Pagina 1 van 2 12 LaatsteLaatste
Weergegeven resultaten: 1 t/m 10 van 19
  1. #1
    Up-to-date  
    Geregistreerd
    29 December 2005
    Berichten
    59
    Bedankjes
    15
    Bedankt
    2 keer in 2 posts

    Louche software gedownload, nu last van veranderende homepage, search & trage browser

    Hallo allemaal, ik heb met malwarebytes reeds gescanned en alles gewist wat daaruit kwam. Het voelt nog altijd vrij stoef aan allemaal, dus bij deze een logje:


    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 17:45:00, on 26/11/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16736)
    CHROME: 31.0.1650.57
    FIREFOX: 25.0.1 (en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Users\Laurens\AppData\Roaming\Spotify\Data\Spot ifyWebHelper.exe
    C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe
    C:\Users\Laurens\AppData\Roaming\Dropbox\bin\Dropb ox.exe
    C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Laurens\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Laurens\AppData\Local\Google\Update\Goog leUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Laurens\AppData\Local\Facebook\Update\Fa cebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Laurens\AppData\Roaming\Spotify\spotify. exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Laurens\AppData\Roaming\Spotify\Data\Spo tifyWebHelper.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Users\Laurens\AppData\Roaming\uTorrent\uTorren t.exe" /MINIMIZED
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
    O4 - Startup: Dropbox.lnk = Laurens\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: TP-LINK Wireless Client Utility.lnk = C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe
    O4 - Global Startup: UltraMon.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files (x86)\PokerStars.BE\PokerStarsUpdate.exe
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: Unibet - {B68EF49A-30F3-49DE-8DEF-9DF50FB32B6F} - C:\Microgaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\progra~2\sk-enh~1\psupport.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
    O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - D:\SMITE\HiPatchService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
    O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TpMediaServer - Unknown owner - C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13983 bytes
    //laurens\\

  2. #2
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.205
    Bedankt
    2.705 keer in 1.758 posts
    Tja, als je louche zaken download kun je wel eens prijs hebben hé.
    Kun je ook eens de log van MBAM posten aub, deze van voor je alles verwijderde?

  3. De volgende gebruiker bedankt Rosty voor deze nuttige post:

    Laurens (27 November 2013)

  4. #3
    Up-to-date  
    Geregistreerd
    29 December 2005
    Berichten
    59
    Bedankjes
    15
    Bedankt
    2 keer in 2 posts
    Ja het voelde twijfelachtig aan, en die ene keer dat ik eens gokte was het raak ^^

    Bij deze dat logje:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.11.26.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16736
    Laurens :: LAURENS-PC [administrator]

    26/11/2013 17:08:48
    mbam-log-2013-11-26 (17-08-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 271668
    Time elapsed: 15 minute(s), 43 second(s)

    Memory Processes Detected: 1
    C:\ProgramData\QuickSet\Sk-Enhancer\Sk-Enhancer.exe (PUP.Optional.MultiPlug.A) -> 6168 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 16
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\S-5902107913 (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{306299B0-757D-AF25-40C8-77B4076C9DEE} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{306299B0-757D-AF25-40C8-77B4076C9DEE} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{306299B0-757D-AF25-40C8-77B4076C9DEE} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{6546E590-955A-F3E4-5C95-6B75F24D8826} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{6546E590-955A-F3E4-5C95-6B75F24D8826} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{6546E590-955A-F3E4-5C95-6B75F24D8826} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{63CA9159-6F65-6E59-5DCA-AA04FDF9A7EB} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{63CA9159-6F65-6E59-5DCA-AA04FDF9A7EB} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{63CA9159-6F65-6E59-5DCA-AA04FDF9A7EB} (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SP_4e24eecb (PUP.OPtional.Websearch.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> Quarantined and deleted successfully.
    HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.WebSearchInfo) -> Data: {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} -> Quarantined and deleted successfully.

    Registry Data Items Detected: 4
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Bad: (c:\progra~2\sk-enh~1\psupport.dll) Good: () -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.OPtional.Websearch.A) -> Bad: (c:\progra~2\websea~1\sprote~1.dll) Good: () -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Bad: (http://websearch.searchbomb.info/?pi...cc=BE&unqvl=42) Good: (http://www.google.com) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Bad: (http://websearch.searchbomb.info/?pi...cc=BE&unqvl=42) Good: (http://www.google.com) -> Quarantined and repaired successfully.

    Folders Detected: 6
    C:\Program Files (x86)\WebSearch (PUP.OPtional.Websearch.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchNewTab (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.
    C:\ProgramData\SearchNewTab (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\mt_ffx\Delta\d elta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\mt_ffx\Delta\d elta\1.8.22.0 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.

