Mededeling

Collapse
No announcement yet.

Root kit infectie

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Root kit infectie

    Mijn computer vertraagd bij het opstarten zodra hij bij het netwerkgedeelte is beland .

    Daarna krijg ik sinds kort deze melding.

    Click image for larger version

Name:	Malware bytes.jpg
Views:	1
Size:	51,7 KB
ID:	1074052



    Malwarebytes .

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 7-2-2015
    Scantijd: 12:28:59
    Logbestand: Malwarebytes.txt
    Beheerder: Ja

    Versie: 2.00.4.1028
    Malwaredatabase: v2015.02.07.04
    Rootkitdatabase: v2015.02.03.01
    Licentie: Premium
    Malwarebescherming: Ingeschakeld
    Kwaadaardige Website Bescherming: Ingeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: Sef

    Scantype: Aangepaste Scan
    Resultaat: Voltooid
    Objecten Gescand: 754704
    Verstreken Tijd: 57 m, 17 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaardes: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 0
    (Geen kwaadaardige items gedetecteerd)

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)


    ADWcleaner:

    # AdwCleaner v4.110 - Logfile created 07/02/2015 at 13:33:09
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-05.2 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)
    # Username : Sef - SEF-PC
    # Running from : C:\Users\Sef\Desktop\Virus\adwcleaner_4.110.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Deleted : C:\Users\Sef\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v


    -\\ Google Chrome v40.0.2214.111


    *************************

    AdwCleaner[R19].txt - [1479 bytes] - [18/11/2014 17:27:07]
    AdwCleaner[R20].txt - [1218 bytes] - [16/12/2014 06:10:02]
    AdwCleaner[R21].txt - [1653 bytes] - [20/12/2014 07:58:56]
    AdwCleaner[R22].txt - [1346 bytes] - [20/12/2014 08:02:13]
    AdwCleaner[R23].txt - [1641 bytes] - [22/12/2014 16:05:51]
    AdwCleaner[R24].txt - [1288 bytes] - [23/12/2014 06:27:13]
    AdwCleaner[R25].txt - [1350 bytes] - [23/12/2014 06:35:03]
    AdwCleaner[R26].txt - [1560 bytes] - [25/12/2014 08:33:46]
    AdwCleaner[R27].txt - [1506 bytes] - [26/12/2014 09:38:10]
    AdwCleaner[R28].txt - [2135 bytes] - [31/12/2014 16:52:31]
    AdwCleaner[R29].txt - [1921 bytes] - [07/02/2015 13:30:35]
    AdwCleaner[S11].txt - [1240 bytes] - [16/12/2014 06:11:32]
    AdwCleaner[S12].txt - [1728 bytes] - [20/12/2014 08:00:02]
    AdwCleaner[S13].txt - [1415 bytes] - [20/12/2014 08:03:31]
    AdwCleaner[S14].txt - [2212 bytes] - [31/12/2014 16:53:53]
    AdwCleaner[S15].txt - [1853 bytes] - [07/02/2015 13:33:09]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S15].txt - [1913 bytes] ##########


    DDS:


