Monda

Oke helder. Dan laat ik dat lekker zo. Geen zin om nog al die moeite te doen, als het toch niet zo veel uitmaakt. Ik wil jullie hartelijk bedanken voor het meedenken en oplossen van mijn probleem!

Super! Het heeft gewerkt hoor. Security Center lijkt t weer te doen. Allemaal heel erg bedankt hiervoor! Ik dacht ik check nog een keer via sfc /scannow, nu we toch bezig zijn. Zag nog wel een boel fouten (denk ik). Moet/kan ik hier nog iets mee? Voor de zekerheid het logje bijgevoegd. sfcdetails.txt

Dankje, ik ga het zo uitvoeren. Heb alleen 1 vraagje nog. Mijn vrouw is bezig met het maken van een fotoboek binnen een programma, dit is behoorlijk wat werk geweest tot nu toe. Kan dit geen negatieve gevolgen hebben hiervoor, of wordt dit opgevangen door de ingebouwde backup functie van het programma?

sfcdetails.txt

zoek-results4.txt

zoek-results3.txt

Oh gelukkig Begon me al zorgen te maken, dankjewel. Heb het logje bijgevoegd zoek-results2.txt

Moet ik er inmiddels van uit gaan dat mijn probleem niet opgelost kan worden?

Edit: Ik heb net Windows update gedraaid en wat updates geïnstalleerd + opnieuw opgestart. Kruisje bij het vlaggetje mbt onderhoudscentrum is weer terug... (zelfde melding: Windows Security Center service is uitgeschakeld).

En waarempel! Ik zie net dat het icoontje van onderhoudscentrum geen kruisje meer geeft. Echter als ik naar services ga, kan ik de service " Security Center" nog niet starten. Ik heb een screenshot van Security Center bijgevoegd. Volgens mij ontbreekt hier bijv nog Windows Firewall. Maar ik kan t mis hebben. Deze service staat in de lijst met services wel gestart.

AdwCleanerC1.txt

Oke duidelijk! Het logbestand van "zoek.exe" bijgevoegd. zoek-results.txt

Dankjewel! Ik zie iets in dat script staan over combofix. Dat programmaatje had ik al verwijderd, is die nodig voor dit proces?

Ah ik snap t. Helder! Ik wacht t wel rustig af.

Oke top! Even puur voor het idee... Moet ik rekening houden met een aantal uren of kan dat ook een aantal dagen duren?

Hartelijk dank! Excuses voor het verkeerd posten. Ik heb het logbestand als bijlage toegevoegd. log.txt