    Files Detected: 34
    C:\ProgramData\QuickSet\Sk-Enhancer\Sk-Enhancer.exe (PUP.Optional.MultiPlug.A) -> Delete on reboot.
    C:\Program Files (x86)\Sk-Enhancer\psupport.dll (PUP.Optional.SProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchNewTab\wxnb5ywvC_.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\surf. andd keeep\MpFXBaP1.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\YoutubeAdblocker\RjD.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\nscB634.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\nshB47E.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\nsm67D3.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\nsmB2C8.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\nsr661D.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\nsw51F2.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\nsw6477.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\OGCXxsTm.exe.p art (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\sPbZQww1.exe.p art (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\utt376D.tmp.ex e (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\0EF7D1FB-BAB0-7891-B471-F42F57854032\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\0EF7D1FB-BAB0-7891-B471-F42F57854032\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\0EF7D1FB-BAB0-7891-B471-F42F57854032\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\0EF7D1FB-BAB0-7891-B471-F42F57854032\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\AppData\Local\Temp\0EF7D1FB-BAB0-7891-B471-F42F57854032\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\Downloads\RemoveWAT 2.2.7 Windows 7 activation working.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
    C:\Users\Laurens\Local Settings\Temporary Internet Files\Content.IE5\9WPC5KKX\psupport_install[1].exe (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\Local Settings\Temporary Internet Files\Content.IE5\ELGJOE2B\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\Local Settings\Temporary Internet Files\Content.IE5\JCYXC44V\DeltaTB[1].exe (PUP.Optional.DeltaTB) -> Quarantined and deleted successfully.
    C:\Users\Laurens\Local Settings\Temporary Internet Files\Content.IE5\JCYXC44V\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\Local Settings\Temporary Internet Files\Content.IE5\LULGTBPB\agent2[1].exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    C:\Users\Laurens\Local Settings\Temporary Internet Files\Content.IE5\LULGTBPB\ezdownloader[1].exe (PUP.Optional.EZDownloader.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\WebSearch\sprotector.dll (PUP.OPtional.Websearch.A) -> Delete on reboot.
    C:\Program Files (x86)\WebSearch\uninstall.exe (PUP.OPtional.Websearch.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchNewTab\wxnb5ywvC_.tlb (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchNewTab\wxnb5ywvC_.dat (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchNewTab\wxnb5ywvC_.x64.dll (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.
    C:\ProgramData\SearchNewTab\tzlNFVWxnry.dat (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.
    C:\ProgramData\SearchNewTab\tzlNFVWxnry.exe (PUP.Optional.SearchNewTab) -> Quarantined and deleted successfully.

    (end)
    //laurens\\

  5. #4
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.205
    Bedankt
    2.705 keer in 1.758 posts
    We gaan nog eens kijken of er nog iets achtergebleven is.

    Download AdwCleaner by Xplode naar het bureaublad.
    • Sluit alle openstaande vensters.
    • Dubbelklik op AdwCleaner om hem te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
    • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Klik vervolgens op Scan.
    • Klik vervolgens op Clean als er items zijn gevonden.
    • Klik bij Herstarten Noodzakelijk op OK


    Nadat de PC opnieuw is opgestart, opent meestal een logfile.
    Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[S0].txt

  6. De volgende gebruiker bedankt Rosty voor deze nuttige post:

    Laurens (27 November 2013)

  7. #5
    Up-to-date  
    Geregistreerd
    29 December 2005
    Berichten
    59
    Bedankjes
    15
    Bedankt
    2 keer in 2 posts
    Hey,

    AdwCleaner vond nog wat rotzooi en heeft die verwijderd, vlak op het einde van het verwijderen hing de software wel even vast, en moest ik het forcequitten. Ik deed de scan opnieuw en alles was reeds weg, bijgevolg is mijn logje dus ook leeg denk ik..

    # AdwCleaner v3.013 - Report created 27/11/2013 at 12:34:27
    # Updated 24/11/2013 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Laurens - LAURENS-PC
    # Running from : C:\Users\Laurens\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16736


    -\\ Mozilla Firefox v25.0.1 (en-US)

    [ File : C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [3830 octets] - [27/11/2013 12:31:44]
    AdwCleaner[R1].txt - [1011 octets] - [27/11/2013 12:33:47]
    AdwCleaner[S0].txt - [3866 octets] - [27/11/2013 12:33:22]
    AdwCleaner[S1].txt - [934 octets] - [27/11/2013 12:34:27]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [993 octets] ##########





    Op het eerste zicht & gevoel lijkt alles nu wel opgelost
    //laurens\\

  8. #6
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.205
    Bedankt
    2.705 keer in 1.758 posts
    Hou me op de hoogte hoe alles nu werkt.

