Mededeling

Collapse
No announcement yet.

Wederom dom geweest

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Wederom dom geweest

    Weer een hoop troep binnen gehaald.
    Zal het bericht in delen plaatsen

    Krijg de files niet geplaats??
    Zal ze als bijlage toevoegen?
    Last edited by Kram; 01-02-15, 14:49.

  • #2
    Files zoals gezegd via bijlage; sorry

    mam file.txtAdwCleaner[S8].txtDDS.txt

    Comment


    • #3
      en de laatste

      GMER 2.1.19357 - http://www.gmer.net
      Rootkit scan 2015-02-01 15:20:13
      Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
      Running: p8bd0d1p.exe; Driver: C:\Users\Harma\AppData\Local\Temp\ugloipoc.sys


      ---- Threads - GMER 2.1 ----

      Thread C:\Windows\system32\svchost.exe [624:4444] 000007feef37c2d4
      Thread C:\Windows\system32\svchost.exe [624:3376] 000007feef37c2d4
      Thread C:\Windows\system32\svchost.exe [624:1544] 000007feef37c2d4
      Thread C:\Windows\system32\svchost.exe [624:3660] 000007feef37c2d4
      Thread C:\Windows\system32\svchost.exe [624:3224] 000007fef69d5124
      Thread C:\Windows\system32\svchost.exe [1144:1432] 000007fefae08274
      Thread C:\Windows\system32\svchost.exe [1144:1920] 000007fefae08274
      Thread C:\Windows\system32\svchost.exe [1268:1304] 000007fefa9e341c
      Thread C:\Windows\system32\svchost.exe [1268:1312] 000007fefa9e3a2c
      Thread C:\Windows\system32\svchost.exe [1268:1316] 000007fefa9e3768
      Thread C:\Windows\system32\svchost.exe [1268:1320] 000007fefa9e5c20
      Thread C:\Windows\system32\svchost.exe [1268:1564] 000007fefa9e3900
      Thread C:\Windows\system32\svchost.exe [1268:2448] 000007fef46cbd70
      Thread C:\Windows\system32\svchost.exe [1268:2552] 000007fef43683d8
      Thread C:\Windows\system32\svchost.exe [1268:2560] 000007fef43683d8
      Thread C:\Windows\system32\svchost.exe [1268:2564] 000007fef43683d8
      Thread C:\Windows\system32\svchost.exe [1268:2568] 000007fef43683d8
      Thread C:\Windows\system32\svchost.exe [1268:2752] 000007fef31b3f1c
      Thread C:\Windows\system32\svchost.exe [1268:2756] 000007fef3181a38
      Thread C:\Windows\system32\svchost.exe [1268:2760] 000007fef3175388
      Thread C:\Windows\system32\svchost.exe [1268:2764] 000007fef3157738
      Thread C:\Windows\system32\svchost.exe [1268:2768] 000007fef3141f90
      Thread C:\Windows\system32\svchost.exe [1268:1344] 000007fef9060098
      Thread C:\Windows\system32\svchost.exe [1268:4936] 000007fef6035170
      Thread C:\Windows\system32\svchost.exe [1268:4624] 000007fef69d5124
      Thread C:\Windows\System32\spoolsv.exe [1712:2912] 000007fef1de10c8
      Thread C:\Windows\System32\spoolsv.exe [1712:2916] 000007fef1da6144
      Thread C:\Windows\System32\spoolsv.exe [1712:2920] 000007fef83c5fd0
      Thread C:\Windows\System32\spoolsv.exe [1712:2924] 000007fef1d83438
      Thread C:\Windows\System32\spoolsv.exe [1712:2928] 000007fef83c63ec
      Thread C:\Windows\System32\spoolsv.exe [1712:2932] 000007fef1d83438
      Thread C:\Windows\System32\spoolsv.exe [1712:2936] 000007fef83c63ec
      Thread C:\Windows\System32\spoolsv.exe [1712:2944] 000007fef48f5e5c
      Thread C:\Windows\System32\spoolsv.exe [1712:2948] 000007fef5295074
      Thread C:\Windows\System32\spoolsv.exe [1712:3288] 000007fef5302288
      Thread C:\Windows\System32\spoolsv.exe [1712:3548] 000007feff570168
      Thread C:\Windows\system32\svchost.exe [1204:1376] 000007fef83c5fd0
      Thread C:\Windows\system32\svchost.exe [1204:1372] 000007fef83c63ec
      Thread C:\Windows\system32\svchost.exe [1204:4580] 000007feef338470
      Thread C:\Windows\system32\svchost.exe [1204:4608] 000007feef342418
      Thread C:\Windows\system32\svchost.exe [1204:4504] 000007feeb55f130
      Thread C:\Windows\system32\svchost.exe [1204:4400] 000007feeb554734
      Thread C:\Windows\system32\svchost.exe [1204:5752] 000007feeb554734
      Thread C:\Windows\system32\taskhost.exe [1928:1656] 000007fef67a2740
      Thread C:\Windows\system32\taskhost.exe [1928:1924] 000007fefac71010
      Thread C:\Windows\system32\taskhost.exe [1928:2076] 000007fef65b1f38
      Thread C:\Windows\system32\taskhost.exe [1928:2100] 000007fefdc79274
      Thread C:\Windows\system32\taskhost.exe [1928:3784] 000007fef6035170
      Thread C:\Windows\system32\Dwm.exe [2052:2648] 000007fef661f0d8
      Thread C:\Windows\system32\Dwm.exe [2052:2652] 000007fef3d3abf0
      Thread C:\Program Files\Microsoft Security Client\msseces.exe [800:2280] 000007fefb6d2bf8
      Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4532:4372] 000007feff570168
      Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4532:4756] 000007fefb6d2bf8
      Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4532:4872] 000007feebcb4830
      Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4532:4720] 000007fef69d5124
      Thread C:\Windows\system32\DllHost.exe [4388:4940] 000007feeb0dae40