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.31.2
    Run by Sef at 13:35:36 on 2015-02-07
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.12279.9343 [GMT 1:00]
    .
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Skype\Updater\Updater.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Users\Sef\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
    C:\Users\Sef\AppData\Local\FluxSoftware\Flux\flux.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\PrintIsolationHost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.google.com
    mStart Page = about:blank
    mSearch Page = about:blank
    mDefault_Page_URL = about:blank
    mDefault_Search_URL = about:blank
    mWinlogon: Userinit = userinit.exe,
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
    BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
    uRun: [AdobeBridge] <no file>
    uRunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --extensions-on-chrome-urls --test-type --load-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\app" --load-component-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\man" --flag-switches-begin --flag-switches-end --restore-last-session
    uRunOnce: [Adobe Speed Launcher] 1423312494
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
    mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Converteren naar Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Doel van koppeling converteren naar Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Doel van koppeling toevoegen aan bestaande PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Toevoegen aan bestaande PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file:///K:/setup/RiffLick.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
    TCP: NameServer = 212.54.40.25 212.54.44.54
    TCP: Interfaces\{14B6F80A-D20A-4F5C-8C75-B54C3A1BC476} : DHCPNameServer = 212.54.40.25 212.54.44.54
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {B79EE1C0-7410-BE42-1218-A66C37905A04} - C:\ProgramData\wscntfy.exe -r
    x64-mStart Page = about:blank
    x64-mSearch Page = about:blank
    x64-mDefault_Page_URL = about:blank
    x64-mDefault_Search_URL = about:blank
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
    x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2009-8-26 24840]
    R0 MxEFUF;Matrox Extio Upper Function Filter;C:\Windows\System32\drivers\MxEFUF64.sys [2014-1-4 157696]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-12 56208]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-11-9 28600]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-3-19 89536]
    R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2015-2-5 63064]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-11-9 431920]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-11-9 431920]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-11-9 119272]
    R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-12-31 178424]
    R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-1-27 1148744]
    R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2015-2-5 555320]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-18 1871160]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-18 969016]
    R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-4-7 5352960]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-4 1706312]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-31 21833544]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
    R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-1-27 410768]
    R3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2009-8-26 34440]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\System32\drivers\IvtBtBus.sys [2009-8-26 30344]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
    R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
    R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;C:\Windows\System32\drivers\LGSUsbFilt.sys [2013-5-30 41752]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-5-19 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-18 129752]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-18 63704]
    R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-30 19784]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-1-27 38032]
    R3 pikbd;Pluralinput Keyboard 0.8.6;C:\Windows\System32\drivers\pikbd.sys [2014-1-7 22880]
    R3 RDID1117;QUAD-CAPTURE;C:\Windows\System32\drivers\RDWM1117.sys [2014-7-10 304512]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2014-3-4 271064]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-30 888536]
    R3 ZCLDRV;ZCL Service;C:\Windows\System32\drivers\ZCLDrv64.sys [2014-1-6 71680]
    S0 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\drivers\amdkmafd.sys [2014-1-11 21600]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 BthAvrcp;Bluetooth AVRCP-profiel;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
    S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 RDID1079;UA-25EX;C:\Windows\System32\drivers\Rdwm1079.sys [2013-3-10 199296]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-17 19456]
    S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\drivers\Rt630x64.sys [2014-2-27 839896]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-17 56832]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-19 1255736]
    S3 ysusb64;Yamaha Steinberg USB Audio;C:\Windows\System32\drivers\ysusb64.sys [2012-3-6 109896]
    .
    =============== Created Last 30 ================
    .
    2015-02-05 22:22:35 -------- d-----w- C:\Users\Sef\AppData\Local\VirtualStore
    2015-02-05 22:19:21 -------- d-----w- C:\ProgramData\Malwarebytes Anti-Exploit
    2015-02-05 22:19:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit
    2015-02-05 22:06:42 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-02-04 06:20:06 -------- d-----w- C:\Program Files (x86)\Common Files\ThreeShips Shared
    2015-01-30 08:04:25 972712 ----a-w- C:\Windows\System32\deployJava1.dll
    2015-01-30 08:04:24 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2015-01-27 21:30:13 621200 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2015-01-27 21:22:38 38032 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
    2015-01-27 21:22:38 32400 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
    2015-01-22 18:45:44 -------- d-----w- C:\Users\Sef\AppData\Roaming\Temp
    2015-01-22 18:45:44 -------- d-----w- C:\Users\Sef\AppData\Roaming\Configuration
    2015-01-22 18:45:44 -------- d-----w- C:\Users\Sef\AppData\Roaming\Backup Tickets
    2015-01-22 13:13:01 -------- d-----w- C:\Program Files (x86)\Coyote
    2015-01-22 13:12:56 -------- d-----w- C:\Program Files (x86)\PowerTracks DirectX Plugins
    2015-01-22 13:10:54 -------- d-----w- C:\bb
    2015-01-19 08:04:10 -------- d-----w- C:\Program Files (x86)\XLN Audio
    2015-01-19 07:47:20 -------- d-----w- C:\Users\Sef\AppData\Roaming\Addictive Keys
    2015-01-19 07:47:17 -------- d-----w- C:\ProgramData\boost_interprocess
    2015-01-19 07:46:27 -------- d-----w- C:\ProgramData\XLN Audio
    2015-01-15 10:02:12 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
    2015-01-15 10:02:11 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2015-01-15 10:02:10 503808 ----a-w- C:\Windows\System32\srcore.dll
    2015-01-15 10:02:10 50176 ----a-w- C:\Windows\System32\srclient.dll
    2015-01-15 10:02:10 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2015-01-15 10:02:10 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2015-01-15 10:02:10 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2015-01-15 10:02:10 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2015-01-14 06:37:05 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
    2015-01-14 06:37:05 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
    2015-01-14 06:37:05 303616 ----a-w- C:\Windows\System32\nlasvc.dll
    2015-01-14 06:37:05 210432 ----a-w- C:\Windows\System32\profsvc.dll
    2015-01-14 06:37:05 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    .
    ==================== Find3M ====================
    .
    2015-02-07 12:34:46 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2015-02-05 22:06:06 97496 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2015-02-05 19:31:05 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-05 19:31:05 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2015-01-30 08:03:45 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2015-01-30 08:03:22 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2015-01-16 06:41:34 1316184 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
    2015-01-16 06:41:34 1278920 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2015-01-16 06:41:18 1756424 ----a-w- C:\Windows\System32\nvspbridge64.dll
    2015-01-16 06:41:18 1514528 ----a-w- C:\Windows\System32\nvspcap64.dll
    2015-01-13 04:15:56 30536 ----a-w- C:\Windows\System32\nvhdap64.dll
    2015-01-13 04:15:56 195728 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2015-01-13 04:15:56 1540240 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2015-01-09 23:30:01 6860432 ----a-w- C:\Windows\System32\nvcpl.dll
    2015-01-09 23:30:01 3517256 ----a-w- C:\Windows\System32\nvsvc64.dll
    2015-01-09 23:29:53 935056 ----a-w- C:\Windows\System32\nvvsvc.exe
    2015-01-09 23:29:53 2558608 ----a-w- C:\Windows\System32\nvsvcr.dll
    2015-01-09 23:29:52 62608 ----a-w- C:\Windows\System32\nvshext.dll
    2015-01-09 23:29:52 385352 ----a-w- C:\Windows\System32\nvmctray.dll
    2015-01-09 19:47:35 4173527 ----a-w- C:\Windows\System32\nvcoproc.bin
    2015-01-06 16:19:48 4 ----a-w- C:\Users\Sef\AppData\Roaming\appdataFr2.bin
    2014-12-31 13:42:12 16 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
    2014-12-25 07:33:34 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2014-12-13 05:09:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-12-13 03:33:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-11-22 10:46:30 35472 ----a-w- C:\Windows\System32\nvaudcap64v.dll
    2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
    2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
    2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
    2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-11-21 05:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-11-21 05:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-11-18 16:17:19 43064 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
    2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
    2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
    .
    ============= FINISH: 13:35:51,89 ===============


