\Bonjour
2014-09-09 18:12:24 . 2014-09-09 18:12:25 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-09-08 19:24:45 . 2014-09-08 19:24:45 -------- d-----w- C:\Users\Artful\AppData\Roaming\MPC-HC
2014-09-08 19:23:29 . 2014-09-08 19:23:32 -------- d-----w- C:\Program Files\MPC-HC
2014-09-08 17:09:47 . 2014-09-09 18:14:23 -------- d-----w- C:\Users\Artful\AppData\Local\Apple Computer
2014-09-08 17:09:47 . 2014-09-08 17:09:47 -------- d-----w- C:\ProgramData\boost_interprocess
2014-09-08 17:09:45 . 2014-09-08 17:13:15 -------- d-----w- C:\Users\Artful\AppData\Local\Plex Media Server
2014-09-08 17:08:45 . 2014-09-08 17:08:45 -------- d-----w- C:\Program Files (x86)\Plex
2014-09-08 17:08:33 . 2014-09-08 17:15:44 -------- d-----w- C:\ProgramData\Package Cache
2014-09-08 16:57:45 . 2013-04-05 22:26:24 1679360 ----a-w- C:\Windows\SysWow64\ac3filter.acm.new
2014-09-08 16:57:27 . 2014-09-08 16:57:53 -------- d-----w- C:\Users\Artful\AppData\Roaming\Standard
2014-09-08 16:57:27 . 2014-09-08 16:57:27 -------- d-----w- C:\Program Files (x86)\Shark007
2014-09-08 16:57:02 . 2014-09-08 16:57:53 -------- d-----w- C:\ProgramData\Standard
2014-09-08 16:52:29 . 2014-09-08 16:58:07 -------- d-----w- C:\Users\Artful\AppData\Roaming\Shark007
2014-09-08 16:52:29 . 2014-09-08 16:58:07 -------- d-----w- C:\ProgramData\Shark007
2014-09-08 16:52:25 . 2013-04-05 22:27:32 2231296 ----a-w- C:\Windows\system32\ac3filter.acm
2014-09-08 16:52:24 . 2014-09-08 16:57:53 -------- d-----w- C:\Program Files\Shark007
2014-09-08 16:52:24 . 2014-06-05 12:00:00 2050560 ----a-w- C:\Windows\system32\VSFilter.dll
2014-09-03 08:36:08 . 2014-09-03 08:36:08 -------- d-----w- C:\Users\Artful\AppData\Local\Mozilla
2014-09-03 08:36:08 . 2014-09-03 08:36:08 -------- d-----w- C:\ProgramData\Acunetix WVS 9
2014-08-29 21:11:00 . 2014-08-20 17:13:28 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D9CF5FE-2C18-40F8-B90E-307F647477FD}\gapaengine.dll
2014-08-27 18:00:16 . 2014-08-23 02:07:00 404480 ----a-w- C:\Windows\system32\gdi32.dll
2014-08-27 18:00:16 . 2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-27 18:00:16 . 2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\system32\win32k.sys
2014-08-25 13:51:29 . 2014-08-25 13:51:31 -------- d-----w- C:\Program Files\CCleaner
2014-08-22 08:52:22 . 2014-08-22 08:52:22 -------- d-----w- C:\Program Files (x86)\Bigasoft
2014-08-19 14:20:24 . 2014-09-14 16:41:31 -------- d-----w- C:\Users\Artful\AppData\Roaming\FileZilla
2014-08-19 14:20:19 . 2014-09-13 15:49:19 -------- d-----w- C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 11:01:29 . 2014-08-19 11:01:29 -------- d-----w- C:\Users\Artful\AppData\Local\Sanford,_L.P
2014-08-19 10:59:46 . 2014-08-19 11:01:31 -------- d-----w- C:\Users\Artful\AppData\Local\DYMO
2014-08-19 10:58:00 . 2014-08-19 10:58:00 -------- d-----w- C:\Program Files (x86)\DYMO
2014-08-19 10:57:58 . 2014-08-19 10:57:58 -------- d-----w- C:\ProgramData\DYMO
.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-09-15 17:49:53 . 2014-08-08 10:04:48 17920 ----a-w- C:\Windows\system32\rpcnetp.exe
2014-09-15 17:49:51 . 2014-08-08 10:40:12 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2014-09-11 06:08:28 . 2014-08-08 12:31:44 101694776 ----a-w- C:\Windows\system32\MRT.exe
2014-08-20 17:13:28 . 2014-08-13 14:38:11 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-09 00:22:16 . 2014-08-08 17:46:26 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-08-09 00:22:16 . 2014-08-08 17:46:26 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-08-09 00:22:05 . 2014-08-08 17:46:26 1715224 ----a-w- C:\Windows\system32\nvspbridge64.dll
2014-08-09 00:22:05 . 2014-08-08 17:46:26 1283136 ----a-w- C:\Windows\system32\nvspcap64.dll
2014-08-08 21:11:36 . 2014-08-08 10:05:48 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2014-08-08 21:11:15 . 2014-08-08 10:04:48 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2014-08-08 18:14:28 . 2014-08-08 18:14:33 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-08 13:04:59 . 2014-08-08 13:04:59 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2014-08-08 13:04:58 . 2014-08-08 13:04:58 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-08-08 13:04:58 . 2014-08-08 13:04:58 645120 ----a-w- C:\Windows\SysWow64\jsIntl.dll