  9. De volgende gebruiker bedankt Rosty voor deze nuttige post:

    Laurens (27 November 2013)

  10. #7
    Up-to-date  
    Geregistreerd
    29 December 2005
    Berichten
    59
    Bedankjes
    15
    Bedankt
    2 keer in 2 posts
    Hallo, het is jammer genoeg verergerd dus de problemen zijn nog niet opgelost.

    Ik zit nu met overal reclame op mijn browser, en van die vervelende gekleurde woordjes. Hier is een screenshotje: http://i.imgur.com/4leRTiO.png



    Ondernomen stappen:

    1) Malwarebytes scan

    Scan vond niets

    2) Gmer log

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-11-30 12:55:39
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB
    Running: k7wn15ei.exe; Driver: C:\Users\Laurens\AppData\Local\Temp\kxriafog.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLoo kasideList + 544 fffff80002ffb000 63 bytes [00, 00, 0D, 02, 41, 76, 67, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLoo kasideList + 728 fffff80002ffb0b8 25 bytes [00, 01, 5B, DE, 67, EC, BC, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077351465 2 bytes [35, 77]
    .text C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773514bb 2 bytes [35, 77]
    .text ... * 2
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077351465 2 bytes [35, 77]
    .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773514bb 2 bytes [35, 77]
    .text ... * 2
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2456] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072ff1a22 2 bytes [FF, 72]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2456] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072ff1ad0 2 bytes [FF, 72]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2456] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072ff1b08 2 bytes [FF, 72]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2456] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072ff1bba 2 bytes [FF, 72]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2456] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072ff1bda 2 bytes [FF, 72]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077351465 2 bytes [35, 77]
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773514bb 2 bytes [35, 77]
    .text ... * 2
    .text C:\Program Files (x86)\BlueStacks\HD-Service.exe[2704] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077351465 2 bytes [35, 77]
    .text C:\Program Files (x86)\BlueStacks\HD-Service.exe[2704] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000773514bb 2 bytes [35, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077351465 2 bytes [35, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773514bb 2 bytes [35, 77]
    .text ... * 2
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077351465 2 bytes [35, 77]
    .text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773514bb 2 bytes [35, 77]
    .text ... * 2
    .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077351465 2 bytes [35, 77]
    .text C:\Program Files (x86)\BlueStacks\HD-Agent.exe[5176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773514bb 2 bytes [35, 77]
    .text ... * 2
    .text C:\Users\Laurens\AppData\Roaming\Dropbox\bin\Dropb ox.exe[5740] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077351465 2 bytes [35, 77]
    .text C:\Users\Laurens\AppData\Roaming\Dropbox\bin\Dropb ox.exe[5740] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000773514bb 2 bytes [35, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[7084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077351465 2 bytes [35, 77]
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[7084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773514bb 2 bytes [35, 77]
    .text ... * 2

    ---- EOF - GMER 2.1 ----


    3) DDS LOG

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 1.6.0_38
    Run by Laurens at 12:56:43 on 2013-11-30
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.8191.3178 [GMT 1:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    D:\SMITE\HiPatchService.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
    C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\BlueStacks\HD-Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\BlueStacks\HD-Network.exe
    C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
    C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Users\Laurens\AppData\Roaming\Spotify\Data\Spot ifyWebHelper.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
    C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Users\Laurens\AppData\Roaming\Dropbox\bin\Dropb ox.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_9_900_152.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_9_900_152.exe
    C:\Windows\system32\SndVol.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Google Update] "C:\Users\Laurens\AppData\Local\Google\Update\Goog leUpdate.exe" /c
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Facebook Update] "C:\Users\Laurens\AppData\Local\Facebook\Update\Fa cebookUpdate.exe" /c /nocrashserver
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [Steam] "D:\Steam\steam.exe" -silent
    uRun: [Spotify] "C:\Users\Laurens\AppData\Roaming\Spotify\spotify. exe" /uri spotify:autostart
    uRun: [Spotify Web Helper] "C:\Users\Laurens\AppData\Roaming\Spotify\Data\Spo tifyWebHelper.exe"
    uRun: [uTorrent] "C:\Users\Laurens\AppData\Roaming\uTorrent\uTorren t.exe" /MINIMIZED
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    StartupFolder: C:\Users\Laurens\AppData\Roaming\MICROS~1\Windows\ STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Laurens\AppData\Roaming\Dropbox\bin\Dropb ox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\TP-LIN~1.LNK - C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\UltraMon.lnk - C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files (x86)\PokerStars.BE\PokerStarsUpdate.exe
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{19076AF2-B1F5-4036-8BF1-C780EE202C37} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{46698909-A3B3-43AB-A8C5-FD1D32A9D50A} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{65969807-AFC9-43BF-B245-F6A54D98A36F} : DHCPNameServer = 192.168.42.129
    TCP: Interfaces\{D1789F4B-4919-45B7-8F81-8B329E15ADBA} : DHCPNameServer = 192.168.42.129
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= c:\progra~2\sk-enh~1\psupport.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: SearchNewTab: {306299B0-757D-AF25-40C8-77B4076C9DEE} -
    x64-BHO: YoutubeAdblocker: {63CA9159-6F65-6E59-5DCA-AA04FDF9A7EB} -
    x64-BHO: surf. andd keeep: {6546E590-955A-F3E4-5C95-6B75F24D8826} -
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Users\Laurens\AppData\Local\Facebook\Video\Skyp e\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Laurens\AppData\Local\Google\Update\1.3.2 1.165\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Laurens\AppData\LocalLow\Unity\WebPlayer\ loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_90 0_152.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-10-22 22:30; youtubemp3podcaster@jeremy.d.gregorio.com; C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\youtubemp3podc aster@jeremy.d.gregorio.com
    FF - ExtSQL: 2013-11-12 19:30; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: 2013-11-26 17:02; s_r@u-oaa.edu; C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\s_r@u-oaa.edu
    FF - ExtSQL: 2013-11-26 17:02; aw4-ma@oayay-uouy.net; C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\aw4-ma@oayay-uouy.net
    FF - ExtSQL: 2013-11-26 17:03; eo533g@auu-jdhyoyo.net; C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\eo533g@auu-jdhyoyo.net
    FF - ExtSQL: !HIDDEN! 2013-11-12 19:30; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\SMITE\HiPatchService.exe [2012-7-31 8704]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgi dsha.sys [2013-7-20 71480]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
    R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.s ys [2013-8-5 14456]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.0 0E\symds64.sys [2013-2-6 451192]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309 010.00E\symefa64.sys [2013-2-6 1129120]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\driv ers\avgidsdrivera.sys [2013-7-20 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\ 20120531.001\BHDrvx64.sys [2012-6-6 1160824]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010 .00E\ccsetx64.sys [2013-2-6 167072]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-3 283200]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\2 0120605.001\IDSviA64.sys [2012-6-6 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010. 00E\ironx64.sys [2013-2-6 190072]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010. 00E\symnets.sys [2013-2-6 405624]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
    R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-9-19 393032]
    R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-9-19 70984]
    R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-9-19 384840]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-6 138272]
    R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe [2012-6-25 374112]
    R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe [2012-6-25 451936]
    R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2012-8-24 20512]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-6-12 66728]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-10-18 38424]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominipor t.sys [2012-3-14 20992]
    S3 TpMediaServer;TpMediaServer;C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe [2012-6-25 619872]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUs bFlt.sys [2012-2-24 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-23 1255736]
    S3 zghsdiag;ZTE General Handset Diagnostic Port;C:\Windows\System32\drivers\zghsdiag.sys [2011-1-13 122624]
    S3 zghsmdm;ZTE General Handset USB Modem Proprietary;C:\Windows\System32\drivers\zghsmdm.sy s [2011-1-13 122624]
    S3 zghsnmea;ZTE General Handset NMEA Port;C:\Windows\System32\drivers\zghsnmea.sys [2011-1-13 122624]
    .
    =============== Created Last 30 ================
    .
    2013-11-27 11:38:29 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-11-27 11:31:01 -------- d-----w- C:\AdwCleaner
    2013-11-26 16:15:15 -------- d-----w- C:\Program Files (x86)\Common Files\Realtime Soft
    2013-11-26 16:15:14 -------- d-----w- C:\ProgramData\Realtime Soft
    2013-11-26 16:15:14 -------- d-----w- C:\Program Files\UltraMon
    2013-11-26 16:02:43 -------- d-----w- C:\Program Files (x86)\Sk-Enhancer
    2013-11-26 16:02:30 -------- d-----w- C:\Users\Laurens\AppData\Local\Packages
    2013-11-26 16:02:24 -------- d-----w- C:\ProgramData\a177ab2d8942ecb6
    2013-11-26 16:01:40 -------- d-----w- C:\ProgramData\InstallMate
    2013-11-17 03:13:23 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B9620FD-F0FB-4EAA-AE87-29ECAF0AC616}\mpengine.dll
    2013-11-14 00:57:35 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-11-14 00:56:46 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2013-11-12 18:32:49 -------- d-----w- C:\ProgramData\WEBREG
    2013-11-12 18:32:37 -------- d-----w- C:\Users\Laurens\AppData\Local\HP
    2013-11-12 18:28:50 -------- d-----w- C:\Windows\SysWow64\spool
    2013-11-12 18:27:57 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
    2013-11-12 18:27:38 -------- d-----w- C:\Program Files (x86)\Common Files\HP
    2013-11-12 18:25:19 -------- d-----w- C:\Program Files (x86)\HP
    2013-11-12 18:25:02 -------- d-----w- C:\Program Files\HP
    2013-11-12 18:24:24 642360 ----a-w- C:\Windows\System32\hpzids40.dll
    .
    ==================== Find3M ====================
    .
    2013-11-26 16:39:01 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-11-26 16:39:01 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
    2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
    2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
    2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
    2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
    2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
    2013-10-06 17:21:03 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
    2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
    2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
    2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
    2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
    2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
    2013-09-05 00:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    .
    ============= FINISH: 12:57:18,69 ===============