Goedemiddag! Ik ben op dit forum terecht gekomen door zoeken naar vergelijkbare problemen. Ik hoop dat jullie mij kunnen helpen. Ik kreeg een tijd terug de melding dat Security Center was uitgeschakeld. Deze weer inschakelen via services werkt niet. Ik krijg dan de melding: Kan de Security Center service op lokale computer niet starten. Ik heb het gevoel dat mn pc niet veilig is. Wellicht wordt dit veroorzaakt door een virus? Ik heb op dit forum een aantal dingen gevonden en uitgevoerd 1. MAMB gedraaid 2. ComboFix gedraaid 3. HijackThis Ik heb hier niet zo veel verstand van dus hoop dat jullie mij verder kunnen helpen. Hieronder post ik de logbestanden van ComboFix en HijackThis. Alvast bedankt! HijackThis: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 12:50:42, on 17-8-2015 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17937) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Citrix\ICA Client\redirector.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Citrix\Receiver\Receiver.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\TimTa\Desktop\Scans\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ajaxshowtime.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: CtxIEInterceptorBHO - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\TimTa\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10999 bytes ComboFix log: ComboFix 15-08-17.01 - TimTa 17-08-2015 11:49:20.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3199.1809 [GMT 2:00] AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2015-07-17 to 2015-08-17 ))))))))))))))))))))))))))))))) . . 2015-08-17 10:01 . 2015-08-17 10:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-08-16 20:59 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F7F9965-77FD-497F-AB14-5823FE759B4F}\mpengine.dll 2015-08-15 18:24 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-08-14 20:08 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-08-14 20:08 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-14 19:29 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll 2015-08-14 19:28 . 2015-07-16 19:56 628736 ----a-w- c:\program files\Internet Explorer\jsprofilerui.dll 2015-08-14 19:22 . 2015-07-15 03:19 2004992 ----a-w- c:\windows\system32\msxml6.dll 2015-08-14 19:19 . 2015-07-10 17:51 14177280 ----a-w- c:\windows\system32\shell32.dll 2015-08-14 15:55 . 2015-07-01 16:39 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CDF18536-87D2-43CC-A1FC-D21C64734B89}\gapaengine.dll 2015-08-09 09:09 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll 2015-08-09 09:09 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll 2015-08-09 09:09 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll 2015-08-09 09:09 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll 2015-08-09 09:09 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll 2015-08-09 09:09 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll 2015-08-09 09:09 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe 2015-08-09 09:09 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-08-01 20:19 . 2015-08-14 19:54 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client 2015-08-01 20:09 . 2014-11-10 14:17 1069584 ----a-w- c:\windows\system32\dbghelp.dll 2015-07-30 18:53 . 2015-07-30 18:53 -------- d-----w- c:\programdata\ATI 2015-07-30 18:53 . 2015-07-30 18:53 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2015-07-30 18:51 . 