Mededeling

Collapse
No announcement yet.

Hardnekkig terugkerende infectie

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Hardnekkig terugkerende infectie

    Geachte hulp geïnteresseerden, forumgebruikers, computerkundigen, veiligheidsdonders,

    Tijden terug sinds ik mijn laatste logfile heb gepost.

    Ik heb een terugkerende infectie op locatie: C:\Users\Flo W\AppData\Local\Temp\tmp.....tmp.exe (Avira)

    Met Spybot, en twee adawarescannerwaardige alternatieven (malwarebytes, & sas) computer laten opschonen.

    Troep verwijdert. Behalve dat de infectie terug blijft komen.

    Wie o wie haalt deze hardnekkigheid met een gouden tip indirect van mijn draaiend systeem alhier??

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 14:35:34, on 23-9-2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17280)


    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Flo W\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirementslab...ri_4.5.1.0.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9046 bytes

    Bedankt, benieuwd, groet,

  • #2
    Hoi MonkeyFLi en welkom op Nucia Security Forum,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



    Stap 1:

    Malware scannen en verwijderen....

    Installeer MBAM 2.0 (info & download link)

    Start MBAM.
    Klik bovenin het scherm van Malwarebytes Anti-Malware op Scan.
    Kies in het scherm voor de Aangepaste scan en vink de partities aan die van toepassing zijn (c:\ d\ enz..)
    Klik vervolgens op de knop Scan nu.

    Voor het scannen wordt er altijd eerst automatisch gecontroleerd of er updates van de virusdefinities beschikbaar zijn, indien er een update beschikbaar is, moet je deze eerst laten installeren.

    Wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijg je hier een overzicht van.
    Selecteer om allen in quarantaine te plaatsen.
    Bij de melding dat uw computer opnieuw opgestart moet worden klik je op Ja.

    Na herstart van de PC, indien Malwarebytes heeft gevraagd om de PC opnieuw op te starten, open Malwarebytes opnieuw.
    Klik de Historie knop bovenaan in het menu.
    Klik vervolgens op de optie programmalogboeken en selecteer het Scanlogboek wat u wilt exporteren. Dit is de laatste scan die je hebt gedaan (kan je zien aan de datum en tijd).
    Selecteer deze om te bekijken.
    In een nieuw venster dat zal openen zal je de resultaten van je scan zien.

    Onderaan, selecteer ofwel om te exporteren als tekstbestand en geef het tekstbestand een naam, bijvoorbeeld mbamlog.
    Ofwel kan je selecteren om te kopieren naar het klembord, zodat de inhoud van de log naar je klembord wordt gekopieerd en je die zo in je volgende post kan plakken.


    Stap 2:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scannen
    • Klik op Verwijderen
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
    Post deze inhoud hier op het Forum.

    Enkel de log na de "Verwijderen" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
    Deze word standaard door AdwCleaner terug gezet naar Google.com


    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


    Stap 4:

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.


    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Mbamlog:

      Malwarebytes Anti-Malware
      www.malwarebytes.org

      Scan Date: 23-9-2014
      Scan Time: 23:14:30
      Logfile:
      Administrator: Yes

      Version: 2.00.2.1012
      Malware Database: v2014.09.23.10
      Rootkit Database: v2014.09.19.01
      License: Free
      Malware Protection: Disabled
      Malicious Website Protection: Disabled
      Self-protection: Disabled

      OS: Windows 7 Service Pack 1
      CPU: x64
      File System: NTFS
      User: Flo W

      Scan Type: Custom Scan
      Result: Completed
      Objects Scanned: 405114
      Time Elapsed: 1 hr, 10 min, 13 sec

      Memory: Enabled
      Startup: Enabled
      Filesystem: Enabled
      Archives: Enabled
      Rootkits: Disabled
      Heuristics: Enabled
      PUP: Enabled
      PUM: Enabled

      Processes: 0
      (No malicious items detected)

      Modules: 0
      (No malicious items detected)

      Registry Keys: 1
      PUP.Optional.Softonic.A, HKU\S-1-5-21-3134333935-353639479-4207367602-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [0b0bc42de09b75c1f7035ccfad5602fe],

      Registry Values: 0
      (No malicious items detected)

      Registry Data: 0
      (No malicious items detected)

      Folders: 0
      (No malicious items detected)

      Files: 3
      PUP.Optional.OneClickDownloader.A, C:\Users\Flo W\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000, Quarantined, [de38ef02d0ab42f4c67560c306fb728e],
      PUP.Optional.Softonic, C:\Users\Flo W\Downloads\SoftonicDownloader_voor_spybot-search-destroy.exe, Quarantined, [45d10ce53a41fd39bcbbb50310f1669a],
      HackTool.Wpakill, C:\Windows\Setup\scripts\faXcooL.exe, Quarantined, [c155b43d2952082e353acc9079876799],

      Physical Sectors: 0
      (No malicious items detected)


      (end)

      AdwCleaner[S2]

      # AdwCleaner v3.310 - Report created 24/09/2014 at 00:48:27
      # Updated 12/09/2014 by Xplode
      # Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)
      # Username : Flo W - PC_BP_FLA
      # Running from : C:\Users\Flo W\Downloads\adwcleaner_3.310.exe
      # Option : Clean

      ***** [ Services ] *****


      ***** [ Files / Folders ] *****


      ***** [ Scheduled Tasks ] *****


      ***** [ Shortcuts ] *****


      ***** [ Registry ] *****

      Key Deleted : HKCU\Software\Softonic

      ***** [ Browsers ] *****

      -\\ Internet Explorer v11.0.9600.17280


      -\\ Google Chrome v37.0.2062.120

      [ File : C:\Users\Flo W\AppData\Local\Google\Chrome\User Data\Default\preferences ]

      Deleted [Search Provider] : hxxp://nl.softonic.com/s/{searchTerms}

      *************************

      AdwCleaner[R0].txt - [1463 octets] - [17/09/2014 22:38:08]
      AdwCleaner[R1].txt - [925 octets] - [17/09/2014 22:46:38]
      AdwCleaner[R2].txt - [1188 octets] - [24/09/2014 00:44:56]
      AdwCleaner[S0].txt - [1494 octets] - [17/09/2014 22:42:08]
      AdwCleaner[S1].txt - [985 octets] - [17/09/2014 22:47:43]
      AdwCleaner[S2].txt - [1072 octets] - [24/09/2014 00:48:27]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1132 octets] ##########

