Mededeling

Collapse
No announcement yet.

Blue screens!

Collapse
This topic is closed.
X
X
 
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Blue screens!

    Hallo,

    Heb last van blue screens en heb daartoe een topic geopend op;Pc-problemen algemeenWindowsWindows 7 Blue screen. Ben 2 dagen verlost geweest maar helaas het is terug.Dorado heeft mij aldaar door verwezen naar jullie.Hierbij de logjes:

    defogger_disable by jpshortstuff (23.02.10.1)
    Log created at 09:22 on 27/03/2015 (Reinette)


    Checking for autostart values...
    HKCU\~\Run values retrieved.
    HKLM\~\Run values retrieved.


    Checking for services/drivers...




    -=E.O.F=-
    Last edited by reinette; 27-03-15, 13:38.
    Groetjes Reinette

  • #2
    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Protection, 27-3-2015 9:11:38, SYSTEM, REINETTE-PC, Protection, Malware Protection, Starting,
    Protection, 27-3-2015 9:11:38, SYSTEM, REINETTE-PC, Protection, Malware Protection, Started,
    Update, 27-3-2015 9:11:41, SYSTEM, REINETTE-PC, Scheduler, Rootkit Database, 2015.2.25.1, 2015.3.26.1,
    Update, 27-3-2015 9:11:43, SYSTEM, REINETTE-PC, Scheduler, Malware Database, 2015.3.24.2, 2015.3.27.4,
    Protection, 27-3-2015 9:11:43, SYSTEM, REINETTE-PC, Protection, Refresh, Starting,
    Protection, 27-3-2015 9:11:49, SYSTEM, REINETTE-PC, Protection, Refresh, Success,
    Protection, 27-3-2015 9:19:28, SYSTEM, REINETTE-PC, Protection, Malicious Website Protection, Starting,
    Protection, 27-3-2015 9:19:28, SYSTEM, REINETTE-PC, Protection, Malicious Website Protection, Started,
    Scan, 27-3-2015 12:05:48, SYSTEM, REINETTE-PC, Manual, Start: % 1 27-3-2015, Duur: % 1 hr 2 min 37 sec, Aangepaste Scan, Voltooid, 0 Malware Detections, 2 niet-Malware Detections,
    Protection, 27-3-2015 12:10:26, SYSTEM, REINETTE-PC, Protection, Malware Protection, Starting,
    Protection, 27-3-2015 12:10:26, SYSTEM, REINETTE-PC, Protection, Malware Protection, Started,

    (end)
    Groetjes Reinette

    Comment


    • #3
      # AdwCleaner v4.113 - Logbestand aangemaakt 27/03/2015 op 12:29:50
      # Laatste update 22/03/2015 door Xplode
      # Database : 2015-03-26.1 [Server]
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
      # Gebruikersnaam : Reinette - REINETTE-PC
      # Gestart vanuit : C:\Users\Reinette\Desktop\adwcleaner_4.113.exe
      # Optie : Verwijderen

      ***** [ Services ] *****


      ***** [ Bestanden / Mappen ] *****

      Map Verwijderd : C:\ProgramData\Trymedia
      Map Verwijderd : C:\ProgramData\WPM
      Map Verwijderd : C:\ProgramData\MailUpdate
      Map Verwijderd : C:\Program Files (x86)\Conduit
      Map Verwijderd : C:\Program Files (x86)\globalUpdate
      Map Verwijderd : C:\Program Files (x86)\Mobogenie
      Map Verwijderd : C:\Program Files (x86)\Common Files\337
      Map Verwijderd : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Fighters
      Map Verwijderd : C:\Program Files\Uninstaller
      Map Verwijderd : C:\Users\Reinette\AppData\Local\Conduit
      Map Verwijderd : C:\Users\Reinette\AppData\Local\cool_mirage
      Map Verwijderd : C:\Users\Reinette\AppData\Local\globalUpdate
      Map Verwijderd : C:\Users\Reinette\AppData\Local\Mobogenie
      Map Verwijderd : C:\Users\Reinette\AppData\LocalLow\Conduit
      Map Verwijderd : C:\Users\Reinette\AppData\LocalLow\PutLockerDownloader V6.0
      Map Verwijderd : C:\Users\Reinette\AppData\Roaming\ExpressFiles
      Map Verwijderd : C:\Users\Reinette\AppData\Roaming\iWin
      Map Verwijderd : C:\Users\Reinette\AppData\Roaming\quickclick
      Map Verwijderd : C:\Users\Reinette\AppData\Roaming\Systweak
      Map Verwijderd : C:\Users\Reinette\AppData\Roaming\MailUpdate
      Bestand Verwijderd : C:\Windows\SysWOW64\conduitEngine.tmp
      Bestand Verwijderd : C:\Users\Reinette\daemonprocess.txt
      Bestand Verwijderd : C:\Users\Reinette\AppData\LocalLow\SkwConfig.bin
      Bestand Verwijderd : C:\Users\Reinette\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js