    4) HJT log

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 13:02:52, on 30/11/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16736)
    CHROME: 31.0.1650.57
    FIREFOX: 25.0.1 (en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
    C:\Users\Laurens\AppData\Roaming\Spotify\Data\Spot ifyWebHelper.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Air Mouse\Air Mouse\Mobile Mouse Service.exe
    C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe
    C:\Users\Laurens\AppData\Roaming\Dropbox\bin\Dropb ox.exe
    C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_9_900_152.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_9_900_152.exe
    C:\Users\Laurens\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Laurens\AppData\Local\Google\Update\Goog leUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Laurens\AppData\Local\Facebook\Update\Fa cebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Laurens\AppData\Roaming\Spotify\spotify. exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Laurens\AppData\Roaming\Spotify\Data\Spo tifyWebHelper.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Users\Laurens\AppData\Roaming\uTorrent\uTorren t.exe" /MINIMIZED
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
    O4 - Startup: Dropbox.lnk = Laurens\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: TP-LINK Wireless Client Utility.lnk = C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe
    O4 - Global Startup: UltraMon.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files (x86)\PokerStars.BE\PokerStarsUpdate.exe
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: Unibet - {B68EF49A-30F3-49DE-8DEF-9DF50FB32B6F} - C:\Microgaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\progra~2\sk-enh~1\psupport.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
    O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - D:\SMITE\HiPatchService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
    O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TpMediaServer - Unknown owner - C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14089 bytes



    5) ???
    //laurens\\

  11. #8
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.205
    Bedankt
    2.705 keer in 1.758 posts
    Citaat Oorspronkelijk geplaatst door Laurens Bekijk bericht
    Hallo, het is jammer genoeg verergerd dus de problemen zijn nog niet opgelost.

    Ik zit nu met overal reclame op mijn browser, en van die vervelende gekleurde woordjes. Hier is een screenshotje: http://i.imgur.com/4leRTiO.png
    Het screenshotje zijn de instructies van MBAM!!

    Download ComboFix van één van deze locaties:
    Link 1
    Link 2

    * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op
    • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
      Klik hier
      Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
    • Dubbeklik op ComboFix.exe en volg de meldingen op het scherm.
    • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
      **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
    • Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.



    Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:



    Klik op Ja om verder te gaan met het scannen naar malware.

    Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

  12. #9
    Up-to-date  
    Geregistreerd
    29 December 2005
    Berichten
    59
    Bedankjes
    15
    Bedankt
    2 keer in 2 posts
    Citaat Oorspronkelijk geplaatst door Rosty Bekijk bericht
    Het screenshotje zijn de instructies van MBAM!!
    Inderdaad, maar zie je die groene onderlijnde woordjes enzo? Ik wou gewoon aantonen dat echt alle paginas er zo uitzien. Als ik daarover hover krijg ik free ipad reclame en andere ellende

    Bij deze het combofix logje


    ComboFix 13-11-27.01 - Laurens 01/12/2013 15:09:47.1.6 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1033.18.8191.4875 [GMT 1:00]
    Gestart vanuit: c:\users\Laurens\Desktop\ComboFix.exe
    AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
    SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\STF9525.tmp
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlmppbmdhhickldcbfjmkfcca debode
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlmppbmdhhickldcbfjmkfcca debode\2.19\background.html
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlmppbmdhhickldcbfjmkfcca debode\2.19\content.js
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlmppbmdhhickldcbfjmkfcca debode\2.19\DjYhbQnEmt.js
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlmppbmdhhickldcbfjmkfcca debode\2.19\lsdb.js
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlmppbmdhhickldcbfjmkfcca debode\2.19\manifest.json
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlmppbmdhhickldcbfjmkfcca debode\2.19\sqlite.js
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifdikpmmhaeapjcjhkcjbgbdf gkaldc
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifdikpmmhaeapjcjhkcjbgbdf gkaldc\1.0\background.html
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifdikpmmhaeapjcjhkcjbgbdf gkaldc\1.0\bz1zW.js
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifdikpmmhaeapjcjhkcjbgbdf gkaldc\1.0\content.js
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifdikpmmhaeapjcjhkcjbgbdf gkaldc\1.0\lsdb.js
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifdikpmmhaeapjcjhkcjbgbdf gkaldc\1.0\manifest.json
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifdikpmmhaeapjcjhkcjbgbdf gkaldc\1.0\sqlite.js
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nholaajjeijgooioiojambhmcf emmhna
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nholaajjeijgooioiojambhmcf emmhna\1.0\background.html
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nholaajjeijgooioiojambhmcf emmhna\1.0\content.js
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nholaajjeijgooioiojambhmcf emmhna\1.0\hn8eIOoxwLct.js
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nholaajjeijgooioiojambhmcf emmhna\1.0\lsdb.js
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nholaajjeijgooioiojambhmcf emmhna\1.0\manifest.json
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nholaajjeijgooioiojambhmcf emmhna\1.0\newtab.html
    c:\users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nholaajjeijgooioiojambhmcf emmhna\1.0\sqlite.js
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\aw4-ma@oayay-uouy.net
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\aw4-ma@oayay-uouy.net\bootstrap.js
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\aw4-ma@oayay-uouy.net\chrome.manifest
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\aw4-ma@oayay-uouy.net\content\bg.js
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\aw4-ma@oayay-uouy.net\install.rdf
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\eo533g@auu-jdhyoyo.net
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\eo533g@auu-jdhyoyo.net\bootstrap.js
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\eo533g@auu-jdhyoyo.net\chrome.manifest
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\eo533g@auu-jdhyoyo.net\content\bg.js
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\eo533g@auu-jdhyoyo.net\install.rdf
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\s_r@u-oaa.edu
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\s_r@u-oaa.edu\bootstrap.js
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\s_r@u-oaa.edu\chrome.manifest
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\s_r@u-oaa.edu\content\bg.js
    c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\s_r@u-oaa.edu\install.rdf
    c:\windows\SysWow64\FlashPlayerApp.exe
    D:\install.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_NPF
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-11-01 to 2013-12-01 ))))))))))))))))))))))))))))))
    .
    .
    2013-12-01 14:22 . 2013-12-01 14:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-12-01 14:22 . 2013-12-01 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-12-01 14:22 . 2013-12-01 14:22 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2013-11-30 19:31 . 2013-11-30 19:31 -------- d-----w- c:\users\Laurens\AppData\Roaming\Lavasoft
    2013-11-30 19:22 . 2013-11-30 19:22 -------- d-----w- c:\program files\Lavasoft
    2013-11-30 19:21 . 2013-11-30 19:21 -------- d-----w- c:\program files\Common Files\Lavasoft
    2013-11-30 19:20 . 2013-11-30 19:20 -------- d-----w- c:\programdata\Lavasoft
    2013-11-30 19:18 . 2013-11-30 19:18 -------- d-----w- c:\programdata\Licenses
    2013-11-30 19:18 . 2013-11-30 19:18 -------- d-----w- c:\program files (x86)\SpywareBlaster
    2013-11-30 19:18 . 2009-03-24 11:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
    2013-11-27 11:31 . 2013-11-27 11:34 -------- d-----w- C:\AdwCleaner
    2013-11-26 16:15 . 2013-11-26 16:15 -------- d-----w- c:\program files (x86)\Common Files\Realtime Soft
    2013-11-26 16:15 . 2013-11-26 16:15 -------- d-----w- c:\program files\UltraMon
    2013-11-26 16:15 . 2013-11-26 16:15 -------- d-----w- c:\programdata\Realtime Soft
    2013-11-26 16:02 . 2013-12-01 13:51 -------- d-----w- c:\program files (x86)\Sk-Enhancer
    2013-11-26 16:02 . 2013-11-26 16:02 -------- d-----w- c:\users\Laurens\AppData\Local\Packages
    2013-11-26 16:02 . 2013-11-26 16:03 -------- d-----w- c:\programdata\a177ab2d8942ecb6
    2013-11-26 16:01 . 2013-11-26 16:03 -------- d-----w- c:\programdata\InstallMate
    2013-11-17 03:13 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B9620FD-F0FB-4EAA-AE87-29ECAF0AC616}\mpengine.dll
    2013-11-14 00:56 . 2013-11-14 00:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2013-11-12 18:32 . 2013-11-12 18:32 -------- d-----w- c:\programdata\WEBREG
    2013-11-12 18:32 . 2013-11-12 18:33 -------- d-----w- c:\users\Laurens\AppData\Roaming\HP
    2013-11-12 18:32 . 2013-11-12 18:32 -------- d-----w- c:\users\Laurens\AppData\Local\HP
    2013-11-12 18:29 . 2013-11-12 18:29 -------- d-----w- c:\programdata\HP Product Assistant
    2013-11-12 18:28 . 2013-11-12 18:28 -------- d-----w- c:\windows\SysWow64\spool
    2013-11-12 18:27 . 2013-11-12 18:27 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
    2013-11-12 18:27 . 2013-11-12 18:27 -------- d-----w- c:\program files (x86)\Common Files\HP
    2013-11-12 18:25 . 2013-11-12 18:29 -------- d-----w- c:\program files (x86)\HP
    2013-11-12 18:25 . 2013-11-12 18:25 -------- d-----w- c:\program files\HP
    2013-11-12 18:24 . 2013-11-12 18:32 -------- d-----w- c:\programdata\HP
    2013-11-12 18:24 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2013-11-26 16:39 . 2012-02-21 18:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-10-06 17:21 . 2012-09-08 15:41 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2013-10-05 23:06 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wl idui.dll
    2013-10-05 23:06 . 2009-08-18 09:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
    2013-09-05 00:43 . 2013-09-05 00:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\Laurens\AppData\Roaming\Dropbox\bin\Dropb oxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\Laurens\AppData\Roaming\Dropbox\bin\Dropb oxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\Laurens\AppData\Roaming\Dropbox\bin\Dropb oxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\Laurens\AppData\Roaming\Dropbox\bin\Dropb oxExt.22.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17145992]
    "Facebook Update"="c:\users\Laurens\AppData\Local\Facebook\U pdate\FacebookUpdate.exe" [2012-07-11 138096]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
    "Steam"="d:\steam\steam.exe" [2013-10-30 1820584]
    "Spotify"="c:\users\Laurens\AppData\Roaming\Spotif y\spotify.exe" [2013-07-09 4640768]
    "Spotify Web Helper"="c:\users\Laurens\AppData\Roaming\Spotify\ Data\SpotifyWebHelper.exe" [2013-07-09 1104384]
    "uTorrent"="c:\users\Laurens\AppData\Roaming\uTorr ent\uTorrent.exe" [2013-11-16 900440]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-09-23 4411952]
    "BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-09-19 606024]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    .
    c:\users\Laurens\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Laurens\AppData\Roaming\Dropbox\bin\Dropb ox.exe /systemstartup [2013-11-1 29769432]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2012-9-23 1600512]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    TP-LINK Wireless Client Utility.lnk - c:\program files (x86)\TP-LINK\COMMON\TWCU.exe -s [2012-6-25 10918400]
    UltraMon.lnk - c:\windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico /auto [2013-11-26 29310]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys; c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\win dows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows \SYSNATIVE\GameMon.des [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3 dvsc.sys [x]
    R3 TpMediaServer;TpMediaServer;c:\program files (x86)\TP-LINK\COMMON\RaMediaServer.exe;c:\program files (x86)\TP-LINK\COMMON\RaMediaServer.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys; c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c: \windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys;c:\w indows\SYSNATIVE\DRIVERS\zghsdiag.sys [x]
    R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sy s;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
    R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys;c:\w indows\SYSNATIVE\DRIVERS\zghsnmea.sys [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgi dsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\ windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c: \windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c: \windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.s ys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.0 0E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64 \1309010.00E\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309 010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\ NISx64\1309010.00E\SYMEFA64.SYS [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS \avgidsdrivera.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c: \windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\ windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\ 20120531.001\BHDrvx64.sys;c:\programdata\Norton\{0 C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\ 20120531.001\BHDrvx64.sys [x]
    S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010 .00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NIS x64\1309010.00E\ccSetx64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys ;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\2 0120605.001\IDSvia64.sys;c:\programdata\Norton\{0C 55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\2 0120605.001\IDSvia64.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010. 00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx6 4\1309010.00E\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010. 00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx6 4\1309010.00E\SYMNETS.SYS [x]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
    S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
    S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
    S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe;c:\progra m files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [x]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]
    S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\TP-LINK\COMMON\RaRegistry64.exe;c:\program files (x86)\TP-LINK\COMMON\RaRegistry64.exe [x]
    S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\ program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\ windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\w indows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys; c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    .
    .
    --- Andere Services/Drivers In Geheugen ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-05-07 16:39]
    .
    2013-11-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-115736761-1819018865-2380374774-1001Core.job
    - c:\users\Laurens\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-06-03 20:43]
    .
    2013-12-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-115736761-1819018865-2380374774-1001UA.job
    - c:\users\Laurens\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2012-06-03 20:43]
    .
    2013-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-115736761-1819018865-2380374774-1001Core.job
    - c:\users\Laurens\AppData\Local\Google\Update\Googl eUpdate.exe [2012-02-21 06:15]
    .
    2013-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-115736761-1819018865-2380374774-1001UA.job
    - c:\users\Laurens\AppData\Local\Google\Update\Googl eUpdate.exe [2012-02-21 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\Laurens\AppData\Roaming\Dropbox\bin\Dropb oxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\Laurens\AppData\Roaming\Dropbox\bin\Dropb oxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\Laurens\AppData\Roaming\Dropbox\bin\Dropb oxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\Laurens\AppData\Roaming\Dropbox\bin\Dropb oxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe" [2013-10-18 2493272]
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {{878AC5FC-BE78-4bae-896C-7F75B790A71E} - c:\program files (x86)\PokerStars.BE\PokerStarsUpdate.exe
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/
    FF - ExtSQL: 2013-10-22 22:30; youtubemp3podcaster@jeremy.d.gregorio.com; c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\youtubemp3podc aster@jeremy.d.gregorio.com
    FF - ExtSQL: 2013-11-12 19:30; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: 2013-11-26 17:02; s_r@u-oaa.edu; c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\s_r@u-oaa.edu
    FF - ExtSQL: 2013-11-26 17:02; aw4-ma@oayay-uouy.net; c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\aw4-ma@oayay-uouy.net
    FF - ExtSQL: 2013-11-26 17:03; eo533g@auu-jdhyoyo.net; c:\users\Laurens\AppData\Roaming\Mozilla\Firefox\P rofiles\j1f801l7.default\extensions\eo533g@auu-jdhyoyo.net
    FF - ExtSQL: !HIDDEN! 2013-11-12 19:30; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    BHO-{306299B0-757D-AF25-40C8-77B4076C9DEE} - c:\program files (x86)\SearchNewTab\wxnb5ywvC_.x64.dll
    BHO-{63CA9159-6F65-6E59-5DCA-AA04FDF9A7EB} - c:\program files (x86)\YoutubeAdblocker\RjD.x64.dll
    BHO-{6546E590-955A-F3E4-5C95-6B75F24D8826} - c:\program files (x86)\surf. andd keeep\MpFXBaP1.x64.dll
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
    AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\programdata\YoutubeAdblocker\cj_b.exe
    AddRemove-{A35CA8FF-CB7D-8361-1CB9-83219CD11C78} - c:\programdata\surf. andd keeep\LvyZimARe.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N IS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\n pggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00 ,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\TP-LINK\COMMON\RaRegistry.exe
    c:\program files (x86)\TP-LINK\COMMON\TWCU.exe
    c:\users\Laurens\AppData\Roaming\Dropbox\bin\Dropb ox.exe
    c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    .
    ************************************************** ************************
    .
    Voltooingstijd: 2013-12-01 15:45:27 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-12-01 14:45
    .
    Pre-Run: 1.101.840.384 bytes free
    Post-Run: 5.072.338.944 bytes free
    .
    - - End Of File - - 6DAFD5F53062F285DF124A63C4A0E0C4
    A36C5E4F47E84449FF07ED3517B43A31
    //laurens\\

  13. #10
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.205
    Bedankt
    2.705 keer in 1.758 posts
    Wil je nu nog eens de intructies met adwCleaner uitvoeren aub? En dan deze log posten.

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. Veel last van ongewenste reclame
    Door Danny_506 in forum HijackThis
    Reacties: 8
    Laatste bericht: 18 July 2006, 19:21
  2. last van trojaan...
    Door PorkyFrost in forum HijackThis
    Reacties: 34
    Laatste bericht: 24 June 2006, 17:32
  3. last van tekst : audio track ... in een film
    Door Sille in forum Tips & Trucs
    Reacties: 0
    Laatste bericht: 1 May 2006, 13:17
  4. last van error safe !!
    Door gentle suzy in forum HijackThis
    Reacties: 5
    Laatste bericht: 24 January 2006, 22:53
  5. last van Trojanvirussen
    Door siegy in forum Malware
    Reacties: 5
    Laatste bericht: 17 January 2006, 13:56

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •