Mededeling

Collapse
No announcement yet.

Verdachte mails naar alle contactpersonen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Verdachte mails naar alle contactpersonen

    Hallo,

    Mijn schoonbroer - en zus zitten al een tijdje met een probleem.
    Ze worden vaak aangesproken door contactpersonen dat ze een verdacht mailtje van hen ontvangen hebben.
    Iets zorgt er dus voor dat er mails gestuurd worden in hun naam.

    Ik raadde hen aan eens te scannen met MBAM en daaruit kwamen heel wat infecties. De laatste scan bracht niets op (zie logboek).

    Nu ik alle scans liet lopen, merkte ik ook op dat bij het surfen de pagina 'doorgestuurd' wordt. (Ik zie de URL vaak 2 tot 3 x veranderen vooraleer ik op de gevraagde pagina terecht kom.

    Hieronder de nodige logs.

    Alvast erg bedankt!

    MBAM

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 14/10/2015
    Scantijd: 14:21
    Logboekbestand: mbam 14.10.txt
    Beheerder: Ja

    Versie: 2.1.8.1057
    Malware-database: v2015.10.14.03
    Rootkit-database: v2015.10.06.01
    Licentie: Gratis
    Malware-bescherming: Uitgeschakeld
    Bescherming tegen kwaadaardige websites: Uitgeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: Herbert De Grande

    Scantype: Aangepaste scan
    Resultaat: Voltooid
    Objecten gescand: 777275
    Verstreken tijd: 6 u., 36 min, 3 sec

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaarden: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 0
    (Geen kwaadaardige items gedetecteerd)

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)

    AdwCleaner

    # AdwCleaner v5.013 - Logbestand aangemaakt 14/10/2015 op 21:16:19
    # Laatste update 09/10/2015 door Xplode
    # Database : 2015-10-13.2 [Server]
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
    # Gebruikersnaam : Herbert De Grande - HERBERTDEGRANDE
    # Gestart vanuit : C:\Users\Herbert De Grande\Desktop\adwcleaner_5.013.exe
    # Optie : Verwijderen
    # Ondersteuning : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Mappen ] *****

    [-] Map Verwijderd : C:\Program Files (x86)\Picexa
    [-] Map Verwijderd : C:\ProgramData\Systweak
    [-] Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
    [-] Map Verwijderd : C:\Users\Herbert De Grande\AppData\LocalLow\Conduit
    [-] Map Verwijderd : C:\Users\Herbert De Grande\AppData\Roaming\eCyber
    [-] Map Verwijderd : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak

    ***** [ Bestanden ] *****

    [-] Bestand Verwijderd : C:\Users\Herbert De Grande\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_offering.hosting.distributionengine.conduit-services.com_0.localstorage
    [-] Bestand Verwijderd : C:\Users\Herbert De Grande\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_offering.hosting.distributionengine.conduit-services.com_0.localstorage-journal
    [-] Bestand Verwijderd : C:\Users\Herbert De Grande\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk

    ***** [ DLLs ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ geplande taken ] *****

    [-] Taak Verwijderd : Right Backup_startup

    ***** [ Register ] *****

    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
    [-] Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
    [-] Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    [-] Sleutel Verwijderd : HKCU\Software\Conduit
    [-] Sleutel Verwijderd : HKCU\Software\systweak
    [-] Sleutel Verwijderd : HKCU\Software\V9
    [-] Sleutel Verwijderd : HKCU\Software\AppDataLow\Toolbar
    [-] Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Conduit
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\hdcode
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\SupDp
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\systweak
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Picexa
    Sleutel Niet Verwijderd : [x64] HKCU\Software\Conduit
    Sleutel Niet Verwijderd : [x64] HKCU\Software\systweak
    Sleutel Niet Verwijderd : [x64] HKCU\Software\V9
    Sleutel Niet Verwijderd : HKU\S-1-5-21-1470536116-2190822849-2180608052-1002\Software\AppDataLow\Toolbar
    Sleutel Niet Verwijderd : HKU\S-1-5-21-1470536116-2190822849-2180608052-1002\Software\AppDataLow\Software\Conduit

    ***** [ Internetbrowsers ] *****

    [-] [C:\Users\Herbert De Grande\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Verwijderd : sweet-page.com
    [-] [C:\Users\Herbert De Grande\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Verwijderd : sweet-page
    [-] [C:\Users\Herbert De Grande\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Verwijderd : hxxp://www.sweet-page.com/web/?type=ds&ts=1423230189&from=cor&uid=ST9500325AS_5VENQ07XXXXX5VENQ07X&q={searchTerms}
    [-] [C:\Users\Herbert De Grande\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Verwijderd : hxxp://www.sweet-page.com/?type=hp&ts=1423230189&from=cor&uid=ST9500325AS_5VENQ07XXXXX5VENQ07X