      ---- EOF - GMER 2.1 ----

      Comment


      • #4
        Hoi Jan,

        Ik zou er toch eens over nadenken om een betere actieve antivirustool te installeren. MSE is niet echt je "het van het".



        Logs NIET als bijlage posten aub.


        Download of Update Ccleaner

        Start CCleaner op.
        • Run Ccleaner en klik in de linkse kolom op Opties
        • Selecteer het tabblad Geavanceerd
        • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
        • Selecteer het tabblad Instellingen
        • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
        • Klik in de linkse kolom op Cleaner.
        • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
        • Klik vervolgens in de linkse kolom op Register
        • Klik op Scan naar problemen.
        • Op de vraag of je een backup wil maken van het register, klik je "Ja".
        • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

        .


        Download Combofix naar je bureaublad.
        (Dus niet naar een download map of temp map)

        Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
        Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

        Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

        Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
        Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

        Als Combofix vraagt om een update, dan staat je dit toe.

        Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
        Deze kan je vinden als C:\combofix.txt.

        Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

        * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
        • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
        • Illegal operation attempted on a registry key that has been marked for deletion.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Laptop sluit zich af na het schoonmaken.
          Ga verder met het register

          Comment


          • #6
            ComboFix 15-01-29.01 - Harma 01-02-2015 16:24:12.4.4 - x64
            Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4008.2429 [GMT 1:00]
            Gestart vanuit: c:\users\Harma\Desktop\ComboFix.exe
            AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
            SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
            SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
            .
            .
            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            C:\autoexec.tmp
            c:\users\Harma\AppData\Local\assembly\tmp
            c:\windows\msdownld.tmp
            .
            .
            (((((((((((((((((((( Bestanden Gemaakt van 2015-01-01 to 2015-02-01 ))))))))))))))))))))))))))))))
            .
            .
            2015-02-01 15:54 . 2015-02-01 15:54 -------- d-----w- c:\users\Public\AppData\Local\temp
            2015-02-01 15:54 . 2015-02-01 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp
            2015-02-01 08:54 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEAC4FBB-C380-435D-AA34-6C1C284AC550}\mpengine.dll
            2015-02-01 08:15 . 2015-02-01 08:31 -------- d-----w- c:\users\Harma\AppData\Local\21244
            2015-02-01 07:00 . 2015-02-01 07:00 -------- d-----w- c:\program files (x86)\QUALCOMM Incorporated
            2015-01-31 21:48 . 2015-01-31 21:48 -------- d-----w- c:\users\Harma\AppData\Local\DriverToolkit
            2015-01-31 21:48 . 2015-02-01 08:46 -------- d-----w- c:\program files (x86)\DriverToolkit
            2015-01-31 12:33 . 2015-01-31 12:33 -------- d-----w- c:\users\Harma\.jmc
            2015-01-31 12:33 . 2015-01-31 12:33 -------- d-----w- c:\users\Harma\.eclipse
            2015-01-31 08:22 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
            2015-01-30 10:21 . 2015-01-29 20:58 -------- d---a-w- c:\users\Harma\.android
            2015-01-29 21:15 . 2015-01-29 21:15 -------- d-----w- c:\program files (x86)\ClockworkMod
            2015-01-29 19:34 . 2015-01-29 19:34 -------- d---a-w- C:\adb
            2015-01-23 18:48 . 2015-01-23 18:48 -------- d-----w- c:\programdata\Wondershare
            2015-01-23 17:56 . 2015-01-23 17:56 -------- d-----w- c:\users\Harma\AppData\Local\Wondershare
            2015-01-23 17:56 . 2015-01-23 17:56 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
            2015-01-23 17:55 . 2015-01-23 17:55 -------- d-----w- c:\users\Harma\AppData\Roaming\Wondershare
            2015-01-23 17:55 . 2015-01-23 17:56 -------- d--h--w- c:\program files (x86)\DrFoneAndroid_Temp
            2015-01-23 17:55 . 2015-01-23 17:55 -------- d-----w- c:\program files (x86)\Wondershare
            2015-01-22 15:00 . 2014-09-17 10:41 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B6158F8-7285-42FB-9EA8-A22ACCECA3CE}\gapaengine.dll
            2015-01-19 21:25 . 2015-01-19 21:27 -------- d-----w- c:\users\Harma\AppData\Roaming\mgyun
            2015-01-19 21:25 . 2015-01-19 21:27 -------- d-----w- c:\program files (x86)\VROOT
            2015-01-19 20:00 . 2015-01-27 17:10 74864 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
            2015-01-19 20:00 . 2015-01-27 17:10 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
            2015-01-19 20:00 . 2015-01-19 20:00 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
            2015-01-19 20:00 . 2015-01-27 17:10 73840 ----a-w- c:\program files (x86)\Mozilla Firefox\wow_helper.exe
            2015-01-18 09:32 . 2015-01-18 09:32 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
            2015-01-17 09:02 . 2015-01-17 09:02 -------- d-----w- c:\program files (x86)\Microsoft Power Query for Excel
            2015-01-16 06:50 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
            2015-01-16 06:50 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
            2015-01-16 06:50 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
            2015-01-16 06:50 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
            2015-01-16 06:50 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
            2015-01-16 06:50 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
            2015-01-16 06:50 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
            2015-01-14 06:40 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
            2015-01-14 06:40 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
            2015-01-14 06:40 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
            2015-01-14 06:40 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
            2015-01-14 06:40 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
            2015-01-14 06:40 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
            2015-01-07 21:03 . 2015-01-07 21:03 -------- d-----w- c:\program files\iPod