2014-08-08 13:04:58 . 2014-08-08 13:04:58 235008 ----a-w- C:\Windows\system32\elshyph.dll
2014-08-08 13:04:58 . 2014-08-08 13:04:58 182272 ----a-w- C:\Windows\SysWow64\msls31.dll
2014-08-08 13:04:57 . 2014-08-08 13:04:57 86016 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-08-08 13:04:57 . 2014-08-08 13:04:57 74240 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2014-08-08 13:04:57 . 2014-08-08 13:04:57 62464 ----a-w- C:\Windows\SysWow64\tdc.ocx
2014-08-08 13:04:57 . 2014-08-08 13:04:57 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2014-08-08 13:04:57 . 2014-08-08 13:04:57 36352 ----a-w- C:\Windows\SysWow64\imgutil.dll
2014-08-08 13:04:57 . 2014-08-08 13:04:57 337408 ----a-w- C:\Windows\SysWow64\html.iec
2014-08-08 13:04:57 . 2014-08-08 13:04:57 24576 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2014-08-08 13:04:57 . 2014-08-08 13:04:57 151552 ----a-w- C:\Windows\SysWow64\iexpress.exe
2014-08-08 13:04:57 . 2014-08-08 13:04:57 139264 ----a-w- C:\Windows\SysWow64\wextract.exe
2014-08-08 13:04:57 . 2014-08-08 13:04:57 13312 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-08-08 13:04:57 . 2014-08-08 13:04:57 111616 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2014-08-08 13:04:56 . 2014-08-08 13:04:56 942592 ----a-w- C:\Windows\system32\jsIntl.dll
2014-08-08 13:04:56 . 2014-08-08 13:04:56 90112 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2014-08-08 13:04:56 . 2014-08-08 13:04:56 86016 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-08 13:04:56 . 2014-08-08 13:04:56 81408 ----a-w- C:\Windows\system32\icardie.dll
2014-08-08 13:04:56 . 2014-08-08 13:04:56 77312 ----a-w- C:\Windows\system32\tdc.ocx
2014-08-08 13:04:56 . 2014-08-08 13:04:56 616104 ----a-w- C:\Windows\system32\ieapfltr.dat
2014-08-08 13:04:56 . 2014-08-08 13:04:56 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll
2014-08-08 13:04:56 . 2014-08-08 13:04:56 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2014-08-08 13:04:56 . 2014-08-08 13:04:56 413696 ----a-w- C:\Windows\system32\html.iec
2014-08-08 13:04:56 . 2014-08-08 13:04:56 30208 ----a-w- C:\Windows\system32\licmgr10.dll
2014-08-08 13:04:56 . 2014-08-08 13:04:56 247808 ----a-w- C:\Windows\system32\msls31.dll
2014-08-08 13:04:56 . 2014-08-08 13:04:56 243200 ----a-w- C:\Windows\system32\webcheck.dll
2014-08-08 13:04:56 . 2014-08-08 13:04:56 235520 ----a-w- C:\Windows\system32\url.dll
2014-08-08 13:04:56 . 2014-08-08 13:04:56 167424 ----a-w- C:\Windows\system32\iexpress.exe
2014-08-08 13:04:56 . 2014-08-08 13:04:56 143872 ----a-w- C:\Windows\system32\wextract.exe
2014-08-08 13:04:56 . 2014-08-08 13:04:56 13312 ----a-w- C:\Windows\system32\msfeedssync.exe
2014-08-08 13:04:56 . 2014-08-08 13:04:56 131072 ----a-w- C:\Windows\system32\IEAdvpack.dll
2014-08-08 13:04:56 . 2014-08-08 13:04:56 105984 ----a-w- C:\Windows\system32\iesysprep.dll
2014-08-08 13:04:56 . 2014-08-08 13:04:56 101376 ----a-w- C:\Windows\system32\inseng.dll
2014-08-08 13:04:55 . 2014-08-08 13:04:55 774144 ----a-w- C:\Windows\system32\jscript.dll
2014-08-08 13:04:55 . 2014-08-08 13:04:55 62464 ----a-w- C:\Windows\system32\pngfilt.dll
2014-08-08 13:04:55 . 2014-08-08 13:04:55 48128 ----a-w- C:\Windows\system32\imgutil.dll
2014-08-08 13:04:55 . 2014-08-08 13:04:55 147968 ----a-w- C:\Windows\system32\occache.dll
2014-08-08 13:04:55 . 2014-08-08 13:04:55 13824 ----a-w- C:\Windows\system32\mshta.exe