    *************************

    :: Winsock instellingen gereset

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4441 bytes] ##########

    DDS

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.18015
    Run by Herbert De Grande at 21:24:31 on 2015-10-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3560.1508 [GMT 2:00]
    .
    AV: Kaspersky Anti-Virus *Enabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
    SP: Kaspersky Anti-Virus *Enabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    C:\windows\system32\WLANExt.exe
    C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
    C:\windows\system32\taskeng.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\windows\System32\svchost.exe -k utcsvc
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\windows\system32\GWX\GWX.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    C:\Users\Herbert De Grande\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
    C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\splwow64.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\sppsvc.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\SysWOW64\RunDll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\windows\servicing\TrustedInstaller.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
    C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\wmi64.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Dell Update\DellUpService.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Dell Update\DellUpTray.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.be/
    uSearch Page = www.google.com
    uDefault_Page_URL = www.google.com
    uDefault_Search_URL = www.google.com
    mStart Page = www.google.com
    mSearch Page = www.google.com
    mDefault_Page_URL = www.google.com
    mDefault_Search_URL = www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [Spotify Web Helper] "C:\Users\Herbert De Grande\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [VDownloader] "C:\Program Files\VDownloader\VDownloader4.exe" /silent
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
    mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
    mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
    DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/canvasx.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    TCP: NameServer = 195.130.131.5 195.130.130.133
    TCP: Interfaces\{3ED978A3-741E-4ED1-9F4F-112DB2C858FA} : DHCPNameServer = 195.130.131.5 195.130.130.133
    TCP: Interfaces\{3ED978A3-741E-4ED1-9F4F-112DB2C858FA}\4756C656E65647D20363149323 : DHCPNameServer = 195.130.130.5 195.130.131.5
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = www.google.com
    x64-mSearch Page = www.google.com
    x64-mDefault_Page_URL = www.google.com
    x64-mDefault_Search_URL = www.google.com
    x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
    x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
    x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
    x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
    x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-1-8 79488]
    R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-1-8 40064]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 29792]
    R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2012-6-8 54368]
    R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-8-13 177864]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-8 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-1-8 204288]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-14 361984]
    R2 AVP;Kaspersky Anti-Virus-service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [2012-8-17 356128]
    R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2015-5-22 201936]
    R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2015-8-27 237272]
    R2 DiagTrack;Diagnostics Tracking Service;C:\windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-8 1692480]
    R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2015-6-11 20648]
    R3 amdhub30;AMD USB 3.0 Hub Driver;C:\windows\System32\drivers\amdhub30.sys [2012-1-8 96896]
    R3 amdiox64;AMD IO Driver;C:\windows\System32\drivers\amdiox64.sys [2012-1-8 46136]
    R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\windows\System32\drivers\amdxhc.sys [2012-1-8 214144]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-1-8 114704]
    R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-1-8 349736]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-1-8 39464]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-1-8 176096]
    R3 DDDriver;DDDriver;C:\windows\System32\drivers\DDDriver64Dcsa.sys [2015-2-26 23760]
    R3 DellProf;DellProf;C:\windows\System32\drivers\DellProf.sys [2015-5-22 24240]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2012-10-26 29280]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2012-10-26 29280]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-1-27 25816]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-1-8 250984]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-1-8 565352]
    R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2012-1-8 47232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2015-5-22 2573520]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-21 1133880]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2015-9-9 114688]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-9-21 63704]
    S3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista;C:\windows\System32\drivers\netr7364.sys [2009-6-10 707072]
    S3 SCLx64;SCL010 Contactless Reader;C:\windows\System32\drivers\SCLx64.sys [2011-1-11 69248]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-18 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2015-10-14 19:14:13 -------- d-----w- C:\AdwCleaner
