lila74

Het gaat alle stukken beter. Maar krijg nog steeds ongewenste pop UPS. In Google Chrome verschijnen steeds extensies als BestDiscountApp en meer van dat soort onzin.

Was even afwezig, zo juist adw uitgevoerd. AdwCleanerS0.txt

Log Zoek resultszoek-results.txt

Zo, dat is gebeurd. Is het nu in orde?? Gisteren per ongeluk een dubieuze download uitgevoerd. In chrome al wel een extensie verwijderd.

Zoeke.exe uitgevoerd, zie bijlage zoek-results.txt

Mijn welgemeende excuses voor het niet afronden van eerdere hulp pogingen. Ik kwam er niet aan toe om het eens op te pakken. Dank voor uw inzet! Logfile of random's system information tool 1.10 (written by random/random) Run by MEVABA at 2015-04-19 14:58:25 Microsoft Windows 8.1 System drive C: has 827 GB (93%) free of 890 GB Total RAM: 3977 MB (42% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:58:32, on 19-4-2015 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17416) Boot mode: Normal Running processes: C:\Program Files (x86)\Sitecom\Common\RaUI.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\PHotkey\HCSynApi.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\MEVABA.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=nl-NL&Src=WD8&Tid=000328B0&OHP=www.google.com&OSP= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_9C0EF1B550EAA51B1561E2C8C00DBBFB] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --extensions-on-chrome-urls --test-type --load-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\app\37.1329.15.30" --load-component-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\man" --flag-switches-begin --flag-switches-end --restore-last-session O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\RaUI.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-154551-44482-15/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-154551-44482-15/4 (file missing) (HKCU) O9 - Extra button: Verzenden naar Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU) O9 - Extra 'Tools' menuitem: Verzenden naar Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\PHotkey\ASLDRSrv.exe O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: CyberLink PowerDVD 10 MS Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe O23 - Service: CyberLink PowerDVD 10 MS Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Program Files (x86)\PHotkey\GFNEXSrv.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12278 bytes ======Listing Processes====== wininit.exe winlogon.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS "dwm.exe" C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\igfxCUIService.exe C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted "C:\Program Files\HitmanPro\hmpsched.exe" C:\WINDOWS\system32\svchost.exe -k NetworkService "C:\Program Files (x86)\PHotkey\ASLDRSrv.exe" "C:\Program Files (x86)\PHotkey\GFNEXSrv.exe" C:\WINDOWS\System32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe" "C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe" dashost.exe {627e0076-11bf-4c9b-a0e08a5c0e4358d5} "C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe" "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" "C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe" "C:\Program Files (x86)\SMA\Sunny Explorer\SMA.Multicasting.IGMP.QuerierService.exe" C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\WINDOWS\Explorer.EXE taskhostex.exe "\Program Files\Synaptics\SynTP\SynTPEnh.exe" igfxEM.exe igfxHK.exe igfxTray.exe "C:\Program Files (x86)\PHotkey\PHotkey.exe" "C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe" "C:\Program Files (x86)\PHotkey\MsgTranAgt.exe" "C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe" ATouch64 "C:\Program Files (x86)\PHotkey\MyWiMax.exe" C:\WINDOWS\system32\SearchIndexer.exe /Embedding C:\Windows\System32\skydrive.exe -Embedding "C:\Program Files (x86)\PHotkey\POSD.exe" "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 "C:\Program Files (x86)\PHotkey\GPMTray.exe" "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" "C:\Program Files (x86)\Sitecom\Common\RaUI.exe" -s "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" "C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart "C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program" "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Windows\System32\SettingSyncHost.exe" -Embedding "C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe" HCSynApi.exe "C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" "C:\Program Files\Windows Media Player\wmpnetwk.exe" taskhost.exe $(Arg0) "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "C:\Users\MEVABA\Desktop\Offerte Roos SolarWatt.pdf" "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" --channel=4608.0.1462116912 --type=renderer "C:\Users\MEVABA\Desktop\Offerte Roos SolarWatt.pdf" "C:\Program Files\CCleaner\CCleaner64.exe" /uac "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --on-initialized-event-handle=432 --parent-handle=436 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5828.0.1978509072\841715620" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,41 --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3621 --ignored=" --type=renderer " /prefetch:822062411 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=nl --force-fieldtrials="*BackgroundRendererProcesses/Disallow/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Freud/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Manual install/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Bootstrap/ExtensionUseSafeInstallation/Default/GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DisplayHintTextWhenPossiblePostPeriod/*PasswordGeneration/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_77/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Enabled/*UwSInterstitialStatus/On/*V8CacheOptions/heuristics-default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5828 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="5828.3.1929509718\785350700" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=nl --force-fieldtrials="*BackgroundRendererProcesses/Disallow/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Freud/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Manual install/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Bootstrap/ExtensionUseSafeInstallation/Default/GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DisplayHintTextWhenPossiblePostPeriod/*PasswordGeneration/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_77/*UMA-Uniformity-Trial-10-Percent/group_09/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_01/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Enabled/*UwSInterstitialStatus/On/*V8CacheOptions/heuristics-default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5828 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="5828.5.146852608\2084216238" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5828.8.1649876018\1358036410" --ppapi-flash-args=enable_hw_video_decode=1 --lang=nl --ignored=" --type=renderer " /prefetch:-632637702 "C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\WINDOWS\system32\SearchFilterHost.exe" 0 584 588 596 65536 592 "C:\Users\MEVABA\Downloads\RSITx64.exe" C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe log.txt

Beste PC-Doctoren, Mijn laptop voelt zich niet zo lekker. Ik krijg de malware maar niet weg. steeds vervelende pop ups enz... Wie kan mijn laptop beter maken??

Dat gaat alweer een stuk sneller!! Zijn er nog kwaadaardige bacterien geconstateerd?? Tevens krijg ik nu de melding dat windows niet meer legitiem is, volgens mij is dit een eerlijke versie.

ComboFix 14-07-24.01 - internet 24-07-2014 20:08:43.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.4094.2648 [GMT 2:00] Gestart vanuit: c:\users\internet\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2014-06-24 to 2014-07-24 )))))))))))))))))))))))))))))) . . 2014-07-24 18:15 . 2014-07-24 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-07-24 17:09 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBAC7D56-4149-46DE-82E8-BA3AAE797286}\mpengine.dll 2014-07-24 11:38 . 2014-07-24 11:38 -------- d-sh--w- c:\users\internet\AppData\Local\EmieUserList 2014-07-24 11:38 . 2014-07-24 11:38 -------- d-sh--w- c:\users\internet\AppData\Local\EmieSiteList 2014-07-23 16:14 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-07-22 06:24 . 2014-05-01 18:35 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4BAAB2D-039F-4DA1-912D-989FB8448BCA}\gapaengine.dll 2014-07-10 09:05 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll 2014-07-10 09:05 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-07-10 09:03 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-07-10 09:03 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-07-10 09:03 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-07-08 10:05 . 2014-07-12 21:38 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-07-08 10:04 . 2014-07-08 10:04 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-07-08 10:04 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-07-08 10:04 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-21 19:58 . 2014-05-29 08:08 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin 2014-07-10 20:16 . 2012-06-15 20:14 96441528 ----a-w- c:\windows\system32\MRT.exe 2014-07-09 06:57 . 2012-06-23 18:20 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-09 06:57 . 2012-06-23 18:20 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-06-08 09:13 . 2014-06-12 15:06 506368 ----a-w- c:\windows\system32\aepdu.dll 2014-06-08 09:08 . 2014-06-12 15:06 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-05-12 05:25 . 2013-02-27 10:54 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-05-08 09:32 . 2014-06-12 15:08 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2014-05-01 18:35 . 2012-07-15 10:10 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\internet\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\internet\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\internet\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-05-23 5208928] "AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392] . c:\users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\internet\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys;c:\windows\SYSNATIVE\DRIVERS\dmvsc.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys;c:\windows\SYSNATIVE\DRIVERS\terminpt.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys;c:\windows\SYSNATIVE\DRIVERS\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys;c:\windows\SYSNATIVE\drivers\ksaud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-07-19 06:45 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2014-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 06:57] . 2014-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-13 16:02] . 2014-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-13 16:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\internet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\internet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\internet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\internet\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072] "Creative SB Monitoring Utility"="sbavmon.dll" [2008-12-01 103424] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-Run-NPSStartup - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1384726799-3280244283-2285347874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-1384726799-3280244283-2285347874-1000) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.eml.14" . [HKEY_USERS\S-1-5-21-1384726799-3280244283-2285347874-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-1384726799-3280244283-2285347874-1000) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.vcf.14" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.14" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2014-07-24 20:17:29 ComboFix-quarantined-files.txt 2014-07-24 18:17 ComboFix2.txt 2011-02-16 09:38 ComboFix3.txt 2011-02-16 09:31 ComboFix4.txt 2010-09-14 10:40 . Pre-Run: 138.048.065.536 bytes beschikbaar Post-Run: 137.876.209.664 bytes beschikbaar . - - End Of File - - 68F2D172E59EBD38C0D07D1CF9EC57E8 A36C5E4F47E84449FF07ED3517B43A31

Logfile of random's system information tool 1.10 (written by random/random) Run by internet at 2014-07-10 20:16:00 Microsoft Windows 7 Ultimate Service Pack 1 System drive C: has 132 GB (55%) free of 238 GB Total RAM: 4094 MB (46% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:16:07, on 10-7-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17126) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Users\internet\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Users\internet\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\internet.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [uTorrent] "C:\Users\internet\AppData\Roaming\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = internet\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11680 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "c:\Program Files\Microsoft Security Client\MsMpEng.exe" C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs "C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe" C:\Windows\system32\svchost.exe -k NetworkService atieclxx C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "taskhost.exe" "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Windows\system32\svchost.exe -k apphost "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Program Files\Bonjour\mDNSResponder.exe" "C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray "C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe" "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe" "C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe" WLIDSvcM.exe 2408 C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-83d08059-1b54-408a-9ab4-a95d98c7d3fe -SystemEventPortName:HostProcess-c212874c-89d9-4926-baf0-d1c2ecdbcbd7 -IoCancelEventPortName:HostProcess-c31de7fb-ced2-481f-8aae-847850352c6e -NonStateChangingEventPortName:HostProcess-d9c081be-58d4-44ca-aeb2-1d0211beb317 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c03d4d75-c2dc-441a-bed9-9935c0dc2e29 -DeviceGroupId:WpdFsGroup "c:\Program Files\Microsoft Security Client\NisSrv.exe" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files\Windows Media Player\wmpnetwk.exe" "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Windows\System32\rundll32.exe" sbavmon.dll,SBAVMonitor "C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" "C:\Users\internet\AppData\Roaming\uTorrent\uTorrent.exe" "C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe" "C:\Program Files (x86)\Secunia\PSI\psi_tray.exe" "C:\Users\internet\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup "C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" -StartUpRun "C:\Program Files (x86)\iTunes\iTunesHelper.exe" C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe" -Embedding "C:\Program Files\iPod\bin\iPodService.exe" "C:\Windows\system32\wuauclt.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2980.0.1491841199\399245734" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,15 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x9498 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.632.1.2000 --ignored=" --type=renderer " /prefetch:822062411 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_50/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --disable-client-side-phishing-detection --renderer-print-preview --enable-experimental-extension-apis --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --enable-software-compositing --channel="2980.4.1293700510\1293246497" /prefetch:673131151 C:\Windows\splwow64.exe 8192 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_50/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --disable-client-side-phishing-detection --renderer-print-preview --enable-experimental-extension-apis --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --enable-software-compositing --channel="2980.87.1569795489\56432572" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_50/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --disable-client-side-phishing-detection --renderer-print-preview --enable-experimental-extension-apis --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --enable-software-compositing --channel="2980.94.182052173\1000925697" /prefetch:673131151 "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_50/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --disable-client-side-phishing-detection --renderer-print-preview --enable-experimental-extension-apis --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --enable-software-compositing --channel="2980.104.1924209167\1257872602" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_50/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --disable-client-side-phishing-detection --renderer-print-preview --enable-experimental-extension-apis --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --enable-software-compositing --channel="2980.109.1944476237\53651164" /prefetch:673131151 "C:\Users\internet\Downloads\RSITx64 (2).exe" C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF} ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL [2013-12-19 6671064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 690392] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}] MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2013-12-19 4171480] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-18 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL [2013-03-06 562904] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-18 171944] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072] "Creative SB Monitoring Utility"=RunDll32 sbavmon.dll,SBAVMonitor [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ccleaner"=C:\Program Files\CCleaner\CCleaner64.exe [2012-05-23 5208928] "AutoStartNPSAgent"=C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-04 95576] "uTorrent"=C:\Users\internet\AppData\Roaming\uTorrent\uTorrent.exe [2014-07-03 1322832] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Module Loader"=C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [2007-07-23 57344] "NPSStartup"= [] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] "BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-02-21 152392] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\internet\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL [2013-12-19 6671064] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL [2013-12-19 4171480] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=lvcod64.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv "MSVideo"=vfwwdm32.dll "MSVideo8"=VfWWDM32.dll "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "aux3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "aux4"=wdmaud.drv "wave5"=wdmaud.drv "midi5"=wdmaud.drv "mixer5"=wdmaud.drv "aux5"=wdmaud.drv "wave6"=wdmaud.drv "midi6"=wdmaud.drv "mixer6"=wdmaud.drv "aux6"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 2 months====== 2014-07-09 08:26:19 ----A---- C:\Windows\system32\FNTCACHE.DAT 2014-07-08 12:05:00 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys 2014-07-08 12:04:21 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-08 12:04:21 ----A---- C:\Windows\system32\drivers\mwac.sys 2014-07-08 12:04:21 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys 2014-06-23 09:09:28 ----D---- C:\Users\internet\AppData\Roaming\DropboxMaster 2014-06-23 09:07:31 ----D---- C:\Users\internet\AppData\Roaming\Dropbox 2014-06-20 08:24:24 ----D---- C:\Windows\Minidump 2014-06-18 07:19:56 ----D---- C:\Program Files\McAfee Security Scan 2014-06-17 09:28:27 ----N---- C:\Windows\system32\pwdrvio.sys 2014-06-17 09:28:27 ----A---- C:\Windows\system32\pwNative.exe 2014-06-17 09:28:26 ----N---- C:\Windows\system32\pwdspio.sys 2014-06-12 17:08:21 ----A---- C:\Windows\SYSWOW64\usp10.dll 2014-06-12 17:08:21 ----A---- C:\Windows\system32\usp10.dll 2014-06-12 17:08:19 ----A---- C:\Windows\system32\drivers\tcpip.sys 2014-06-12 17:08:19 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS 2014-06-12 17:08:17 ----A---- C:\Windows\SYSWOW64\msxml6r.dll 2014-06-12 17:08:17 ----A---- C:\Windows\SYSWOW64\msxml6.dll 2014-06-12 17:08:17 ----A---- C:\Windows\SYSWOW64\msxml3r.dll 2014-06-12 17:08:17 ----A---- C:\Windows\SYSWOW64\msxml3.dll 2014-06-12 17:08:17 ----A---- C:\Windows\system32\msxml6r.dll 2014-06-12 17:08:17 ----A---- C:\Windows\system32\msxml6.dll 2014-06-12 17:08:17 ----A---- C:\Windows\system32\msxml3r.dll 2014-06-12 17:08:17 ----A---- C:\Windows\system32\msxml3.dll 2014-06-12 17:08:15 ----A---- C:\Windows\system32\rdpcorets.dll 2014-06-12 17:08:14 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2014-06-12 17:08:14 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2014-06-12 17:08:14 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2014-06-12 17:08:14 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2014-06-12 17:08:13 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2014-06-12 17:08:13 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2014-06-12 17:08:13 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2014-06-12 17:08:13 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2014-06-12 17:08:13 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-12 17:08:13 ----A---- C:\Windows\system32\ieetwproxystub.dll 2014-06-12 17:08:12 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2014-06-12 17:08:11 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2014-06-12 17:08:11 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2014-06-12 17:08:11 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2014-06-12 17:08:11 ----A---- C:\Windows\system32\urlmon.dll 2014-06-12 17:08:11 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2014-06-12 17:08:10 ----A---- C:\Windows\SYSWOW64\ieui.dll 2014-06-12 17:08:10 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2014-06-12 17:08:10 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2014-06-12 17:08:10 ----A---- C:\Windows\system32\msfeeds.dll 2014-06-12 17:08:10 ----A---- C:\Windows\system32\ieetwcollector.exe 2014-06-12 17:08:10 ----A---- C:\Windows\system32\dxtmsft.dll 2014-06-12 17:08:09 ----A---- C:\Windows\system32\ie4uinit.exe 2014-06-12 17:08:08 ----A---- C:\Windows\system32\iesetup.dll 2014-06-12 17:08:07 ----A---- C:\Windows\system32\iertutil.dll 2014-06-12 17:08:06 ----A---- C:\Windows\SYSWOW64\wininet.dll 2014-06-12 17:08:06 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2014-06-12 17:08:06 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll 2014-06-12 17:08:06 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2014-06-12 17:08:06 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2014-06-12 17:08:06 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2014-06-12 17:08:05 ----A---- C:\Windows\SYSWOW64\msrating.dll 2014-06-12 17:08:05 ----A---- C:\Windows\system32\jsproxy.dll 2014-06-12 17:08:05 ----A---- C:\Windows\system32\iernonce.dll 2014-06-12 17:08:04 ----A---- C:\Windows\system32\ieui.dll 2014-06-12 17:08:04 ----A---- C:\Windows\system32\ieframe.dll 2014-06-12 17:08:04 ----A---- C:\Windows\system32\dxtrans.dll 2014-06-12 17:08:03 ----A---- C:\Windows\system32\mshtmlmedia.dll 2014-06-12 17:08:03 ----A---- C:\Windows\system32\mshtmled.dll 2014-06-12 17:08:03 ----A---- C:\Windows\system32\jscript9diag.dll 2014-06-12 17:08:03 ----A---- C:\Windows\system32\ieUnatt.exe 2014-06-12 17:08:02 ----A---- C:\Windows\system32\wininet.dll 2014-06-12 17:08:02 ----A---- C:\Windows\system32\vbscript.dll 2014-06-12 17:08:02 ----A---- C:\Windows\system32\jscript9.dll 2014-06-12 17:08:02 ----A---- C:\Windows\system32\ieapfltr.dll 2014-06-12 17:08:01 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-12 17:08:01 ----A---- C:\Windows\system32\msrating.dll 2014-06-12 17:08:00 ----A---- C:\Windows\system32\mshtml.dll 2014-06-12 17:06:49 ----A---- C:\Windows\system32\aepdu.dll 2014-06-12 17:06:48 ----A---- C:\Windows\system32\aeinv.dll 2014-05-16 13:12:10 ----A---- C:\Windows\system32\shell32.dll 2014-05-16 13:12:08 ----A---- C:\Windows\SYSWOW64\shell32.dll 2014-05-16 13:11:09 ----A---- C:\Windows\system32\lsasrv.dll 2014-05-16 13:11:09 ----A---- C:\Windows\system32\kerberos.dll 2014-05-16 13:11:08 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2014-05-16 13:11:08 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2014-05-16 13:11:08 ----A---- C:\Windows\SYSWOW64\msv1_0.dll 2014-05-16 13:11:08 ----A---- C:\Windows\SYSWOW64\kerberos.dll 2014-05-16 13:11:08 ----A---- C:\Windows\system32\winlogon.exe 2014-05-16 13:11:08 ----A---- C:\Windows\system32\objsel.dll 2014-05-16 13:11:08 ----A---- C:\Windows\system32\msv1_0.dll 2014-05-16 13:11:07 ----A---- C:\Windows\system32\ntoskrnl.exe 2014-05-16 13:11:06 ----A---- C:\Windows\SYSWOW64\wdigest.dll 2014-05-16 13:11:06 ----A---- C:\Windows\SYSWOW64\TSpkg.dll 2014-05-16 13:11:06 ----A---- C:\Windows\SYSWOW64\objsel.dll 2014-05-16 13:11:06 ----A---- C:\Windows\SYSWOW64\KernelBase.dll 2014-05-16 13:11:06 ----A---- C:\Windows\system32\wdigest.dll 2014-05-16 13:11:06 ----A---- C:\Windows\system32\TSpkg.dll 2014-05-16 13:11:06 ----A---- C:\Windows\system32\KernelBase.dll 2014-05-16 13:11:06 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2014-05-16 13:11:05 ----A---- C:\Windows\SYSWOW64\schannel.dll 2014-05-16 13:11:05 ----A---- C:\Windows\SYSWOW64\dimsroam.dll 2014-05-16 13:11:05 ----A---- C:\Windows\SYSWOW64\cngprovider.dll 2014-05-16 13:11:05 ----A---- C:\Windows\SYSWOW64\adprovider.dll 2014-05-16 13:11:05 ----A---- C:\Windows\system32\schannel.dll 2014-05-16 13:11:05 ----A---- C:\Windows\system32\dimsroam.dll 2014-05-16 13:11:05 ----A---- C:\Windows\system32\cngprovider.dll 2014-05-16 13:11:05 ----A---- C:\Windows\system32\adprovider.dll 2014-05-16 13:11:04 ----A---- C:\Windows\SYSWOW64\dpapiprovider.dll 2014-05-16 13:11:04 ----A---- C:\Windows\SYSWOW64\capiprovider.dll 2014-05-16 13:11:04 ----A---- C:\Windows\system32\sspicli.dll 2014-05-16 13:11:04 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2014-05-16 13:11:04 ----A---- C:\Windows\system32\dpapiprovider.dll 2014-05-16 13:11:04 ----A---- C:\Windows\system32\capiprovider.dll 2014-05-16 13:11:03 ----A---- C:\Windows\system32\wincredprovider.dll 2014-05-16 13:11:02 ----A---- C:\Windows\SYSWOW64\wincredprovider.dll 2014-05-16 13:11:02 ----A---- C:\Windows\SYSWOW64\credssp.dll 2014-05-16 13:11:02 ----A---- C:\Windows\system32\sspisrv.dll 2014-05-16 13:11:02 ----A---- C:\Windows\system32\lsass.exe 2014-05-16 13:11:02 ----A---- C:\Windows\system32\credssp.dll 2014-05-16 13:11:01 ----A---- C:\Windows\SYSWOW64\secur32.dll 2014-05-16 13:11:01 ----A---- C:\Windows\system32\secur32.dll 2014-05-16 13:11:00 ----A---- C:\Windows\SYSWOW64\sspicli.dll ======List of files/folders modified in the last 2 months====== 2014-07-10 20:16:06 ----D---- C:\Program Files\trend micro 2014-07-10 20:13:51 ----D---- C:\Windows\Prefetch 2014-07-10 20:13:13 ----D---- C:\Windows\Temp 2014-07-10 20:13:01 ----D---- C:\Users\internet\AppData\Roaming\uTorrent 2014-07-10 11:14:15 ----D---- C:\Windows\system32\config 2014-07-10 11:04:02 ----D---- C:\Windows\system32\catroot 2014-07-10 11:03:31 ----D---- C:\Windows\system32\catroot2 2014-07-10 11:03:27 ----D---- C:\Windows\winsxs 2014-07-09 08:57:45 ----D---- C:\Windows\SysWOW64 2014-07-09 08:57:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2014-07-09 08:26:38 ----D---- C:\Windows 2014-07-09 08:26:19 ----D---- C:\Windows\System32 2014-07-08 12:11:07 ----D---- C:\Windows\system32\LogFiles 2014-07-08 12:05:00 ----D---- C:\Windows\system32\drivers 2014-07-08 12:04:49 ----D---- C:\Windows\SoftwareDistribution 2014-07-08 12:04:35 ----D---- C:\Users\internet\AppData\Roaming\Malwarebytes 2014-07-08 12:04:21 ----RD---- C:\Program Files (x86) 2014-07-08 12:04:21 ----D---- C:\ProgramData\Malwarebytes 2014-07-08 09:10:17 ----D---- C:\Windows\inf 2014-07-08 09:10:17 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-07-08 08:37:32 ----SHD---- C:\System Volume Information 2014-06-30 08:19:44 ----D---- C:\Windows\system32\wdi 2014-06-23 14:02:32 ----D---- C:\Users\internet\AppData\Roaming\vlc 2014-06-20 19:20:10 ----D---- C:\Windows\system32\DriverStore 2014-06-20 08:44:02 ----SHD---- C:\Windows\Installer 2014-06-18 07:20:01 ----D---- C:\ProgramData\McAfee Security Scan 2014-06-18 07:19:56 ----RD---- C:\Program Files 2014-06-17 07:58:21 ----D---- C:\Windows\debug 2014-06-15 10:05:20 ----D---- C:\Windows\rescache 2014-06-14 10:01:00 ----D---- C:\Program Files\Internet Explorer 2014-06-14 10:00:59 ----D---- C:\Windows\SYSWOW64\en-US 2014-06-14 10:00:57 ----D---- C:\Windows\system32\en-US 2014-06-14 10:00:53 ----D---- C:\Program Files (x86)\Internet Explorer 2014-06-12 19:39:09 ----D---- C:\Windows\system32\MRT 2014-06-12 19:37:00 ----A---- C:\Windows\system32\MRT.exe 2014-06-12 19:35:24 ----D---- C:\ProgramData\Microsoft Help 2014-06-12 19:34:01 ----SD---- C:\Windows\system32\CompatTel 2014-05-24 20:19:37 ----D---- C:\Users\internet\AppData\Roaming\Spotify 2014-05-20 10:39:35 ----HD---- C:\ProgramData 2014-05-20 10:39:35 ----D---- C:\Program Files (x86)\FLVPlayer 2014-05-17 09:26:22 ----D---- C:\Windows\Microsoft.NET 2014-05-17 09:25:49 ----RSD---- C:\Windows\assembly 2014-05-17 08:55:19 ----D---- C:\Windows\system32\nl-NL 2014-05-17 08:55:19 ----D---- C:\Windows\PolicyDefinitions 2014-05-16 15:06:24 ----D---- C:\Program Files (x86)\Common Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2011-03-13 213888] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2011-03-13 514560] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240] R3 ksaud;Creative USB Audio Driver; C:\Windows\system32\drivers\ksaud.sys [2009-08-05 1134208] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 25816] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-07-10 122584] R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 63704] R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf_amd64.sys [2013-12-06 18456] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328] S3 dmvsc;dmvsc; C:\Windows\system32\DRIVERS\dmvsc.sys [2011-03-13 71168] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488] S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736] S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2012-12-07 36928] S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech Webcam 200(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys [] S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2011-03-13 165888] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2011-03-13 20992] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2011-03-13 6656] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944] S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2011-03-13 34688] S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2011-03-13 88960] S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\DRIVERS\terminpt.sys [2011-03-13 34816] S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2011-03-13 59392] S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\DRIVERS\TsUsbGD.sys [2011-03-13 31232] S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2011-03-13 117248] S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2013-03-18 54784] S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [] S3 vmbus;vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [2011-03-13 199552] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2011-03-13 21760] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2011-03-13 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264] R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-02-12 43336] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] R2 BRA_Scheduler;Brother BRAdminPro Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2012-12-11 98304] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808] R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424] R2 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2013-12-06 1229528] R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-06 662232] R2 UMVPFSrv;UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2014-02-21 641352] R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872] R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-13 116648] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 262320] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-08-06 79360] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-13 116648] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 111616] S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 289256] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-15 1255736] S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF-----------------

Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware Databaseversie: v2014.02.03.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 internet :: INTERNET-PC [administrator] 7-2-2014 10:10:56 mbam-log-2014-02-07 (10-10-56).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 218961 Verstreken tijd: 8 minuut/minuten, 33 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)

Het is weer zover. Na het openen van een mailtje is het helemaal mis. Mailtje was verstuurd vanuit FedEx. zat ik net op een pakketje van FedEX te wachten.... STOM!! Hier een log Logfile of random's system information tool 1.09 (written by random/random) Run by internet at 2014-02-06 21:48:43 Microsoft Windows 7 Ultimate Service Pack 1 System drive C: has 29 GB (12%) free of 238 GB Total RAM: 4094 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:48:51, on 6-2-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\internet\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\internet.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun O4 - HKLM\..\Run: [Registry Helper] "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8867 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}] MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] "Module Loader"=C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [2007-07-23 57344] "NPSStartup"= [] "Registry Helper"=C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe /boot [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ccleaner"=C:\Program Files\CCleaner\CCleaner64.exe [2012-05-23 5208928] "AutoStartNPSAgent"=C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-04 95576] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=lvcodec2.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv "msacm.siren"=sirenacm.dll "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "aux3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "aux4"=wdmaud.drv "wave5"=wdmaud.drv "midi5"=wdmaud.drv "mixer5"=wdmaud.drv "aux5"=wdmaud.drv "wave6"=wdmaud.drv "midi6"=wdmaud.drv "mixer6"=wdmaud.drv "aux6"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-02-06 21:48:45 ----D---- C:\Program Files (x86)\trend micro 2014-02-06 21:48:43 ----D---- C:\rsit ======List of files/folders modified in the last 1 month====== 2014-02-06 21:48:51 ----D---- C:\Windows\Prefetch 2014-02-06 21:48:45 ----RD---- C:\Program Files (x86) 2014-02-06 21:48:21 ----D---- C:\Windows\Temp 2014-02-06 21:29:24 ----D---- C:\Windows\System32 2014-02-06 21:29:24 ----D---- C:\Windows\inf 2014-02-06 19:41:36 ----D---- C:\Windows 2014-02-06 19:13:42 ----D---- C:\Windows\SoftwareDistribution 2014-02-05 20:26:49 ----D---- C:\Windows\SysWOW64 2014-02-05 20:26:31 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-05 09:49:19 ----SHD---- C:\System Volume Information 2014-01-28 06:18:28 ----D---- C:\Users\internet\AppData\Roaming\uTorrent 2014-01-25 10:27:02 ----D---- C:\Users\internet\AppData\Roaming\vlc 2014-01-16 17:16:40 ----SHD---- C:\Windows\Installer 2014-01-16 10:21:10 ----D---- C:\Windows\debug 2014-01-15 16:05:29 ----D---- C:\Windows\winsxs 2014-01-13 11:56:29 ----D---- C:\Users\internet\AppData\Roaming\Spotify 2014-01-07 09:32:39 ----D---- C:\ProgramData\Registry Helper ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 ksaud;Creative USB Audio Driver; C:\Windows\system32\drivers\ksaud.sys [] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [] S3 dmvsc;dmvsc; C:\Windows\system32\DRIVERS\dmvsc.sys [] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [] S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [] S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [] S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [] S3 LVUVC64;Logitech Webcam 200(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [] S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [] S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [] S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\DRIVERS\terminpt.sys [] S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [] S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\DRIVERS\TsUsbGD.sys [] S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [] S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [] S3 vmbus;vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 BRA_Scheduler;Brother BRAdminPro Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2012-12-11 98304] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808] R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424] R2 UMVPFSrv;UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-13 116648] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 257928] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-08-06 79360] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-13 116648] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V [] S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 288776] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF-----------------

Beste Kape, Mijn PC werkt weer als een sneltrein (geen FYRA!!) Ontzettend bedankt voor de geweldige en snelle hulp. Ik ga direct een donatie doen om jullie geweldige werk te steunen, ga zo door!!

Bedoel je deze?? # AdwCleaner v3.011 - Report created 07/11/2013 at 13:02:56 # Updated 03/11/2013 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : internet - INTERNET-PC # Running from : C:\Users\internet\Desktop\AdwCleaner (1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2716 octets] - [29/09/2013 08:35:30] AdwCleaner[R1].txt - [1475 octets] - [04/11/2013 20:41:21] AdwCleaner[R2].txt - [1013 octets] - [07/11/2013 13:00:23] AdwCleaner[s0].txt - [2520 octets] - [29/09/2013 08:36:47] AdwCleaner[s1].txt - [1375 octets] - [04/11/2013 20:45:00] AdwCleaner[s2].txt - [936 octets] - [07/11/2013 13:02:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [995 octets] ##########

KAPE JE BENT GEWELDIG!! Weet niet of het al klaar is maar krijg in ieder geval geen IRRITANTE reclames meer!!!! Zoek.exe Version 4.0.0.5 Updated 05-November-2013 Tool run by internet on do 07-11-2013 at 10:10:48,66. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\internet\Desktop\zoek.scr [Checkboxes used] ==== System Restore Info ====================== 7-11-2013 10:12:33 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1384726799-3280244283-2285347874-1000\Software\Microsoft\Internet Explorer\SearchScopes\{40CB4BC0-FA1F-A5B2-989C-558FEE7E9D81} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\ShoppingChip deleted C:\ProgramData\OptimizerPro1 deleted C:\Windows\Syswow64\lMMLDeleteUserData42107612FX.tmp deleted C:\Windows\Syswow64\tmp1CCA.tmp deleted C:\Windows\Syswow64\tmp1CCB.tmp deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions hnbcmhecildmjnkkaaaidhnpgjcejcmm - C:\ProgramData\wxDfast\hnbcmhecildmjnkkaaaidhnpgjcejcmm.crx[] niogeckbkdcabhnapjbkeiklablhjoca - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx[] ShoppingChip - internet - Default\Extensions\bikciehfipcibnkcpbfchkdkkbfbkdik Windows Media Player Extension for HTML5 - internet - Default\Extensions\hokdglbhghcebcopdbanieangmcamaak International Internet TV - internet - Default\Extensions\jpfaflofhdeeaikcajgalgbpgejbmihk ==== Chrome Fix ====================== C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal deleted successfully C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mystart.incredibar.com_0.localstorage-journal deleted successfully C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikciehfipcibnkcpbfchkdkkbfbkdik deleted successfully C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bikciehfipcibnkcpbfchkdkkbfbkdik_0.localstorage deleted successfully C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bikciehfipcibnkcpbfchkdkkbfbkdik_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\internet\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe C:\Users\internet\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\internet\Desktop\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\Users\internet\Desktop\µTorrent.lnk - C:\Users\internet\Desktop\MEVABA\REMEHA\TZERRA\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Audiograbber.lnk - C:\Program Files (x86)\Audiograbber\audiograbber.exe C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe SecurityScanner.dll C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy64.exe ==== shortcuts in Users Start Menu ====================== C:\Users\internet\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk - ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe SecurityScanner.dll C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Verwijderen.lnk - C:\Program Files\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.8.130\McAfee.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe C:\Users\internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\Users\internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\internet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0CC6F0AC-49E1-BE3A-9A34-39C0E98E4663} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CD891139-8941-E129-12DC-AC0796790428} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hnbcmhecildmjnkkaaaidhnpgjcejcmm deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\internet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\internet\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 07-11-2013 at 10:25:41,03 ======================

Logfile of random's system information tool 1.09 (written by random/random) Run by internet at 2013-11-06 18:58:14 Microsoft Windows 7 Ultimate Service Pack 1 System drive C: has 40 GB (17%) free of 238 GB Total RAM: 4094 MB (49% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:58:18, on 6-11-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16720) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Users\internet\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\internet\Desktop\HijackThis.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files\trend micro\internet.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [uTorrent] "C:\Users\internet\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9242 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "c:\Program Files\Microsoft Security Client\MsMpEng.exe" C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs "C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe" C:\Windows\system32\AUDIODG.EXE 0x2c0 atieclxx C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Windows\system32\svchost.exe -k apphost "taskhost.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" "C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe" "C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe" WLIDSvcM.exe 2304 "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Windows\System32\rundll32.exe" sbavmon.dll,SBAVMonitor "C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" "C:\Users\internet\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe" C:\Windows\system32\sppsvc.exe "C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" -StartUpRun C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\System32\svchost.exe -k LocalServicePeerNet "c:\Program Files\Microsoft Security Client\NisSrv.exe" "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-212e4e2f-3c6d-488a-a567-9d9a62697761 -SystemEventPortName:HostProcess-5c0929d0-5f47-4106-ab61-aade96858e32 -IoCancelEventPortName:HostProcess-0daacb76-1839-4103-816a-abd88f2622bb -NonStateChangingEventPortName:HostProcess-922aa5c2-b803-4638-a873-78b3a8a2d249 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3f471874-8343-44b9-9a28-cd402d0a8bf7 -DeviceGroupId:WpdFsGroup "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1216.0.1002192299\2136624144" --disable-image-transport-surface --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,18,24,26 --reduce-gpu-sandbox --gpu-vendor-id=0x1002 --gpu-device-id=0x9498 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.632.1.2000 --ignored=" --type=renderer " /prefetch:822062411 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group16 pct:1i stable:r3 use_remote_ntp_on_startup:1 espv:215/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --instant-process --enable-threaded-compositing --disable-html-notifications --enable-experimental-extension-apis --channel="1216.1.2022421121\2008618538" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group16 pct:1i stable:r3 use_remote_ntp_on_startup:1 espv:215/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --enable-experimental-extension-apis --channel="1216.4.1815829594\2040723190" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="1216.5.1123088182\1856097023" --ppapi-flash-args --lang=nl --ignored=" --type=renderer " /prefetch:-632637702 "C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe" -Embedding "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group16 pct:1i stable:r3 use_remote_ntp_on_startup:1 espv:215/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --enable-experimental-extension-apis --channel="1216.8.1586636266\1150951914" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group16 pct:1i stable:r3 use_remote_ntp_on_startup:1 espv:215/NewMenuStyle/Compact2/OutdatedInstallCheck/12WeeksOutdatedInstall/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --enable-experimental-extension-apis --channel="1216.29.1823258119\113037571" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group16 pct:1i stable:r3 use_remote_ntp_on_startup:1 espv:215/NewMenuStyle/Compact2/OutdatedInstallCheck/12WeeksOutdatedInstall/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --enable-experimental-extension-apis --channel="1216.30.1081602009\1817858847" /prefetch:673131151 "C:\Users\internet\Desktop\HijackThis.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" "C:\Windows\notepad.exe" "C:\Users\internet\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2013-11-06 (17-32-12).txt" "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" "C:\Users\internet\Downloads\5004690.pdf" "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" --channel=2080.0044F8B0.2129023752 --type=renderer "C:\Users\internet\Downloads\5004690.pdf" "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "J:\" C:\Windows\system32\wbem\wmiprvse.exe "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520 "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 7F8AB11B-0F84-5C7B-08C0-397C325B70F5 -Reinvoke "C:\Users\internet\Downloads\RSITx64.exe" C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF} ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}] MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-08-12 1356240] "Creative SB Monitoring Utility"=RunDll32 sbavmon.dll,SBAVMonitor [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ccleaner"=C:\Program Files\CCleaner\CCleaner64.exe [2012-05-23 5208928] "AutoStartNPSAgent"=C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-07-04 95576] "uTorrent"=C:\Users\internet\AppData\Roaming\uTorrent\uTorrent.exe [2013-10-23 902736] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "Module Loader"=C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [2007-07-23 57344] "NPSStartup"= [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=lvcod64.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv "MSVideo"=vfwwdm32.dll "MSVideo8"=VfWWDM32.dll "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "aux3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "aux4"=wdmaud.drv "wave5"=wdmaud.drv "midi5"=wdmaud.drv "mixer5"=wdmaud.drv "aux5"=wdmaud.drv "wave6"=wdmaud.drv "midi6"=wdmaud.drv "mixer6"=wdmaud.drv "aux6"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-11-06 18:58:15 ----D---- C:\Program Files\trend micro 2013-11-06 18:58:14 ----D---- C:\rsit 2013-11-06 14:29:05 ----A---- C:\Windows\system32\FNTCACHE.DAT 2013-11-02 17:44:10 ----D---- C:\Users\internet\AppData\Roaming\AVG 2013-11-02 17:43:09 ----D---- C:\ProgramData\AVG 2013-11-02 17:42:54 ----SHD---- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2013-11-02 17:42:54 ----HD---- C:\ProgramData\Common Files 2013-11-02 17:32:42 ----D---- C:\ProgramData\a022d86f04e93c64 2013-11-02 17:32:41 ----D---- C:\Program Files (x86)\ShoppingChip 2013-10-10 05:54:07 ----A---- C:\Windows\SYSWOW64\ieui.dll 2013-10-10 05:54:06 ----A---- C:\Windows\system32\ieui.dll 2013-10-10 05:54:05 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-10-10 05:54:04 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-10-10 05:54:04 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-10-10 05:54:04 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-10-10 05:54:04 ----A---- C:\Windows\system32\iesetup.dll 2013-10-10 05:54:04 ----A---- C:\Windows\system32\iernonce.dll 2013-10-10 05:54:04 ----A---- C:\Windows\system32\ie4uinit.exe 2013-10-10 05:54:03 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2013-10-10 05:54:03 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-10 05:54:03 ----A---- C:\Windows\system32\iesysprep.dll 2013-10-10 05:54:02 ----A---- C:\Windows\system32\iertutil.dll 2013-10-10 05:54:00 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-10-10 05:54:00 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-10-10 05:54:00 ----A---- C:\Windows\system32\msfeeds.dll 2013-10-10 05:54:00 ----A---- C:\Windows\system32\jscript.dll 2013-10-10 05:53:59 ----A---- C:\Windows\system32\jscript9.dll 2013-10-10 05:53:58 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2013-10-10 05:53:57 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2013-10-10 05:53:56 ----A---- C:\Windows\system32\urlmon.dll 2013-10-10 05:53:55 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2013-10-10 05:53:55 ----A---- C:\Windows\system32\jsproxy.dll 2013-10-10 05:53:54 ----A---- C:\Windows\SYSWOW64\wininet.dll 2013-10-10 05:53:54 ----A---- C:\Windows\system32\wininet.dll 2013-10-10 05:53:53 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2013-10-10 05:53:52 ----A---- C:\Windows\system32\ieframe.dll 2013-10-10 05:53:50 ----A---- C:\Windows\system32\mshtml.dll 2013-10-10 05:53:47 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2013-10-10 04:54:40 ----A---- C:\Windows\system32\comctl32.dll 2013-10-10 04:54:39 ----A---- C:\Windows\SYSWOW64\comctl32.dll 2013-10-10 04:54:37 ----A---- C:\Windows\SYSWOW64\lpk.dll 2013-10-10 04:54:37 ----A---- C:\Windows\SYSWOW64\fontsub.dll 2013-10-10 04:54:37 ----A---- C:\Windows\SYSWOW64\dciman32.dll 2013-10-10 04:54:37 ----A---- C:\Windows\SYSWOW64\atmfd.dll 2013-10-10 04:54:37 ----A---- C:\Windows\system32\lpk.dll 2013-10-10 04:54:37 ----A---- C:\Windows\system32\fontsub.dll 2013-10-10 04:54:37 ----A---- C:\Windows\system32\dciman32.dll 2013-10-10 04:54:37 ----A---- C:\Windows\system32\atmfd.dll 2013-10-10 04:54:36 ----A---- C:\Windows\SYSWOW64\atmlib.dll 2013-10-10 04:54:36 ----A---- C:\Windows\system32\drivers\Wdf01000.sys 2013-10-10 04:54:36 ----A---- C:\Windows\system32\atmlib.dll 2013-10-10 04:54:35 ----A---- C:\Windows\system32\drivers\usbcir.sys 2013-10-10 04:54:35 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys 2013-10-10 04:54:34 ----A---- C:\Windows\system32\drivers\usbscan.sys 2013-10-10 04:54:34 ----A---- C:\Windows\system32\drivers\hidparse.sys 2013-10-10 04:54:34 ----A---- C:\Windows\system32\drivers\hidclass.sys 2013-10-10 04:54:33 ----A---- C:\Windows\SYSWOW64\WebClnt.dll 2013-10-10 04:54:33 ----A---- C:\Windows\SYSWOW64\davclnt.dll 2013-10-10 04:54:33 ----A---- C:\Windows\system32\WebClnt.dll 2013-10-10 04:54:33 ----A---- C:\Windows\system32\drivers\mrxdav.sys 2013-10-10 04:54:33 ----A---- C:\Windows\system32\davclnt.dll 2013-10-10 04:54:32 ----A---- C:\Windows\SYSWOW64\mswsock.dll 2013-10-10 04:54:32 ----A---- C:\Windows\system32\mswsock.dll 2013-10-10 04:54:32 ----A---- C:\Windows\system32\drivers\tcpip.sys 2013-10-10 04:54:32 ----A---- C:\Windows\system32\drivers\afd.sys 2013-10-10 04:54:28 ----A---- C:\Windows\system32\win32k.sys 2013-10-10 04:54:27 ----A---- C:\Windows\system32\ntoskrnl.exe 2013-10-10 04:54:26 ----A---- C:\Windows\system32\advapi32.dll 2013-10-10 04:54:25 ----A---- C:\Windows\SYSWOW64\tdh.dll 2013-10-10 04:54:25 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2013-10-10 04:54:25 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2013-10-10 04:54:25 ----A---- C:\Windows\system32\tdh.dll 2013-10-10 04:54:24 ----A---- C:\Windows\SYSWOW64\ntdll.dll 2013-10-10 04:54:24 ----A---- C:\Windows\SYSWOW64\advapi32.dll 2013-10-10 04:54:24 ----A---- C:\Windows\system32\ntdll.dll 2013-10-10 04:54:23 ----A---- C:\Windows\system32\wow64.dll 2013-10-10 04:54:22 ----A---- C:\Windows\SYSWOW64\wow32.dll 2013-10-10 04:54:22 ----A---- C:\Windows\SYSWOW64\user.exe 2013-10-10 04:54:22 ----A---- C:\Windows\SYSWOW64\setup16.exe 2013-10-10 04:54:22 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll 2013-10-10 04:54:22 ----A---- C:\Windows\SYSWOW64\instnm.exe 2013-10-10 04:54:15 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 04:54:15 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 04:54:15 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys 2013-10-10 04:54:13 ----A---- C:\Windows\system32\scavengeui.dll 2013-10-09 10:42:23 ----D---- C:\Program Files\McAfee Security Scan ======List of files/folders modified in the last 1 month====== 2013-11-06 18:58:19 ----D---- C:\Windows\Prefetch 2013-11-06 18:58:15 ----RD---- C:\Program Files 2013-11-06 18:58:12 ----D---- C:\Users\internet\AppData\Roaming\uTorrent 2013-11-06 18:57:51 ----D---- C:\Windows\Temp 2013-11-06 14:54:32 ----D---- C:\Windows\System32 2013-11-06 14:54:32 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-11-06 14:54:31 ----D---- C:\Windows\inf 2013-11-06 14:29:18 ----D---- C:\Windows 2013-11-06 14:22:44 ----D---- C:\Windows\system32\config 2013-11-06 11:29:16 ----D---- C:\Windows\system32\LogFiles 2013-11-06 09:33:38 ----D---- C:\Windows\SoftwareDistribution 2013-11-04 21:05:24 ----D---- C:\Windows\system32\drivers 2013-11-04 21:05:21 ----D---- C:\Windows\system32\drivers\UMDF 2013-11-04 20:58:19 ----SHD---- C:\System Volume Information 2013-11-04 20:45:20 ----D---- C:\AdwCleaner 2013-11-04 20:45:00 ----RD---- C:\Program Files (x86) 2013-11-04 20:44:32 ----HD---- C:\ProgramData 2013-11-03 22:02:26 ----SHD---- C:\Windows\Installer 2013-11-03 22:01:24 ----D---- C:\Windows\SysWOW64 2013-11-03 22:01:24 ----D---- C:\Windows\system32\Tasks 2013-11-03 20:50:19 ----D---- C:\Users\internet\AppData\Roaming\vlc 2013-10-30 16:32:35 ----D---- C:\Windows\system32\catroot2 2013-10-15 22:18:51 ----D---- C:\Windows\system32\catroot 2013-10-15 22:18:50 ----D---- C:\Program Files\Microsoft Security Client 2013-10-15 22:18:50 ----D---- C:\Program Files (x86)\Microsoft Security Client 2013-10-11 09:43:55 ----D---- C:\Windows\Panther 2013-10-11 09:43:51 ----D---- C:\Windows\debug 2013-10-10 14:26:40 ----D---- C:\Windows\rescache 2013-10-10 11:42:28 ----RSD---- C:\Windows\assembly 2013-10-10 11:42:28 ----D---- C:\Windows\Microsoft.NET 2013-10-10 11:25:29 ----D---- C:\Windows\winsxs 2013-10-10 11:23:29 ----D---- C:\Program Files (x86)\Internet Explorer 2013-10-10 11:23:27 ----D---- C:\Program Files\Internet Explorer 2013-10-10 11:23:24 ----D---- C:\Windows\AppPatch 2013-10-10 11:23:19 ----D---- C:\Windows\system32\DriverStore 2013-10-10 05:52:15 ----D---- C:\Program Files\Microsoft Silverlight 2013-10-10 05:52:15 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2013-10-10 05:46:50 ----D---- C:\Windows\system32\MRT 2013-10-10 05:44:57 ----A---- C:\Windows\system32\MRT.exe 2013-10-10 05:41:20 ----D---- C:\Windows\system32\nl-NL 2013-10-09 16:25:44 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 247216] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2011-03-13 213888] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2011-03-13 514560] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 139616] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504] R3 ksaud;Creative USB Audio Driver; C:\Windows\system32\drivers\ksaud.sys [2009-08-05 1134208] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496] S3 dmvsc;dmvsc; C:\Windows\system32\DRIVERS\dmvsc.sys [2011-03-13 71168] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488] S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736] S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2012-12-07 36928] S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech Webcam 200(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2011-03-13 165888] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2011-03-13 20992] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2011-03-13 6656] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944] S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2011-03-13 34688] S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2011-03-13 88960] S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\DRIVERS\terminpt.sys [2011-03-13 34816] S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2011-03-13 59392] S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\DRIVERS\TsUsbGD.sys [2011-03-13 31232] S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2011-03-13 117248] S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [] S3 vmbus;vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [2011-03-13 199552] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2011-03-13 21760] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2011-03-13 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264] R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 BRA_Scheduler;Brother BRAdminPro Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2012-12-11 98304] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-08-12 23808] R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424] R2 UMVPFSrv;UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-08-12 366600] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-13 116648] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-08-06 79360] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-13 116648] S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 288776] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-15 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF-----------------

Het is weer zover!! Er moet nodig een schoonmaak komen. Krijg het zelf niet helemaal voor elkaar.. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:31:27, on 6-11-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16720) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Users\internet\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\internet\Desktop\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [uTorrent] "C:\Users\internet\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2013.11.01.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 internet :: INTERNET-PC [administrator] 6-11-2013 17:32:12 mbam-log-2013-11-06 (17-32-12).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 211685 Verstreken tijd: 6 minuut/minuten, 4 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Hoewel Malware aangeeft geen kwaadaardige objecten te detecteren is er toch van alles aan de hand volgens mij. Ook word ik gek van de conduit werkbalk, deze wil ikm ook graag weg hebben. Mijn dank is nu al weer ontzettend groot!!!:adore: Groet uit Holland

Dank je wel kape. Hij doet wat trager de laatste week. - - - Updated - - - Mijn andere pc heeft wel wat opschoning nodig zal ik vandaag eens aanpakken.

Hoi Kape, Dank alweer voor al uw moeite. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:22:18, on 3-9-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16660) Boot mode: Normal Running processes: C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\internet\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8947 bytes Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2013.09.03.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 internet :: INTERNET-PC [administrator] 3-9-2013 18:13:05 mbam-log-2013-09-03 (18-13-05).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 228959 Verstreken tijd: 3 minuut/minuten, 33 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)

Willen jullie hier naar kijken en mij alstublieft even zeggen wat te doen?? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:08:46, on 3-9-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16660) Boot mode: Normal Running processes: C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\internet\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8862 bytes

Hallo Kape, Het is weer fantastisch, de laptop is incdrdaad weer een heel stuk sneller en virus vrij. Mijn dank is weer ontzettend groot, echt geweldig. Bij deze wil ik jullie allemaal hele fijne feestdagen wensen en een gelukkig nieuwjaar!!!

ook dit is weer gelukt, ComboFix 11-12-22.04 - Baren 22-12-2011 22:59:08.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2045.1128 [GMT 1:00] Gestart vanuit: c:\users\Baren\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Baren\Desktop\CFScript.txt AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Ask . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_mailKmd . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))) . . 2011-12-22 22:05 . 2011-12-22 22:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-21 10:03 . 2011-12-21 10:03 -------- d-----w- c:\program files\Common Files\Java 2011-12-20 19:24 . 2011-12-20 19:24 -------- d-----w- c:\users\Baren\AppData\Local\SanctionedMedia 2011-12-16 11:23 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-12-16 11:23 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll 2011-12-16 11:23 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-12-16 11:23 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-12-16 11:23 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-12-16 11:23 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-16 11:23 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-19 20:56 . 2011-06-25 14:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-10 04:54 . 2010-05-30 19:29 472808 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Baren^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] path=c:\users\Baren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] 2007-01-17 07:01 151552 ----a-w- c:\acer\AcerTour\Reminder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp] 2005-07-25 12:36 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2007-01-10 10:34 200704 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD] 2006-08-29 08:26 241664 ----a-w- c:\program files\Launch Manager\OSDCtrl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2011-08-31 16:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-08-01 14:41 13548064 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-08-01 14:41 92704 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2006-11-09 18:57 3784704 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2006-10-23 19:00 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] 2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton] 2006-11-09 13:37 86016 ----a-w- c:\program files\Launch Manager\WButton.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-10-29 655872] R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:53] . 2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:53] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! UK IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-22 23:07 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\windows\system32\conime.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2011-12-22 23:12:47 - machine werd herstart ComboFix-quarantined-files.txt 2011-12-22 22:12 ComboFix2.txt 2011-12-22 19:29 . Pre-Run: 16.906.063.872 bytes beschikbaar Post-Run: 16.576.000.000 bytes beschikbaar . - - End Of File - - F1E31D15D07AABD60E81D69E38C7F914 DANK U DANK U

Hallo Kape, Dat is gelukt hier het rapport ComboFix 11-12-22.04 - Baren 22-12-2011 20:15:18.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2045.1267 [GMT 1:00] Gestart vanuit: c:\users\Baren\Desktop\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\$NtUninstallKB64514$ c:\windows\$NtUninstallKB64514$\1784329453 c:\windows\$NtUninstallKB64514$\2043643341\@ c:\windows\$NtUninstallKB64514$\2043643341\bckfg.tmp c:\windows\$NtUninstallKB64514$\2043643341\cfg.ini c:\windows\$NtUninstallKB64514$\2043643341\Desktop.ini c:\windows\$NtUninstallKB64514$\2043643341\keywords c:\windows\$NtUninstallKB64514$\2043643341\kwrd.dll c:\windows\$NtUninstallKB64514$\2043643341\L\qnbwvoto c:\windows\$NtUninstallKB64514$\2043643341\U\00000001.@ c:\windows\$NtUninstallKB64514$\2043643341\U\00000002.@ c:\windows\$NtUninstallKB64514$\2043643341\U\00000004.@ c:\windows\$NtUninstallKB64514$\2043643341\U\80000000.@ c:\windows\$NtUninstallKB64514$\2043643341\U\80000004.@ c:\windows\$NtUninstallKB64514$\2043643341\U\80000032.@ c:\windows\Temp\log.txt . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))) . . 2011-12-22 19:25 . 2011-12-22 19:26 -------- d-----w- c:\users\Baren\AppData\Local\temp 2011-12-22 19:25 . 2011-12-22 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-21 10:03 . 2011-12-21 10:03 -------- d-----w- c:\program files\Common Files\Java 2011-12-21 10:02 . 2011-12-21 10:02 -------- d-----w- c:\programdata\Ask 2011-12-20 19:24 . 2011-12-20 19:24 -------- d-----w- c:\users\Baren\AppData\Local\SanctionedMedia 2011-12-16 11:23 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-12-16 11:23 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll 2011-12-16 11:23 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-12-16 11:23 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-12-16 11:23 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-12-16 11:23 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-16 11:23 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-19 20:56 . 2011-06-25 14:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-10 04:54 . 2010-05-30 19:29 472808 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Baren^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] path=c:\users\Baren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] 2007-01-17 07:01 151552 ----a-w- c:\acer\AcerTour\Reminder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp] 2005-07-25 12:36 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2007-01-10 10:34 200704 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD] 2006-08-29 08:26 241664 ----a-w- c:\program files\Launch Manager\OSDCtrl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2011-08-31 16:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-08-01 14:41 13548064 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-08-01 14:41 92704 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2006-11-09 18:57 3784704 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2006-10-23 19:00 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] 2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton] 2006-11-09 13:37 86016 ----a-w- c:\program files\Launch Manager\WButton.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R1 mailKmd;mailKmd; [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-10-29 655872] R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:53] . 2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:53] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! UK IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 172.16.0.1 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Acer Tour Reminder - (no file) HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) MSConfigStartUp-PowerKey - c:\program files\Launch Manager\PowerKey.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-22 20:26 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2011-12-22 20:29:04 ComboFix-quarantined-files.txt 2011-12-22 19:29 . Pre-Run: 15.524.868.096 bytes beschikbaar Post-Run: 16.635.154.432 bytes beschikbaar . - - End Of File - - B352DEA7054833C87BBAF4C006D881A7 Alvast weer reuze bedankt

Hallo computerexperts, Het is kerstvakantie en ik erger me nu al aan de trage laptop van oma, Please help..... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:25:30, on 22-12-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Baren\Desktop\HIJACKTHIS\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UPC Live - UPC Nederland R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo'>http://uk.yahoo.com]Yahoo! UK R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 5378 bytes Alvast wer reuze bedankt ---------- Post toegevoegd om 13:31 ---------- Vorige post was om 13:27 ---------- Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 911122202 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 22-12-2011 13:29:39 mbam-log-2011-12-22 (13-29-39).txt Scantype: Snelle scan Objecten gescand: 171293 Verstreken tijd: 6 minuut/minuten, 49 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)

Hallo Beste Computers dokters, Ik krijg deze lijst uit mijn check, staan hier schokkende dingen in??? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:49:30, on 18-11-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe C:\Program Files\AVG\AVG10\avgui.exe C:\Program Files\AVG\AVG10\avgscanx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Woofi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MediaBar - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\ToolBar\shdtxmltbpi.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: MediaBar - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\ToolBar\shdtxmltbpi.dll (file missing) O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\OFFICE~1\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\OFFICE~1\Office12\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab lugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/wwwext01/install/plugin/KVKar51.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- End of file - 9506 bytes Bij voorbaat mijn dank