    Gmer:


    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2015-02-07 13:46:54
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_250GB rev.EXT0BB6Q 232,89GB
    Running: b89zc3yx.exe; Driver: C:\Users\Sef\AppData\Local\Temp\uwldypow.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1988] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077411465 2 bytes [41, 77]
    .text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1988] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000774114bb 2 bytes [41, 77]
    .text ... * 2
    .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077411465 2 bytes [41, 77]
    .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[2088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774114bb 2 bytes [41, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077411465 2 bytes [41, 77]
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774114bb 2 bytes [41, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077411465 2 bytes [41, 77]
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774114bb 2 bytes [41, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077411465 2 bytes [41, 77]
    .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774114bb 2 bytes [41, 77]
    .text ... * 2
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2852] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 000000006fd21a22 2 bytes [D2, 6F]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2852] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 000000006fd21ad0 2 bytes [D2, 6F]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2852] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 000000006fd21b08 2 bytes [D2, 6F]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2852] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 000000006fd21bba 2 bytes [D2, 6F]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2852] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 000000006fd21bda 2 bytes [D2, 6F]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077411465 2 bytes [41, 77]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774114bb 2 bytes [41, 77]
    .text ... * 2
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077411465 2 bytes [41, 77]
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774114bb 2 bytes [41, 77]
    .text ... * 2
    .text C:\Users\Sef\AppData\Local\FluxSoftware\Flux\flux.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077411465 2 bytes [41, 77]
    .text C:\Users\Sef\AppData\Local\FluxSoftware\Flux\flux.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774114bb 2 bytes [41, 77]
    .text ... * 2
    .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077411465 2 bytes [41, 77]
    .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[4176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774114bb 2 bytes [41, 77]
    .text ... * 2
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077411465 2 bytes [41, 77]
    .text C:\Windows\SysWOW64\NOTEPAD.EXE[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774114bb 2 bytes [41, 77]
    .text ... * 2

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158349356a
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x04 0xE4 0x87 0xA7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158349356a (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x04 0xE4 0x87 0xA7 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Lite\

    ---- EOF - GMER 2.1 ----

  • #2
    Download ComboFix van één van deze locaties:

    Link 1
    Link 2


    * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

    >>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.






    1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

    * (hier of hier

    2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
    3. Dubbelklik op "Combofix.exe" om de tool te starten.
    4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

    * Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

    5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      ComboFix 15-02-02.01 - Sef 07-02-2015 16:00:56.1.8 - x64
      Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.12279.8877 [GMT 1:00]
      Gestart vanuit: c:\users\Sef\Desktop\Virus\ComboFix.exe
      AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
      SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Nieuw herstelpunt werd aangemaakt
      .
      .
      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\users\Sef\AppData\Local\assembly\tmp
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\ar\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\bg\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\ca\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\cs\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\da\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\de\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\el\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\en\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\es\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\fi\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\fr\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\he\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\hr\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\hu\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\id\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\it\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\ja\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\ko\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\nb\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\nl\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\pl\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\pt_BR\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\pt_PT\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\ro\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\ru\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\sk\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\sl\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\sr\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\sv\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\te\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\tr\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\uk\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\vi\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\zh_CN\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_locales\zh_TW\messages.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_metadata\computed_hashes.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\_metadata\verified_contents.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\adblock_start_chrome.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\adblock_start_common.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\background.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\bandaids.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\button\popup.css
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\button\popup.html
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\button\popup.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\button\search\search.css
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\button\search\search.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\CHANGELOG.txt
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\checkupdates.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\chrome_oauth_receiver.html
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\chrome_oauth_receiver.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\dropbox-datastores.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\filtering\domainset.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\filtering\filternormalizer.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\filtering\filteroptions.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\filtering\filterset.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\filtering\filtertypes.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\filtering\myfilters.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\functions.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\idlehandler.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\delete.gif
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\dropbox1.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\dropbox2.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\dropbox3.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\facebook-sprite.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\gifloader.gif
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\gplus-sprite.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\icon128.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\icon16.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\icon16_grayscale.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\[email protected]
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\icon19-grayscale.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\icon19-whitelisted.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\icon19.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\icon24.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\icon32.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\icon38-grayscale.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\icon38-whitelisted.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\icon38.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\icon48.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\logo.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\search\check.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\search\magnifying_glass.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\search\search-engine-card_no-shadow.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\search\search-engine-icons.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\search\search-omnibox-card_no-shadow.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\search\search_engine_select_arro w.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\img\twitter-sprite.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\css\images\ui-icons_056b93_256x240.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\css\jquery-ui.custom.css
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\css\override-page.css
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\jquery-ui.custom.min.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\jquery.cookie.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\jquery\jquery.min.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\LICENSE
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\manifest.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\options\customize.html
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\options\customize.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\options\filters.html
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\options\filters.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\options\general.html
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\options\general.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\options\index.html
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\options\index.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\options\options.css
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\options\support.html
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\options\support.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\pages\adreport.html
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\pages\adreport.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\pages\resourceblock.html
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\pages\resourceblock.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\pages\subscribe.html
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\pages\subscribe.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\port.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\README.markdown
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\search\focus.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\search\incognito.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\search\pitchpage.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\search\search-plus-one.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\search\secure_reminder.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\search\serp.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\stats.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\translators.json
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\uiscripts\blacklisting\blacklistui.j s
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\uiscripts\blacklisting\clickwatcher. js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\uiscripts\blacklisting\elementchain. js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\uiscripts\blacklisting\overlay.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\uiscripts\blacklisting\rightclick_ho ok.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\uiscripts\load_jquery_ui.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\uiscripts\send_content_to_back.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\uiscripts\top_open_blacklist_ui.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\uiscripts\top_open_whitelist_ui.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\ytchannel.js
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
      c:\users\Sef\AppData\Local\Google\Chrome\User Data\Default\Preferences