    2015-10-13 15:23:02 11062400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2F9B36E-8F53-4725-B2DD-1BC47B1B4F10}\mpengine.dll
    2015-10-13 15:15:41 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{69D6909D-410A-442B-863F-E32DD401FC06}
    2015-10-12 06:53:07 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{E87C81B1-1CCE-4BF9-9409-C81813F8E3EE}
    2015-10-11 18:29:00 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{C2B087AD-08A4-4395-85A8-FB549790BC20}
    2015-10-11 06:27:53 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{B4C65D87-30CA-4540-83D5-3B98AE34B6F1}
    2015-10-10 07:16:33 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{7E475AB9-39DA-42C8-9BDE-FA2CF467AD10}
    2015-10-09 05:30:37 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{FDD04A8F-4A5C-4F77-BFEC-D64F17760DB5}
    2015-10-08 16:53:56 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{8E00C2C3-77E3-467A-A07D-1969F72C3220}
    2015-10-07 12:36:46 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{92B94E02-A91A-4FEC-84EF-2015AF9CB1EB}
    2015-10-07 12:29:49 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{1E28F08C-2FC0-466A-8B1B-75B0A3D2588F}
    2015-10-06 09:59:47 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{CF630CDA-4108-4445-8108-F8EF0CD8C62E}
    2015-10-05 08:49:56 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{66056F8E-6864-42C7-92CB-17C37CAE0E4F}
    2015-10-04 08:28:54 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{0460185A-87D1-421A-A08C-610B65B66DC5}
    2015-10-03 06:32:54 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{ACE8BCB9-5AA7-406B-A583-BD4200A30411}
    2015-10-02 16:26:07 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{09429760-6505-4504-8EC5-3F4E728899A5}
    2015-10-02 14:57:29 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{A2962B37-C95D-4CEB-AD83-449CAB298F30}
    2015-10-02 12:02:18 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{AE0AC733-2F86-428A-8A02-EDD5F672487C}
    2015-10-01 15:45:05 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{D8468CF3-9408-4AA0-B857-EDCDCD7D261B}
    2015-09-30 14:10:30 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{0166CD4A-47A8-4A2E-91A2-912A1FAE728F}
    2015-09-29 10:14:12 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{7215E72A-7DE3-452B-BDF7-418FD6EC5863}
    2015-09-28 14:50:45 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{7D5A29F2-DAC9-4246-B13E-9AA58C45901C}
    2015-09-27 21:30:35 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{A45BE368-5637-4992-96BC-D14B3310E8B7}
    2015-09-27 08:12:57 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{A80D5FF6-0BCB-41E4-BECE-917CA0A1B558}
    2015-09-26 06:31:09 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{D7678856-2639-4FD5-AE88-80A097BBC811}
    2015-09-25 17:20:02 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{2AD1DB46-8EFB-4874-B78B-4DDF3CCAD2DE}
    2015-09-24 15:22:06 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{7BB38E19-546D-4DF5-97C2-2F877EB4ED92}
    2015-09-23 18:16:07 113880 ----a-w- C:\windows\System32\drivers\08AF0A1E.sys
    2015-09-23 16:23:43 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{5267A5EE-3F51-458B-927F-759FD01DAD05}
    2015-09-22 17:14:23 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{968810A1-1443-4D00-9449-E24B7C131DDF}
    2015-09-21 06:52:12 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{80CC2DA1-CD7D-481C-B307-0E6DBF3CEE08}
    2015-09-20 08:10:28 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{272D7506-A8CD-4B9D-8F5A-DDE25A40924E}
    2015-09-19 12:36:34 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{9C43C797-6E13-4BCC-B1D7-A5EFE35FDAAF}
    2015-09-18 12:06:18 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{5B15623C-621F-41B3-8EBB-03842507F686}
    2015-09-17 16:34:43 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{EE98F534-011A-48C4-BA2C-68829A80A523}
    2015-09-16 09:58:19 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{BB242E4D-3E40-4E46-88CE-86994DB2BB6A}
    2015-09-15 18:59:54 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{983B6E71-0E81-45EB-AB30-C4835CDAD619}
    2015-09-15 06:08:57 -------- d-----w- C:\Users\Herbert De Grande\AppData\Local\{2D1852DF-B258-4876-856A-03C368955AEF}
    .
    ==================== Find3M ====================
    .
    2015-10-14 12:21:00 113880 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
    2015-09-02 03:04:49 41984 ----a-w- C:\windows\System32\lpk.dll
    2015-09-02 03:04:46 100864 ----a-w- C:\windows\System32\fontsub.dll
    2015-09-02 03:04:44 14336 ----a-w- C:\windows\System32\dciman32.dll
    2015-09-02 03:04:42 46080 ----a-w- C:\windows\System32\atmlib.dll
    2015-09-02 02:48:31 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
    2015-09-02 02:48:28 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
    2015-09-02 02:48:25 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2015-09-02 02:47:18 25600 ----a-w- C:\windows\SysWow64\lpk.dll
    2015-09-02 01:51:28 3209216 ----a-w- C:\windows\System32\win32k.sys
    2015-09-02 01:47:08 372736 ----a-w- C:\windows\System32\atmfd.dll
    2015-09-02 01:33:48 299520 ----a-w- C:\windows\SysWow64\atmfd.dll
    2015-08-27 18:18:27 2004480 ----a-w- C:\windows\System32\msxml6.dll
    2015-08-27 18:18:27 1887232 ----a-w- C:\windows\System32\msxml3.dll
    2015-08-27 18:13:03 2048 ----a-w- C:\windows\System32\msxml6r.dll
    2015-08-27 18:13:03 2048 ----a-w- C:\windows\System32\msxml3r.dll
    2015-08-27 17:58:14 1391104 ----a-w- C:\windows\SysWow64\msxml6.dll
    2015-08-27 17:58:14 1241088 ----a-w- C:\windows\SysWow64\msxml3.dll
    2015-08-27 17:51:26 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
    2015-08-27 17:51:26 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
    2015-08-26 18:07:11 98304 ----a-w- C:\windows\System32\wudriver.dll
    2015-08-26 18:07:11 3165696 ----a-w- C:\windows\System32\wucltux.dll