            2015-01-07 21:03 . 2015-01-07 21:04 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
            2015-01-07 21:03 . 2015-01-07 21:04 -------- d-----w- c:\program files\iTunes
            2015-01-07 21:03 . 2015-01-07 21:04 -------- d-----w- c:\program files (x86)\iTunes
            2015-01-04 18:15 . 2015-01-04 18:17 -------- d-----w- c:\program files (x86)\AviSynth 2.5
            .
            .
            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2015-02-01 15:04 . 2014-06-14 06:51 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
            2015-02-01 15:03 . 2011-07-16 11:25 45056 ----a-w- c:\windows\system32\acovcnt.exe
            2015-01-31 18:19 . 2014-07-26 13:44 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
            2015-01-31 12:27 . 2014-08-25 18:36 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
            2015-01-30 07:30 . 2012-03-29 18:40 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
            2015-01-30 07:30 . 2011-07-17 20:57 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
            2015-01-14 21:58 . 2011-07-17 11:05 113365784 ----a-w- c:\windows\system32\MRT.exe
            2014-12-31 11:14 . 2011-07-16 11:38 298120 ------w- c:\windows\system32\MpSigStub.exe
            2014-12-31 07:58 . 2014-12-31 07:58 129752 ----a-w- c:\windows\system32\drivers\238901F6.sys
            2014-12-20 12:44 . 2014-08-24 18:20 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
            2014-12-13 05:09 . 2014-12-18 07:07 144384 ----a-w- c:\windows\system32\ieUnatt.exe
            2014-12-13 03:33 . 2014-12-18 07:07 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
            2014-12-04 16:52 . 2014-12-04 16:52 548424 ----a-w- c:\windows\system32\hmpalert.dll
            2014-12-04 16:52 . 2014-12-04 16:52 93144 ----a-w- c:\windows\system32\drivers\hmpalert.sys
            2014-12-04 16:52 . 2014-12-04 16:52 477008 ----a-w- c:\windows\SysWow64\hmpalert.dll
            2014-12-04 02:50 . 2014-12-10 06:34 413184 ----a-w- c:\windows\system32\generaltel.dll
            2014-12-04 02:50 . 2014-12-10 06:34 741376 ----a-w- c:\windows\system32\invagent.dll
            2014-12-04 02:50 . 2014-12-10 06:34 396800 ----a-w- c:\windows\system32\devinv.dll
            2014-12-04 02:50 . 2014-12-10 06:34 830976 ----a-w- c:\windows\system32\appraiser.dll
            2014-12-04 02:50 . 2014-12-10 06:34 192000 ----a-w- c:\windows\system32\aepic.dll
            2014-12-04 02:50 . 2014-12-10 06:34 227328 ----a-w- c:\windows\system32\aepdu.dll
            2014-12-04 02:44 . 2014-12-10 06:34 1083392 ----a-w- c:\windows\system32\aeinv.dll
            2014-12-01 23:28 . 2014-12-10 06:34 1232040 ----a-w- c:\windows\system32\aitstatic.exe
            2014-11-27 01:43 . 2014-12-10 06:33 389296 ----a-w- c:\windows\system32\iedkcs32.dll
            2014-11-22 03:13 . 2014-12-10 06:33 25059840 ----a-w- c:\windows\system32\mshtml.dll
            2014-11-22 03:06 . 2014-12-10 06:33 2724864 ----a-w- c:\windows\system32\mshtml.tlb
            2014-11-22 03:06 . 2014-12-10 06:33 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
            2014-11-22 02:50 . 2014-12-10 06:33 66560 ----a-w- c:\windows\system32\iesetup.dll
            2014-11-22 02:50 . 2014-12-10 06:33 580096 ----a-w- c:\windows\system32\vbscript.dll
            2014-11-22 02:49 . 2014-12-10 06:33 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
            2014-11-22 02:49 . 2014-12-10 06:33 2885120 ----a-w- c:\windows\system32\iertutil.dll
            2014-11-22 02:48 . 2014-12-10 06:33 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
            2014-11-22 02:41 . 2014-12-10 06:33 54784 ----a-w- c:\windows\system32\jsproxy.dll
            2014-11-22 02:40 . 2014-12-10 06:33 34304 ----a-w- c:\windows\system32\iernonce.dll
            2014-11-22 02:37 . 2014-12-10 06:33 633856 ----a-w- c:\windows\system32\ieui.dll
            2014-11-22 02:35 . 2014-12-10 06:33 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
            2014-11-22 02:34 . 2014-12-10 06:33 814080 ----a-w- c:\windows\system32\jscript9diag.dll
            2014-11-22 02:34 . 2014-12-10 06:33 6039552 ----a-w- c:\windows\system32\jscript9.dll
            2014-11-22 02:26 . 2014-12-10 06:33 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
            2014-11-22 02:22 . 2014-12-10 06:33 490496 ----a-w- c:\windows\system32\dxtmsft.dll
            2014-11-22 02:20 . 2014-12-10 06:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
            2014-11-22 02:14 . 2014-12-10 06:33 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
            2014-11-22 02:09 . 2014-12-10 06:33 199680 ----a-w- c:\windows\system32\msrating.dll
            2014-11-22 02:08 . 2014-12-10 06:33 92160 ----a-w- c:\windows\system32\mshtmled.dll
            2014-11-22 02:07 . 2014-12-10 06:33 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
            2014-11-22 02:07 . 2014-12-10 06:33 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
            2014-11-22 02:06 . 2014-12-10 06:33 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
            2014-11-22 02:05 . 2014-12-10 06:33 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
            2014-11-22 02:05 . 2014-12-10 06:33 316928 ----a-w- c:\windows\system32\dxtrans.dll
            2014-11-22 01:54 . 2014-12-10 06:33 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
            2014-11-22 01:49 . 2014-12-10 06:33 718848 ----a-w- c:\windows\system32\ie4uinit.exe
            2014-11-22 01:49 . 2014-12-10 06:33 800768 ----a-w- c:\windows\system32\msfeeds.dll
            2014-11-22 01:47 . 2014-12-10 06:33 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
            2014-11-22 01:46 . 2014-12-10 06:33 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
            2014-11-22 01:43 . 2014-12-10 06:33 14412800 ----a-w- c:\windows\system32\ieframe.dll
            2014-11-22 01:40 . 2014-12-10 06:33 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
            2014-11-22 01:29 . 2014-12-10 06:33 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
            2014-11-22 01:28 . 2014-12-10 06:33 2358272 ----a-w- c:\windows\system32\wininet.dll
            2014-11-22 01:22 . 2014-12-10 06:33 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
            2014-11-22 01:21 . 2014-12-10 06:33 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
            2014-11-22 01:15 . 2014-12-10 06:33 1548288 ----a-w- c:\windows\system32\urlmon.dll
            2014-11-22 01:03 . 2014-12-10 06:33 800768 ----a-w- c:\windows\system32\ieapfltr.dll
            2014-11-22 01:00 . 2014-12-10 06:33 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
            2014-11-21 05:14 . 2014-06-14 06:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
            2014-11-21 05:14 . 2014-06-14 06:50 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
            2014-11-21 05:14 . 2013-07-14 12:58 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
            2014-11-19 03:31 . 2014-11-19 03:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
            2014-11-11 03:09 . 2014-12-10 06:34 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
            2014-11-11 03:08 . 2014-11-19 06:48 241152 ----a-w- c:\windows\system32\pku2u.dll
            2014-11-11 03:08 . 2014-11-19 06:48 728064 ----a-w- c:\windows\system32\kerberos.dll
            2014-11-11 02:44 . 2014-12-10 06:34 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
            2014-11-11 02:44 . 2014-11-19 06:48 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
            2014-11-11 02:44 . 2014-11-19 06:48 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
            2014-11-11 01:46 . 2014-12-10 06:34 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
            2014-11-08 03:16 . 2014-12-10 06:33 2048 ----a-w- c:\windows\system32\tzres.dll
            2014-11-08 02:45 . 2014-12-10 06:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll
            2005-07-14 10:31 32256 --sh--w- c:\windows\SysWOW64\AVSredirect.dll
            2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\i420vfw.dll
            2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\yv12vfw.dll
            .
            .
            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
            REGEDIT4
            .
            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
            "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
            "FBackup 5 Tray Agent"="c:\program files (x86)\Softland\FBackup 5\bTray.exe" [2014-11-21 7847480]
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
            "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
            "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2014-12-15 2728472]
            "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
            .
            c:\users\Harma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
            CCleaner.lnk - c:\program files\CCleaner\CCleaner64.exe [2015-1-20 7404312]
            HitmanPro.lnk - c:\program files\HitmanPro\HitmanPro.exe [2014-1-1 11225840]
            Malwarebytes Anti-Malware.lnk - c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-6-14 7229752]
            wandoujia_helper.lnk - c:\users\Harma\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe [2015-1-28 258944]
            .
            c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
            Microsoft Security Essentials.lnk - c:\program files\Microsoft Security Client\msseces.exe [2014-8-22 1331288]
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
            "ConsentPromptBehaviorAdmin"= 5 (0x5)
            "ConsentPromptBehaviorUser"= 3 (0x3)
            "EnableUIADesktopToggle"= 0 (0x0)
            .
            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
            "LoadAppInit_DLLs"=1 (0x1)
            "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
            .
            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
            "mixer2"=wdmaud.drv
            .
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FBackup5Srv]
            @="Service"
            .
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
            @=""
            .
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
            @=""
            .
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
            @=""
            .
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
            @=""
            .
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
            @="Service"
            .
            R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
            R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
            R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
            R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
            R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
            R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
            R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
            R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
            R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
            R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
            R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
            R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
            R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
            R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
            R3 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
            R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
            R3 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
            R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
            R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
            R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
            R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
            R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
            R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
            R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
            R4 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
            R4 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
            R4 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
            R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
            R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
            R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
            R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
            S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
            S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
            S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
            S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
            S2 FBackup5Srv;FBackup 5 Service;c:\program files (x86)\Softland\FBackup 5\bService.exe;c:\program files (x86)\Softland\FBackup 5\bService.exe [x]
            S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
            S2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x]
            S2 hmpalertsvc;HitmanPro.Alert Service;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe [x]
            S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
            S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
            S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
            S2 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
            S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
            S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
            S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
            S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drive rs\MBAMSwissArmy.sys [x]
            S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\ drivers\mwac.sys [x]
            S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
            S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
            .
            .
            --- Andere Services/Drivers In Geheugen ---
            .
            *NewlyCreated* - MBAMSWISSARMY
            .
            [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
            2015-01-27 06:42 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe
            .
            Inhoud van de 'Gedeelde Taken' map
            .
            2015-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
            - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 07:30]
            .
            2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
            - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-24 13:36]
            .
            2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
            - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-24 13:36]
            .
            .
            --------- X64 Entries -----------
            .
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_B]
            @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
            [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
            2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_O]
            @="{64174815-8D98-4CE6-8646-4C039977D808}"
            [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
            2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
            "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
            "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
            "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
            "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
            "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
            .
            ------- Bijkomende Scan -------
            .
            uLocal Page = c:\windows\system32\blank.htm
            uStart Page = www.google.com
            mDefault_Search_URL = www.google.com
            mDefault_Page_URL = www.google.com
            mStart Page = www.google.com
            mLocal Page = c:\windows\SysWOW64\blank.htm
            mSearch Page = www.google.com
            IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
            IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
            Trusted Zone: gasunie.nl\remote
            TCP: DhcpNameServer = 192.168.1.1
            FF - ProfilePath - c:\users\Harma\AppData\Roaming\Mozilla\Firefox\Profiles\tny943ou.default-1352550422159\
            FF - prefs.js: browser.startup.homepage - about:home
            FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
            .
            - - - - ORPHANS VERWIJDERD - - - -
            .
            Toolbar-Locked - (no file)
            Wow6432Node-HKCU-Run-FBackup Scheduler - (no file)
            AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
            AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
            AddRemove-uTorrent - c:\users\Harma\AppData\Roaming\uTorrent\uTorrent.exe
            .
            .
            .
            --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
            .
            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
            @Denied: (A 2) (Everyone)
            @="FlashBroker"
            "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
            "Enabled"=dword:00000001
            .
            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
            @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
            @Denied: (A 2) (Everyone)
            @="IFlashBroker5"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
            @="{00020424-0000-0000-C000-000000000046}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            "Version"="1.0"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
            @Denied: (A 2) (Everyone)
            @="FlashBroker"
            "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
            "Enabled"=dword:00000001
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
            @Denied: (A 2) (Everyone)
            @="Shockwave Flash Object"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
            "ThreadingModel"="Apartment"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
            @="0"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
            @="ShockwaveFlash.ShockwaveFlash.14"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
            @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
            @="1.0"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
            @="ShockwaveFlash.ShockwaveFlash"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
            @Denied: (A 2) (Everyone)
            @="Macromedia Flash Factory Object"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
            "ThreadingModel"="Apartment"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
            @="FlashFactory.FlashFactory.1"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
            @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
            @="1.0"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
            @="FlashFactory.FlashFactory"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
            @Denied: (A 2) (Everyone)
            @="IFlashBroker5"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
            @="{00020424-0000-0000-C000-000000000046}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            "Version"="1.0"
            .
            [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
            @Denied: (A) (Everyone)
            "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
            .
            [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
            @Denied: (A) (Everyone)
            .
            [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
            "Key"="ActionsPane3"
            "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
            .
            [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
            @Denied: (Full) (Everyone)
            .
            Voltooingstijd: 2015-02-01 17:01:18
            ComboFix-quarantined-files.txt 2015-02-01 16:01
            .
            Pre-Run: 286.362.304.512 bytes beschikbaar
            Post-Run: 286.221.291.520 bytes beschikbaar
            .
            - - End Of File - - A9C4C84474AAD802961B34299C1E26F3

            Comment


            • #7
              DDS 2

              DDS (Ver_2012-11-20.01) - NTFS_AMD64
              Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2
              Run by Harma at 17:02:26 on 2015-02-01
              Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4008.2099 [GMT 1:00]
              .
              AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
              SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
              SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              .
              ============== Running Processes ===============
              .
              C:\Windows\system32\lsm.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch
              C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
              C:\Windows\system32\svchost.exe -k RPCSS
              c:\Program Files\Microsoft Security Client\MsMpEng.exe
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
              C:\Windows\system32\svchost.exe -k LocalService
              C:\Windows\system32\svchost.exe -k netsvcs
              C:\Windows\system32\svchost.exe -k GPSvcGroup
              C:\Program Files\HitmanPro\hmpsched.exe
              C:\Windows\system32\svchost.exe -k NetworkService
              C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
              C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
              C:\Windows\System32\spoolsv.exe
              C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
              C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
              C:\Program Files (x86)\Softland\FBackup 5\bService.exe
              C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
              C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
              C:\Windows\system32\taskhost.exe
              C:\Windows\system32\Dwm.exe
              C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
              C:\Windows\system32\taskeng.exe
              C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
              C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
              C:\Windows\system32\svchost.exe -k imgsvc
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
              C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
              C:\Windows\system32\taskeng.exe
              C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
              C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
              C:\Program Files\P4G\BatteryLife.exe
              C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
              C:\Windows\SysWOW64\ACEngSvr.exe
              C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
              C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
              C:\Windows\System32\hkcmd.exe
              C:\Program Files\Windows Media Player\wmpnetwk.exe
              C:\Program Files\CCleaner\CCleaner64.exe
              C:\Program Files (x86)\Softland\FBackup 5\bTray.exe
              C:\Windows\system32\SearchIndexer.exe
              C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
              C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
              C:\Program Files (x86)\iTunes\iTunesHelper.exe
              C:\Windows\System32\svchost.exe -k LocalServicePeerNet
              C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
              C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
              C:\Windows\system32\SearchProtocolHost.exe
              C:\Windows\system32\SearchFilterHost.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Windows\explorer.exe
              C:\Windows\system32\taskhost.exe
              C:\Windows\System32\cscript.exe
              .
              ============== Pseudo HJT Report ===============
              .
              uStart Page = www.google.com
              mStart Page = www.google.com
              mSearch Page = www.google.com
              mDefault_Page_URL = www.google.com
              mDefault_Search_URL = www.google.com
              BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
              BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
              BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
              uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
              uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
              uRun: [FBackup 5 Tray Agent] "C:\Program Files (x86)\Softland\FBackup 5\bTray.exe"
              mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
              mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
              mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
              StartupFolder: C:\Users\Harma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
              StartupFolder: C:\Users\Harma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HITMAN~1.LNK - C:\Program Files\HitmanPro\HitmanPro.exe
              StartupFolder: C:\Users\Harma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MALWAR~1.LNK - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
              StartupFolder: C:\Users\Harma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WANDOU~1.LNK - C:\Users\Harma\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe
              StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files\Microsoft Security Client\msseces.exe
              uPolicies-Explorer: NoDrives = dword:0
              mPolicies-Explorer: NoDrives = dword:0
              mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
              mPolicies-System: ConsentPromptBehaviorUser = dword:3
              mPolicies-System: EnableUIADesktopToggle = dword:0
              IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
              IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
              IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
              IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
              IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
              IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
              IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
              .
              INFO: HKCU has more than 50 listed domains.
              If you wish to scan all of them, select the 'Force scan all domains' option.
              .
              DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
              DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
              DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
              DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
              DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
              TCP: NameServer = 192.168.1.1
              TCP: Interfaces\{2BB078BE-FCD8-4AF7-A8F2-717EC32FC9BC} : DHCPNameServer = 192.168.0.1
              TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C} : DHCPNameServer = 192.168.1.1
              TCP: Interfaces\{45183CB3-1605-4919-BC62-F665B4EBBC1C}\D656475627E65647775627B6 : DHCPNameServer = 212.54.44.54 192.168.1.1
              Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
              Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
              Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
              Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
              AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
              SSODL: WebCheck - <orphaned>
              SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
              mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
              x64-mStart Page = www.google.com
              x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
              x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
              x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
              x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
              x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
              x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
              x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
              x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
              x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
              x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
              x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
              x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
              x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
              x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
              x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
              x64-Notify: igfxcui - igfxdev.dll
              x64-SSODL: WebCheck - <orphaned>
              x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
              .
              ================= FIREFOX ===================
              .
              FF - ProfilePath - C:\Users\Harma\AppData\Roaming\Mozilla\Firefox\Profiles\tny943ou.default-1352550422159\
              FF - prefs.js: browser.startup.homepage - about:home
              FF - prefs.js: keyword.URL - hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
              FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
              FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
              FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
              FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
              FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
              FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
              FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
              FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
              FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
              FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
              FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
              .
              ============= SERVICES / DRIVERS ===============
              .
              P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-8-11 9216]
              R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
              R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-4-26 33736]
              R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
              R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-3-19 89536]
              R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
              R2 FBackup5Srv;FBackup 5 Service;C:\Program Files (x86)\Softland\FBackup 5\bService.exe [2014-11-21 4640312]
              R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-1-1 127752]
              R2 hmpalert;HitmanPro.Alert Support Driver;C:\Windows\System32\drivers\hmpalert.sys [2014-12-4 93144]
              R2 hmpalertsvc;HitmanPro.Alert Service;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-12-4 1876816]
              R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-14 1871160]
              R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-14 969016]
              R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2014-12-15 487960]
              R2 SOHDms;Sony Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-1-16 495248]
              R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
              R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-14 317440]
              R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-14 25816]
              R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-14 129752]
              R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-22 40392]
              R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
              S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
              S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
              S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-8-17 38424]
              S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-16 103448]
              S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-9 48488]
              S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
              S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-8-17 38424]
              S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
              S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2015-1-19 18456]
              S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-14 63704]
              S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 125584]
              S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
              S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-22 20256]
              S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
              S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-4 19456]
              S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-4-9 290920]
              S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-9 333928]
              S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
              S3 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
              S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
              S3 SOHDs;Sony Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2013-12-3 79000]
              S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-16 203672]
              S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-21 56832]
              S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
              S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-17 1255736]
              S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
              S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
              S4 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-4-9 379520]
              S4 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
              S4 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
              S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-6 1631008]
              S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-14 21055432]
              S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
              S4 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
              S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
              .
              =============== File Associations ===============
              .
              FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
              .
              =============== Created Last 30 ================
              .
              2015-02-01 16:01:31 -------- d-sh--w- C:\$RECYCLE.BIN
              2015-02-01 15:21:09 98816 ----a-w- C:\Windows\sed.exe
              2015-02-01 15:21:09 256000 ----a-w- C:\Windows\PEV.exe
              2015-02-01 15:21:09 208896 ----a-w- C:\Windows\MBR.exe
              2015-02-01 08:54:15 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FEAC4FBB-C380-435D-AA34-6C1C284AC550}\mpengine.dll
              2015-02-01 08:15:05 -------- d-----w- C:\Users\Harma\AppData\Local\21244
              2015-02-01 07:00:42 -------- d-----w- C:\Program Files (x86)\QUALCOMM Incorporated
              2015-01-31 21:48:14 -------- d-----w- C:\Users\Harma\AppData\Local\DriverToolkit
              2015-01-31 21:48:09 -------- d-----w- C:\Program Files (x86)\DriverToolkit
              2015-01-31 12:33:23 -------- d-----w- C:\Users\Harma\.jmc
              2015-01-31 12:33:15 -------- d-----w- C:\Users\Harma\.eclipse
              2015-01-31 08:22:46 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
              2015-01-30 10:21:50 -------- d---a-w- C:\Users\Harma\.android
              2015-01-29 21:15:12 -------- d-----w- C:\Program Files (x86)\ClockworkMod
              2015-01-29 19:34:10 -------- d---a-w- C:\adb
              2015-01-23 18:48:34 -------- d-----w- C:\ProgramData\Wondershare
              2015-01-23 17:56:21 -------- d-----w- C:\Users\Harma\AppData\Local\Wondershare
              2015-01-23 17:56:17 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
              2015-01-23 17:55:34 -------- d-----w- C:\Users\Harma\AppData\Roaming\Wondershare
              2015-01-23 17:55:29 -------- d--h--w- C:\Program Files (x86)\DrFoneAndroid_Temp
              2015-01-23 17:55:29 -------- d-----w- C:\Program Files (x86)\Wondershare
              2015-01-22 15:00:45 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B6158F8-7285-42FB-9EA8-A22ACCECA3CE}\gapaengine.dll
              2015-01-19 21:25:51 -------- d-----w- C:\Users\Harma\AppData\Roaming\mgyun
              2015-01-19 21:25:47 -------- d-----w- C:\Program Files (x86)\VROOT
              2015-01-19 20:00:59 74864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
              2015-01-19 20:00:59 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
              2015-01-19 20:00:59 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
              2015-01-19 20:00:47 73840 ----a-w- C:\Program Files (x86)\Mozilla Firefox\wow_helper.exe
              2015-01-18 09:32:29 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
              2015-01-17 09:02:32 -------- d-----w- C:\Program Files (x86)\Microsoft Power Query for Excel
              2015-01-16 06:50:31 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
              2015-01-16 06:50:30 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
              2015-01-16 06:50:29 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
              2015-01-16 06:50:27 503808 ----a-w- C:\Windows\System32\srcore.dll
              2015-01-16 06:50:27 296960 ----a-w- C:\Windows\System32\rstrui.exe
              2015-01-16 06:50:26 50176 ----a-w- C:\Windows\System32\srclient.dll
              2015-01-16 06:50:26 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
              2015-01-14 06:40:47 210432 ----a-w- C:\Windows\System32\profsvc.dll
              2015-01-14 06:40:45 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
              2015-01-14 06:40:45 303616 ----a-w- C:\Windows\System32\nlasvc.dll
              2015-01-14 06:40:45 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
              2015-01-14 06:40:44 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
              2015-01-14 06:40:41 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
              2015-01-07 21:03:16 -------- d-----w- C:\Program Files\iPod
              2015-01-07 21:03:15 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
              2015-01-07 21:03:15 -------- d-----w- C:\Program Files\iTunes
              2015-01-07 21:03:15 -------- d-----w- C:\Program Files (x86)\iTunes
              2015-01-04 18:15:03 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
              .
              ==================== Find3M ====================
              .
              2015-02-01 16:02:01 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
              2015-02-01 15:03:48 45056 ----a-w- C:\Windows\System32\acovcnt.exe
              2015-01-31 12:27:39 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
              2015-01-30 07:30:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
              2015-01-30 07:30:11 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
              2014-12-31 11:14:31 298120 ------w- C:\Windows\System32\MpSigStub.exe
              2014-12-31 07:58:26 129752 ----a-w- C:\Windows\System32\drivers\238901F6.sys
              2014-12-20 12:44:00 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
              2014-12-13 05:09:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
              2014-12-13 03:33:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
              2014-12-04 16:52:03 548424 ----a-w- C:\Windows\System32\hmpalert.dll
              2014-12-04 16:52:02 93144 ----a-w- C:\Windows\System32\drivers\hmpalert.sys
              2014-12-04 16:52:02 477008 ----a-w- C:\Windows\SysWow64\hmpalert.dll
              2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
              2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
              2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
              2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
              2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
              2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
              2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
              2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
              2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
              2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
              2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
              2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
              2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
              2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
              2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
              2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
              2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
              2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
              2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
              2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
              2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
              2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
              2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
              2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
              2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
              2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
              2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
              2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
              2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
              2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
              2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
              2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
              2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
              2014-11-21 05:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
              2014-11-21 05:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
              2014-11-21 05:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
              2014-11-19 03:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
              2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
              2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
              2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
              2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
              2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
              2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
              2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
              2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
              2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
              2005-07-14 10:31:20 32256 --sh--w- C:\Windows\SysWOW64\AVSredirect.dll
              2004-01-24 22:00:00 70656 --sh--w- C:\Windows\SysWOW64\i420vfw.dll
              2004-01-24 22:00:00 70656 --sh--w- C:\Windows\SysWOW64\yv12vfw.dll
              .
              ============= FINISH: 17:03:01,78 ===============

              Comment


              • #8
                Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                ComboFix /Uninstall

                Zorg ervoor dat er dus een spatie is tussen Combofix en /
                Daarna klik je op Enter.


                Klik op de afbeelding om te vergroten....


                Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw,
                verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen
                en reset je Systeemherstel opnieuw.



                Start CCleaner op.
                • Run Ccleaner en klik in de linkse kolom op Opties
                • Selecteer het tabblad Geavanceerd
                • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                • Selecteer het tabblad Instellingen
                • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                • Klik in de linkse kolom op Cleaner.
                • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                • Klik vervolgens in de linkse kolom op Register
                • Klik op Scan naar problemen.
                • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                .



                Vertel nu eens even of er nog problemen zijn?

                Emphyrio
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  laatste stap wellicht

                  Click image for larger version

Name:	cc cleaner register meldingen.PNG
Views:	1
Size:	38,5 KB
ID:	1068123

                  Uitgevoerd. Combifix melde nog dat er een oudere versie draait. Niks mee gedaan.
                  Melding terug dat het verwijderd was.

                  Nog wel in cccleaner een melding over combifixx. Blijkbaar niet lekker verwijderd.
                  Plaatje toegevoegd.


                  Nog even terugkomend op je eerste reactie.
                  MSE wellicht inruilen voor AVG of ....

                  Comment


                  • #10
                    1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                    2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                    Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                    3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                    4) Allerlei tips en hints kan je hier raadplegen.


                    Ik zet het topic op opgelost.

                    Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
                    naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                    Dit is gedaan om het forum netjes en overzichtelijk te houden.

                    Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                    Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                    Emphyrio
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment

                    Sorry, you are not authorized to view this page
                    Working...
                    X