2014-08-08 13:04:55 . 2014-08-08 13:04:55 135680 ----a-w- C:\Windows\system32\iepeers.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 9728 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 5632 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 5632 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 4096 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 3584 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 3072 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 3072 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 2560 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:37 10752 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-08-08 13:00:37 . 2014-08-08 13:00:36 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 648192 ----a-w- C:\Windows\system32\d3d10level9.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 522752 ----a-w- C:\Windows\system32\XpsGdiConverter.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 363008 ----a-w- C:\Windows\system32\dxgi.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 333312 ----a-w- C:\Windows\system32\d3d10_1core.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 296960 ----a-w- C:\Windows\system32\d3d10core.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 245248 ----a-w- C:\Windows\system32\WindowsCodecsExt.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 221184 ----a-w- C:\Windows\system32\UIAnimation.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 194560 ----a-w- C:\Windows\system32\d3d10_1.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 1682432 ----a-w- C:\Windows\system32\XpsPrint.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 1643520 ----a-w- C:\Windows\system32\DWrite.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 1238528 ----a-w- C:\Windows\system32\d3d10.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 1175552 ----a-w- C:\Windows\system32\FntCache.dll
2014-08-08 13:00:36 . 2014-08-08 13:00:36 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2014-08-08 10:40:01 . 2014-08-08 10:40:12 69792 ------w- C:\Windows\SysWow64\rpcnet.exe
2014-07-25 00:35:46 . 2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47:06 . 2014-07-24 21:47:06 869544 ----a-w- C:\Windows\system32\msvcr120_clr0400.dll
2014-07-17 16:05:06 . 2014-07-17 16:05:06 269008 ----a-w- C:\Windows\system32\drivers\MpFilter.sys
2014-07-17 16:05:06 . 2014-03-11 07:52:30 125584 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys
2014-07-16 03:23:41 . 2014-08-15 13:58:41 2048 ----a-w- C:\Windows\system32\tzres.dll
2014-07-16 02:46:02 . 2014-08-15 13:58:41 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-12 07:58:12 1729232 ----a-w- C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-12 07:58:12 1729232 ----a-w- C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-12 07:58:12 1729232 ----a-w- C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hyperdesktop"="C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe" [2014-08-08 10:33:32 316000]
"AdobeBridge"="" [BU]
"RocketDock"="C:\Program Files (x86)\RocketDock\RocketDock.exe" [2007-09-02 12:58:52 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-06-10 14:11:00 291648]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 10:29:36 256896]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 11:37:14 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\nvinit.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys;C:\Windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe;C:\Program Files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\system32\DRIVERS\iusb3hcs.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys;C:\Windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\system32\igfxCUIService.exe;C:\Windows\SYSNATIVE\igfxCUIService.exe [x]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\system32\DRIVERS\iusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\system32\DRIVERS\iusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.s ys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\MBAMSwissArmy.sys;C:\Windows\SYSNATIVE\drive rs\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\system32\drivers\mwac.sys;C:\Windows\SYSNATIVE\ drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\system32\drivers\nvvad64v.sys;C:\Windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\system32\DRIVERS\RtsBaStor.sys;C:\Windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-10 20:36:33 1096520 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe

Inhoud van de 'Gedeelde Taken' map

2014-09-15 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-08 12:23:31 . 2014-08-08 12:23:29]

2014-09-15 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-08 12:23:31 . 2014-08-08 12:23:29]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2014-08-22 13:14:48 1331288]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-08 10:13:44 12921488]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-09 00:23:48 2403288]
"ShadowPlay"="C:\Windows\system32\nvspcap64.dll" [2014-08-09 00:22:05 1283136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=C:\Windows\System32\nvinitx.dll

------- Bijkomende Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

**Artfuldesign** · 15-09-14, 18:59

DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
Run by Artful at 19:55:28 on 2014-09-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.16384.13734 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <-loopback>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO.dll
uRun: [Hyperdesktop] C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
TCP: NameServer = 212.54.40.25 212.54.44.54 192.168.1.1
TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C} : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C}\3557E636C6163737 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C}\A45627F656E60256E602441616E6D25374 : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
TCP: Interfaces\{E1035564-32BE-440A-8F4F-373AEDB8FD86} : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
AppInit_DLLs= c:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO64.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-24 19264]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-8-8 32544]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-1-28 32336]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 314696]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-15 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-15 860472]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-8 1720792]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-8 18973144]
R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-24 357184]
R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-24 789824]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-15 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-15 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-15 63704]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-8 20440]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-8 40392]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2014-8-8 295056]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-8-8 685160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-8 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-8 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-8-8 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-8-8 1255736]
.
=============== Created Last 30 ================
.
2014-09-15 17:53:47 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FFDD97A-F2D3-46C2-929C-A4421014A217}\mpengine.dll
2014-09-15 17:49:55 144 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-09-15 17:49:55 -------- d-----w- C:\$RECYCLE.BIN
2014-09-15 17:39:58 98816 ----a-w- C:\Windows\sed.exe
2014-09-15 17:39:58 256000 ----a-w- C:\Windows\PEV.exe
2014-09-15 17:39:58 208896 ----a-w- C:\Windows\MBR.exe
2014-09-15 17:39:53 -------- d-----w- C:\ComboFix
2014-09-15 17:01:21 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-09-15 16:59:53 -------- d-----w- C:\AdwCleaner
2014-09-15 15:28:30 -------- d-----w- C:\ProgramData\Movavi Video Suite 12
2014-09-15 15:02:39 -------- d-----w- C:\Program Files (x86)\Movavi Core 5.1.0
2014-09-15 14:58:58 -------- d-----w- C:\ProgramData\Movavi
2014-09-15 14:58:45 -------- d-----w- C:\Program Files (x86)\Movavi Video Suite 12
2014-09-15 14:50:56 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-15 14:50:30 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-15 14:50:30 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-15 14:50:30 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-15 14:50:30 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-15 14:50:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 10:01:39 -------- d-----w- C:\Users\Artful\AppData\Roaming\Wise Uninstaller
2014-09-13 09:59:29 -------- d-----w- C:\Program Files\Wise Program Uninstaller
2014-09-13 09:45:17 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-12 16:37:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Movavi
2014-09-12 16:37:26 -------- d-----w- C:\Users\Artful\AppData\Local\Movavi
2014-09-11 17:43:02 -------- d-----w- C:\Users\Artful\.swt
2014-09-11 17:42:05 -------- d-----w- C:\Users\Artful\AppData\Roaming\Azureus
2014-09-11 17:42:02 -------- d-----w- C:\Program Files (x86)\Vuze
2014-09-11 11:02:07 -------- d-----w- C:\Program Files\HitmanPro
2014-09-11 11:01:09 -------- d-----w- C:\ProgramData\HitmanPro