    2015-08-26 18:07:11 192000 ----a-w- C:\windows\System32\wuwebv.dll
    2015-08-26 18:06:43 91136 ----a-w- C:\windows\System32\WinSetupUI.dll
    2015-08-26 18:06:33 12288 ----a-w- C:\windows\System32\wu.upgrade.ps.dll
    2015-08-26 18:06:30 37376 ----a-w- C:\windows\System32\wuapp.exe
    2015-08-26 17:56:25 93184 ----a-w- C:\windows\SysWow64\wudriver.dll
    2015-08-26 17:56:25 173056 ----a-w- C:\windows\SysWow64\wuwebv.dll
    2015-08-26 17:55:37 34816 ----a-w- C:\windows\SysWow64\wuapp.exe
    2015-08-15 06:34:10 2724864 ----a-w- C:\windows\System32\mshtml.tlb
    2015-08-15 06:33:56 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
    2015-08-15 06:18:47 66560 ----a-w- C:\windows\System32\iesetup.dll
    2015-08-15 06:18:00 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
    2015-08-15 06:17:54 417792 ----a-w- C:\windows\System32\html.iec
    2015-08-15 06:17:49 585216 ----a-w- C:\windows\System32\vbscript.dll
    2015-08-15 06:17:25 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
    2015-08-15 06:04:47 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
    2015-08-15 06:04:46 144384 ----a-w- C:\windows\System32\ieUnatt.exe
    2015-08-15 06:04:25 814080 ----a-w- C:\windows\System32\jscript9diag.dll
    2015-08-15 06:00:44 5923328 ----a-w- C:\windows\System32\jscript9.dll
    2015-08-15 05:57:20 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
    2015-08-15 05:53:22 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2015-08-15 05:46:15 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
    2015-08-15 05:40:29 504832 ----a-w- C:\windows\SysWow64\vbscript.dll
    2015-08-15 05:40:12 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
    2015-08-15 05:39:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
    2015-08-15 05:39:22 341504 ----a-w- C:\windows\SysWow64\html.iec
    2015-08-15 05:38:34 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
    2015-08-15 05:29:36 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2015-08-15 05:29:12 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
    2015-08-15 05:22:47 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
    2015-08-15 05:22:03 2126336 ----a-w- C:\windows\System32\inetcpl.cpl
    2015-08-15 05:16:37 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2015-08-15 05:10:32 4520448 ----a-w- C:\windows\SysWow64\jscript9.dll
    2015-08-15 05:07:28 2427392 ----a-w- C:\windows\System32\wininet.dll
    2015-08-15 05:01:47 2052608 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2015-08-15 05:01:23 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
    2015-08-15 04:43:00 1951232 ----a-w- C:\windows\SysWow64\wininet.dll
    2015-08-05 17:56:14 1110016 ----a-w- C:\windows\System32\schedsvc.dll
    2015-08-05 17:56:07 24576 ----a-w- C:\windows\System32\jnwmon.dll
    2015-08-05 17:56:06 275456 ----a-w- C:\windows\System32\InkEd.dll
    2015-08-05 17:40:50 216064 ----a-w- C:\windows\SysWow64\InkEd.dll
    2015-08-04 18:03:10 692672 ----a-w- C:\windows\System32\winload.efi
    2015-08-04 18:00:24 616360 ----a-w- C:\windows\System32\winresume.efi
    2015-08-04 17:56:54 63488 ----a-w- C:\windows\System32\setbcdlocale.dll
    2015-08-04 17:56:37 59392 ----a-w- C:\windows\System32\appidapi.dll
    2015-08-04 17:56:37 32768 ----a-w- C:\windows\System32\appidsvc.dll
    2015-08-04 17:55:57 17920 ----a-w- C:\windows\System32\appidcertstorecheck.exe
    2015-08-04 17:55:57 147456 ----a-w- C:\windows\System32\appidpolicyconverter.exe
    2015-08-04 17:47:42 50688 ----a-w- C:\windows\SysWow64\appidapi.dll
    2015-08-04 16:58:09 61440 ----a-w- C:\windows\System32\drivers\appid.sys
    2015-07-30 18:06:57 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
    2015-07-30 18:06:57 1648128 ----a-w- C:\windows\System32\DWrite.dll
    2015-07-30 18:06:57 1180160 ----a-w- C:\windows\System32\FntCache.dll
    2015-07-30 17:57:30 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
    2015-07-30 17:57:30 1251328 ----a-w- C:\windows\SysWow64\DWrite.dll
    2015-07-30 13:13:38 103120 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-07-30 13:13:11 124624 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2015-07-28 20:09:44 17344 ----a-w- C:\windows\System32\CompatTelRunner.exe
    2015-07-28 20:05:53 774656 ----a-w- C:\windows\System32\invagent.dll
    2015-07-28 20:05:50 743424 ----a-w- C:\windows\System32\generaltel.dll
    2015-07-28 20:05:47 437760 ----a-w- C:\windows\System32\devinv.dll
    2015-07-28 20:05:45 1116672 ----a-w- C:\windows\System32\appraiser.dll
    2015-07-28 20:05:44 69120 ----a-w- C:\windows\System32\acmigration.dll
    2015-07-28 20:05:44 227328 ----a-w- C:\windows\System32\aepdu.dll
    2015-07-28 19:55:14 1148416 ----a-w- C:\windows\System32\aeinv.dll
    2015-07-23 00:06:26 5568960 ----a-w- C:\windows\System32\ntoskrnl.exe
    2015-07-23 00:06:25 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
    2015-07-23 00:06:25 155584 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
    2015-07-23 00:03:19 1730496 ----a-w- C:\windows\System32\ntdll.dll
    2015-07-23 00:03:07 362496 ----a-w- C:\windows\System32\wow64win.dll
    2015-07-23 00:03:07 243712 ----a-w- C:\windows\System32\wow64.dll
    2015-07-23 00:03:07 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2015-07-23 00:03:06 215040 ----a-w- C:\windows\System32\winsrv.dll
    2015-07-23 00:01:53 31232 ----a-w- C:\windows\System32\lsass.exe
    2015-07-23 00:01:39 338432 ----a-w- C:\windows\System32\conhost.exe
    2015-07-23 00:01:32 64000 ----a-w- C:\windows\System32\auditpol.exe
    2015-07-22 23:58:17 60416 ----a-w- C:\windows\System32\msobjs.dll
    2015-07-22 23:57:53 146432 ----a-w- C:\windows\System32\msaudite.dll
    2015-07-22 23:51:59 686080 ----a-w- C:\windows\System32\adtschema.dll
    .
    ============= FINISH: 21:28:13,97 ===============

  • #2
    GMER

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2015-10-14 21:55:11
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006d ST950032 rev.D005 465,76GB
    Running: q5vrwb91.exe; Driver: C:\Users\HERBER~1\AppData\Local\Temp\kwnyikoc.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1300] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000771bfae8 5 bytes JMP 00000001727819e8
    .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1300] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771c0078 5 bytes JMP 000000017278209e
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764c1401 2 bytes JMP 74eeb20b C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764c1419 2 bytes JMP 74eeb336 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764c1431 2 bytes JMP 74f68f39 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764c144a 2 bytes CALL 74ec4885 C:\windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764c14dd 2 bytes JMP 74f68832 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764c14f5 2 bytes JMP 74f68a08 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764c150d 2 bytes JMP 74f68728 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764c1525 2 bytes JMP 74f68af2 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764c153d 2 bytes JMP 74edfc98 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764c1555 2 bytes JMP 74ee68df C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764c156d 2 bytes JMP 74f68ff1 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764c1585 2 bytes JMP 74f68b52 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764c159d 2 bytes JMP 74f686ec C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764c15b5 2 bytes JMP 74edfd31 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764c15cd 2 bytes JMP 74eeb2cc C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764c16b2 2 bytes JMP 74f68eb4 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4136] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764c16bd 2 bytes JMP 74f68681 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764c1401 2 bytes JMP 74eeb20b C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764c1419 2 bytes JMP 74eeb336 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764c1431 2 bytes JMP 74f68f39 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764c144a 2 bytes CALL 74ec4885 C:\windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764c14dd 2 bytes JMP 74f68832 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764c14f5 2 bytes JMP 74f68a08 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764c150d 2 bytes JMP 74f68728 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764c1525 2 bytes JMP 74f68af2 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764c153d 2 bytes JMP 74edfc98 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764c1555 2 bytes JMP 74ee68df C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764c156d 2 bytes JMP 74f68ff1 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764c1585 2 bytes JMP 74f68b52 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764c159d 2 bytes JMP 74f686ec C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764c15b5 2 bytes JMP 74edfd31 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764c15cd 2 bytes JMP 74eeb2cc C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764c16b2 2 bytes JMP 74f68eb4 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\RunDll32.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764c16bd 2 bytes JMP 74f68681 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000764c1401 2 bytes JMP 74eeb20b C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000764c1419 2 bytes JMP 74eeb336 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000764c1431 2 bytes JMP 74f68f39 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000764c144a 2 bytes CALL 74ec4885 C:\windows\syswow64\KERNEL32.dll
    .text ... * 9
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000764c14dd 2 bytes JMP 74f68832 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000764c14f5 2 bytes JMP 74f68a08 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000764c150d 2 bytes JMP 74f68728 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000764c1525 2 bytes JMP 74f68af2 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000764c153d 2 bytes JMP 74edfc98 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!EnumProcesses + 17 00000000764c1555 2 bytes JMP 74ee68df C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000764c156d 2 bytes JMP 74f68ff1 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000764c1585 2 bytes JMP 74f68b52 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000764c159d 2 bytes JMP 74f686ec C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000764c15b5 2 bytes JMP 74edfd31 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000764c15cd 2 bytes JMP 74eeb2cc C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000764c16b2 2 bytes JMP 74f68eb4 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[6808] C:\windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000764c16bd 2 bytes JMP 74f68681 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764c1401 2 bytes JMP 74eeb20b C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764c1419 2 bytes JMP 74eeb336 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764c1431 2 bytes JMP 74f68f39 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764c144a 2 bytes CALL 74ec4885 C:\windows\syswow64\KERNEL32.dll
    .text ... * 9
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764c14dd 2 bytes JMP 74f68832 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764c14f5 2 bytes JMP 74f68a08 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764c150d 2 bytes JMP 74f68728 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764c1525 2 bytes JMP 74f68af2 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764c153d 2 bytes JMP 74edfc98 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764c1555 2 bytes JMP 74ee68df C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764c156d 2 bytes JMP 74f68ff1 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764c1585 2 bytes JMP 74f68b52 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764c159d 2 bytes JMP 74f686ec C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764c15b5 2 bytes JMP 74edfd31 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764c15cd 2 bytes JMP 74eeb2cc C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764c16b2 2 bytes JMP 74f68eb4 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpService.exe[8060] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764c16bd 2 bytes JMP 74f68681 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764c1401 2 bytes JMP 74eeb20b C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764c1419 2 bytes JMP 74eeb336 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764c1431 2 bytes JMP 74f68f39 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764c144a 2 bytes CALL 74ec4885 C:\windows\syswow64\KERNEL32.dll
    .text ... * 9
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764c14dd 2 bytes JMP 74f68832 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764c14f5 2 bytes JMP 74f68a08 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764c150d 2 bytes JMP 74f68728 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764c1525 2 bytes JMP 74f68af2 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764c153d 2 bytes JMP 74edfc98 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764c1555 2 bytes JMP 74ee68df C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764c156d 2 bytes JMP 74f68ff1 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764c1585 2 bytes JMP 74f68b52 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764c159d 2 bytes JMP 74f686ec C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764c15b5 2 bytes JMP 74edfd31 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764c15cd 2 bytes JMP 74eeb2cc C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764c16b2 2 bytes JMP 74f68eb4 C:\windows\syswow64\KERNEL32.dll
    .text C:\Program Files (x86)\Dell Update\DellUpTray.exe[7248] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764c16bd 2 bytes JMP 74f68681 C:\windows\syswow64\KERNEL32.dll

    ---- Kernel IAT/EAT - GMER 2.1 ----

    IAT C:\windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880021b2edc] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

    ---- User IAT/EAT - GMER 2.1 ----

    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[msvcrt.dll!memmove] [0]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[msvcrt.dll!_amsg_exit] [7fefa391810] C:\windows\System32\perfproc.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[msvcrt.dll!free] [0]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[msvcrt.dll!_initterm] [4a5bd41800000000]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[msvcrt.dll!malloc] [200000000]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[msvcrt.dll!_XcptFilter] [11ec00000025]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[msvcrt.dll!wcsncmp] [5ec]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[msvcrt.dll!memcpy] [0]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[msvcrt.dll!memset] [7fefa393310] C:\windows\System32\perfproc.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlCaptureContext] [6572617774666f53]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlLookupFunctionEntry] [6f736f7263694d5c]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlVirtualUnwind] [6f646e69575c7466]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlQueryHeapInformation] [65727275435c7377]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlInt64ToUnicodeString] [6f6973726556746e]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtQueryObject] [6870656c65545c6e]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtOpenDirectoryObject] [6672655000796e6f]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtQueryDirectoryObject] [6672655000000031]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtOpenJobObject] [32]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtOpenProcess] [56525349504154]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlCopyUnicodeString] [642e323369706174]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtQueryVirtualMemory] [6c6c]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtReadVirtualMemory] [6c616e7265746e69]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtQueryInformationProcess] [616d726f66726550]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtQueryValueKey] [534453520065636e]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlNtStatusToDosError] [468c40c159d007d6]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlAppendUnicodeToString] [1bbdb8f9e722eb3]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlInitUnicodeString] [6970617400000001]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtQuerySystemInformation] [6264702e66726570]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtOpenKey] [0]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtGetContextThread] [0]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtClose] [0]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!NtOpenThread] [d5058b4858ec8348]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ntdll.dll!RtlIntegerToUnicodeString] [8948c4334800001e]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetLastError] [76ec1510] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!HeapFree] [76eb5210] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!OpenProcess] [76f3b830] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [76eb90a0] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!HeapDestroy] [76eeb930] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!HeapCreate] [76eeb990] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!lstrlenW] [76eeba70] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!SetLastError] [76eb4f70] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!DisableThreadLibraryCalls] [76ea77b0] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!lstrcmpiW] [76ec2090] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetTickCount] [76ea7830] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!CloseHandle] [76eb6590] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetCurrentProcess] [76ec1580] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [0]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!TerminateProcess] [7fefe4ebfd4] C:\windows\system32\msvcrt.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetCurrentProcessId] [7fefe4a10ac] C:\windows\system32\msvcrt.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetCurrentThreadId] [7fefe4a8e28] C:\windows\system32\msvcrt.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!QueryPerformanceCounter] [7fefe4a137c] C:\windows\system32\msvcrt.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!Sleep] [7fefe4e0b58] C:\windows\system32\msvcrt.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!GetSystemInfo] [7fefe4a10e0] C:\windows\system32\msvcrt.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!IsWow64Process] [7fefe4a1000] C:\windows\system32\msvcrt.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[KERNEL32.dll!QueryInformationJobObject] [0]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!ReportEventA] [7fefe0ca2a0] C:\windows\system32\ADVAPI32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!OpenProcessToken] [7fefe0c60dc] C:\windows\system32\ADVAPI32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!LookupPrivilegeValueA] [7fefe0cdde0] C:\windows\system32\ADVAPI32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!AdjustTokenPrivileges] [7fefe0d4c00] C:\windows\system32\ADVAPI32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!RegisterEventSourceW] [7fefe0cad44] C:\windows\system32\ADVAPI32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!RegQueryValueExW] [7fefe0ca28c] C:\windows\system32\ADVAPI32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!DeregisterEventSource] [7fefe0d4de0] C:\windows\system32\ADVAPI32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!RegOpenKeyExW] [0]
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!RegCloseKey] [76eb3460] C:\windows\system32\kernel32.dll
    IAT C:\windows\system32\wbem\wmiprvse.exe[5680] @ C:\windows\System32\perfproc.dll[ADVAPI32.dll!ReportEventW] [76eec020] C:\windows\system32\kernel32.dll

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d054a8
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e4d53debeb24
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xBB 0xDD 0xBF 0xBC ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d054a8 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e4d53debeb24 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xBB 0xDD 0xBF 0xBC ...

    ---- EOF - GMER 2.1 ----

    Comment


    • #3
      Download MalwareBytes' Anti-Malware (website).
      (het bestand mbam-setup-x.xx.x.xxxx.exe wordt dan gedownload)
      Na het downloaden, dubbelklik erop om het programma te installeren.
      Verander geen instellingen tijdens de installatie.

      De eerste keer na installatie krijg je een aantal mogelijkheden:
      Let op: Haal het vinkje weg bij Start de gratis probeer versie van Malwarebytes Anti-Malware Premium.

      Als je een antivirus-programma actief hebt, stop dat dan eerst. Het scannen met MBAM gaat dan een stuk sneller.

      In het opstartscherm van Malwarebytes' Anti-Malware, klik op de knop "Scan Nu".
      Als de melding verschijnt "Er zijn updates beschikbaar", klik dan op "Nu Bijwerken". Het scannen start daarna automatisch.
      Het scannen kan een tijdje duren, dus wees geduldig.

      Na het scannen:
      Als er bedreigingen zijn gevonden:
      • Klik op "Verwijder geselecteerde" en daarna op "Voltooien".
      • Er kan gevraagd worden om de computer opnieuw op te starten. Doe dat dan en start daarna opnieuw MBAM.

      Klik in Malwarebytes op "Historie > Programmalogboeken".
      Klik op het recentste "Scanlogboek".
      Klik op Exporteer en kies Tekstbestand (*.txt).

      Vul een bestandsnaam in en bewaar het op je bureaublad zodat je het makkelijk terugvindt.
      Post het logbestand als bijlage in je volgend bericht.

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        Beste,

        Is dit een andere scan dan diegene die ik gisteren liet lopen van MBAM?
        Na + 6 uur scannen vond hij immers geen infecties.

        Comment


        • #5
          Er is inmiddels een nieuwe versie van MBAM, vandaar het verzoek deze te downloaden en opnieuw te scannen.
          Liefs Typetje

          Als ik er nog niet ben, dan ben ik in ieder geval onderweg.



          read my blog

          Comment


          • #6
            Malwarebytes Anti-Malware
            www.malwarebytes.org

            Scandatum: 15/10/2015
            Scantijd: 17:31
            Logboekbestand: 15.10.txt
            Beheerder: Ja

            Versie: 2.2.0.1024
            Malware-database: v2015.10.15.04
            Rootkit-database: v2015.10.06.01
            Licentie: Gratis
            Malware-bescherming: Uitgeschakeld
            Bescherming tegen kwaadaardige websites: Uitgeschakeld
            Zelfbescherming: Uitgeschakeld

            Besturingssysteem: Windows 7 Service Pack 1
            Processor: x64
            Bestandssysteem: NTFS
            Gebruiker: Herbert De Grande

            Scantype: Bedreigingsscan
            Resultaat: Voltooid
            Objecten gescand: 365457
            Verstreken tijd: 51 min, 58 sec

            Geheugen: Ingeschakeld
            Opstarten: Ingeschakeld
            Bestandssysteem: Ingeschakeld
            Archieven: Ingeschakeld
            Rootkits: Uitgeschakeld
            Heuristiek: Ingeschakeld
            POP: Waarschuwen
            POA: Ingeschakeld

            Processen: 0
            (Geen kwaadaardige items gedetecteerd)

            Modules: 0
            (Geen kwaadaardige items gedetecteerd)

            Registersleutels: 0
            (Geen kwaadaardige items gedetecteerd)

            Registerwaarden: 0
            (Geen kwaadaardige items gedetecteerd)

            Registerdata: 0
            (Geen kwaadaardige items gedetecteerd)

            Mappen: 0
            (Geen kwaadaardige items gedetecteerd)

            Bestanden: 0
            (Geen kwaadaardige items gedetecteerd)

            Fysieke Sectoren: 0
            (Geen kwaadaardige items gedetecteerd)


            (end)

            Comment


            • #7
              Download ZHPDiag via onderstaande link:
              - ZHPDiag (klik op de blauwe knop 'Télécharger')
              Bewaar het op je bureaublad.

              Antivirussoftware uitschakelen
              Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPDiag.

              ZHPDiag uitvoeren
              • Rechtsklik op ZHPDiag3.exe en klik op Als Administrator uitvoeren.
              • Klik op "I agree" in het openingsscherm "TERMS OF USE".
              • Klik op "Scanner" en wacht geduldig tot dit klaar is.
              • Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op je bureaublad, post deze als bijlage in je volgende bericht.
                (Het logbestand kan je ook terugvinden in de map %AppData%\ZHP.)

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Sorry dat ik deze log in bijlage doorstuur, maar anders zou ik er 5 posts voor nodig hebben...
                Bijgevoegde Bestanden

                Comment


                • #9
                  Download ZHPfix naar het bureaublad.
                  ZHPFix installeren:
                  • Rechtsklik op ZHPFix.exe en klik op "Als Administrator uitvoeren".
                  • Klik meerdere keren op "Suivant" en vervolgens op "Installer" om het programma te installeren.
                  • Klik daarna op "Terminer".


                  Kopieer onderstaande code volledig:

                  Code:
                  Script ZHPFix
                  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~34F3174E_is1  =>PUP.Optional.AdvancedSystemProtector
                  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1  =>PUP.Optional.AdvancedSystemProtector
                  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1  =>PUP.Optional.Systweak
                  HKCU\SOFTWARE\AppDataLow\Software\Smartbar  =>PUP.Optional.SmartBar
                  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\systweakasp_RASAPI32  =>PUP.Optional.Systweak
                  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\systweakasp_RASMANCS  =>PUP.Optional.Systweak
                  
                  shortcutfix
                  emptytemp
                  emptyflash
                  Schakel uw antivirussoftware tijdelijk uit.
                  ZHPFix uitvoeren:
                  • Dubbelklik op de snelkoppeling ZHPFix op het bureaublad.
                  • De geselecteerde scriptcode wordt in het venster van ZHPFix geplakt. Gebeurt dit niet automatisch, rechtsklik dan in het venster van ZHPFix en klik op Plakken.
                  • Druk op de knop "Importeren".
                  • Druk daarna onderaan op de knop "Go".
                  • Wacht nu geduldig af tot er een logje opent.

                  Post het logbestand met de naam "ZHPFix[r1].txt" als bijlage in je volgend bericht.

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Rapport de ZHPFix 2015.8.24.7 par Nicolas Coolman, Update du 24/08/2015
                    Fichier d'export Registre :
                    Run by Herbert De Grande at 16/10/2015 17:02:21
                    High Elevated Privileges : OK
                    Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

                    Papierkorb geleert (02mn 20s)
                    Reparatur von Browser-Verknüpfungen

                    ========== Registry-Schlüssel ==========
                    ENTFERNT: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~34F3174E_is1
                    ENTFERNT: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1
                    ENTFERNT: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1
                    ENTFERNT: HKCU\SOFTWARE\AppDataLow\Software\Smartbar
                    ENTFERNT: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\systweakasp_RASAPI32
                    ENTFERNT: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\systweakasp_RASMANCS

                    ========== Ordner ==========
                    Löscht temporäre Windows (182)
                    Flash-Cookies entfernt (0)

                    ========== Dateien ==========
                    Löscht temporäre Windows (5318) (2.763.331.234 octets)
                    Flash-Cookies entfernt (0) (0 octets)


                    ========== Zusammenfassung ==========
                    6 : Registry-Schlüssel
                    2 : Ordner
                    2 : Dateien


                    End of clean in 03mn 32s

                    ========== Pfad zu Datei-Bericht ==========
                    C:\Users\Herbert De Grande\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/10/2015 17:04:41 [1386]

                    Comment


                    • #11
                      Prima, hoe gaat het nu ?

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        Eigenlijk weet ik dit nog niet zo goed. Ik neem hem in feite niet echt in gebruik. Het zal dus zichzelf wel uitwijzen éénmaal mijn familie hun pc weer ten volle gebruikt.

                        Voorlopig ontvangen zij wel hun mail in Live mail. Ik denk eraan alles door te sturen naar een gmail - adres. Gemakkelijker voor hen (overal mails lezen zonder imap te moeten instellen) en misschien ook wat veiliger?

                        Zien de logs er goed uit?

                        Alvast bedankt.

                        Comment


                        • #13
                          Bescherming tegen ongewenste software.

                          Unchecky voorkomt installatie van ongewenste software

                          Dubbelklik op het installatiebestand unchecky_setup.exe om de installatie te starten.
                          In het scherm wat nu verschijnt kunt u voor meer opties kiezen, op deze manier kunt u zelf de locatie instellen waar Unchecky geïnstalleerd dien te worden.
                          Klik vervolgens op de knop Install om Unchecky te installeren.
                          Wanneer de installatie van Unchecky gereed is klikt u op Finish.
                          Start na de installatie wel even de computer opnieuw op, dit om de wijzigingen in het hostsbestand van Windows door te voeren.



                          Misschien ook beter om Hitmanproalert te installeren. Alert
                          Uitleg hieronder.
                          Uitleg

                          Windows 10 opstarten in Veilige Modus

                          Comment


                          • #14
                            Prima, doe ik.

                            Is er een kans dat er nu nog geïnfecteerde mails in hun inbox staan die bij gebruik van Live Mail hun computer onmiddellijk opnieuw besmet?

                            Comment


                            • #15
                              Ja dat kan, het beste is om alle berichten te verwijderen. ( vooral uit je spam)

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X