      ***** [ Geplande taken ] *****


      ***** [ Snelkoppelingen ] *****


      ***** [ Register ] *****

      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\speedupmypc
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
      Sleutel Verwijderd : HKCU\Software\5c28adcb739b910
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556678}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{0735B993-B879-45A1-9A55-57001C8F2A9D}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556678}
      Sleutel Verwijderd : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFD40784-1DD4-4B96-BF5C-785EC442F4C5}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFD40784-1DD4-4B96-BF5C-785EC442F4C5}
      Sleutel Verwijderd : HKCU\Software\Conduit
      Sleutel Verwijderd : HKCU\Software\eSupport.com
      Sleutel Verwijderd : HKCU\Software\IM
      Sleutel Verwijderd : HKCU\Software\ImInstaller
      Sleutel Verwijderd : HKCU\Software\Microsoft\Babylon
      Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar
      Sleutel Verwijderd : HKCU\Software\DriverRestore
      Sleutel Verwijderd : HKCU\Software\Fighters
      Sleutel Verwijderd : HKCU\Software\DriverWhiz
      Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit
      Sleutel Verwijderd : HKLM\SOFTWARE\Babylon
      Sleutel Verwijderd : HKLM\SOFTWARE\Conduit
      Sleutel Verwijderd : HKLM\SOFTWARE\ImInstaller
      Sleutel Verwijderd : HKLM\SOFTWARE\Trymedia Systems
      Sleutel Verwijderd : HKLM\SOFTWARE\Uniblue
      Sleutel Verwijderd : HKLM\SOFTWARE\Web Assistant
      Sleutel Verwijderd : HKLM\SOFTWARE\Fighters
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Web Assistant
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
      Gegevens Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

      ***** [ Webbrowsers ] *****

      -\\ Internet Explorer v11.0.9600.17689


      -\\ Mozilla Firefox v


      -\\ Google Chrome v41.0.2272.101


      *************************

      AdwCleaner[R0].txt - [8846 bytes] - [27/03/2015 12:24:47]
      AdwCleaner[S0].txt - [8353 bytes] - [27/03/2015 12:29:50]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8412 bytes] ##########
      Groetjes Reinette

      Comment


      • #4
        DDS (Ver_2012-11-20.01) - NTFS_AMD64
        Internet Explorer: 11.0.9600.17689 BrowserJavaVersion: 11.25.2
        Run by Reinette at 12:40:40 on 2015-03-27
        Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.1810 [GMT 1:00]
        .
        AV: Norton AntiVirus *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
        SP: Norton AntiVirus *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
        .
        ============== Running Processes ===============
        .
        C:\Windows\system32\lsm.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch
        C:\Windows\system32\nvvsvc.exe
        C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
        C:\Windows\system32\svchost.exe -k RPCSS
        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        C:\Windows\system32\svchost.exe -k LocalService
        C:\Windows\system32\svchost.exe -k netsvcs
        C:\Windows\system32\svchost.exe -k GPSvcGroup
        C:\Windows\system32\svchost.exe -k NetworkService
        C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
        C:\Windows\system32\nvvsvc.exe
        C:\Windows\system32\taskeng.exe
        C:\Windows\System32\spoolsv.exe
        C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
        C:\Windows\system32\taskhost.exe
        C:\Windows\system32\svchost.exe -k apphost
        C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\Explorer.EXE
        C:\Windows\system32\taskeng.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
        C:\Program Files\Classic Shell\ClassicStartMenu.exe
        C:\Windows\SysWOW64\svchost.exe -k netsvcs
        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
        C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
        C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
        C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
        c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
        c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
        C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
        C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
        C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.7.0.11\NAV.exe
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
        C:\Windows\splwow64.exe
        C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
        C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
        C:\Program Files (x86)\Online Games Manager\ogmservice.exe
        C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
        C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
        c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
        C:\Windows\system32\svchost.exe -k imgsvc
        C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
        C:\Windows\system32\svchost.exe -k iissvcs
        C:\Windows\system32\SearchIndexer.exe
        C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.7.0.11\NAV.exe
        C:\Windows\servicing\TrustedInstaller.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\Windows Media Player\wmpnetwk.exe
        C:\Windows\System32\WUDFHost.exe
        C:\Windows\System32\svchost.exe -k LocalServicePeerNet
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
        C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
        C:\Windows\system32\SearchProtocolHost.exe
        C:\Windows\system32\SearchFilterHost.exe
        C:\Windows\system32\wbem\wmiprvse.exe
        C:\Windows\System32\cscript.exe
        .
        ============== Pseudo HJT Report ===============
        .
        uStart Page = hxxp://www.startpagina.nl/
        uSearch Bar = Preserve
        mStart Page = www.google.com
        BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
        BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
        BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.7.0.11\ips\ipsbho.dll
        BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
        BHO: Qualys BrowserCheck IE Helper: {7D2FB79E-E58C-4DB5-A36F-AC1C73967FA5} - C:\Windows\Downloaded Program Files\qbc_bho.dll
        BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
        BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
        BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
        TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
        TB: <No Name>: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - LocalServer32 - <no file>
        TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
        TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
        TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
        TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
        EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
        uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
        mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
        mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
        mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
        uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
        uPolicies-Explorer: NoDrives = dword:0
        mPolicies-Explorer: NoDrives = dword:0
        mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
        mPolicies-System: ConsentPromptBehaviorUser = dword:3
        mPolicies-System: EnableLUA = dword:0
        mPolicies-System: EnableUIADesktopToggle = dword:0
        mPolicies-System: PromptOnSecureDesktop = dword:0
        IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
        IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
        IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
        IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
        IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
        DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
        DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Cate%20West%20-%20The%20Velvet%20Keys/Images/stg_drm.ocx
        DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
        DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
        DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab
        DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.nl/Genoogle/Components/ActiveX/SearchEngineQuery.dll
        DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - hxxps://browsercheck.qualys.com/qbc_ax.cab
        DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
        DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
        DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Marooned%202%20-%20Secrets%20of%20the%20Akoni/Images/armhelper.ocx
        TCP: NameServer = 62.179.104.196 213.46.228.196
        TCP: Interfaces\{1676B40F-1908-4E24-AD72-4D9D2C692416} : DHCPNameServer = 62.179.104.196 213.46.228.196
        Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
        SSODL: WebCheck - <orphaned>
        SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
        mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
        x64-mStart Page = www.google.com
        x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll
        x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
        x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
        x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
        x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
        x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll
        x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
        x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
        x64-Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
        x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
        x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
        x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
        x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
        x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
        x64-SSODL: WebCheck - <orphaned>
        .
        ============= SERVICES / DRIVERS ===============
        .
        R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1507000.00B\symds64.sys [2015-3-19 493656]
        R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1507000.00B\symefa64.sys [2015-3-19 1148120]
        R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [2015-3-24 1622744]
        R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1507000.00B\ccsetx64.sys [2015-3-19 162392]
        R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20150324.005\IDSviA64.sys [2015-3-27 671448]
        R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1507000.00B\ironx64.sys [2015-3-19 266968]
        R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1507000.00B\symnets.sys [2015-3-19 593112]
        R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
        R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-3-13 121616]
        R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-3-13 770832]
        R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
        R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-2-5 1148560]
        R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
        R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-12 1871160]
        R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.7.0.11\nav.exe [2015-3-19 262928]
        R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-26 1706128]
        R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-26 21833360]
        R2 ogmservice;Online Games Manager;C:\Program Files (x86)\Online Games Manager\ogmservice.exe [2014-3-27 581568]
        R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-3-23 409800]
        R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-2-9 142640]
        R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-2-28 25816]
        R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-9 19600]
        R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-3-23 38032]
        R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-21 239616]
        S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-3-13 402192]
        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
        S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
        S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-12 969016]
        S3 BthAvrcp;Bluetooth AVRCP-profiel;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
        S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\Windows\System32\drivers\aabed2.sys [2008-3-20 28672]
        S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-3-12 227904]
        S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
        S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-11 114688]
        S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-4-8 93400]
        S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-12 129752]
        S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-13 63704]
        S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-17 19456]
        S3 RtkBtFilter;Realtek Bluetooth Filter Driver;C:\Windows\System32\drivers\RtkBtfilter.sys [2014-12-31 585944]
        S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-1-26 35112]
        S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-17 56832]
        S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-26 1255736]
        S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-3-13 385808]
        .
        =============== File Associations ===============
        .
        FileExt: .txt: Applications\WINWORD.EXE="C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde [UserChoice] [default=edit - 'Open' doesn't exist]
        .
        =============== Created Last 30 ================
        .
        2015-03-27 11:24:38 -------- d-----w- C:\AdwCleaner
        2015-03-25 08:33:52 943616 ----a-w- C:\Windows\System32\appraiser.dll
        2015-03-25 08:33:52 760832 ----a-w- C:\Windows\System32\invagent.dll
        2015-03-25 08:33:52 677888 ----a-w- C:\Windows\System32\generaltel.dll
        2015-03-25 08:33:52 30720 ----a-w- C:\Windows\System32\acmigration.dll
        2015-03-25 08:33:52 1107456 ----a-w- C:\Windows\System32\aeinv.dll
        2015-03-25 08:33:51 414720 ----a-w- C:\Windows\System32\devinv.dll
        2015-03-25 08:33:51 227328 ----a-w- C:\Windows\System32\aepdu.dll
        2015-03-25 08:33:51 192000 ----a-w- C:\Windows\System32\aepic.dll
        2015-03-23 20:26:30 608072 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
        2015-03-23 20:20:50 -------- d-----w- C:\NVIDIA
        2015-03-23 19:26:13 -------- d-----w- C:\Program Files\Speccy
        2015-03-19 15:36:59 876248 ----a-w- C:\Windows\System32\drivers\NAVx64\1507000.00B\srtsp64.sys
        2015-03-19 15:36:59 593112 ----a-w- C:\Windows\System32\drivers\NAVx64\1507000.00B\symnets.sys
        2015-03-19 15:36:59 493656 ----a-r- C:\Windows\System32\drivers\NAVx64\1507000.00B\symds64.sys
        2015-03-19 15:36:59 37592 ----a-w- C:\Windows\System32\drivers\NAVx64\1507000.00B\srtspx64.sys
        2015-03-19 15:36:59 266968 ----a-w- C:\Windows\System32\drivers\NAVx64\1507000.00B\ironx64.sys
        2015-03-19 15:36:59 23568 ----a-r- C:\Windows\System32\drivers\NAVx64\1507000.00B\symelam.sys
        2015-03-19 15:36:59 162392 ----a-r- C:\Windows\System32\drivers\NAVx64\1507000.00B\ccsetx64.sys
        2015-03-19 15:36:59 1148120 ----a-w- C:\Windows\System32\drivers\NAVx64\1507000.00B\symefa64.sys
        2015-03-19 15:36:48 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1507000.00B
        2015-03-11 08:41:59 325632 ----a-w- C:\Windows\System32\msnetobj.dll
        2015-03-11 08:40:58 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
        .
        ==================== Find3M ====================
        .
        2015-03-27 11:10:19 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
        2015-03-21 14:07:56 778928 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
        2015-03-21 14:07:56 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
        2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
        2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
        2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
        2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
        2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
        2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
        2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
        2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
        2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
        2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
        2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
        2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
        2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
        2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
        2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
        2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
        2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
        2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
        2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
        2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
        2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
        2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
        2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
        2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
        2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
        2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
        2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
        2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
        2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
        2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
        2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
        2015-02-26 03:25:44 3204096 ----a-w- C:\Windows\System32\win32k.sys
        2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll
        2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
        2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll
        2015-02-20 04:40:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
        2015-02-20 04:13:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
        2015-02-20 04:13:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
        2015-02-20 04:13:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
        2015-02-20 04:12:51 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
        2015-02-20 03:29:16 372224 ----a-w- C:\Windows\System32\atmfd.dll
        2015-02-20 03:09:16 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
        2015-02-20 03:06:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
        2015-02-20 03:05:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
        2015-02-20 02:50:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
        2015-02-20 02:49:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
        2015-02-20 02:49:19 584192 ----a-w- C:\Windows\System32\vbscript.dll
        2015-02-20 02:47:56 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
        2015-02-20 02:35:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
        2015-02-20 02:35:05 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
        2015-02-20 02:34:24 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
        2015-02-20 02:32:34 6035456 ----a-w- C:\Windows\System32\jscript9.dll
        2015-02-20 02:26:12 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
        2015-02-20 02:22:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
        2015-02-20 02:13:57 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
        2015-02-20 02:09:08 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
        2015-02-20 02:08:59 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
        2015-02-20 02:08:13 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
        2015-02-20 02:06:44 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
        2015-02-20 01:56:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
        2015-02-20 01:56:07 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
        2015-02-20 01:47:06 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
        2015-02-20 01:46:45 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
        2015-02-20 01:41:52 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
        2015-02-20 01:30:39 4300288 ----a-w- C:\Windows\SysWow64\jscript9.dll
        2015-02-20 01:28:25 2358784 ----a-w- C:\Windows\System32\wininet.dll
        2015-02-20 01:24:21 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
        2015-02-20 01:23:19 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
        2015-02-20 01:01:25 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
        2015-02-17 15:04:46 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
        2015-02-11 10:38:55 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
        2015-02-11 10:38:55 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
        2015-02-04 03:16:35 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
        2015-02-04 02:54:09 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
        2015-02-04 02:21:59 6782152 ----a-w- C:\Windows\System32\nvcpl.dll
        2015-02-04 02:21:59 3522376 ----a-w- C:\Windows\System32\nvsvc64.dll
        2015-02-04 02:21:44 932040 ----a-w- C:\Windows\System32\nvvsvc.exe
        2015-02-04 02:21:44 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
        2015-02-04 02:21:43 62792 ----a-w- C:\Windows\System32\nvshext.dll
        2015-02-04 02:21:41 384200 ----a-w- C:\Windows\System32\nvmctray.dll
        2015-02-03 16:18:34 4229086 ----a-w- C:\Windows\System32\nvcoproc.bin
        2015-02-03 03:34:39 693176 ----a-w- C:\Windows\System32\winload.efi
        2015-02-03 03:34:38 5554104 ----a-w- C:\Windows\System32\ntoskrnl.exe
        2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
        2015-02-03 03:33:29 616360 ----a-w- C:\Windows\System32\winresume.efi
        2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
        2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
        2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
        2015-02-03 03:28:14 6656 ----a-w- C:\Windows\System32\apisetschema.dll
        2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
        2015-02-03 03:16:31 3973048 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
        2015-02-03 03:16:31 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
        2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
        2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
        2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
        2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
        2015-02-03 03:08:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
        .
        ============= FINISH: 12:42:15,16 ===============
        Groetjes Reinette

        Comment


        • #5
          GMER 2.1.19357 - http://www.gmer.net
          Rootkit scan 2015-03-27 13:09:45
          Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400AAKS-65A7B2 rev.01.03B01 596,17GB
          Running: hjjnujel.exe; Driver: C:\Users\Reinette\AppData\Local\Temp\uwryikog.sys




          ---- User code sections - GMER 2.1 ----


          .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2628] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077788791 5 bytes JMP 000000016c00528e
          .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2628] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075bc6143 5 bytes JMP 000000016cac9efc
          .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2628] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000077893e59 5 bytes JMP 000000016c0312ef
          .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2628] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000077893eae 5 bytes JMP 000000016c03cb53
          .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2628] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000077894731 5 bytes JMP 000000016c097dd4
          .text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2628] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000077895dee 5 bytes JMP 000000016c074c9a
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e4fc80 5 bytes JMP 00000001003a012a
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e4fcb0 5 bytes JMP 00000001003a0bc2
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e4fe14 5 bytes JMP 00000001003a0048
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtReadVirtualMemory 0000000077e4fe90 5 bytes JMP 00000001003a0e68
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077e4fea8 5 bytes JMP 00000001003a0594
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e4ff24 5 bytes JMP 00000001003a0f4a
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e50004 5 bytes JMP 00000001003a0758
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e50038 5 bytes JMP 00000001003a0ca4
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077e50068 5 bytes JMP 00000001003a0d86
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e50084 5 bytes JMP 0000000100020050
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread 0000000077e502e8 5 bytes JMP 00000001003a020c
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e5079c 5 bytes JMP 00000001003a03d0
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e5088c 5 bytes JMP 00000001003a09fe
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e508a4 2 bytes JMP 00000001003a091c
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 3 0000000077e508a7 2 bytes [55, 88]
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e50df4 5 bytes JMP 00000001003a0676
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx 0000000077e515d4 5 bytes JMP 00000001003a02ee
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e51920 5 bytes JMP 00000001003a083a
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e51be4 5 bytes JMP 00000001003a0ae0
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e51d70 5 bytes JMP 00000001003a04b2
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076fa524f 7 bytes JMP 00000001003b03d8
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076fa53d0 7 bytes JMP 00000001003b0684
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076fa5677 7 bytes JMP 00000001003b04bc
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076fa589a 7 bytes JMP 00000001003b012c
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076fa5a1d 7 bytes JMP 00000001003b084c
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076fa5c9b 7 bytes JMP 00000001003b05a0
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076fa5d87 7 bytes JMP 00000001003b0768
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076fa7240 7 bytes JMP 00000001003b02f4
          .text C:\Users\Reinette\Desktop\hjjnujel.exe[4568] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000077991492 7 bytes JMP 00000001003b0930


          ---- Threads - GMER 2.1 ----


          Thread C:\Windows\System32\spoolsv.exe [1384:1144] 000007fef70f5fd0
          Thread C:\Windows\System32\spoolsv.exe [1384:1196] 000007fef70e3438
          Thread C:\Windows\System32\spoolsv.exe [1384:1140] 000007fef70f63ec
          Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2280:1276] 000007fef18eb730
          Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2280:2332] 000007fef18afc40
          Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2280:3272] 000007feeb862e60
          Thread C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2280:4412] 000007fef18afc40
          Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3960:5124] 000007fefbd42bf8
          Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3960:5132] 000007fee765cf60
          Thread C:\Windows\System32\WUDFHost.exe [1076:5044] 000007fee71c24a0


          ---- Registry - GMER 2.1 ----


          Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd503068
          Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x09 0x36 0x25 0x0C ...
          Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xCC 0x08 0x9B 0xC8 ...
          Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd503068 (not active ControlSet)
          Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x09 0x36 0x25 0x0C ...
          Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xCC 0x08 0x9B 0xC8 ...


          ---- Disk sectors - GMER 2.1 ----


          Disk \Device\Harddisk0\DR0 unknown MBR code


          ---- EOF - GMER 2.1 ----
          Groetjes Reinette

          Comment


          • #6
            Zo dat was een hele klus maar het houd je van de straat zullen we maar zeggen! Succes!
            Groetjes Reinette

            Comment


            • #7
              Graag had ik de scan log gezien van MBAM (en niet de systeemlog).
              Post deze alsnog aub.


              Download TDSSKiller en plaats het op je bureaublad.
              .
              • Pak de bestanden in tdsskiller.zip uit.
              • Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
              • Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit (Load update).
              • Klik op de knop "Start Scan" en volg de instructies.
              • Zet de items dat het vind in quarantaine

              .
              Als er een Reboot (herstart) wordt gevraagt, dan klik je op Reboot Now.
              Anders klik je op Report.
              Kopie en plak de logfile die tevoorschijn komt.

              Opmerking: Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
              Last edited by Emphyrio; 27-03-15, 20:26.
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                Hallo,

                Sorry heb een hele rij logs met 1x scan daar tussen maar als ik die selecteer dan krihg ik degene die je heb gegeven! snap er niets van! Heb een premiumversie van MBAM. Zal nu de volgende opdracht voor je doen.
                Groetjes Reinette

                Comment


                • #9
                  In de link die ik je heb gegeven, staat de uitleg om de log scan te bekomen.
                  Post deze aub.
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    sorry die link had ik over het hoofd gezien! Zal ik zo doen. Maar ik heb nu een ander probleem met de tdsskiller. Kreeg een schermpje met dat er een andere utillity draaide een waarschuwing daarvoor! heb oke gezegd en toen is ie gestopt,. Daarnas heb ik op report gedrukt en die kan ik selecteren maar niet plakken.
                    Groetjes Reinette

                    Comment


                    • #11
                      Zet je beveiligingssoftware tijdelijk uit.
                      Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment


                      • #12
                        Oke heb de link bekeken en aangevinkt zodat ik een scanlog krijg maar moet nu opnieuw met MBAM scannen dan?
                        Groetjes Reinette

                        Comment


                        • #13
                          oke antvirus uitgeschakeld en tdss scan opnieuw uitgevoerd en hij heeft geen threats gevonden, daarna weer report gedaan kan nog steeds niet plakken!Sorry!
                          Groetjes Reinette

                          Comment


                          • #14
                            Zonder de gevraagde logs kan ik weinig beginnen

                            Alles staat klaar en duidelijk uitgelegd.
                            Ivm MBAM is er zelfs een video voorzien.
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              Dat snap ik.Zoals ik al zei ik kan niet plakken dus kan ik geen log geven. En wat MBAM betrefd heb ik een premium versie die elke dag aanstaat en hij heeft de scan van vandaag al gedaan en niets gevonden.

                              Malwarebytes Anti-Malware
                              www.malwarebytes.org


                              Protection, 28-3-2015 9:50:50, SYSTEM, REINETTE-PC, Protection, Malware Protection, Starting,
                              Protection, 28-3-2015 9:50:50, SYSTEM, REINETTE-PC, Protection, Malware Protection, Started,
                              Scan, 28-3-2015 10:33:55, SYSTEM, REINETTE-PC, Manual, Start: % 1 28-3-2015, Duur: % 1 min 20 sec, Bedreigingsscan, Voltooid, 0 Malware Detections, 0 niet-Malware Detections,

                              (end)

                              Dit is die van gisteren hoop ik :
                              Malwarebytes Anti-Malware
                              www.malwarebytes.org


                              Protection, 27-3-2015 9:11:38, SYSTEM, REINETTE-PC, Protection, Malware Protection, Starting,
                              Protection, 27-3-2015 9:11:38, SYSTEM, REINETTE-PC, Protection, Malware Protection, Started,
                              Update, 27-3-2015 9:11:41, SYSTEM, REINETTE-PC, Scheduler, Rootkit Database, 2015.2.25.1, 2015.3.26.1,
                              Update, 27-3-2015 9:11:43, SYSTEM, REINETTE-PC, Scheduler, Malware Database, 2015.3.24.2, 2015.3.27.4,
                              Protection, 27-3-2015 9:11:43, SYSTEM, REINETTE-PC, Protection, Refresh, Starting,
                              Protection, 27-3-2015 9:11:49, SYSTEM, REINETTE-PC, Protection, Refresh, Success,
                              Protection, 27-3-2015 9:19:28, SYSTEM, REINETTE-PC, Protection, Malicious Website Protection, Starting,
                              Protection, 27-3-2015 9:19:28, SYSTEM, REINETTE-PC, Protection, Malicious Website Protection, Started,
                              Scan, 27-3-2015 12:05:48, SYSTEM, REINETTE-PC, Manual, Start: % 1 27-3-2015, Duur: % 1 hr 2 min 37 sec, Aangepaste Scan, Voltooid, 0 Malware Detections, 2 niet-Malware Detections,
                              Protection, 27-3-2015 12:10:26, SYSTEM, REINETTE-PC, Protection, Malware Protection, Starting,
                              Protection, 27-3-2015 12:10:26, SYSTEM, REINETTE-PC, Protection, Malware Protection, Started,

                              (end)
                              Groetjes Reinette

                              Comment

                              Working...
                              X