2014-09-11 06:07:08 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 06:07:07 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 21:12:11 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 21:12:11 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-10 21:11:58 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-10 21:11:57 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 21:11:44 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 21:11:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-10 21:11:44 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 21:11:44 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 21:11:44 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-10 21:11:39 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-10 21:11:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-10 17:43:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-09-10 17:43:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 17:04:17 -------- d-----w- C:\Users\Artful\AppData\Roaming\iFunbox_UserCache
2014-09-10 17:04:11 -------- d-----w- C:\Program Files (x86)\i-Funbox DevTeam
2014-09-10 15:00:55 -------- d-----w- C:\Users\Artful\AppData\Local\pangu
2014-09-10 14:57:40 -------- d-----w- C:\ProgramData\PicRec
2014-09-10 14:57:37 -------- d-----w- C:\http_filter
2014-09-10 14:57:36 -------- d-----w- C:\Program Files\Common Files\PicRec
2014-09-10 14:57:30 49880 ----a-w- C:\Windows\System32\drivers\netmon_wfp.sys
2014-09-10 14:57:18 -------- d-----w- C:\Program Files (x86)\PicRec (x86)
2014-09-09 18:14:17 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-09-09 18:13:19 -------- d-----w- C:\Program Files\iPod
2014-09-09 18:13:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-09 18:13:18 -------- d-----w- C:\Program Files\iTunes
2014-09-09 18:13:18 -------- d-----w- C:\Program Files (x86)\iTunes
2014-09-09 18:12:24 -------- d-----w- C:\Program Files\Bonjour
2014-09-09 18:12:24 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-09-08 19:24:45 -------- d-----w- C:\Users\Artful\AppData\Roaming\MPC-HC
2014-09-08 19:23:29 -------- d-----w- C:\Program Files\MPC-HC
2014-09-08 17:09:47 -------- d-----w- C:\Users\Artful\AppData\Local\Apple Computer
2014-09-08 17:09:47 -------- d-----w- C:\ProgramData\boost_interprocess
2014-09-08 17:09:45 -------- d-----w- C:\Users\Artful\AppData\Local\Plex Media Server
2014-09-08 17:08:45 -------- d-----w- C:\Program Files (x86)\Plex
2014-09-08 17:08:33 -------- d-----w- C:\ProgramData\Package Cache
2014-09-08 16:57:54 580096 ----a-w- C:\Windows\System32\ac3filter.acm.old
2014-09-08 16:57:54 2231296 ----a-w- C:\Windows\System32\ac3filter.acm.new
2014-09-08 16:57:45 1679360 ----a-w- C:\Windows\SysWow64\ac3filter.acm.new
2014-09-08 16:57:27 -------- d-----w- C:\Users\Artful\AppData\Roaming\Standard
2014-09-08 16:57:27 -------- d-----w- C:\Program Files (x86)\Shark007
2014-09-08 16:57:02 -------- d-----w- C:\ProgramData\Standard
2014-09-08 16:52:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Shark007
2014-09-08 16:52:29 -------- d-----w- C:\ProgramData\Shark007
2014-09-08 16:52:25 2231296 ----a-w- C:\Windows\System32\ac3filter.acm
2014-09-08 16:52:24 2050560 ----a-w- C:\Windows\System32\VSFilter.dll
2014-09-08 16:52:24 -------- d-----w- C:\Program Files\Shark007
2014-09-03 08:36:08 -------- d-----w- C:\Users\Artful\AppData\Local\Mozilla
2014-09-03 08:36:08 -------- d-----w- C:\ProgramData\Acunetix WVS 9
2014-08-29 21:11:00 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D9CF5FE-2C18-40F8-B90E-307F647477FD}\gapaengine.dll
2014-08-27 18:00:16 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-27 18:00:16 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-27 18:00:16 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-25 13:51:29 -------- d-----w- C:\Program Files\CCleaner
2014-08-22 08:52:22 -------- d-----w- C:\Program Files (x86)\Bigasoft
2014-08-19 11:01:29 -------- d-----w- C:\Users\Artful\AppData\Local\Sanford,_L.P
2014-08-19 10:59:46 -------- d-----w- C:\Users\Artful\AppData\Local\DYMO
2014-08-19 10:58:00 -------- d-----w- C:\Program Files (x86)\DYMO
2014-08-19 10:57:58 -------- d-----w- C:\ProgramData\DYMO
.
==================== Find3M ====================
.
2014-09-15 17:49:53 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2014-09-15 17:49:51 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-09 00:22:16 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-08-09 00:22:16 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-08-09 00:22:05 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-08-09 00:22:05 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-08-08 21:11:36 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2014-08-08 21:11:15 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2014-08-08 18:14:28 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-08 13:00:37 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-08 10:40:01 69792 ------w- C:\Windows\SysWow64\rpcnet.exe
2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-17 16:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 16:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 18:55:41 2559960 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-07-02 18:55:41 1084704 ----a-w- C:\Windows\System32\nv3dappshext.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
.
============= FINISH: 19:56:04,53 ===============

**Emphyrio** · 15-09-14, 19:13

Deze tools mag je verwijderen via Programma's en oderdelen:
.

Vuze
Azureus

.
PC herstartten.

Download of Update Ccleaner

Start CCleaner op.

Run Ccleaner en klik in de linkse kolom op Opties
Selecteer het tabblad Geavanceerd
Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
Selecteer het tabblad Instellingen
Haal het vinkje weg bij "Computer automatisch schoonmaken...."
Klik in de linkse kolom op Cleaner.
Klik dan achtereenvolgens op Analyseer en Schoonmaken.
Klik vervolgens in de linkse kolom op Register
Klik op Scan naar problemen.
Op de vraag of je een backup wil maken van het register, klik je "Ja".
Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

.

Post een verse DDS log.
Post de attached.txt als bijlage.

**Artfuldesign** · 15-09-14, 19:53

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
Run by Artful at 20:51:43 on 2014-09-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.16384.13332 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spotnet\Spotnet.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spotnet\SABnzbd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <-loopback>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO.dll
uRun: [Hyperdesktop] C:\Users\Artful\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
TCP: NameServer = 212.54.40.25 212.54.44.54 192.168.1.1
TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C} : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C}\3557E636C6163737 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{2BBFC441-45FB-4CB1-9C75-FB52D2DA973C}\A45627F656E60256E602441616E6D25374 : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
TCP: Interfaces\{E1035564-32BE-440A-8F4F-373AEDB8FD86} : DHCPNameServer = 212.54.40.25 212.54.44.54 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
AppInit_DLLs= c:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Users\Artful\Documents\iTools\Plugin\iToolsBHO64.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-24 19264]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-8-8 32544]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-1-28 32336]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 314696]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-15 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-15 860472]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-8 1720792]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-8 18973144]
R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-24 357184]
R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-24 789824]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-15 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-15 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-15 63704]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-8 20440]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-8-8 40392]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2014-8-8 295056]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-8-8 685160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-8 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-8 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-8-8 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-8-8 1255736]
.
=============== Created Last 30 ================
.
2014-09-15 17:53:47 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FFDD97A-F2D3-46C2-929C-A4421014A217}\mpengine.dll
2014-09-15 17:49:55 144 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-09-15 17:49:55 -------- d-----w- C:\$RECYCLE.BIN
2014-09-15 17:39:58 98816 ----a-w- C:\Windows\sed.exe
2014-09-15 17:39:58 256000 ----a-w- C:\Windows\PEV.exe
2014-09-15 17:39:58 208896 ----a-w- C:\Windows\MBR.exe
2014-09-15 17:39:53 -------- d-----w- C:\ComboFix
2014-09-15 17:01:21 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-09-15 16:59:53 -------- d-----w- C:\AdwCleaner
2014-09-15 15:28:30 -------- d-----w- C:\ProgramData\Movavi Video Suite 12
2014-09-15 15:02:39 -------- d-----w- C:\Program Files (x86)\Movavi Core 5.1.0
2014-09-15 14:58:58 -------- d-----w- C:\ProgramData\Movavi
2014-09-15 14:58:45 -------- d-----w- C:\Program Files (x86)\Movavi Video Suite 12
2014-09-15 14:50:56 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-15 14:50:30 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-15 14:50:30 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-15 14:50:30 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-15 14:50:30 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-15 14:50:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 10:01:39 -------- d-----w- C:\Users\Artful\AppData\Roaming\Wise Uninstaller
2014-09-13 09:59:29 -------- d-----w- C:\Program Files\Wise Program Uninstaller
2014-09-13 09:45:17 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-12 16:37:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Movavi
2014-09-12 16:37:26 -------- d-----w- C:\Users\Artful\AppData\Local\Movavi
2014-09-11 17:43:02 -------- d-----w- C:\Users\Artful\.swt
2014-09-11 17:42:05 -------- d-----w- C:\Users\Artful\AppData\Roaming\Azureus
2014-09-11 11:02:07 -------- d-----w- C:\Program Files\HitmanPro
2014-09-11 11:01:09 -------- d-----w- C:\ProgramData\HitmanPro
2014-09-11 06:07:08 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 06:07:07 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 21:12:11 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 21:12:11 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-10 21:11:58 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-10 21:11:57 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 21:11:44 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 21:11:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-10 21:11:44 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 21:11:44 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 21:11:44 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-10 21:11:39 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-10 21:11:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-10 17:43:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-09-10 17:43:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 17:04:17 -------- d-----w- C:\Users\Artful\AppData\Roaming\iFunbox_UserCache
2014-09-10 17:04:11 -------- d-----w- C:\Program Files (x86)\i-Funbox DevTeam
2014-09-10 15:00:55 -------- d-----w- C:\Users\Artful\AppData\Local\pangu
2014-09-10 14:57:40 -------- d-----w- C:\ProgramData\PicRec
2014-09-10 14:57:37 -------- d-----w- C:\http_filter
2014-09-10 14:57:36 -------- d-----w- C:\Program Files\Common Files\PicRec
2014-09-10 14:57:30 49880 ----a-w- C:\Windows\System32\drivers\netmon_wfp.sys
2014-09-10 14:57:18 -------- d-----w- C:\Program Files (x86)\PicRec (x86)
2014-09-09 18:14:17 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-09-09 18:13:19 -------- d-----w- C:\Program Files\iPod
2014-09-09 18:13:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-09 18:13:18 -------- d-----w- C:\Program Files\iTunes
2014-09-09 18:13:18 -------- d-----w- C:\Program Files (x86)\iTunes
2014-09-09 18:12:24 -------- d-----w- C:\Program Files\Bonjour
2014-09-09 18:12:24 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-09-08 19:24:45 -------- d-----w- C:\Users\Artful\AppData\Roaming\MPC-HC
2014-09-08 19:23:29 -------- d-----w- C:\Program Files\MPC-HC
2014-09-08 17:09:47 -------- d-----w- C:\Users\Artful\AppData\Local\Apple Computer
2014-09-08 17:09:47 -------- d-----w- C:\ProgramData\boost_interprocess
2014-09-08 17:09:45 -------- d-----w- C:\Users\Artful\AppData\Local\Plex Media Server
2014-09-08 17:08:45 -------- d-----w- C:\Program Files (x86)\Plex
2014-09-08 17:08:33 -------- d-----w- C:\ProgramData\Package Cache
2014-09-08 16:57:54 580096 ----a-w- C:\Windows\System32\ac3filter.acm.old
2014-09-08 16:57:54 2231296 ----a-w- C:\Windows\System32\ac3filter.acm.new
2014-09-08 16:57:45 1679360 ----a-w- C:\Windows\SysWow64\ac3filter.acm.new
2014-09-08 16:57:27 -------- d-----w- C:\Users\Artful\AppData\Roaming\Standard
2014-09-08 16:57:27 -------- d-----w- C:\Program Files (x86)\Shark007
2014-09-08 16:57:02 -------- d-----w- C:\ProgramData\Standard
2014-09-08 16:52:29 -------- d-----w- C:\Users\Artful\AppData\Roaming\Shark007
2014-09-08 16:52:29 -------- d-----w- C:\ProgramData\Shark007
2014-09-08 16:52:25 2231296 ----a-w- C:\Windows\System32\ac3filter.acm
2014-09-08 16:52:24 2050560 ----a-w- C:\Windows\System32\VSFilter.dll
2014-09-08 16:52:24 -------- d-----w- C:\Program Files\Shark007
2014-09-03 08:36:08 -------- d-----w- C:\Users\Artful\AppData\Local\Mozilla
2014-09-03 08:36:08 -------- d-----w- C:\ProgramData\Acunetix WVS 9
2014-08-29 21:11:00 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D9CF5FE-2C18-40F8-B90E-307F647477FD}\gapaengine.dll
2014-08-27 18:00:16 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-27 18:00:16 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-27 18:00:16 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-25 13:51:29 -------- d-----w- C:\Program Files\CCleaner
2014-08-22 08:52:22 -------- d-----w- C:\Program Files (x86)\Bigasoft
2014-08-19 11:01:29 -------- d-----w- C:\Users\Artful\AppData\Local\Sanford,_L.P
2014-08-19 10:59:46 -------- d-----w- C:\Users\Artful\AppData\Local\DYMO
2014-08-19 10:58:00 -------- d-----w- C:\Program Files (x86)\DYMO
2014-08-19 10:57:58 -------- d-----w- C:\ProgramData\DYMO
.
==================== Find3M ====================
.
2014-09-15 17:49:53 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2014-09-15 17:49:51 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-09 00:22:16 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-08-09 00:22:16 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-08-09 00:22:05 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-08-09 00:22:05 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-08-08 21:11:36 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2014-08-08 21:11:15 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2014-08-08 18:14:28 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-08 13:00:37 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-08 10:40:01 69792 ------w- C:\Windows\SysWow64\rpcnet.exe
2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-17 16:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 16:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 18:55:41 2559960 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-07-02 18:55:41 1084704 ----a-w- C:\Windows\System32\nv3dappshext.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
.
============= FINISH: 20:52:07,05 ===============

Bijgevoegde Bestanden

Attach.txt (7,0 KB, 128 keer bekeken)

**Emphyrio** · 15-09-14, 19:56

Prima.

Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

ComboFix /Uninstall

Zorg ervoor dat er dus een spatie is tussen Combofix en /
Daarna klik je op Enter.

Klik op de afbeelding om te vergroten....

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw,
verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen
en reset je Systeemherstel opnieuw.

Start CCleaner op.

Run Ccleaner en klik in de linkse kolom op Opties
Selecteer het tabblad Geavanceerd
Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
Selecteer het tabblad Instellingen
Haal het vinkje weg bij "Computer automatisch schoonmaken...."
Klik in de linkse kolom op Cleaner.
Klik dan achtereenvolgens op Analyseer en Schoonmaken.
Klik vervolgens in de linkse kolom op Register
Klik op Scan naar problemen.
Op de vraag of je een backup wil maken van het register, klik je "Ja".
Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

.

Vertel nu eens even of er nog problemen zijn?

Emphyrio

**Artfuldesign** · 15-09-14, 20:01

Alles uitgevoerd!

Ik zal het deze dagen gaan ondervinden

Voor nu heel erg bedankt! Top service!

Groeten,
Jeroen

**Emphyrio** · 15-09-14, 20:02

1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

4) Allerlei tips en hints kan je hier raadplegen.

Ik zet het topic op opgelost.

Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
Dit is gedaan om het forum netjes en overzichtelijk te houden.

Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

Emphyrio

**Artfuldesign** · 18-09-14, 15:34

Hoi Emphyrio,

Ik vind dat na al deze handelingen hier internet erg langzaam opstart,laad, etc. Kan dit hiermee te maken hebben?

Groeten,
Jeroen

**Emphyrio** · 18-09-14, 15:39

Oorspronkelijk geplaatst door Artfuldesign

Hoi Emphyrio,

Ik vind dat na al deze handelingen hier internet erg langzaam opstart,laad, etc. Kan dit hiermee te maken hebben?

Groeten,
Jeroen

Nee, integedeel er is een hoop malware verwijderdt geweest van je pc.

Voer de stappen eens uit beschreven op deze pagina's:

Handleiding voor een schone PC.

Schijfopruiming met CCleaner.

Vertel dan eens even of je problemen opgelost zijn.

Emphyrio

**Artfuldesign** · 18-09-14, 19:03

Hoi Emphyrio,

De handelingen hierboven beschreven had ik al allemaal uitgevoerd. Het laden duurt echt langer als voorheen.

Groeten,
Jeroen

**Emphyrio** · 18-09-14, 19:37

Ik zal nog eens even kijken....

Download E-PeekSetup.exe naar je bureaublad.
Dubbelklik erop en volg de instructies.
Op het einde van de installatie, zal E-Peek opstarten.
Klik OK op het eerste scherm en vervolgens "Scan".
Post de log.

Mededeling

taskeng.exe is missing

taskeng.exe is missing

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment