Mededeling

Collapse
No announcement yet.

Computer onwaarschijnlijk traag

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Computer onwaarschijnlijk traag

    Hallo allemaal,

    Mijn pc is onwaarschijnlijk traag. Hij is ook niet meer van de jongsten, maar de baas vindt het niet nodig om hem te vervangen, dus modder ik nog maar wat aan. Nu wilde ik mijn pc zelf eens een beetje onder handen nemen maar weet niet goed waar beginnen. Dus hier maar alvast even mij HiJackThis-logje. Hopelijk kan iemand mij hiermee helpen.

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 13:44:03, on 22/09/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17280)
    CHROME: 37.0.2062.120

    Boot mode: Normal

    Running processes:
    C:\Users\miet\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\miet\AppData\Local\Temp\Temp1_ClipCube-1.2.1.zip\ClipCube.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
    C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
    C:\Users\miet\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\PDF24\pdf24.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\miet\AppData\Roaming\pushbullet\pushbullet_102\pushbullet_app.exe
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\miet\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digidak.be/registratie/digireg.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140602133733.dll
    O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
    O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
    O4 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\miet\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [A77B65E0330F255927C7366F80C76101811807F5._service_run] "C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    O4 - HKCU\..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
    O4 - HKCU\..\Run: [ClipCube] C:\Users\miet\AppData\Local\Temp\Temp1_ClipCube-1.2.1.zip\ClipCube.exe
    O4 - HKCU\..\Run: [ManicTime] C:\Program Files (x86)\ManicTime\ManicTime.exe /minimized /name:
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_4F7065B95F8886359D57E895996CD00A] "C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [SkyDrive] "C:\Users\miet\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    O4 - HKCU\..\Run: [Pushbullet] "C:\Program Files (x86)\Pushbullet\pushbullet_app.exe"
    O4 - HKCU\..\Run: [Copy] "C:\Users\miet\AppData\Roaming\Copy\CopyAgent.exe"
    O4 - HKUS\S-1-5-18\..\Run: [Copy] "C:\Users\miet\AppData\Roaming\Copy\CopyAgent.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Copy] "C:\Users\miet\AppData\Roaming\Copy\CopyAgent.exe" (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Users\miet\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: logon.bat
    O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Global Startup: Cloudmark DesktopOne.lnk = C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: LastPass - file://C:\Users\miet\AppData\LocalLow\LastPass\context.html?cmd=lastpass
    O8 - Extra context menu item: LastPass Invulformulieren - file://C:\Users\miet\AppData\LocalLow\LastPass\context.html?cmd=fillforms
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
    O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.mcafee.com (HKLM)
    O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
    O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
    O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://vs.mcafeeasap.com
    O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
    O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blmgenk.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = blmgenk.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = blmgenk.local
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
    O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files (x86)\PC Speed Up\PCSUService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: McAfee Peer Distribution Service (RumorServer) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

    --
    End of file - 14312 bytes

  • #2
    Hoi macchiato en welkom op Nucia securiy Fora,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



    Stap 1:

    Malware scannen en verwijderen....

    Installeer MBAM 2.0 (info & download link)

    Start MBAM.
    Klik bovenin het scherm van Malwarebytes Anti-Malware op Scan.
    Kies in het scherm voor de Aangepaste scan en vink de partities aan die van toepassing zijn (c:\ d\ enz..)
    Klik vervolgens op de knop Scan nu.

    Voor het scannen wordt er altijd eerst automatisch gecontroleerd of er updates van de virusdefinities beschikbaar zijn, indien er een update beschikbaar is, moet je deze eerst laten installeren.

    Wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijg je hier een overzicht van.
    Selecteer om allen in quarantaine te plaatsen.
    Bij de melding dat uw computer opnieuw opgestart moet worden klik je op Ja.

    Na herstart van de PC, indien Malwarebytes heeft gevraagd om de PC opnieuw op te starten, open Malwarebytes opnieuw.
    Klik de Historie knop bovenaan in het menu.
    Klik vervolgens op de optie programmalogboeken en selecteer het Scanlogboek wat u wilt exporteren. Dit is de laatste scan die je hebt gedaan (kan je zien aan de datum en tijd).
    Selecteer deze om te bekijken.
    In een nieuw venster dat zal openen zal je de resultaten van je scan zien.

    Onderaan, selecteer ofwel om te exporteren als tekstbestand en geef het tekstbestand een naam, bijvoorbeeld mbamlog.
    Ofwel kan je selecteren om te kopieren naar het klembord, zodat de inhoud van de log naar je klembord wordt gekopieerd en je die zo in je volgende post kan plakken.


    Stap 2:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scannen
    • Klik op Verwijderen
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
    Post deze inhoud hier op het Forum.

    Enkel de log na de "Verwijderen" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
    Deze word standaard door AdwCleaner terug gezet naar Google.com


    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


    Stap 4:

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.


    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Wil het lukken?
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        Bij gebrek aan feedback zet ik dit topic op opgelost.

        Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
        Dit is gedaan om het forum netjes en overzichtelijk te houden.

        Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.


        Emphyrio
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Malwarebytes Anti-Malware
          www.malwarebytes.org

          Scan Date: 23/09/2014
          Scan Time: 8:57:50
          Logfile:
          Administrator: Yes

          Version: 2.00.2.1012
          Malware Database: v2014.09.23.03
          Rootkit Database: v2014.09.19.01
          License: Free
          Malware Protection: Disabled
          Malicious Website Protection: Disabled
          Self-protection: Disabled

          OS: Windows 7 Service Pack 1
          CPU: x64
          File System: NTFS
          User: miet

          Scan Type: Custom Scan
          Result: Completed
          Objects Scanned: 877210
          Time Elapsed: 4 hr, 2 min, 16 sec

          Memory: Enabled
          Startup: Enabled
          Filesystem: Enabled
          Archives: Enabled
          Rootkits: Disabled
          Heuristics: Enabled
          PUP: Enabled
          PUM: Enabled

          Processes: 0
          (No malicious items detected)

          Modules: 0
          (No malicious items detected)

          Registry Keys: 19
          PUP.Optional.Babylon.A, HKU\S-1-5-21-3404976803-2129819283-3701650076-1221-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [d53a78793d3eef47d09bf992df23738d],
          PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, Quarantined, [a867ae43d4a7c76fc8f6f22ccb3807f9],
          PUP.Optional.Incredibar.A, HKLM\SOFTWARE\IB Updater, Quarantined, [957a2ec387f4bb7b67c43aefa95a20e0],
          PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, Quarantined, [3cd331c09be0cc6a2bffbf6ab74cc23e],
          PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarantined, [5fb07a775d1e270f25990e10e2213bc5],
          PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\IB Updater, Quarantined, [63ac31c0710af83ead7e3bee39ca56aa],
          PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, Quarantined, [29e6b43d7506ec4aa6f8bd78db28d828],
          PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, Quarantined, [937c6d843348e74fbd6dcd5c61a2f808],
          PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, Quarantined, [060913de4437ee484e76133fea1aa858],
          PUP.Optional.DataMngr.A, HKU\S-1-5-21-1616500189-1009972457-899209173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [17f8f4fdc4b786b0bafec9889c6840c0],
          PUP.Optional.DataMngr.A, HKU\S-1-5-21-1616500189-1009972457-899209173-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [8986b43d4c2f51e5f5c3f160b1534bb5],
          PUP.Optional.DataMngr.A, HKU\S-1-5-21-1616500189-1009972457-899209173-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [de314ba60b70f64052669eb346be18e8],
          PUP.Optional.DataMngr.A, HKU\S-1-5-21-3404976803-2129819283-3701650076-1144-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [f61912df80fb54e2ac0c61f04bb916ea],
          PUP.Optional.DataMngr.A, HKU\S-1-5-21-3404976803-2129819283-3701650076-1149-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [51be7c75f18a8ea8cfe91b368d77718f],
          PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3404976803-2129819283-3701650076-1221-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect, Quarantined, [44cb549d29526acc258c254b7c88b54b],
          PUP.Optional.DataMngr.A, HKU\S-1-5-21-3404976803-2129819283-3701650076-1221-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [ad62c22f9dde46f0c0f8dd74b450ab55],
          PUP.Optional.BProtector.A, HKU\S-1-5-21-3404976803-2129819283-3701650076-1221-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Quarantined, [bf50d31eabd00234cc38144140c44fb1],
          PUP.Optional.SweetIM.A, HKU\S-1-5-21-3404976803-2129819283-3701650076-1221-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Quarantined, [9e71f6fb9fdcbf77be05a6acdb29d927],
          PUP.Optional.DataMngr.A, HKU\S-1-5-21-3404976803-2129819283-3701650076-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [30df45ac5a2176c0a810282948bc18e8],

          Registry Values: 5
          PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, Quarantined, [9d72b53c8bf0063039d55f2c52b02fd1],
          PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, Quarantined, [9d72b53c8bf0063039d55f2c52b02fd1]
          PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {82B17E0E-60B3-11E2-BE41-3860775002FD}, Quarantined, [060913de4437ee484e76133fea1aa858]
          PUP.BProtector, HKU\S-1-5-21-3404976803-2129819283-3701650076-1221-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [6da2ea07423946f002b8b49d32d28878]
          PUP.Optional.SweetIM.A, HKU\S-1-5-21-3404976803-2129819283-3701650076-1221-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {82B17E0E-60B3-11E2-BE41-3860775002FD}, Quarantined, [9e71f6fb9fdcbf77be05a6acdb29d927]

          Registry Data: 0
          (No malicious items detected)

          Folders: 8
          PUP.Optional.OpenCandy, C:\Users\miet\AppData\Roaming\OpenCandy, Quarantined, [3bd4fbf6d1aa85b1123695439d6505fb],
          PUP.Optional.OpenCandy, C:\Users\miet\AppData\Roaming\OpenCandy\3047E6EDE7234059BB4FAFCB60A6ABAC, Quarantined, [3bd4fbf6d1aa85b1123695439d6505fb],
          PUP.Optional.OpenCandy, C:\Users\miet\AppData\Roaming\OpenCandy\61BB7FA19EDC4C1FBA623102C157804B, Quarantined, [3bd4fbf6d1aa85b1123695439d6505fb],
          PUP.Optional.Datamngr.A, C:\Users\miet\AppData\LocalLow\DataMngr, Quarantined, [47c85e936c0f92a410967f5fb151ef11],
          PUP.Optional.Babylon.A, C:\Users\miet\AppData\LocalLow\BabylonToolbar, Quarantined, [838c965bf9824aecdd2c32b8ee142bd5],
          PUP.Optional.Babylon.A, C:\Users\miet\AppData\LocalLow\BabylonToolbar\BabylonToolbar, Quarantined, [838c965bf9824aecdd2c32b8ee142bd5],
          PUP.Optional.Extutil.A, C:\Users\miet\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [7897569b5a2153e3e8788b65ee14c040],
          PUP.Optional.Managera.A, C:\Users\miet\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [2ce33cb50d6e56e0075a2bc5a55d946c],

          Files: 32
          PUP.Optional.Somoto, C:\Users\miet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2WZAQ895\setup[1].exe, Quarantined, [020d7c75e299fc3ae8a8fb8b6b99748c],
          PUP.Optional.Conduit.A, C:\Users\miet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HKOV4A3\SPSetup[1].exe, Quarantined, [45caed04a6d558de7fe530ff59a812ee],
          PUP.Optional.Somoto, C:\Users\miet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HKOV4A3\BiTool[1].dll, Quarantined, [20ef42afe59664d233e8c79646bc60a0],
          PUP.Optional.SearchProtect.A, C:\Users\miet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFM95KUG\SPSetup[1].exe, Quarantined, [be514aa749329d99e6a4ccd122df5da3],
          PUP.Optional.Somoto, C:\Users\miet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFM95KUG\setup[1].exe, Quarantined, [b55aa051de9d42f4c7c991f5d72dc040],
          PUP.Optional.Conduit.A, C:\Users\miet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIW4QJEK\spstub[1].exe, Quarantined, [61ae9a578cefaa8c15b97621b54c59a7],
          PUP.Optional.Conduit.A, C:\Users\miet\AppData\Local\Temp\sp-downloader.exe, Quarantined, [0708b140106b88ae6040c36a728f11ef],
          PUP.Optional.Conduit.A, C:\Users\miet\AppData\Local\Temp\nscF93.exe, Quarantined, [010e0de4cead7eb8e87d3c5736cb5ca4],
          PUP.Optional.SearchProtect.A, C:\Users\miet\AppData\Local\Temp\nseC162.exe, Quarantined, [d738e60b403b15210f6372c808f9a55b],
          PUP.Optional.Somoto, C:\Users\miet\AppData\Local\Temp\nsiCE1E.tmp, Quarantined, [d43bcd242f4c2511d4bcd6b0fd0744bc],
          PUP.Optional.SearchProtect.A, C:\Users\miet\AppData\Local\Temp\nsk3982.exe, Quarantined, [ab6437babebd072f0171e357748d31cf],
          PUP.Optional.Conduit.A, C:\Users\miet\AppData\Local\Temp\nsxD03.exe, Quarantined, [22ed6091344705316afb692a48b9669a],
          PUP.Optional.Conduit.A, C:\Users\miet\AppData\Local\Temp\nsxDC3F.exe, Quarantined, [29e63cb5126980b6570ed6bd8b76a65a],
          PUP.Optional.SearchProtect.A, C:\Users\miet\AppData\Local\Temp\nsz3C02.exe, Quarantined, [4fc0e50c116a1c1af181a199f8098878],
          PUP.Optional.SearchProtect.A, C:\Users\miet\AppData\Local\Temp\nsz4D7.exe, Quarantined, [b758b73a4635bf77fb774feb3cc59a66],
          PUP.Optional.SearchProtect.A, C:\Users\miet\AppData\Local\Temp\nsz748.exe, Quarantined, [60afbd34e8937eb85e1484b61de418e8],
          PUP.Optional.Somoto, C:\Users\miet\AppData\Local\Temp\bitool.dll, Quarantined, [41ce747d5229f2447d9e1647738f55ab],
          PUP.Optional.Conduit.A, C:\Users\miet\AppData\Local\Temp\nsl5E89.exe, Quarantined, [50bf7b76285313232e37e8abe91846ba],
          PUP.Optional.Somoto, C:\Users\miet\AppData\Local\Temp\nss40AE.tmp, Quarantined, [8b844aa7a6d593a36828dda9b64e1de3],
          PUP.Optional.Conduit.A, C:\Users\miet\AppData\Local\Temp\nssDF7B.exe, Quarantined, [2be4d61b601b360060050b880af7f709],
          PUP.Optional.Conduit.A, C:\Users\miet\AppData\Local\Temp\nskF405\SpSetup.exe, Quarantined, [9a7532bf22594ee8d58fde51eb16a25e],
          PUP.Optional.SearchProtect.A, C:\Users\miet\AppData\Local\Temp\nsmCBD9\SpSetup.exe, Quarantined, [2fe0638ef08b1b1b6723d6c716eb8977],
          PUP.Optional.Conduit.A, C:\Users\miet\AppData\Roaming\OpenCandy\3047E6EDE7234059BB4FAFCB60A6ABAC\search_protect_global.exe, Quarantined, [b25d836e710ac670dbc54be2877a629e],
          PUP.Optional.Conduit.A, C:\Users\miet\AppData\Roaming\OpenCandy\61BB7FA19EDC4C1FBA623102C157804B\sp-downloader.exe, Quarantined, [1af54aa7d3a859dd8f1136f709f8e719],
          PUP.Optional.OpenCandy, C:\Users\miet\Downloads\DTLite4491-0356.exe, Quarantined, [6fa0fef33b40af87f33149e6df26b54b],
          PUP.Optional.OpenCandy, C:\Windows\CSC\v2.0.6\namespace\dataserver\lokecon\DIGIDAK\ALGEMEEN\ONDERHOUD-MB\Software\Progs\ConnectifyInstaller.exe, Quarantined, [ec23ef0280fb56e0919348e7b154837d],
          PUP.Optional.Datamngr.A, C:\Users\miet\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, Quarantined, [47c85e936c0f92a410967f5fb151ef11],
          PUP.Optional.Extutil.A, C:\Users\miet\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [7897569b5a2153e3e8788b65ee14c040],
          PUP.Optional.Extutil.A, C:\Users\miet\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [7897569b5a2153e3e8788b65ee14c040],
          PUP.Optional.Extutil.A, C:\Users\miet\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [7897569b5a2153e3e8788b65ee14c040],
          PUP.Optional.Managera.A, C:\Users\miet\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [2ce33cb50d6e56e0075a2bc5a55d946c],
          PUP.Optional.Managera.A, C:\Users\miet\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [2ce33cb50d6e56e0075a2bc5a55d946c],

          Physical Sectors: 0
          (No malicious items detected)


          (end)

          Comment


          • #6
            # AdwCleaner v3.310 - Rapport aangemaakt 25/09/2014 op 08:44:04
            # Laatste Update 12/09/2014 door Xplode
            # Besturingssysteem : Windows 7 Professional Service Pack 1 (64 bits)
            # Gebruikersnaam : miet - MIET-PC2W7
            # Gestart vanuit : C:\Users\miet\Downloads\adwcleaner_3.310.exe
            # Optie : Verwijderen

            ***** [ Services ] *****

            Service Verwijderd : pcsuservice

            ***** [ Bestanden / Mappen ] *****

            Map Verwijderd : C:\ProgramData\apn
            Map Verwijderd : C:\ProgramData\Babylon
            Map Verwijderd : C:\ProgramData\Tarma Installer
            Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
            Map Verwijderd : C:\Program Files (x86)\pc speed up
            Map Verwijderd : C:\Users\miet\AppData\Local\Ilivid Player
            Map Verwijderd : C:\Users\miet\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
            Map Verwijderd : C:\Users\miet\AppData\LocalLow\Softonic
            Map Verwijderd : C:\Users\miet\AppData\Roaming\Babylon
            Bestand Verwijderd : C:\END

            ***** [ Taken ] *****

            Taak Verwijderd : PC SpeedUp Service Deactivator

            ***** [ Snelkoppelingen ] *****


            ***** [ Register ] *****

            Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
            Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
            Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
            Sleutel Verwijderd : HKCU\Software\5268c8ab13abd43
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_simple-shutdown-timer_RASAPI32
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_simple-shutdown-timer_RASMANCS
            Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
            Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
            Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
            Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
            Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
            Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
            Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
            Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
            Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
            Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
            Sleutel Verwijderd : HKCU\Software\ilivid
            Sleutel Verwijderd : HKCU\Software\IM
            Sleutel Verwijderd : HKCU\Software\ImInstaller
            Sleutel Verwijderd : HKCU\Software\InstallCore
            Sleutel Verwijderd : HKCU\Software\powerpack
            Sleutel Verwijderd : HKCU\Software\Speedchecker Limited
            Sleutel Verwijderd : HKLM\SOFTWARE\Babylon
            Sleutel Verwijderd : HKLM\SOFTWARE\Speedchecker Limited
            Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Speedchecker Limited
            Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Tarma Installer
            Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1
            Gegevens Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll

            ***** [ Browsers ] *****

            -\\ Internet Explorer v11.0.9600.17280


            -\\ Google Chrome v

            [ Bestand : C:\Users\miet\AppData\Local\Google\Chrome\User Data\Default\preferences ]


            *************************

            AdwCleaner[R0].txt - [5697 octets] - [25/09/2014 08:39:27]
            AdwCleaner[S0].txt - [5304 octets] - [25/09/2014 08:44:04]

            ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5364 octets] ##########

            Comment


            • #7
              DDS (Ver_2012-11-20.01) - NTFS_AMD64
              Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
              Run by miet at 8:53:36 on 2014-09-25
              Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.5941.3377 [GMT 2:00]
              .
              AV: McAfee® Security-as-a-Service *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
              SP: McAfee® Security-as-a-Service *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
              SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              .
              ============== Running Processes ===============
              .
              C:\Windows\system32\lsm.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch
              C:\Windows\system32\svchost.exe -k RPCSS
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
              C:\Windows\system32\svchost.exe -k LocalService
              C:\Windows\system32\svchost.exe -k netsvcs
              C:\Windows\system32\svchost.exe -k NetworkService
              C:\Windows\System32\spoolsv.exe
              C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
              C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
              C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
              C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
              C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Windows\system32\mfevtps.exe
              C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
              C:\Windows\System32\svchost.exe -k HPZ12
              C:\Windows\SysWOW64\NLSSRV32.EXE
              C:\Windows\System32\svchost.exe -k HPZ12
              C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
              C:\Windows\system32\svchost.exe -k imgsvc
              C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
              C:\Program Files (x86)\Xobni\XobniService.exe
              C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
              C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
              C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
              C:\Windows\system32\taskhost.exe
              C:\Windows\system32\taskeng.exe
              C:\Windows\system32\Dwm.exe
              C:\Windows\Explorer.EXE
              C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
              C:\Windows\System32\igfxtray.exe
              C:\Windows\System32\hkcmd.exe
              C:\Windows\System32\igfxpers.exe
              C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
              C:\Users\miet\AppData\Roaming\Dropbox\bin\Dropbox.exe
              C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
              C:\Windows\system32\SearchIndexer.exe
              C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
              C:\Program Files (x86)\PDF24\pdf24.exe
              C:\Program Files (x86)\iTunes\iTunesHelper.exe
              C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
              C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
              C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
              C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
              C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
              C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
              C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
              C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
              C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Windows\System32\mobsync.exe
              C:\Windows\system32\sppsvc.exe
              C:\Windows\system32\msiexec.exe
              C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
              C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
              C:\Windows\sysWow64\SearchProtocolHost.exe
              C:\Windows\explorer.exe
              C:\Windows\system32\SearchProtocolHost.exe
              C:\Windows\system32\SearchFilterHost.exe
              C:\Windows\system32\SearchProtocolHost.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Windows\servicing\TrustedInstaller.exe
              C:\Windows\System32\cscript.exe
              C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
              .
              ============== Pseudo HJT Report ===============
              .
              uStart Page = about:blank
              mStart Page = about:blank
              uProxyOverride = <local>;localhost;*.local
              mWinlogon: Userinit = userinit.exe,
              BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
              BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
              BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140602133733.dll
              BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
              BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
              BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
              TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
              uRun: [GoogleChromeAutoLaunch_4F7065B95F8886359D57E895996CD00A] "C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
              mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
              mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
              mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
              mRun: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
              mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
              mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
              mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
              dRun: [Copy] "C:\Users\miet\AppData\Roaming\Copy\CopyAgent.exe"
              StartupFolder: C:\Users\miet\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\miet\AppData\Roaming\Dropbox\bin\Dropbox.exe
              mPolicies-Explorer: NoActiveDesktop = dword:1
              mPolicies-Explorer: NoActiveDesktopChanges = dword:1
              mPolicies-Explorer: NoWelcomeScreen = dword:1
              mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
              mPolicies-System: ConsentPromptBehaviorUser = dword:3
              mPolicies-System: EnableUIADesktopToggle = dword:0
              IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
              IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
              IE: LastPass - C:\Users\miet\AppData\LocalLow\LastPass\context.html?cmd=lastpass
              IE: LastPass Invulformulieren - C:\Users\miet\AppData\LocalLow\LastPass\context.html?cmd=fillforms
              IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
              IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
              IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
              Trusted Zone: //about.htm/
              Trusted Zone: //Exclude.htm/
              Trusted Zone: //LanguageSelection.htm/
              Trusted Zone: //Message.htm/
              Trusted Zone: //MyAgttryCmd.htm/
              Trusted Zone: //MyAgttryNag.htm/
              Trusted Zone: //MyNotification.htm/
              Trusted Zone: //NOCLessUpdate.htm/
              Trusted Zone: //quarantine.htm/
              Trusted Zone: //ScanNow.htm/
              Trusted Zone: //strings.vbs/
              Trusted Zone: //Template.htm/
              Trusted Zone: //Update.htm/
              Trusted Zone: //VirFound.htm/
              DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
              TCP: NameServer = 10.0.0.1
              TCP: Interfaces\{78D9785A-5EC5-4B89-BD6C-26F583C58C5A} : DHCPNameServer = 10.0.0.1
              Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
              SSODL: WebCheck - <orphaned>
              SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
              x64-mStart Page = about:blank
              x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
              x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140602133710.dll
              x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
              x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
              x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
              x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
              x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
              x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
              x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
              x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
              x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
              x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
              x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
              x64-Notify: igfxcui - igfxdev.dll
              x64-SSODL: WebCheck - <orphaned>
              x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
              .
              ============= SERVICES / DRIVERS ===============
              .
              R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-7-19 782968]
              R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-7-19 344176]
              R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-4-7 283064]
              R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2012-2-22 75936]
              R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-3-1 301232]
              R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
              R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-1 271872]
              R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-7-19 311600]
              S3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\System32\drivers\a38usb.sys [2013-6-7 44672]
              S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-7-19 107032]
              .
              =============== File Associations ===============
              .
              .js: <filetype is not registered>
              .
              =============== Created Last 30 ================
              .
              2014-09-25 06:43:44 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
              2014-09-25 06:38:44 -------- d-----w- C:\AdwCleaner
              2014-09-24 01:26:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
              2014-09-24 01:26:34 2048 ----a-w- C:\Windows\System32\tzres.dll
              2014-09-23 06:56:54 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
              2014-09-23 06:56:35 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
              2014-09-23 06:56:35 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
              2014-09-23 06:56:35 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
              2014-09-23 06:56:34 -------- d-----w- C:\ProgramData\Malwarebytes
              2014-09-23 06:56:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
              2014-09-18 13:31:31 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
              2014-09-18 09:11:23 -------- d-----w- C:\Program Files\iPod
              2014-09-18 09:10:52 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
              2014-09-18 09:10:52 -------- d-----w- C:\Program Files\iTunes
              2014-09-18 09:10:52 -------- d-----w- C:\Program Files (x86)\iTunes
              2014-09-18 07:05:37 -------- d-----w- C:\Program Files\TeraCopy
              2014-09-11 11:58:37 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
              2014-09-11 11:58:37 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
              2014-09-11 06:46:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
              2014-09-11 06:46:06 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
              2014-09-11 06:45:36 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
              2014-09-11 06:45:36 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
              2014-09-11 06:45:01 728064 ----a-w- C:\Windows\System32\kerberos.dll
              2014-09-11 06:45:00 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
              2014-09-11 06:45:00 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
              2014-09-11 06:45:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
              2014-09-11 06:45:00 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
              2014-09-11 06:44:29 578048 ----a-w- C:\Windows\System32\aepdu.dll
              2014-09-11 06:44:28 424448 ----a-w- C:\Windows\System32\aeinv.dll
              2014-09-09 08:27:12 -------- d-----r- C:\Users\miet\Copy
              2014-09-09 08:16:07 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
              2014-09-09 08:15:39 -------- d-----w- C:\Users\miet\AppData\Roaming\Copy
              2014-09-04 13:48:27 -------- d-----w- C:\Users\miet\AppData\Local\Microsoft Games
              2014-08-28 06:36:52 404480 ----a-w- C:\Windows\System32\gdi32.dll
              2014-08-28 06:36:52 3163648 ----a-w- C:\Windows\System32\win32k.sys
              2014-08-28 06:36:52 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
              .
              ==================== Find3M ====================
              .
              2014-09-24 13:49:07 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
              2014-09-24 13:49:07 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
              2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
              2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
              2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
              2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
              2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
              2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
              2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
              2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
              2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
              2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
              2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
              2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
              2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
              2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
              2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
              2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
              2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
              2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
              2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
              2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
              2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
              2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
              2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
              2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
              2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
              2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
              2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
              2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
              2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
              2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
              2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
              2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
              2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
              2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
              2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
              2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
              2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
              .
              ============= FINISH: 8:57:25,37 ===============

              Comment


              • #8
                Security check lukt niet, ik ben ingelogd als Administrator, toch krijg ik de melding dat ik niet de juiste machtigingen heb...

                Alvast bedankt voor de hulp!

                Comment


                • #9
                  Download of Update Ccleaner

                  Start CCleaner op.
                  • Run Ccleaner en klik in de linkse kolom op Opties
                  • Selecteer het tabblad Geavanceerd
                  • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                  • Selecteer het tabblad Instellingen
                  • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                  • Klik in de linkse kolom op Cleaner.
                  • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                  • Klik vervolgens in de linkse kolom op Register
                  • Klik op Scan naar problemen.
                  • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                  • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                  .


                  Download HostsXpert.
                  Sluit ALLE browser, dus ook deze.
                  Schakel je beveiligingssoftware uit.
                  Unzip het programma.
                  Start het en klik op "Restore Microsoft Host file".
                  Klik op "OK" en sluit het programma af.


                  Geef je verborgen bestanden en mappen weer.

                  Ga naar Virus Total en upload de volgende file:

                  C:\Program Files (x86)\LastPass\LPToolbar.dll

                  Druk op verzenden en wacht tot de resultaten verschijnen.
                  Indien het bestand reeds gescant is, laat je deze heranalyseren.(Je klikt dan op Re Analyse)

                  Uit het rapport, koppieer je het volgende:

                  KLIK HIER voor een vergroting! 
                  .
                  Plaats ook even de link naar dat rapport.


                  Post een verse DDS log
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    SHA256: 846dd6f76a0684b7e15789b8242191ffaba59488db6c073f6f5199a721b53d94
                    Bestandsnaam: LPToolbar
                    Detectieverhouding: 0 / 52
                    Datum van analyse: 2014-05-28 00:52:39 UTC (4 maanden geleden)

                    https://www.virustotal.com/nl/file/8...3d94/analysis/

                    DDS (Ver_2012-11-20.01) - NTFS_AMD64
                    Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
                    Run by miet at 15:10:01 on 2014-09-25
                    Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.5941.2876 [GMT 2:00]
                    .
                    AV: McAfee® Security-as-a-Service *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
                    SP: McAfee® Security-as-a-Service *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
                    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                    .
                    ============== Running Processes ===============
                    .
                    C:\Windows\system32\lsm.exe
                    C:\Windows\system32\svchost.exe -k DcomLaunch
                    C:\Windows\system32\svchost.exe -k RPCSS
                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                    C:\Windows\system32\svchost.exe -k LocalService
                    C:\Windows\system32\svchost.exe -k netsvcs
                    C:\Windows\system32\svchost.exe -k NetworkService
                    C:\Windows\System32\spoolsv.exe
                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                    C:\Program Files\Bonjour\mDNSResponder.exe
                    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                    C:\Windows\system32\mfevtps.exe
                    C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
                    C:\Windows\System32\svchost.exe -k HPZ12
                    C:\Windows\SysWOW64\NLSSRV32.EXE
                    C:\Windows\System32\svchost.exe -k HPZ12
                    C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
                    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
                    C:\Program Files (x86)\Xobni\XobniService.exe
                    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
                    C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
                    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                    C:\Windows\system32\SearchIndexer.exe
                    C:\Windows\system32\taskhost.exe
                    C:\Windows\system32\Dwm.exe
                    C:\Windows\Explorer.EXE
                    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                    C:\Windows\System32\igfxtray.exe
                    C:\Windows\System32\hkcmd.exe
                    C:\Windows\System32\igfxpers.exe
                    C:\Windows\System32\mobsync.exe
                    C:\Users\miet\AppData\Roaming\Dropbox\bin\Dropbox.exe
                    C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
                    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
                    C:\Program Files (x86)\PDF24\pdf24.exe
                    C:\Program Files (x86)\iTunes\iTunesHelper.exe
                    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                    C:\Program Files\iPod\bin\iPodService.exe
                    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
                    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
                    C:\Windows\explorer.exe
                    C:\Windows\System32\WUDFHost.exe
                    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
                    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
                    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
                    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
                    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
                    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
                    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
                    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
                    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
                    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
                    C:\Program Files\CCleaner\CCleaner64.exe
                    C:\Windows\system32\taskmgr.exe
                    C:\Windows\system32\mmc.exe
                    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
                    C:\Windows\system32\SearchProtocolHost.exe
                    C:\Windows\system32\SearchFilterHost.exe
                    C:\Windows\system32\wbem\wmiprvse.exe
                    C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe
                    C:\Windows\System32\cscript.exe
                    .
                    ============== Pseudo HJT Report ===============
                    .
                    uStart Page = about:blank
                    mStart Page = about:blank
                    uProxyOverride = <local>;localhost;*.local
                    mWinlogon: Userinit = userinit.exe,
                    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
                    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140602133733.dll
                    BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
                    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
                    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
                    uRun: [GoogleChromeAutoLaunch_4F7065B95F8886359D57E895996CD00A] "C:\Users\miet\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
                    mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
                    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
                    mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
                    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                    dRun: [Copy] "C:\Users\miet\AppData\Roaming\Copy\CopyAgent.exe"
                    StartupFolder: C:\Users\miet\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\miet\AppData\Roaming\Dropbox\bin\Dropbox.exe
                    mPolicies-Explorer: NoActiveDesktop = dword:1
                    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
                    mPolicies-Explorer: NoWelcomeScreen = dword:1
                    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                    mPolicies-System: ConsentPromptBehaviorUser = dword:3
                    mPolicies-System: EnableUIADesktopToggle = dword:0
                    IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
                    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
                    IE: LastPass - C:\Users\miet\AppData\LocalLow\LastPass\context.html?cmd=lastpass
                    IE: LastPass Invulformulieren - C:\Users\miet\AppData\LocalLow\LastPass\context.html?cmd=fillforms
                    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
                    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
                    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                    Trusted Zone: //about.htm/
                    Trusted Zone: //Exclude.htm/
                    Trusted Zone: //LanguageSelection.htm/
                    Trusted Zone: //Message.htm/
                    Trusted Zone: //MyAgttryCmd.htm/
                    Trusted Zone: //MyAgttryNag.htm/
                    Trusted Zone: //MyNotification.htm/
                    Trusted Zone: //NOCLessUpdate.htm/
                    Trusted Zone: //quarantine.htm/
                    Trusted Zone: //ScanNow.htm/
                    Trusted Zone: //strings.vbs/
                    Trusted Zone: //Template.htm/
                    Trusted Zone: //Update.htm/
                    Trusted Zone: //VirFound.htm/
                    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                    TCP: NameServer = 10.0.0.1
                    TCP: Interfaces\{78D9785A-5EC5-4B89-BD6C-26F583C58C5A} : DHCPNameServer = 10.0.0.1
                    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                    SSODL: WebCheck - <orphaned>
                    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
                    x64-mStart Page = about:blank
                    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
                    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140602133710.dll
                    x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
                    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
                    x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
                    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
                    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
                    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
                    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
                    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
                    x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
                    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
                    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
                    x64-Notify: igfxcui - igfxdev.dll
                    x64-SSODL: WebCheck - <orphaned>
                    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
                    .
                    ============= SERVICES / DRIVERS ===============
                    .
                    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-7-19 782968]
                    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-7-19 344176]
                    R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);C:\Windows\System32\drivers\tdrpm147.sys [2013-1-8 1581088]
                    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-4-7 283064]
                    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2012-2-22 75936]
                    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-3-6 242448]
                    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-3-6 185280]
                    R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2012-3-6 296400]
                    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-10-10 69640]
                    R2 RumorServer;McAfee Peer Distribution Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2012-3-6 296400]
                    R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-4-8 4972864]
                    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-1 2320920]
                    R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2013-6-18 63096]
                    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-3-1 301232]
                    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
                    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-1 271872]
                    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-7-19 311600]
                    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                    S3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\System32\drivers\a38usb.sys [2013-6-7 44672]
                    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
                    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-7-19 107032]
                    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
                    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-3-6 59392]
                    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-1 1255736]
                    .
                    =============== File Associations ===============
                    .
                    .js: <filetype is not registered>
                    .
                    =============== Created Last 30 ================
                    .
                    2014-09-25 06:43:44 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
                    2014-09-25 06:38:44 -------- d-----w- C:\AdwCleaner
                    2014-09-24 01:26:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
                    2014-09-24 01:26:34 2048 ----a-w- C:\Windows\System32\tzres.dll
                    2014-09-23 06:56:54 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
                    2014-09-23 06:56:35 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
                    2014-09-23 06:56:35 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
                    2014-09-23 06:56:35 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
                    2014-09-23 06:56:34 -------- d-----w- C:\ProgramData\Malwarebytes
                    2014-09-23 06:56:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
                    2014-09-18 13:31:31 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                    2014-09-18 09:11:23 -------- d-----w- C:\Program Files\iPod
                    2014-09-18 09:10:52 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
                    2014-09-18 09:10:52 -------- d-----w- C:\Program Files\iTunes
                    2014-09-18 09:10:52 -------- d-----w- C:\Program Files (x86)\iTunes
                    2014-09-18 07:05:37 -------- d-----w- C:\Program Files\TeraCopy
                    2014-09-11 11:58:37 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
                    2014-09-11 11:58:37 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
                    2014-09-11 06:46:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
                    2014-09-11 06:46:06 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
                    2014-09-11 06:45:36 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
                    2014-09-11 06:45:36 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
                    2014-09-11 06:45:01 728064 ----a-w- C:\Windows\System32\kerberos.dll
                    2014-09-11 06:45:00 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
                    2014-09-11 06:45:00 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
                    2014-09-11 06:45:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
                    2014-09-11 06:45:00 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
                    2014-09-11 06:44:29 578048 ----a-w- C:\Windows\System32\aepdu.dll
                    2014-09-11 06:44:28 424448 ----a-w- C:\Windows\System32\aeinv.dll
                    2014-09-09 08:27:12 -------- d-----r- C:\Users\miet\Copy
                    2014-09-09 08:16:07 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
                    2014-09-09 08:15:39 -------- d-----w- C:\Users\miet\AppData\Roaming\Copy
                    2014-09-04 13:48:27 -------- d-----w- C:\Users\miet\AppData\Local\Microsoft Games
                    2014-08-28 06:36:52 404480 ----a-w- C:\Windows\System32\gdi32.dll
                    2014-08-28 06:36:52 3163648 ----a-w- C:\Windows\System32\win32k.sys
                    2014-08-28 06:36:52 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
                    .
                    ==================== Find3M ====================
                    .
                    2014-09-24 13:49:07 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                    2014-09-24 13:49:07 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                    2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                    2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                    2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
                    2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
                    2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
                    2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                    2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
                    2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
                    2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                    2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                    2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
                    2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                    2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
                    2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
                    2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                    2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
                    2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                    2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
                    2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                    2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                    2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
                    2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
                    2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
                    2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
                    2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                    2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
                    2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
                    2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
                    2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
                    2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
                    2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
                    2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
                    2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
                    2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
                    2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
                    2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
                    2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
                    .
                    ============= FINISH: 15:11:33,65 ===============

                    Comment


                    • #11
                      Download Combofix naar je bureaublad.
                      (Dus niet naar een download map of temp map)

                      Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                      Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

                      Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                      Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                      Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                      Als Combofix vraagt om een update, dan staat je dit toe.

                      Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                      Deze kan je vinden als C:\combofix.txt.

                      Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                      * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                      • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                      • Illegal operation attempted on a registry key that has been marked for deletion.
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment


                      • #12
                        Hallo,

                        Ik heb geprobeerd om Combofix te laten scannen. Eerst start het programma op en wordt de scan gestart, vervolgens krijg ik een BSOD (ik ben jammer genoeg vergeten om de foutcode te noteren), daarna herstart ik de computer, maar is het combofix-bestand verdwenen. Ik probeer om het opnieuw te downloaden, maar dit mislukt in Chrome en in IE krijg ik een melding dat ik geen Administrator-machtigingen heb (terwijl ik deze wel heb). Vandaag kan ik niet verder doen, maar ik zal het morgen nog eens proberen.

                        Met vriendelijke groet,
                        Macchiato

                        Comment


                        • #13
                          Download E-PeekSetup.exe naar je bureaublad.
                          Dubbelklik erop en volg de instructies.
                          Op het einde van de installatie, zal E-Peek opstarten.
                          Klik OK op het eerste scherm en vervolgens "Scan".
                          Post de log.
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            Ik krijg een foutmelding. Zie bijlage!

                            Click image for larger version

Name:	Schermafdruk 2014-09-26 09.44.04.png
Views:	1
Size:	9,2 KB
ID:	1067918

                            Comment


                            • #15
                              Het lijkt me dat er niet veel wil werken op je pc.

                              1. ben je ingelogd als gebruiker met alle rechten?
                              2. voer je de tools als admin uit (rechtsklikken en uitvoeren als kiezen) ?
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X