2015-07-30 18:51 -------- d-----w- c:\program files (x86)\AMD 2015-07-30 18:48 . 2015-07-30 18:48 -------- d-----w- c:\program files\Common Files\ATI Technologies 2015-07-30 18:47 . 2015-08-01 18:34 -------- d-----w- c:\program files\AMD 2015-07-30 14:25 . 2015-07-30 14:25 -------- d-----w- c:\users\TimTa\AppData\Local\Steam 2015-07-30 14:25 . 2015-07-30 14:25 -------- d-----w- c:\users\TimTa\AppData\Local\CEF 2015-07-29 13:09 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll 2015-07-29 13:09 . 2015-05-25 18:18 879104 ----a-w- c:\windows\system32\advapi32.dll 2015-07-29 13:09 . 2015-05-25 18:01 641536 ----a-w- c:\windows\SysWow64\advapi32.dll 2015-07-29 13:07 . 2015-06-03 20:16 193536 ----a-w- c:\windows\system32\aepic.dll 2015-07-29 13:04 . 2015-05-09 18:26 493504 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll 2015-07-29 10:18 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll 2015-07-29 10:18 . 2015-04-24 17:56 530432 ----a-w- c:\windows\SysWow64\comctl32.dll 2015-07-29 10:18 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll 2015-07-29 10:18 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\SysWow64\ole32.dll 2015-07-21 13:27 . 2015-07-21 13:27 2731744 ----a-w- c:\program files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL 2015-07-21 03:57 . 2015-07-21 03:57 4379280 ----a-w- c:\program files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-08-17 09:27 . 2014-01-30 16:27 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-08-14 19:39 . 2013-06-27 13:28 132483416 ----a-w- c:\windows\system32\MRT.exe 2015-08-11 18:41 . 2013-06-27 13:48 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-08-11 18:41 . 2013-06-27 13:48 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-07-16 02:12 . 2015-07-16 02:12 78432 ----a-w- c:\windows\system32\atimpc64.dll 2015-07-16 02:12 . 2015-07-16 02:12 78432 ----a-w- c:\windows\system32\amdpcom64.dll 2015-07-16 02:12 . 2015-07-16 02:12 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll 2015-07-16 02:12 . 2015-07-16 02:12 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2015-07-16 02:11 . 2015-07-16 02:11 152056 ----a-w- c:\windows\system32\atiuxp64.dll 2015-07-16 02:11 . 2015-07-16 02:11 133016 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2015-07-16 02:11 . 2015-07-16 02:11 120144 ----a-w- c:\windows\system32\atiu9p64.dll 2015-07-16 02:11 . 2015-07-16 02:11 102616 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2015-07-16 02:11 . 2015-07-16 02:11 1445224 ----a-w- c:\windows\system32\aticfx64.dll 2015-07-16 02:11 . 2015-07-16 02:11 1193904 ----a-w- c:\windows\SysWow64\aticfx32.dll 2015-07-16 02:11 . 2015-07-16 02:11 11948704 ----a-w- c:\windows\system32\atidxx64.dll 2015-07-16 02:11 . 2015-07-16 02:11 10094152 ----a-w- c:\windows\SysWow64\atidxx32.dll 2015-07-16 02:11 . 2015-07-16 02:11 7929616 ----a-w- c:\windows\SysWow64\atiumdva.dll 2015-07-16 02:11 . 2015-07-16 02:11 7408936 ----a-w- c:\windows\SysWow64\atiumdag.dll 2015-07-16 02:11 . 2015-07-16 02:11 8893160 ----a-w- c:\windows\system32\atiumd6a.dll 2015-07-16 02:11 . 2015-07-16 02:11 8779872 ----a-w- c:\windows\system32\atiumd64.dll 2015-07-16 02:09 . 2015-07-16 02:09 297672 ----a-w- c:\windows\system32\drivers\amdacpksd.sys 2015-07-16 02:06 . 2015-07-16 02:06 21622272 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2015-07-16 02:01 . 2015-07-16 02:01 235008 ----a-w- c:\windows\system32\clinfo.exe 2015-07-16 02:01 . 2015-07-16 02:01 47785472 ----a-w- c:\windows\system32\amdocl64.dll 2015-07-16 02:00 . 