      Comment


      • #4
        DDS (Ver_2012-11-20.01) - NTFS_AMD64
        Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
        Run by Flo W at 1:00:04 on 2014-09-24
        Microsoft Windows 7 Home Basic 6.1.7601.1.1252.31.1033.18.3894.2351 [GMT 2:00]
        .
        AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
        SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
        SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
        .
        ============== Running Processes ===============
        .
        C:\Windows\system32\lsm.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch
        C:\Windows\system32\svchost.exe -k RPCSS
        C:\Windows\system32\atiesrxx.exe
        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        C:\Windows\system32\svchost.exe -k LocalService
        C:\Windows\system32\svchost.exe -k netsvcs
        C:\Windows\system32\Hpservice.exe
        C:\Windows\System32\WUDFHost.exe
        C:\Windows\system32\atieclxx.exe
        C:\Windows\system32\svchost.exe -k NetworkService
        C:\Windows\System32\spoolsv.exe
        C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
        C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
        C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
        C:\Windows\SysWOW64\PnkBstrA.exe
        C:\Windows\system32\taskhost.exe
        C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\Explorer.EXE
        C:\Windows\system32\rundll32.exe
        C:\Windows\system32\taskeng.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Windows\System32\igfxpers.exe
        C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
        C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
        C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
        C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
        C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
        C:\Windows\system32\svchost.exe -k imgsvc
        C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
        C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
        C:\Windows\system32\SearchIndexer.exe
        C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
        C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Program Files\Windows Media Player\wmpnetwk.exe
        C:\Windows\System32\svchost.exe -k LocalServicePeerNet
        C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
        C:\Windows\System32\svchost.exe -k secsvcs
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Windows\servicing\TrustedInstaller.exe
        C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\SearchProtocolHost.exe
        C:\Windows\system32\SearchFilterHost.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Windows\System32\cscript.exe
        .
        ============== Pseudo HJT Report ===============
        .
        mStart Page = about:blank
        mSearch Page = about:blank
        mDefault_Page_URL = about:blank
        mDefault_Search_URL = about:blank
        uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
        mWinlogon: Userinit = userinit.exe
        BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
        BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
        BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
        TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
        TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
        mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
        mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
        mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
        mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
        mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
        StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
        mPolicies-Explorer: NoActiveDesktop = dword:1
        mPolicies-Explorer: NoActiveDesktopChanges = dword:1
        mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
        mPolicies-System: ConsentPromptBehaviorUser = dword:3
        mPolicies-System: EnableUIADesktopToggle = dword:0
        .
        INFO: HKCU has more than 50 listed domains.
        If you wish to scan all of them, select the 'Force scan all domains' option.
        .
        .
        INFO: HKLM has more than 50 listed domains.
        If you wish to scan all of them, select the 'Force scan all domains' option.
        .
        DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
        DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
        TCP: NameServer = 212.54.44.54 212.54.40.25
        TCP: Interfaces\{12AEDBD0-B7DC-4BE2-BAC0-623532594704} : DHCPNameServer = 212.54.44.54 212.54.40.25
        TCP: Interfaces\{7F4907D4-F933-4C82-8F2C-5F93BE06BF89} : DHCPNameServer = 212.54.44.54 212.54.40.25
        TCP: Interfaces\{7F4907D4-F933-4C82-8F2C-5F93BE06BF89}\07F6B6F6E6 : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
        TCP: Interfaces\{7F4907D4-F933-4C82-8F2C-5F93BE06BF89}\655636864756E637475696E602F6E60247865602169627 : DHCPNameServer = 10.0.1.1
        Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
        Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
        Notify: SDWinLogon - SDWinLogon.dll
        SSODL: WebCheck - <orphaned>
        mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
        x64-mStart Page = about:blank
        x64-mSearch Page = about:blank
        x64-mDefault_Page_URL = about:blank
        x64-mDefault_Search_URL = about:blank
        x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
        x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
        x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
        x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
        x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
        x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
        x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
        x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
        .
        INFO: x64-HKLM has more than 50 listed domains.
        If you wish to scan all of them, select the 'Force scan all domains' option.
        .
        x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
        x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
        x64-Notify: igfxcui - igfxdev.dll
        x64-SSODL: WebCheck - <orphaned>
        Hosts: 127.0.0.1 www.spywareinfo.com
        .
        ============= SERVICES / DRIVERS ===============
        .
        R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-4-13 28600]
        R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-1-10 254528]
        R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
        R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
        R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-23 172344]
        R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-10 203264]
        R2 AntiVirSchedulerService;Avira Planner;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-4-13 430160]
        R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-4-13 430160]
        R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-4-13 117712]
        R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
        R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2014-9-9 156904]
        R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]
        R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-9-23 1738168]
        R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-9-23 2088408]
        R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-9-23 171928]
        R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
        R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400]
        R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
        S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
        S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-17 93712]
        S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
        S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-10 111616]
        S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-18 122584]
        S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
        S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
        S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
        S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
        S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-9 1255736]
        S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
        .
        =============== Created Last 30 ================
        .
        2014-09-23 13:02:12 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F3314383-0DCF-4FB9-A334-2B2D9CF50D8F}\mpengine.dll
        2014-09-23 11:25:06 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
        2014-09-23 11:25:05 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
        2014-09-23 11:25:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
        2014-09-21 20:16:20 -------- d-----w- C:\Users\Flo W\AppData\Roaming\SUPERAntiSpyware.com
        2014-09-21 20:15:50 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
        2014-09-21 20:15:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware
        2014-09-20 12:50:03 -------- d-----w- C:\Program Files (x86)\VS Revo Group
        2014-09-18 20:32:24 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
        2014-09-18 20:32:07 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
        2014-09-18 20:32:07 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
        2014-09-18 20:32:07 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
        2014-09-18 20:32:07 -------- d-----w- C:\ProgramData\Malwarebytes
        2014-09-18 20:32:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
        2014-09-17 20:38:44 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
        2014-09-17 20:37:43 -------- d-----w- C:\AdwCleaner
        2014-09-14 15:04:18 -------- d-----w- C:\Users\Flo W\AppData\Local\SWTOR
        2014-09-13 14:33:48 -------- d-----w- C:\ProgramData\BitRaider
        2014-09-13 14:33:12 -------- d-----w- C:\Users\Flo W\AppData\Local\SWTORPerf
        2014-09-13 14:32:14 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
        2014-09-10 17:46:46 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
        2014-09-10 17:46:46 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
        2014-09-10 14:37:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
        2014-09-10 14:37:06 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
        2014-09-10 14:36:53 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
        2014-09-10 14:36:53 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
        2014-09-10 14:36:41 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
        2014-09-10 14:36:41 728064 ----a-w- C:\Windows\System32\kerberos.dll
        2014-09-10 14:36:41 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
        2014-09-10 14:36:41 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
        2014-09-10 14:36:41 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
        2014-09-10 14:36:37 578048 ----a-w- C:\Windows\System32\aepdu.dll
        2014-09-10 14:36:37 424448 ----a-w- C:\Windows\System32\aeinv.dll
        2014-09-10 14:25:04 -------- d-----w- C:\Users\Flo W\AppData\Local\Ubisoft Game Launcher
        2014-09-09 18:16:47 -------- d-----w- C:\Users\Flo W\AppData\Roaming\WindowsUpdater
        2014-08-28 09:40:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
        2014-08-28 09:40:00 3163648 ----a-w- C:\Windows\System32\win32k.sys
        2014-08-28 09:40:00 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
        .
        ==================== Find3M ====================
        .
        2014-09-23 19:27:19 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
        2014-09-23 19:27:19 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
        2014-09-15 07:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
        2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
        2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
        2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
        2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
        2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
        2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
        2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
        2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
        2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
        2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
        2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
        2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
        2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
        2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
        2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
        2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
        2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
        2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
        2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
        2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
        2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
        2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
        2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
        2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
        2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
        2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
        2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
        2014-08-09 09:14:08 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
        2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
        2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
        2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
        2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
        2014-07-14 10:04:11 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
        2014-07-14 10:04:09 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
        2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
        2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
        2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
        2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
        2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
        2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
        2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
        2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
        .
        ============= FINISH: 1:00:32,68 ===============

        Checkup:

        Results of screen317's Security Check version 0.99.87
        Windows 7 Service Pack 1 x64 (UAC is enabled)
        Internet Explorer 11
        ``````````````Antivirus/Firewall Check:``````````````
        Windows Firewall Enabled!
        Avira Desktop
        Antivirus up to date! (On Access scanning disabled!)
        `````````Anti-malware/Other Utilities Check:`````````
        MVPS Hosts File
        Spybot - Search & Destroy
        McAfee SiteAdvisor
        Java 7 Update 67
        Adobe Reader 10.1.12 Adobe Reader out of Date!
        Google Chrome 37.0.2062.103
        Google Chrome 37.0.2062.120
        ````````Process Check: objlist.exe by Laurent````````
        Spybot Teatimer.exe is disabled!
        Avira Antivir avgnt.exe
        Avira Antivir avguard.exe
        `````````````````System Health check`````````````````
        Total Fragmentation on Drive C: 1%
        ````````````````````End of Log``````````````````````

        Comment


        • #5
          Ik ga pitten. Bedankt voor je inzage..

          Comment


          • #6
            Download Combofix naar je bureaublad.
            (Dus niet naar een download map of temp map)

            Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
            Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

            Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

            Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
            Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

            Als Combofix vraagt om een update, dan staat je dit toe.

            Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
            Deze kan je vinden als C:\combofix.txt.

            Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

            * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
            • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
            • Illegal operation attempted on a registry key that has been marked for deletion.
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              ComboFix 14-09-22.01 - Flo W 24-09-2014 12:13:07.1.4 - x64
              Microsoft Windows 7 Home Basic 6.1.7601.1.1252.31.1033.18.3894.2535 [GMT 2:00]
              Gestart vanuit: c:\users\Flo W\Desktop\ComboFix.exe
              AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
              SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
              SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
              SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              .
              .
              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              c:\users\Flo W\AppData\Local\TempDIR
              c:\windows\RazorDOX
              c:\windows\RazorDOX\RazorDOX.dll
              c:\windows\RazorDOX\RazorDOX.ini
              .
              .
              (((((((((((((((((((( Bestanden Gemaakt van 2014-08-24 to 2014-09-24 ))))))))))))))))))))))))))))))
              .
              .
              2014-09-24 10:16 . 2014-09-24 10:16 -------- d-----w- c:\users\Default\AppData\Local\temp
              2014-09-24 09:18 . 2014-09-24 09:18 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3314383-0DCF-4FB9-A334-2B2D9CF50D8F}\offreg.dll
              2014-09-24 09:18 . 2014-09-24 09:18 -------- d-----w- c:\windows\LastGood
              2014-09-24 09:14 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
              2014-09-24 09:14 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
              2014-09-23 13:02 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3314383-0DCF-4FB9-A334-2B2D9CF50D8F}\mpengine.dll
              2014-09-23 11:25 . 2013-09-20 08:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
              2014-09-23 11:25 . 2014-09-23 12:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
              2014-09-23 11:25 . 2014-09-23 11:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
              2014-09-21 20:16 . 2014-09-21 20:16 -------- d-----w- c:\users\Flo W\AppData\Roaming\SUPERAntiSpyware.com
              2014-09-21 20:15 . 2014-09-21 21:30 -------- d-----w- c:\program files\SUPERAntiSpyware
              2014-09-21 20:15 . 2014-09-21 20:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
              2014-09-20 12:50 . 2014-09-20 12:50 -------- d-----w- c:\program files (x86)\VS Revo Group
              2014-09-18 20:32 . 2014-09-23 22:38 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
              2014-09-18 20:32 . 2014-09-18 20:32 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
              2014-09-18 20:32 . 2014-09-18 20:32 -------- d-----w- c:\programdata\Malwarebytes
              2014-09-18 20:32 . 2014-05-12 05:55 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
              2014-09-18 20:32 . 2014-05-12 05:55 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
              2014-09-18 20:32 . 2014-05-12 05:54 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
              2014-09-17 20:38 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
              2014-09-17 20:37 . 2014-09-23 22:48 -------- d-----w- C:\AdwCleaner
              2014-09-14 15:04 . 2014-09-14 15:04 -------- d-----w- c:\users\Flo W\AppData\Local\SWTOR
              2014-09-13 14:33 . 2014-09-20 12:53 -------- d-----w- c:\programdata\BitRaider
              2014-09-13 14:32 . 2014-09-13 14:32 -------- d-----w- c:\program files (x86)\Common Files\BioWare
              2014-09-10 17:46 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
              2014-09-10 17:46 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
              2014-09-10 14:37 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
              2014-09-10 14:37 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
              2014-09-10 14:36 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
              2014-09-10 14:36 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
              2014-09-10 14:36 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
              2014-09-10 14:36 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
              2014-09-10 14:36 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
              2014-09-10 14:36 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
              2014-09-10 14:36 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
              2014-09-10 14:36 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
              2014-09-10 14:36 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
              2014-09-10 14:25 . 2014-09-10 14:28 -------- d-----w- c:\users\Flo W\AppData\Local\Ubisoft Game Launcher
              2014-09-10 14:25 . 2014-09-20 12:30 -------- d-----w- c:\program files (x86)\Ubisoft
              2014-09-09 18:16 . 2014-09-09 18:16 -------- d-----w- c:\users\Flo W\AppData\Roaming\WindowsUpdater
              2014-08-28 09:40 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
              2014-08-28 09:40 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
              2014-08-28 09:40 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
              .
              .
              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2014-09-23 19:27 . 2012-04-09 19:41 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
              2014-09-23 19:27 . 2012-01-09 23:04 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
              2014-09-15 07:06 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
              2014-09-10 17:47 . 2012-01-10 03:31 101694776 ----a-w- c:\windows\system32\MRT.exe
              2014-08-09 09:14 . 2014-08-09 09:14 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
              2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
              2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
              2014-07-14 10:04 . 2013-05-14 21:07 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
              2014-07-14 10:04 . 2013-04-13 12:32 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
              2014-07-14 02:02 . 2014-08-13 21:44 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
              2014-07-14 01:40 . 2014-08-13 21:44 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
              2014-07-09 02:03 . 2014-08-13 21:52 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
              2014-07-09 02:03 . 2014-08-13 21:52 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
              2014-07-09 02:03 . 2014-08-13 21:52 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
              2014-07-09 02:03 . 2014-08-13 21:52 6656 ----a-w- c:\windows\system32\KBDRU.DLL
              2014-07-09 02:03 . 2014-08-13 21:52 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
              2014-07-09 01:31 . 2014-08-13 21:52 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
              2014-07-09 01:31 . 2014-08-13 21:52 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
              2014-06-30 22:24 . 2014-08-13 22:04 8856 ----a-w- c:\windows\system32\icardres.dll
              2014-06-30 22:14 . 2014-08-13 22:04 8856 ----a-w- c:\windows\SysWow64\icardres.dll
              .
              .
              ------- Sigcheck -------
              Note: Unsigned files aren't necessarily malware.
              .
              [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
              [-] 2012-01-09 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
              .
              [-] 2012-01-09 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
              [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
              REGEDIT4
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
              "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
              "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
              "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-20 751184]
              "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
              "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
              .
              c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
              McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
              "ConsentPromptBehaviorAdmin"= 5 (0x5)
              "ConsentPromptBehaviorUser"= 3 (0x3)
              "EnableUIADesktopToggle"= 0 (0x0)
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
              "Userinit"="userinit.exe"
              .
              [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
              BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
              @=""
              .
              R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
              R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
              R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
              R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
              R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
              R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
              R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
              R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drive rs\MBAMSwissArmy.sys [x]
              R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
              R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
              R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
              R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
              R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
              S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
              S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
              S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
              S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
              S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
              S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
              S2 AntiVirSchedulerService;Avira Planner;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
              S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
              S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
              S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
              S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
              S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
              S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
              S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
              .
              .
              [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
              2014-09-11 09:51 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
              .
              Inhoud van de 'Gedeelde Taken' map
              .
              2014-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
              - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 19:27]
              .
              2014-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 18:16]
              .
              2014-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
              - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 18:16]
              .
              .
              --------- X64 Entries -----------
              .
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
              "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
              "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
              .
              ------- Bijkomende Scan -------
              .
              uLocal Page = c:\windows\system32\blank.htm
              mDefault_Search_URL = about:blank
              mDefault_Page_URL = about:blank
              mStart Page = about:blank
              mLocal Page = c:\windows\SysWOW64\blank.htm
              mSearch Page = about:blank
              TCP: DhcpNameServer = 212.54.44.54 212.54.40.25
              .
              - - - - ORPHANS VERWIJDERD - - - -
              .
              Notify-SDWinLogon - SDWinLogon.dll
              HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
              HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
              AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
              AddRemove-swtor_swtor - c:\programdata\BitRaider\brwc.exe
              .
              .
              .
              --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
              @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker6"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
              "Enabled"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Shockwave Flash Object"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
              @="0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
              @="ShockwaveFlash.ShockwaveFlash.15"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="ShockwaveFlash.ShockwaveFlash"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
              @Denied: (A 2) (Everyone)
              @="Macromedia Flash Factory Object"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
              "ThreadingModel"="Apartment"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
              @="FlashFactory.FlashFactory.1"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
              @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
              @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
              @="1.0"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
              @="FlashFactory.FlashFactory"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker6"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
              @Denied: (Full) (Everyone)
              .
              Voltooingstijd: 2014-09-24 12:18:25
              ComboFix-quarantined-files.txt 2014-09-24 10:18
              .
              Pre-Run: 34.489.008.128 bytes free
              Post-Run: 34.335.313.920 bytes free
              .
              - - End Of File - - 22ACD6EAE9EA5221954DBFD1C5D88750
              A36C5E4F47E84449FF07ED3517B43A31



              DDS (Ver_2012-11-20.01) - NTFS_AMD64
              Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
              Run by Flo W at 12:24:42 on 2014-09-24
              Microsoft Windows 7 Home Basic 6.1.7601.1.1252.31.1033.18.3894.2459 [GMT 2:00]
              .
              AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
              SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
              SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
              .
              ============== Running Processes ===============
              .
              C:\Windows\system32\lsm.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch
              C:\Windows\system32\svchost.exe -k RPCSS
              C:\Windows\system32\atiesrxx.exe
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
              C:\Windows\system32\svchost.exe -k LocalService
              C:\Windows\system32\svchost.exe -k netsvcs
              C:\Windows\system32\Hpservice.exe
              C:\Windows\system32\atieclxx.exe
              C:\Windows\System32\WUDFHost.exe
              C:\Windows\system32\svchost.exe -k NetworkService
              C:\Windows\System32\spoolsv.exe
              C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
              C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
              C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
              C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
              C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
              c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
              C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
              C:\Windows\SysWOW64\PnkBstrA.exe
              C:\Windows\system32\svchost.exe -k imgsvc
              C:\Windows\system32\rundll32.exe
              C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
              C:\Windows\system32\taskhost.exe
              C:\Windows\system32\taskeng.exe
              C:\Windows\system32\Dwm.exe
              C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              C:\Windows\System32\igfxpers.exe
              C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
              C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
              C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
              C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
              C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
              C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
              C:\Windows\system32\SearchIndexer.exe
              C:\Program Files\Windows Media Player\wmpnetwk.exe
              C:\Windows\System32\svchost.exe -k LocalServicePeerNet
              C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
              C:\Windows\System32\svchost.exe -k secsvcs
              C:\Windows\explorer.exe
              C:\Windows\system32\AUDIODG.EXE
              C:\Windows\system32\SearchProtocolHost.exe
              C:\Windows\system32\SearchFilterHost.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Windows\System32\cscript.exe
              .
              ============== Pseudo HJT Report ===============
              .
              mStart Page = about:blank
              mSearch Page = about:blank
              mDefault_Page_URL = about:blank
              mDefault_Search_URL = about:blank
              uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
              mWinlogon: Userinit = userinit.exe
              BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
              BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
              BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
              BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
              BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
              TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
              TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
              mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
              mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
              mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
              mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
              mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
              StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
              uPolicies-Explorer: NoDrives = dword:0
              mPolicies-Explorer: NoDrives = dword:0
              mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
              mPolicies-System: ConsentPromptBehaviorUser = dword:3
              mPolicies-System: EnableUIADesktopToggle = dword:0
              DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
              DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
              DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
              TCP: NameServer = 212.54.44.54 212.54.40.25
              TCP: Interfaces\{12AEDBD0-B7DC-4BE2-BAC0-623532594704} : DHCPNameServer = 212.54.44.54 212.54.40.25
              TCP: Interfaces\{7F4907D4-F933-4C82-8F2C-5F93BE06BF89}\07F6B6F6E6 : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
              TCP: Interfaces\{7F4907D4-F933-4C82-8F2C-5F93BE06BF89}\655636864756E637475696E602F6E60247865602169627 : DHCPNameServer = 10.0.1.1
              Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
              Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
              Notify: SDWinLogon - SDWinLogon.dll
              SSODL: WebCheck - <orphaned>
              mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
              x64-mStart Page = about:blank
              x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
              x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
              x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
              x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
              x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
              x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
              x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
              x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
              x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
              x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
              x64-Notify: igfxcui - igfxdev.dll
              x64-SSODL: WebCheck - <orphaned>
              .
              ============= SERVICES / DRIVERS ===============
              .
              R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-4-13 28600]
              R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-1-10 254528]
              R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
              R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
              R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-23 172344]
              R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-10 203264]
              R2 AntiVirSchedulerService;Avira Planner;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-4-13 430160]
              R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-4-13 430160]
              R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-4-13 117712]
              R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
              R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2014-9-9 156904]
              R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]
              R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
              R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400]
              R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
              R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
              S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
              S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
              S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-9-23 1738168]
              S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-9-23 2088408]
              S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-9-23 171928]
              S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-17 93712]
              S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
              S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-10 111616]
              S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-18 122584]
              S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
              S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
              S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
              S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-9 1255736]
              S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
              .
              =============== Created Last 30 ================
              .
              2014-09-24 10:18:29 -------- d-sh--w- C:\$RECYCLE.BIN
              2014-09-24 10:07:12 98816 ----a-w- C:\Windows\sed.exe
              2014-09-24 10:07:12 256000 ----a-w- C:\Windows\PEV.exe
              2014-09-24 10:07:12 208896 ----a-w- C:\Windows\MBR.exe
              2014-09-24 09:18:51 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F3314383-0DCF-4FB9-A334-2B2D9CF50D8F}\offreg.dll
              2014-09-24 09:14:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
              2014-09-24 09:14:54 2048 ----a-w- C:\Windows\System32\tzres.dll
              2014-09-23 13:02:12 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F3314383-0DCF-4FB9-A334-2B2D9CF50D8F}\mpengine.dll
              2014-09-23 11:25:06 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
              2014-09-23 11:25:05 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
              2014-09-23 11:25:01 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
              2014-09-21 20:16:20 -------- d-----w- C:\Users\Flo W\AppData\Roaming\SUPERAntiSpyware.com
              2014-09-21 20:15:50 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
              2014-09-21 20:15:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware
              2014-09-20 12:50:03 -------- d-----w- C:\Program Files (x86)\VS Revo Group
              2014-09-18 20:32:24 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
              2014-09-18 20:32:07 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
              2014-09-18 20:32:07 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
              2014-09-18 20:32:07 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
              2014-09-18 20:32:07 -------- d-----w- C:\ProgramData\Malwarebytes
              2014-09-18 20:32:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
              2014-09-17 20:38:44 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
              2014-09-17 20:37:43 -------- d-----w- C:\AdwCleaner
              2014-09-14 15:04:18 -------- d-----w- C:\Users\Flo W\AppData\Local\SWTOR
              2014-09-13 14:33:48 -------- d-----w- C:\ProgramData\BitRaider
              2014-09-13 14:33:12 -------- d-----w- C:\Users\Flo W\AppData\Local\SWTORPerf
              2014-09-13 14:32:14 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
              2014-09-10 17:46:46 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
              2014-09-10 17:46:46 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
              2014-09-10 14:37:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
              2014-09-10 14:37:06 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
              2014-09-10 14:36:53 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
              2014-09-10 14:36:53 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
              2014-09-10 14:36:41 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
              2014-09-10 14:36:41 728064 ----a-w- C:\Windows\System32\kerberos.dll
              2014-09-10 14:36:41 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
              2014-09-10 14:36:41 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
              2014-09-10 14:36:41 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
              2014-09-10 14:36:37 578048 ----a-w- C:\Windows\System32\aepdu.dll
              2014-09-10 14:36:37 424448 ----a-w- C:\Windows\System32\aeinv.dll
              2014-09-10 14:25:04 -------- d-----w- C:\Users\Flo W\AppData\Local\Ubisoft Game Launcher
              2014-09-09 18:16:47 -------- d-----w- C:\Users\Flo W\AppData\Roaming\WindowsUpdater
              2014-08-28 09:40:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
              2014-08-28 09:40:00 3163648 ----a-w- C:\Windows\System32\win32k.sys
              2014-08-28 09:40:00 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
              .
              ==================== Find3M ====================
              .
              2014-09-23 19:27:19 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
              2014-09-23 19:27:19 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
              2014-09-15 07:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
              2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
              2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
              2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
              2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
              2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
              2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
              2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
              2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
              2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
              2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
              2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
              2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
              2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
              2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
              2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
              2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
              2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
              2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
              2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
              2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
              2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
              2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
              2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
              2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
              2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
              2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
              2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
              2014-08-09 09:14:08 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
              2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
              2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
              2014-07-14 10:04:11 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
              2014-07-14 10:04:09 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
              2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
              2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
              2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
              2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
              2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
              2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
              2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
              2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
              .
              ============= FINISH: 12:24:53,52 ===============

              Comment


              • #8
                Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                ComboFix /Uninstall

                Zorg ervoor dat er dus een spatie is tussen Combofix en /
                Daarna klik je op Enter.


                Klik op de afbeelding om te vergroten....


                Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw,
                verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen
                en reset je Systeemherstel opnieuw.




                Download of Update Ccleaner

                Start CCleaner op.
                • Run Ccleaner en klik in de linkse kolom op Opties
                • Selecteer het tabblad Geavanceerd
                • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                • Selecteer het tabblad Instellingen
                • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                • Klik in de linkse kolom op Cleaner.
                • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                • Klik vervolgens in de linkse kolom op Register
                • Klik op Scan naar problemen.
                • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                .

                Vertel nu eens even of er nog problemen zijn?

                Emphyrio
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Nou

                  De infectie keert nog steeds terug.

                  user32.dll in de windowsmap evenals 'C:\Users\Flo W\AppData\Local\Temp\tmp93C8.tmp.exe zijn besmet.
                  user32.dll in de windowsmap evenals 'C:\Users\Flo W\AppData\Local\Temp\tmp.....tmp.exe zijn besmet.

                  [Avira] -Laatste scan vond hij 1 virus. Een logfile wijst het uit:



                  Avira Free Antivirus
                  Datum rapportbestand: woensdag 24 september 2014 21:28


                  Het programma wordt uitgevoerd als een onbeperkte volledig versie.
                  Online services zijn beschikbaar.

                  Licentiegebruiker : Avira Antivirus Free
                  Serienummer : 0000149996-AVHOE-0000001
                  Platform : Windows 7 Home Basic
                  Windows-versie : (Service Pack 1) [6.1.7601]
                  Opstartmodus : Normaal opgestart
                  Gebruikersnaam : SYSTEM
                  Computernaam : PC_BP_FLA


                  Scan van systeembestanden wordt geïnitieerd:
                  Ondertekend -> 'C:\Windows\system32\svchost.exe'
                  Ondertekend -> 'C:\Windows\system32\winlogon.exe'
                  Ondertekend -> 'C:\Windows\explorer.exe'
                  Ondertekend -> 'C:\Windows\system32\smss.exe'
                  Ondertekend -> 'C:\Windows\system32\wininet.DLL'
                  Ondertekend -> 'C:\Windows\system32\wsock32.DLL'
                  Ondertekend -> 'C:\Windows\system32\ws2_32.DLL'
                  Ondertekend -> 'C:\Windows\system32\services.exe'
                  Ondertekend -> 'C:\Windows\system32\lsass.exe'
                  Ondertekend -> 'C:\Windows\system32\csrss.exe'
                  Ondertekend -> 'C:\Windows\system32\drivers\kbdclass.sys'
                  Ondertekend -> 'C:\Windows\system32\spoolsv.exe'
                  Ondertekend -> 'C:\Windows\system32\alg.exe'
                  Ondertekend -> 'C:\Windows\system32\wuauclt.exe'
                  Ondertekend -> 'C:\Windows\system32\advapi32.DLL'
                  NIET ondertekend -> 'C:\Windows\system32\user32.DLL'
                  [DETECTIE] Bevat verdachte code HEUR/Modified.SystemFile
                  Ondertekend -> 'C:\Windows\system32\gdi32.DLL'
                  Ondertekend -> 'C:\Windows\system32\kernel32.DLL'
                  Ondertekend -> 'C:\Windows\system32\ntdll.DLL'
                  Ondertekend -> 'C:\Windows\system32\ntoskrnl.exe'
                  Ondertekend -> 'C:\Windows\system32\drivers\beep.sys'
                  Ondertekend -> 'C:\Windows\system32\ctfmon.exe'
                  Ondertekend -> 'C:\Windows\system32\imm32.dll'
                  Ondertekend -> 'C:\Windows\system32\dsound.dll'
                  Ondertekend -> 'C:\Windows\system32\aclui.dll'
                  Ondertekend -> 'C:\Windows\system32\msvcrt.dll'
                  Ondertekend -> 'C:\Windows\system32\d3d9.dll'
                  Ondertekend -> 'C:\Windows\system32\dnsapi.dll'
                  Ondertekend -> 'C:\Windows\system32\mshtml.dll'
                  Ondertekend -> 'C:\Windows\system32\regsvr32.exe'
                  Ondertekend -> 'C:\Windows\system32\rundll32.exe'
                  Ondertekend -> 'C:\Windows\system32\userinit.exe'
                  Ondertekend -> 'C:\Windows\system32\reg.exe'
                  Ondertekend -> 'C:\Windows\regedit.exe'
                  De systeembestanden zijn gescand ('34' bestanden)

                  De bestandsscan wordt gestart:

                  Begin scan in 'C:\Users\Flo W\AppData\Local\Temp\tmp93C8.tmp.exe'
                  C:\Users\Flo W\AppData\Local\Temp\
                  tmp93C8.tmp.exe
                  [DETECTIE] Bevat viruspatronen van adware ADWARE/Adware.Gen2
                  [OPMERKING] Het bestand verplaatst naar de quarantainemap onder de naam '51b788be.qua'!

                  Er wordt begonnen met desinfecteren:
                  C:\Windows\system32\user32.DLL
                  user32.DLL
                  [DETECTIE] Bevat verdachte code HEUR/Modified.SystemFile
                  [OPMERKING] De detectie is als verdacht aangemerkt.
                  [OPMERKING] Er is een backup gemaakt als '493b91d6.qua' (QUARANTAINE)
                  [WAARSCHUWING] Het bestand is genegeerd.


                  Einde van de scan: woensdag 24 september 2014 21:31
                  Gebruikte tijd: 01:28 Minuut/minuten

                  De scan is volledig uitgevoerd.

                  0 Gescande mappen
                  1198 Bestanden zijn gescand
                  1 Er zijn virussen en ongewenste programma's gevonden
                  1 Er zijn bestanden als verdacht aangemerkt
                  0 Bestanden zijn verwijderd
                  0 Virussen en ongewenste programma's zijn gerepareerd
                  2 Bestanden zijn in quarantaine geplaatst
                  0 Bestanden zijn hernoemd
                  0 Bestanden kunnen niet worden gescand
                  1196 Bestanden niet betrokken
                  3 Archieven zijn gescand
                  1 Waarschuwingen
                  2 Opmerkingen


                  De scanresultaten worden overgebracht naar de Guard.

                  Comment


                  • #10
                    Download Hitman Pro 3 naar het bureaublad.
                    .
                    • Dubbelklik op "HitmanPro.exe" en klik op "volgende"
                    • Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
                    • Selecteer de optie "Nee, ik wil deze computer slechts eenmalig controleren" en klik op "Volgende"
                    • De scan zal nu gestart worden, doe verder niets op de computer totdat de scan gereed is.
                    • Als de scan gereed is klik dan op "Activeer gratis licentie" nu komt de melding "Het product is succesvol geactiveerd"
                    • klik nu op "Ok" en daarna op "Volgende" en nogmaals op "Volgende" en dan op "Herstarten"

                    .
                    Post deze log.
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Heb de 64bitversie van Hitman Pro gedraaid.

                      Zou best kunnen dat de hardnekkigheid ondertussen is verdwenen. Hitman Pro vindt niks, ook niet wat user32.dll betreft. En bij de releasenotes staat dit specifieke bestand genoemd dus als user32.dll besmet was, had Hitman Pro van alle scanners toch moeten vinden.

                      Wat mij betreft, bedankt natuurlijk voor je hulp & hopelijk komt Avira de komende tijd niet met diezelfde stomme infectie.

                      Ik zal vandaag nog eens het hele systeem laten scannen door die Avira, hij mag dan geen gevonden infecties meer aangeven vind ik.

                      Ik post het resultaat (ik zet nu die scan aan) ASAP.


                      HitmanPro 3.7.9.225
                      www.hitmanpro.com

                      Computer name . . . . : PC_BP_FLA
                      Windows . . . . . . . : 6.1.1.7601.X64/4
                      User name . . . . . . : PC_BP_FLA\Flo W
                      UAC . . . . . . . . . : Enabled
                      License . . . . . . . : -

                      Scan date . . . . . . : 2014-09-25 10:58:05
                      Scan mode . . . . . . : Normal
                      Scan duration . . . . : 6m 45s
                      Disk access mode . . : Direct disk access (SRB)
                      Cloud . . . . . . . . : Internet
                      Reboot . . . . . . . : No

                      Threats . . . . . . . : 0
                      Traces . . . . . . . : 10

                      Objects scanned . . . : 1.777.273
                      Files scanned . . . . : 18.541
                      Remnants scanned . . : 293.294 files / 1.465.438 keys

                      Cookies _____________________________________________________________________

                      C:\Users\Flo W\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
                      C:\Users\Flo W\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
                      C:\Users\Flo W\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
                      C:\Users\Flo W\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
                      C:\Users\Flo W\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
                      C:\Users\Flo W\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
                      C:\Users\Flo W\AppData\Local\Google\Chrome\User Data\Default\Cookiesd0.imp.revsci.net
                      C:\Users\Flo W\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
                      C:\Users\Flo W\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
                      C:\Users\Flo W\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
                      Last edited by Emphyrio; 25-09-14, 13:09.

                      Comment


                      • #12
                        Shit, shit en nog eens sh*t.

                        Alhoewel al die scanners niks vinden, geeft Avira aan dat die verdomde user32.dll nog steeds is besmet.
                        Logfile hieronder.

                        Over hardnekkigheid gesproken...

                        Avira Free Antivirus
                        Datum rapportbestand: donderdag 25 september 2014 11:16


                        Het programma wordt uitgevoerd als een onbeperkte volledig versie.
                        Online services zijn beschikbaar.

                        Licentiegebruiker : Avira Antivirus Free
                        Serienummer : 0000149996-AVHOE-0000001
                        Platform : Windows 7 Home Basic
                        Windows-versie : (Service Pack 1) [6.1.7601]
                        Opstartmodus : Normaal opgestart
                        Gebruikersnaam : Flo W
                        Computernaam : PC_BP_FLA

                        Versie-informatie:
                        BUILD.DAT : 14.0.6.570 92022 Bytes 15-8-2014 14:51:00
                        AVSCAN.EXE : 14.0.6.548 1046608 Bytes 20-8-2014 08:53:59
                        AVSCANRC.DLL : 14.0.6.522 59472 Bytes 20-8-2014 08:53:59
                        LUKE.DLL : 14.0.6.522 57936 Bytes 20-8-2014 08:54:13
                        AVSCPLR.DLL : 14.0.6.548 92752 Bytes 20-8-2014 08:54:00
                        AVREG.DLL : 14.0.6.522 262224 Bytes 20-8-2014 08:53:58
                        avlode.dll : 14.0.6.526 603728 Bytes 20-8-2014 08:53:58
                        avlode.rdf : 14.0.4.46 64835 Bytes 8-9-2014 16:51:23

                        Configuratie-instellingen voor de scan:
                        Taaknaam...................................: Volledige systeemscan
                        Configuratiebestand........................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
                        Rapporteren................................: Volledig
                        Primaire actie.............................: Interactief
                        Secundaire actie...........................: Negeren
                        Hoofdopstartsector scannen.................: aan
                        Opstartsector scannen......................: aan
                        Opstartsectoren............................: C:,
                        Processcan.................................: aan
                        Uitgebreide processcan.....................: aan
                        Register scannen...........................: aan
                        Zoeken naar rootkits.......................: aan
                        Integriteitscontrole van systeembestanden..: aan
                        Alle bestanden scannen.....................: Alle bestanden
                        Archieven scannen..........................: aan
                        Aantal herhalingen.........................: 20
                        Slimme extensies...........................: aan
                        Macrovirusheuristiek.......................: aan
                        Bestandsheuristiek.........................: uitgebreid
                        Uitgebreide scaninstellingen...............: 0x20001840
                        Uitgebreide scaninstellingen...............: 0x00000080

                        Begin van de scan: donderdag 25 september 2014 11:16

                        Start met het scannen van opstartsectoren:
                        Opstartsector 'HDD0(C'
                        [INFO] Er is geen virus gevonden!

                        Het zoeken naar verborgen objecten wordt gestart.

                        Scan van systeembestanden wordt geïnitieerd:
                        Ondertekend -> 'C:\Windows\system32\svchost.exe'
                        Ondertekend -> 'C:\Windows\system32\winlogon.exe'
                        Ondertekend -> 'C:\Windows\explorer.exe'
                        Ondertekend -> 'C:\Windows\system32\smss.exe'
                        Ondertekend -> 'C:\Windows\system32\wininet.DLL'
                        Ondertekend -> 'C:\Windows\system32\wsock32.DLL'
                        Ondertekend -> 'C:\Windows\system32\ws2_32.DLL'
                        Ondertekend -> 'C:\Windows\system32\services.exe'
                        Ondertekend -> 'C:\Windows\system32\lsass.exe'
                        Ondertekend -> 'C:\Windows\system32\csrss.exe'
                        Ondertekend -> 'C:\Windows\system32\drivers\kbdclass.sys'
                        Ondertekend -> 'C:\Windows\system32\spoolsv.exe'
                        Ondertekend -> 'C:\Windows\system32\alg.exe'
                        Ondertekend -> 'C:\Windows\system32\wuauclt.exe'
                        Ondertekend -> 'C:\Windows\system32\advapi32.DLL'
                        NIET ondertekend -> 'C:\Windows\system32\user32.DLL'
                        [DETECTIE] Bevat verdachte code HEUR/Modified.SystemFile
                        Ondertekend -> 'C:\Windows\system32\gdi32.DLL'
                        Ondertekend -> 'C:\Windows\system32\kernel32.DLL'
                        Ondertekend -> 'C:\Windows\system32\ntdll.DLL'
                        Ondertekend -> 'C:\Windows\system32\ntoskrnl.exe'
                        Ondertekend -> 'C:\Windows\system32\drivers\beep.sys'
                        Ondertekend -> 'C:\Windows\system32\ctfmon.exe'
                        Ondertekend -> 'C:\Windows\system32\imm32.dll'
                        Ondertekend -> 'C:\Windows\system32\dsound.dll'
                        Ondertekend -> 'C:\Windows\system32\aclui.dll'
                        Ondertekend -> 'C:\Windows\system32\msvcrt.dll'
                        Ondertekend -> 'C:\Windows\system32\d3d9.dll'
                        Ondertekend -> 'C:\Windows\system32\dnsapi.dll'
                        Ondertekend -> 'C:\Windows\system32\mshtml.dll'
                        Ondertekend -> 'C:\Windows\system32\regsvr32.exe'
                        Ondertekend -> 'C:\Windows\system32\rundll32.exe'
                        Ondertekend -> 'C:\Windows\system32\userinit.exe'
                        Ondertekend -> 'C:\Windows\system32\reg.exe'
                        Ondertekend -> 'C:\Windows\regedit.exe'
                        De systeembestanden zijn gescand ('34' bestanden)

                        Er wordt begonnen met desinfecteren:
                        C:\Windows\system32\user32.DLL
                        user32.DLL
                        [DETECTIE] Bevat verdachte code HEUR/Modified.SystemFile
                        [OPMERKING] De detectie is als verdacht aangemerkt.
                        [OPMERKING] Er is een backup gemaakt als '51754a27.qua' (QUARANTAINE)
                        [WAARSCHUWING] Het bestand is genegeerd.


                        Einde van de scan: donderdag 25 september 2014 12:15
                        Gebruikte tijd: 55:58 Minuut/minuten

                        De scan is volledig uitgevoerd.

                        27087 Gescande mappen
                        243080 Bestanden zijn gescand
                        0 Er zijn virussen en ongewenste programma's gevonden
                        1 Er zijn bestanden als verdacht aangemerkt
                        0 Bestanden zijn verwijderd
                        0 Virussen en ongewenste programma's zijn gerepareerd
                        1 Bestanden zijn in quarantaine geplaatst
                        0 Bestanden zijn hernoemd
                        1068 Bestanden kunnen niet worden gescand
                        242011 Bestanden niet betrokken
                        2162 Archieven zijn gescand
                        1035 Waarschuwingen
                        1181 Opmerkingen
                        920043 Objecten zijn gescand met de rootkitscan
                        0 Er zijn verborgen objecten gevonden

                        Comment


                        • #13
                          Heb middels cmd : tasklist /m user32.dll achterhaald dat gerelateerde bestanden virusvrij en digitaal ondertekend zijn door programma's die ik willens en wetens op mijn pc heb staan.

                          Deze bestanden zijn:

                          taskhost.exe
                          dwm.exe
                          explorer.exe
                          SynTPEnh.exe
                          igfxpers.exe
                          SSScheduler.exe
                          MOM.exe
                          CCC.exe
                          conhost.exe
                          cmd.exe
                          conhost.exe
                          tasklist.exe

                          Misschien is het mogelijk om user32.dll opnieuw te laten ondertekenen door Microsoft zodat avira kan zien dat ie ondertekend is zodat ie ook niet meer aangeeft het te zien als een virus.

                          Comment


                          • #14
                            Niet zelf gaan experimenteren aub, dat maakt het voor mij alleen maar moeilijker.
                            Dus alleen mijn advies uitvoeren.

                            We krijgen dat opgelost, maar even geduld.


                            Download SystemLook.exe en plaats het bestand op het Bureaublad.
                            Dubbelklik SystemLook.exe om het programma te starten.
                            In het venster dat opent kopieer je onderstaande code:

                            Code:
                            :filefind
                            user32*.*
                            Klik op de knop "Look" om de scan te activeren.

                            Als de scan klaar is opent een tekstbestand (SystemLook.txt).
                            Post de inhoud van dit bestand.
                            Last edited by Emphyrio; 25-09-14, 13:11.
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              Alright,

                              SystemLook 30.07.11 by jpshortstuff
                              Log created at 14:24 on 25/09/2014 by Flo W
                              Administrator - Elevation successful
                              WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

                              ========== filefind ==========

                              Searching for "user32*.*"
                              C:\Windows\System32\user32.dll --a---- 833024 bytes [03:24 21/11/2010] [21:52 09/01/2012] 861C4346F9281DC0380DE72C8D55D6BE
                              C:\Windows\System32\user32.dll.bak --a---- 833024 bytes [03:24 21/11/2010] [03:24 21/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
                              C:\Windows\System32\en-US\user32.dll.mui --a---- 17920 bytes [07:06 21/11/2010] [07:06 21/11/2010] 6B63EA7979F501C37FC55A26CA162ACD
                              C:\Windows\System32\manifeststore\user32.amx --a---- 367164 bytes [03:24 21/11/2010] [03:24 21/11/2010] DE03DD1A689B53FB2B4A5E480AC7AA4F
                              C:\Windows\SysWOW64\user32.dll --a---- 833024 bytes [03:24 21/11/2010] [21:52 09/01/2012] 861C4346F9281DC0380DE72C8D55D6BE
                              C:\Windows\SysWOW64\user32.dll.bak --a---- 833024 bytes [03:24 21/11/2010] [03:24 21/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
                              C:\Windows\SysWOW64\en-US\user32.dll.mui --a---- 17920 bytes [07:06 21/11/2010] [07:06 21/11/2010] 6B63EA7979F501C37FC55A26CA162ACD
                              C:\Windows\SysWOW64\manifeststore\user32.amx --a---- 367164 bytes [03:24 21/11/2010] [03:24 21/11/2010] DE03DD1A689B53FB2B4A5E480AC7AA4F
                              C:\Windows\winsxs\amd64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_fbf16a81c9f1ea8f\user32.amx --a---- 342524 bytes [03:24 21/11/2010] [03:24 21/11/2010] 2FFFCC20E95D9DF2A4046328F6BB7AEC
                              C:\Windows\winsxs\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9c23fd3941bcc44e\user32.dll.mui --a---- 17920 bytes [07:06 21/11/2010] [07:06 21/11/2010] EF9BC0D92F9AF6A446CA3179EFDA0CE0
                              C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --a---- 1008128 bytes [03:24 21/11/2010] [03:24 21/11/2010] FE70103391A64039A921DBFFF9C7AB1B
                              C:\Windows\winsxs\wow64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_064614d3fe52ac8a\user32.amx --a---- 367164 bytes [03:24 21/11/2010] [03:24 21/11/2010] DE03DD1A689B53FB2B4A5E480AC7AA4F
                              C:\Windows\winsxs\wow64_microsoft-windows-user32.resources_31bf3856ad364e35_6.1.7601.17514_en-us_a678a78b761d8649\user32.dll.mui --a---- 17920 bytes [07:06 21/11/2010] [07:06 21/11/2010] 6B63EA7979F501C37FC55A26CA162ACD
                              C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --a---- 833024 bytes [03:24 21/11/2010] [03:24 21/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3

                              -= EOF =-

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X