      c:\users\Sef\AppData\Local\nsr2EC7.tmp
      c:\users\Sef\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
      c:\users\Sef\AppData\Roaming\IHelper
      c:\windows\IsUn0413.exe
      c:\windows\SysWow64\msvcsv60.dll
      c:\windows\SysWow64\tmp2D4E.tmp
      .
      .
      (((((((((((((((((((( Bestanden Gemaakt van 2015-01-07 to 2015-02-07 ))))))))))))))))))))))))))))))
      .
      .
      2015-02-07 15:05 . 2015-02-07 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
      2015-02-05 22:22 . 2015-02-06 08:27 -------- d-----w- c:\users\Sef\AppData\Local\VirtualStore
      2015-02-05 22:19 . 2015-02-07 12:35 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
      2015-02-05 22:19 . 2015-02-05 22:19 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit
      2015-02-05 22:06 . 2015-02-07 12:34 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
      2015-02-04 06:20 . 2015-02-04 06:20 -------- d-----w- c:\program files (x86)\Common Files\ThreeShips Shared
      2015-01-30 08:04 . 2013-06-30 20:24 972712 ----a-w- c:\windows\system32\deployJava1.dll
      2015-01-30 08:04 . 2013-06-30 20:24 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
      2015-01-30 08:04 . 2015-01-30 08:04 -------- d-----w- c:\program files (x86)\Common Files\Java
      2015-01-27 21:30 . 2015-01-27 21:30 -------- d-----w- c:\program files (x86)\AGEIA Technologies
      2015-01-27 21:30 . 2015-01-09 22:27 621200 ----a-w- c:\windows\SysWow64\nvStreaming.exe
      2015-01-27 21:22 . 2014-11-22 10:46 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
      2015-01-27 21:22 . 2014-11-22 10:46 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
      2015-01-22 18:45 . 2015-01-22 18:49 -------- d-----w- c:\users\Sef\AppData\Roaming\Backup Tickets
      2015-01-22 18:45 . 2015-01-22 18:49 -------- d-----w- c:\users\Sef\AppData\Roaming\Configuration
      2015-01-22 13:13 . 2015-02-01 11:06 -------- d-----w- c:\users\Public\Ticket
      2015-01-22 13:13 . 2015-01-22 13:13 -------- d-----w- c:\program files (x86)\Coyote
      2015-01-22 13:12 . 2015-01-22 13:12 -------- d-----w- c:\program files (x86)\PowerTracks DirectX Plugins
      2015-01-22 13:10 . 2015-02-01 11:06 -------- d-----w- C:\bb
      2015-01-19 08:04 . 2015-01-19 08:04 -------- d-----w- c:\program files (x86)\XLN Audio
      2015-01-19 07:47 . 2015-01-19 07:47 -------- d-----w- c:\users\Sef\AppData\Roaming\Addictive Keys
      2015-01-19 07:47 . 2015-01-19 07:47 -------- d-----w- c:\programdata\boost_interprocess
      2015-01-19 07:46 . 2015-01-19 08:04 -------- d-----w- c:\programdata\XLN Audio
      2015-01-15 10:02 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
      2015-01-15 10:02 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
      2015-01-15 10:02 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
      2015-01-15 10:02 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
      2015-01-15 10:02 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
      2015-01-15 10:02 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
      2015-01-15 10:02 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
      2015-01-15 10:02 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
      2015-01-14 06:37 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
      2015-01-14 06:37 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
      2015-01-14 06:37 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
      2015-01-14 06:37 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
      2015-01-14 06:37 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2015-02-07 13:32 . 2014-04-18 17:14 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
      2015-02-05 22:06 . 2014-04-18 16:13 97496 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
      2015-02-05 19:31 . 2012-05-20 12:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2015-02-05 19:31 . 2012-05-20 12:31 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2015-01-30 08:03 . 2013-06-30 20:24 319912 ----a-w- c:\windows\system32\javaws.exe
      2015-01-30 08:03 . 2013-06-30 20:24 191400 ----a-w- c:\windows\system32\javaw.exe
      2015-01-30 08:03 . 2013-06-30 20:24 190888 ----a-w- c:\windows\system32\java.exe
      2015-01-30 08:03 . 2013-06-30 20:24 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
      2015-01-30 08:03 . 2014-10-20 18:38 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
      2015-01-16 06:41 . 2014-08-05 11:28 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
      2015-01-16 06:41 . 2013-11-19 20:29 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
      2015-01-16 06:41 . 2014-08-05 11:28 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
      2015-01-16 06:41 . 2013-11-19 20:29 1514528 ----a-w- c:\windows\system32\nvspcap64.dll
      2015-01-13 04:15 . 2014-01-08 16:21 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
      2015-01-10 08:07 . 2014-05-30 17:30 16009120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
      2015-01-10 08:07 . 2013-07-02 13:07 73872 ----a-w- c:\windows\system32\OpenCL.dll
      2015-01-10 08:07 . 2013-07-02 13:07 60744 ----a-w- c:\windows\SysWow64\OpenCL.dll
      2015-01-10 08:07 . 2013-07-02 11:19 2902456 ----a-w- c:\windows\SysWow64\nvapi.dll
      2015-01-10 08:07 . 2013-07-02 11:19 14115944 ----a-w- c:\windows\SysWow64\nvd3dum.dll
      2015-01-10 08:07 . 2013-07-02 11:19 3298816 ----a-w- c:\windows\system32\nvapi64.dll
      2015-01-10 08:07 . 2013-07-02 11:19 18566296 ----a-w- c:\windows\system32\nvwgf2umx.dll
      2015-01-09 23:30 . 2013-07-02 13:07 6860432 ----a-w- c:\windows\system32\nvcpl.dll
      2015-01-09 23:30 . 2013-07-02 13:07 3517256 ----a-w- c:\windows\system32\nvsvc64.dll
      2015-01-09 23:29 . 2013-07-02 13:07 935056 ----a-w- c:\windows\system32\nvvsvc.exe
      2015-01-09 23:29 . 2013-07-02 13:07 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
      2015-01-09 23:29 . 2013-07-02 13:07 62608 ----a-w- c:\windows\system32\nvshext.dll
      2015-01-09 23:29 . 2013-07-02 13:07 385352 ----a-w- c:\windows\system32\nvmctray.dll
      2015-01-09 19:47 . 2013-07-02 13:07 4173527 ----a-w- c:\windows\system32\nvcoproc.bin
      2015-01-06 16:19 . 2014-12-28 09:52 4 ----a-w- c:\users\Sef\AppData\Roaming\appdataFr2.bin
      2014-12-25 07:33 . 2014-12-25 07:33 12872 ----a-w- c:\windows\system32\bootdelete.exe
      2014-12-13 05:09 . 2014-12-18 05:08 144384 ----a-w- c:\windows\system32\ieUnatt.exe
      2014-12-13 03:33 . 2014-12-18 05:08 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
      2014-12-10 05:41 . 2012-05-19 09:34 112710672 ----a-w- c:\windows\system32\MRT.exe
      2014-11-27 01:43 . 2014-12-10 04:20 389296 ----a-w- c:\windows\system32\iedkcs32.dll
      2014-11-22 10:46 . 2013-07-31 06:54 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
      2014-11-22 03:13 . 2014-12-10 04:20 25059840 ----a-w- c:\windows\system32\mshtml.dll
      2014-11-22 03:06 . 2014-12-10 04:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
      2014-11-22 03:06 . 2014-12-10 04:20 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
      2014-11-22 02:50 . 2014-12-10 04:20 66560 ----a-w- c:\windows\system32\iesetup.dll
      2014-11-22 02:50 . 2014-12-10 04:20 580096 ----a-w- c:\windows\system32\vbscript.dll
      2014-11-22 02:49 . 2014-12-10 04:20 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
      2014-11-22 02:49 . 2014-12-10 04:20 2885120 ----a-w- c:\windows\system32\iertutil.dll
      2014-11-22 02:48 . 2014-12-10 04:20 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
      2014-11-22 02:41 . 2014-12-10 04:20 54784 ----a-w- c:\windows\system32\jsproxy.dll
      2014-11-22 02:40 . 2014-12-10 04:20 34304 ----a-w- c:\windows\system32\iernonce.dll
      2014-11-22 02:37 . 2014-12-10 04:20 633856 ----a-w- c:\windows\system32\ieui.dll
      2014-11-22 02:35 . 2014-12-10 04:20 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
      2014-11-22 02:34 . 2014-12-10 04:20 814080 ----a-w- c:\windows\system32\jscript9diag.dll
      2014-11-22 02:34 . 2014-12-10 04:20 6039552 ----a-w- c:\windows\system32\jscript9.dll
      2014-11-22 02:26 . 2014-12-10 04:20 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
      2014-11-22 02:22 . 2014-12-10 04:20 490496 ----a-w- c:\windows\system32\dxtmsft.dll
      2014-11-22 02:20 . 2014-12-10 04:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
      2014-11-22 02:14 . 2014-12-10 04:20 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
      2014-11-22 02:09 . 2014-12-10 04:20 199680 ----a-w- c:\windows\system32\msrating.dll
      2014-11-22 02:08 . 2014-12-10 04:20 92160 ----a-w- c:\windows\system32\mshtmled.dll
      2014-11-22 02:07 . 2014-12-10 04:20 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
      2014-11-22 02:07 . 2014-12-10 04:20 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
      2014-11-22 02:06 . 2014-12-10 04:20 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
      2014-11-22 02:05 . 2014-12-10 04:20 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
      2014-11-22 02:05 . 2014-12-10 04:20 316928 ----a-w- c:\windows\system32\dxtrans.dll
      2014-11-22 01:54 . 2014-12-10 04:20 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
      2014-11-22 01:49 . 2014-12-10 04:20 718848 ----a-w- c:\windows\system32\ie4uinit.exe
      2014-11-22 01:49 . 2014-12-10 04:20 800768 ----a-w- c:\windows\system32\msfeeds.dll
      2014-11-22 01:47 . 2014-12-10 04:20 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
      2014-11-22 01:46 . 2014-12-10 04:20 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
      2014-11-22 01:43 . 2014-12-10 04:20 14412800 ----a-w- c:\windows\system32\ieframe.dll
      2014-11-22 01:40 . 2014-12-10 04:20 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
      2014-11-22 01:29 . 2014-12-10 04:20 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
      2014-11-22 01:28 . 2014-12-10 04:20 2358272 ----a-w- c:\windows\system32\wininet.dll
      2014-11-22 01:22 . 2014-12-10 04:20 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
      2014-11-22 01:21 . 2014-12-10 04:20 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
      2014-11-22 01:15 . 2014-12-10 04:20 1548288 ----a-w- c:\windows\system32\urlmon.dll
      2014-11-22 01:03 . 2014-12-10 04:20 800768 ----a-w- c:\windows\system32\ieapfltr.dll
      2014-11-22 01:00 . 2014-12-10 04:20 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
      2014-11-21 05:14 . 2014-04-18 16:13 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
      2014-11-21 05:14 . 2012-05-19 09:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
      2014-11-18 16:17 . 2014-11-18 16:17 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
      2014-11-11 03:09 . 2014-12-10 04:20 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
      2014-11-11 03:08 . 2014-11-19 02:57 241152 ----a-w- c:\windows\system32\pku2u.dll
      2014-11-11 03:08 . 2014-11-19 02:57 728064 ----a-w- c:\windows\system32\kerberos.dll
      2014-11-11 02:44 . 2014-12-10 04:20 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
      2014-11-11 02:44 . 2014-11-19 02:57 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
      2014-11-11 02:44 . 2014-11-19 02:57 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
      2014-11-11 01:46 . 2014-12-10 04:20 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\"DropboxExt1"]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:09 131480 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\"DropboxExt2"]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:09 131480 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\"DropboxExt3"]
      @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:09 131480 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\"DropboxExt4"]
      @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:09 131480 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\"DropboxExt5"]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:09 131480 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\"DropboxExt6"]
      @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:09 131480 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\"DropboxExt7"]
      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:09 131480 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\"DropboxExt8"]
      @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:09 131480 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "F.lux"="c:\users\Sef\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "Adobe Speed Launcher"="1423321570" [X]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
      "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
      "BtTray"="c:\program files (x86)\IVT Corporation\BlueSoleil\BtTray.exe" [2009-09-02 315478]
      "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
      "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
      "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
      "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
      "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
      "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
      "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
      "Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-12-31 126712]
      "Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-12-10 2561848]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
      "LoadAppInit_DLLs"=1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
      @=""
      .
      R0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmafd.sys [x]
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
      R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
      R3 cmudaxp;ASUS Xonar D2 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
      R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
      R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
      R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
      R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drive rs\MBAMSwissArmy.sys [x]
      R3 MSICDSetup;MSICDSetup;f:\cdriver64.sys;f:\CDriver64.sys [x]
      R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
      R3 RDID1079;UA-25EX;c:\windows\system32\Drivers\rdwm1079.sys;c:\windows\SYSNATIVE\Drivers\rdwm1079.sys [x]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
      R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
      R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
      R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3 dvsc.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
      R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
      R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
      R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
      R3 yslchocx;yslchocx; [x]
      R3 ysusb64;Yamaha Steinberg USB Audio;c:\windows\system32\drivers\ysusb64.sys;c:\windows\SYSNATIVE\drivers\ysusb64.sys [x]
      R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\s ptd.sys [x]
      S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
      S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c:\windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x]
      S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
      S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
      S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
      S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
      S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
      S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
      S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
      S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
      S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
      S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
      S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
      S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
      S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
      S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
      S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
      S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
      S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
      S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
      S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
      S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSUsbFilt.Sys [x]
      S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.s ys [x]
      S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\ drivers\mwac.sys [x]
      S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
      S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
      S3 pikbd;Pluralinput Keyboard 0.8.6;c:\windows\system32\DRIVERS\pikbd.sys;c:\windows\SYSNATIVE\DRIVERS\pikbd.sys [x]
      S3 RDID1117;QUAD-CAPTURE;c:\windows\system32\Drivers\rdwm1117.sys;c:\windows\SYSNATIVE\Drivers\rdwm1117.sys [x]
      S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
      S3 ZCLDRV;ZCL Service;c:\windows\system32\DRIVERS\ZclDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\ZclDrv64.sys [x]
      .
      .
      --- Andere Services/Drivers In Geheugen ---
      .
      *NewlyCreated* - WS2IFSL
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
      2015-02-06 06:51 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
      .
      Inhoud van de 'Gedeelde Taken' map
      .
      2015-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 19:31]
      .
      2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05 09:37]
      .
      2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05 09:37]
      .
      2014-12-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3571244474-320856320-140989579-1001.job
      - c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06 09:36]
      .
      2014-12-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3571244474-320856320-140989579-1001.job
      - c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06 09:36]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
      @="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
      [HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
      2013-06-19 22:45 3317616 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
      @="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
      [HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
      2013-06-19 22:45 3317616 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
      @="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
      [HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
      2013-06-19 22:45 3317616 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt1"]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt2"]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt3"]
      @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt4"]
      @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt5"]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt6"]
      @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt7"]
      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"D ropboxExt8"]
      @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
      2014-08-17 04:10 164760 ----a-w- c:\users\Sef\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
      "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585928]
      "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-24 12480616]
      "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]

      Comment


      • #4
        Deel 2:


        .
        ------- Bijkomende Scan -------
        .
        uLocal Page = c:\windows\system32\blank.htm
        uStart Page = hxxp://www.google.com/
        mDefault_Search_URL = about:blank
        mDefault_Page_URL = about:blank
        mStart Page = about:blank
        mLocal Page = c:\windows\SysWOW64\blank.htm
        mSearch Page = about:blank
        IE: Converteren naar Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
        IE: Doel van koppeling converteren naar Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
        IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
        IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
        IE: Toevoegen aan bestaande PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
        TCP: DhcpNameServer = 212.54.40.25 212.54.44.54
        .
        - - - - ORPHANS VERWIJDERD - - - -
        .
        Toolbar-10 - (no file)
        Wow6432Node-HKCU-Run-AdobeBridge - (no file)
        HKLM_Wow6432Node-ActiveSetup-{B79EE1C0-7410-BE42-1218-A66C37905A04} - c:\programdata\wscntfy.exe
        Toolbar-10 - (no file)
        ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
        AddRemove-{B2552FA6-86E3-410D-84AD-265C2242D410} - c:\programdata\{D0FD515C-72E9-4FA3-AB32-7251C0864B75}\FM8 Setup PC.exe
        AddRemove-{D69D39FC-DCC0-43F4-9524-043EE9F1C329} - c:\programdata\{4FF14FF4-C333-4311-BC51-88781D14A5AF}\Abbey Road Modern Drums Setup PC.exe
        AddRemove-{E236DA46-2EDD-4097-8CF4-444B4FC9E226} - c:\programdata\{F7BFF4EE-E380-444D-BF91-DE4716D46130}\Abbey Road 60s Drums Vintage Setup PC.exe
        .
        .
        .
        --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
        @Denied: (A 2) (Everyone)
        @="FlashBroker"
        "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
        "Enabled"=dword:00000001
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
        @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
        "Version"=hex:4f,b4,cc,98,e6,86,d8,80,36,4c,a7,0d,44,37,8b,33,96,b9,bc,e0,90,
        d0,86,9c,e6,e5,88,f9,9e,d3,fa,71,47,57,c2,cc,9b,7a,a4,5e,e5,ae,c9,c4,35,54,\
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
        @Denied: (A 2) (Everyone)
        @="IFlashBroker6"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
        @="{00020424-0000-0000-C000-000000000046}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
        "Version"="1.0"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
        @Denied: (A 2) (Everyone)
        @="FlashBroker"
        "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
        "Enabled"=dword:00000001
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
        @Denied: (A 2) (Everyone)
        @="Shockwave Flash Object"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
        "ThreadingModel"="Apartment"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
        @="0"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
        @="ShockwaveFlash.ShockwaveFlash.16"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
        @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
        @="1.0"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
        @="ShockwaveFlash.ShockwaveFlash"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
        @Denied: (A 2) (Everyone)
        @="Macromedia Flash Factory Object"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
        "ThreadingModel"="Apartment"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
        @="FlashFactory.FlashFactory.1"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
        @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
        @="1.0"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
        @="FlashFactory.FlashFactory"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
        @Denied: (A 2) (Everyone)
        @="IFlashBroker6"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
        @="{00020424-0000-0000-C000-000000000046}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
        "Version"="1.0"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
        "Version"=hex:4f,b4,cc,98,e6,86,d8,80,36,4c,a7,0d,44,37,8b,33,96,b9,bc,e0,90,
        d0,86,9c,e6,e5,88,f9,9e,d3,fa,71,47,57,c2,cc,9b,7a,a4,5e,e5,ae,c9,c4,35,54,\
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
        @Denied: (A) (Users)
        @Denied: (A) (Everyone)
        @Allowed: (B 1 2 3 4 5) (S-1-5-20)
        "BlindDial"=dword:00000000
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
        @Denied: (Full) (Everyone)
        .
        ------------------------ Andere Aktieve Processen ------------------------
        .
        c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
        c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
        c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        c:\program files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
        c:\windows\SysWOW64\PnkBstrA.exe
        c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
        c:\users\Sef\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
        c:\program files (x86)\Samsung Magician\Samsung Magician.exe
        .
        **************************************************************************
        .
        Voltooingstijd: 2015-02-07 16:08:27 - machine werd herstart
        ComboFix-quarantined-files.txt 2015-02-07 15:08
        .
        Pre-Run: 98.538.610.688 bytes beschikbaar
        Post-Run: 98.636.308.480 bytes beschikbaar
        .
        - - End Of File - - 59A501FEAC6A3E146C146688ADD2D6F6
        B1F7D7F6E4FBE98E578562A22A94D02C

        Comment


        • #5
          Ok, volgende stap.

          Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
          Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
          (hier en hier) kan je lezen hoe je dat doet.

          Download Zoek.exe naar het bureaublad (klik hier voor meer informatie over hoe zoek.exe te gebruiken)
          • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
          • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
          • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
          • Kopieer nu onderstaande code en plak die in het grote invulvenster:
          • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
            Code:
            torpigcheck;
            emptyclsid;
            shortcutfix;
            emptyfolderscheck;
            firefoxlook; 
            Chromelook; 
            CHRdefaults;
            autoclean; 
            iedefaults; 
            filesrcm;  
            startupall;
            resetieproxy;
          • Klik nu op de knop "Run script".
          • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
          • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
          • Post het geopende logje in het volgende bericht als bijlage.

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            zoek-results.txt

            Comment


            • #7
              gaat het al beter.?

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Hoi,
                Nee, helaas niet .
                Hij vertraagd nog steeds tijdens het opstarten , hij probeert extensies in Chrome te installeren en geeft soms vreemde lege internetpagina's , zie bijlageClick image for larger version

Name:	browser.jpg
Views:	1
Size:	6,2 KB
ID:	1068134.


                Dit is een wat ouder voorbeeld , nu is het Yahoo teken Y eruit verdwenen.
                Groeten,
                Sef

                Comment


                • #9
                  Google Chrome Synchronisatie resetten:
                  • Open Google Chrome, log in het met het Google account en klik rechtsboven op het icoon met de drie streepjes.
                  • Klik op Instellingen
                  • Klik nu op de optie Google dashbord.
                  • Klik vervolgens in het nieuwe tabblad op de knop Stopzetten en wissen.
                  • Klik in het scherm wat nu verschijnt op OK
                  • Het kan enkele uren duren voordat de wijzigingen zijn doorgevoerd.
                  • Log vervolgens uit op Google Chrome.
                  • Log na enkele uren even opnieuw in en kijk of de wijzigingen inmiddels zijn doorgevoerd en de problemen daarmee zijn verholpen.

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Ga ik doen !

                    Comment


                    • #11
                      ik heb gedaan wat je had gezegd, maar hij blijft tijdens het opstarten nog steeds vertragen .

                      Comment


                      • #12
                        Doe het volgende;

                        Download Old Chrome Remover naar bijvoorbeeld het bureaublad.
                        • Klik met de rechtermuisknop op OldChromeRemover-0.5 en kies voor de optie uitvoeren als administrator.
                        • Er verschijnt nu een zwart commandprompt scherm, wacht vervolgens tot de onderstaande melding verschijnt.



                        • Druk vervolgens op de toets Y om de verouderde versie(s) van Google Chrome te verwijderen.
                        • Wanneer dit gereed is klikt u op een willekeurige toets, b.v. de spatiebalk om het programma te sluiten.
                        • Herstart de computer.



                        Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:

                        Download Delfix by Xplode naar het bureaublad.

                        Dubbelklik op Delfix.exe om de tool te starten.
                        Zet nu vinkjes voor de volgende items:
                        • Remove disinfection tools
                        • Purge System Restore
                        • Reset system settings

                        Klik nu op "Run" en wacht geduldig tot de tool gereed is.
                        Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
                        Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Helaas is het nog niet verholpen . Hij start hij nog steeds erg traag op , en hij installeerde weer een extensie in Chrome.

                          Groeten, Sef

                          Comment


                          • #14
                            Verwijder de extensie en download en installeer HMP alert (gratis)
                            Misschien ook beter om Hitmanproalert te installeren. Alert
                            Uitleg hieronder.
                            https://www.youtube.com/watch?v=qvZ0...ature=youtu.be

                            Staat ook hier een uitleg https://www.security.nl/posting/3689...n+CryptoLocker

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              Ik heb hitman pro alert geïnstalleerd .

                              Maar deze houd toch alleen nieuwe infecties tegen , hij verwijdert toch niet diegene die ik nu heb ?


                              Groeten,
                              Sef

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X