2015-07-16 02:00 39714816 ----a-w- c:\windows\SysWow64\amdocl.dll 2015-07-16 01:59 . 2015-07-16 01:59 65024 ----a-w- c:\windows\system32\OpenCL.dll 2015-07-16 01:59 . 2015-07-16 01:59 59392 ----a-w- c:\windows\SysWow64\OpenCL.dll 2015-07-16 01:58 . 2015-07-16 01:58 27535872 ----a-w- c:\windows\system32\amdocl12cl64.dll 2015-07-16 01:57 . 2015-07-16 01:57 22318592 ----a-w- c:\windows\SysWow64\amdocl12cl.dll 2015-07-16 01:35 . 2015-07-16 01:35 127488 ----a-w- c:\windows\system32\mantle64.dll 2015-07-16 01:35 . 2015-07-16 01:35 113664 ----a-w- c:\windows\SysWow64\mantle32.dll 2015-07-16 01:35 . 2015-07-16 01:35 6477312 ----a-w- c:\windows\system32\amdmantle64.dll 2015-07-16 01:30 . 2015-07-16 01:30 5068288 ----a-w- c:\windows\SysWow64\amdmantle32.dll 2015-07-16 01:28 . 2015-07-16 01:28 30752256 ----a-w- c:\windows\system32\atio6axx.dll 2015-07-16 01:26 . 2015-07-16 01:26 93184 ----a-w- c:\windows\system32\mantleaxl64.dll 2015-07-16 01:26 . 2015-07-16 01:26 86528 ----a-w- c:\windows\SysWow64\mantleaxl32.dll 2015-07-16 01:25 . 2015-07-16 01:25 50688 ----a-w- c:\windows\system32\amdmmcl6.dll 2015-07-16 01:25 . 2015-07-16 01:25 39424 ----a-w- c:\windows\SysWow64\amdmmcl.dll 2015-07-16 01:22 . 2015-07-16 01:22 25299968 ----a-w- c:\windows\SysWow64\atioglxx.dll 2015-07-16 01:21 . 2015-07-16 01:21 367104 ----a-w- c:\windows\system32\atiapfxx.exe 2015-07-16 01:21 . 2015-07-16 01:21 62464 ----a-w- c:\windows\system32\aticalrt64.dll 2015-07-16 01:21 . 2015-07-16 01:21 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll 2015-07-16 01:21 . 2015-07-16 01:21 55808 ----a-w- c:\windows\system32\aticalcl64.dll 2015-07-16 01:21 . 2015-07-16 01:21 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll 2015-07-16 01:21 . 2015-07-16 01:21 15716864 ----a-w- c:\windows\system32\aticaldd64.dll 2015-07-16 01:20 . 2015-07-16 01:20 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll 2015-07-16 01:17 . 2015-07-16 01:17 442368 ----a-w- c:\windows\system32\atidemgy.dll 2015-07-16 01:17 . 2015-07-16 01:17 160256 ----a-w- c:\windows\system32\atieah64.exe 2015-07-16 01:17 . 2015-07-16 01:17 204800 ----a-w- c:\windows\system32\amdgfxinfo64.dll 2015-07-16 01:17 . 2015-07-16 01:17 143872 ----a-w- c:\windows\SysWow64\atieah32.exe 2015-07-16 01:17 . 2015-07-16 01:17 29696 ----a-w- c:\windows\system32\atimuixx.dll 2015-07-16 01:17 . 2015-07-16 01:17 189952 ----a-w- c:\windows\SysWow64\amdgfxinfo32.dll 2015-07-16 01:17 . 2015-07-16 01:17 672768 ----a-w- c:\windows\system32\atieclxx.exe 2015-07-16 01:17 . 2015-07-16 01:17 246784 ----a-w- c:\windows\system32\atiesrxx.exe 2015-07-16 01:17 . 2015-07-16 01:17 190976 ----a-w- c:\windows\system32\atitmm64.dll 2015-07-16 01:14 . 2015-07-16 01:14 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2015-07-16 01:13 . 2015-07-16 01:13 1247744 ----a-w- c:\windows\system32\atiadlxx.dll 2015-07-16 01:13 . 2015-07-16 01:13 926720 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2015-07-16 01:13 . 2015-07-16 01:13 926720 ----a-w- c:\windows\SysWow64\atiadlxx.dll 2015-07-16 01:13 . 2015-07-16 01:13 75264 ----a-w- c:\windows\system32\atig6pxx.dll 2015-07-16 01:13 . 2015-07-16 01:13 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2015-07-16 01:13 . 2015-07-16 01:13 69632 ----a-w- c:\windows\system32\atiglpxx.dll 2015-07-16 01:13 . 2015-07-16 01:13 156672 ----a-w- c:\windows\system32\atig6txx.dll 2015-07-16 01:13 . 2015-07-16 01:13 141824 ----a-w- c:\windows\SysWow64\atigktxx.dll 2015-07-16 01:13 . 2015-07-16 01:13 665088 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2015-07-16 01:12 . 2015-07-16 01:12 865792 ----a-w- c:\windows\system32\coinst_15.20.dll 2015-07-16 01:12 . 2015-07-16 01:12 102912 ----a-w- c:\windows\system32\hsa-thunk64.dll 2015-07-16 01:12 . 2015-07-16 01:12 102400 ----a-w- c:\windows\SysWow64\hsa-thunk.dll 2015-07-15 17:54 . 2015-08-14 19:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-07-15 16:32 . 2015-06-18 07:23 110688 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2015-07-01 16:39 . 2013-07-17 07:04 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2015-06-23 11:30 . 2013-06-27 09:23 300704 ------w- c:\windows\system32\MpSigStub.exe 2015-06-18 06:41 . 2014-01-30 16:25 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-06-18 06:41 . 2014-01-30 16:25 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-06-18 06:41 . 2014-01-30 16:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-06-16 14:31 . 2015-06-16 14:31 1691816 ----a-w- c:\windows\system32\FM20.DLL 2015-05-31 18:00 . 2015-06-18 07:44 126976 ----a-w- c:\windows\system32\ff_vfw.dll 2015-05-31 18:00 . 2015-06-18 07:44 112128 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2015-05-26 22:28 . 2015-05-26 22:28 98816 ----a-w- c:\windows\system32\OpenVideo64.dll 2015-05-26 22:28 . 2015-05-26 22:28 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2015-05-26 22:28 . 2015-05-26 22:28 86528 ----a-w- c:\windows\system32\OVDecode64.dll 2015-05-26 22:28 . 2015-05-26 22:28 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-04-14 15:19 1729752 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-04-14 15:19 1729752 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-04-14 15:19 1729752 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\TimTa\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-08-05 2018360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-07-15 767176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;tsusbhub [x] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x] S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x] S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . Contents of the 'Scheduled Tasks' folder . 2015-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-27 18:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-04-14 15:14 2334936 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-04-14 15:14 2334936 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-04-14 15:14 2334936 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.ajaxshowtime.com/ mLocal Page = c:\windows\SYSTEM32\blank.htm IE: &Verzenden naar OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 195.121.1.34 195.121.1.66 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3023224 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3035490 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3037581 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-790048904-797808528-2902581416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-790048904-797808528-2902581416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.18" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-08-17 12:05:29 ComboFix-quarantined-files.txt 2015-08-17 10:05 . Pre-Run: 841.773.817.856 bytes beschikbaar Post-Run: 841.592.307.712 bytes beschikbaar . - - End Of File - - 4EDE314488E89B22D0DD5FBC62BED50C A36C5E4F47E84449FF07ED3517B43A31

Sorry! verkeerde topic! Goede binnenkomer Ik post m nu in de juiste...

Goedemiddag! Ik ben op dit forum terecht gekomen door zoeken naar vergelijkbare problemen. Ik hoop dat jullie mij kunnen helpen. Ik kreeg een tijd terug de melding dat Security Center was uitgeschakeld. Deze weer inschakelen via services werkt niet. Ik krijg dan de melding: Kan de Security Center service op lokale computer niet starten. Ik heb het gevoel dat mn pc niet veilig is. Wellicht wordt dit veroorzaakt door een virus? Ik heb op dit forum een aantal dingen gevonden en uitgevoerd 1. MAMB gedraaid 2. ComboFix gedraaid 3. HijackThis Ik heb hier niet zo veel verstand van dus hoop dat jullie mij verder kunnen helpen. Hieronder post ik de logbestanden van ComboFix en HijackThis. Alvast bedankt! HijackThis: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 12:50:42, on 17-8-2015 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17937) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Citrix\ICA Client\redirector.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Citrix\Receiver\Receiver.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\TimTa\Desktop\Scans\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ajaxshowtime.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: CtxIEInterceptorBHO - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\TimTa\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10999 bytes ComboFix log: ComboFix 15-08-17.01 - TimTa 17-08-2015 11:49:20.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3199.1809 [GMT 2:00] AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2015-07-17 to 2015-08-17 ))))))))))))))))))))))))))))))) . . 2015-08-17 10:01 . 2015-08-17 10:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-08-16 20:59 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F7F9965-77FD-497F-AB14-5823FE759B4F}\mpengine.dll 2015-08-15 18:24 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-08-14 20:08 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-08-14 20:08 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-14 19:29 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll 2015-08-14 19:28 . 2015-07-16 19:56 628736 ----a-w- c:\program files\Internet Explorer\jsprofilerui.dll 2015-08-14 19:22 . 2015-07-15 03:19 2004992 ----a-w- c:\windows\system32\msxml6.dll 2015-08-14 19:19 . 2015-07-10 17:51 14177280 ----a-w- c:\windows\system32\shell32.dll 2015-08-14 15:55 . 2015-07-01 16:39 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CDF18536-87D2-43CC-A1FC-D21C64734B89}\gapaengine.dll 2015-08-09 09:09 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll 2015-08-09 09:09 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll 2015-08-09 09:09 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll 2015-08-09 09:09 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll 2015-08-09 09:09 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll 2015-08-09 09:09 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll 2015-08-09 09:09 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe 2015-08-09 09:09 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-08-01 20:19 . 2015-08-14 19:54 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client 2015-08-01 20:09 . 2014-11-10 14:17 1069584 ----a-w- c:\windows\system32\dbghelp.dll 2015-07-30 18:53 . 2015-07-30 18:53 -------- d-----w- c:\programdata\ATI 2015-07-30 18:53 . 2015-07-30 18:53 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2015-07-30 18:51 . 2015-07-30 18:51 -------- d-----w- c:\program files (x86)\AMD 2015-07-30 18:48 . 2015-07-30 18:48 -------- d-----w- c:\program files\Common Files\ATI Technologies 2015-07-30 18:47 . 2015-08-01 18:34 -------- d-----w- c:\program files\AMD 2015-07-30 14:25 . 2015-07-30 14:25 -------- d-----w- c:\users\TimTa\AppData\Local\Steam 2015-07-30 14:25 . 2015-07-30 14:25 -------- d-----w- c:\users\TimTa\AppData\Local\CEF 2015-07-29 13:09 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll 2015-07-29 13:09 . 2015-05-25 18:18 879104 ----a-w- c:\windows\system32\advapi32.dll 2015-07-29 13:09 . 2015-05-25 18:01 641536 ----a-w- c:\windows\SysWow64\advapi32.dll 2015-07-29 13:07 . 2015-06-03 20:16 193536 ----a-w- c:\windows\system32\aepic.dll 2015-07-29 13:04 . 2015-05-09 18:26 493504 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll 2015-07-29 10:18 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll 2015-07-29 10:18 . 2015-04-24 17:56 530432 ----a-w- c:\windows\SysWow64\comctl32.dll 2015-07-29 10:18 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll 2015-07-29 10:18 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\SysWow64\ole32.dll 2015-07-21 13:27 . 2015-07-21 13:27 2731744 ----a-w- c:\program files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL 2015-07-21 03:57 . 2015-07-21 03:57 4379280 ----a-w- c:\program files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-08-17 09:27 . 2014-01-30 16:27 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-08-14 19:39 . 2013-06-27 13:28 132483416 ----a-w- c:\windows\system32\MRT.exe 2015-08-11 18:41 . 2013-06-27 13:48 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-08-11 18:41 . 2013-06-27 13:48 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-07-16 02:12 . 2015-07-16 02:12 78432 ----a-w- c:\windows\system32\atimpc64.dll 2015-07-16 02:12 . 2015-07-16 02:12 78432 ----a-w- c:\windows\system32\amdpcom64.dll 2015-07-16 02:12 . 2015-07-16 02:12 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll 2015-07-16 02:12 . 2015-07-16 02:12 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2015-07-16 02:11 . 2015-07-16 02:11 152056 ----a-w- c:\windows\system32\atiuxp64.dll 2015-07-16 02:11 . 2015-07-16 02:11 133016 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2015-07-16 02:11 . 2015-07-16 02:11 120144 ----a-w- c:\windows\system32\atiu9p64.dll 2015-07-16 02:11 . 2015-07-16 02:11 102616 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2015-07-16 02:11 . 2015-07-16 02:11 1445224 ----a-w- c:\windows\system32\aticfx64.dll 2015-07-16 02:11 . 2015-07-16 02:11 1193904 ----a-w- c:\windows\SysWow64\aticfx32.dll 2015-07-16 02:11 . 2015-07-16 02:11 11948704 ----a-w- c:\windows\system32\atidxx64.dll 2015-07-16 02:11 . 2015-07-16 02:11 10094152 ----a-w- c:\windows\SysWow64\atidxx32.dll 2015-07-16 02:11 . 2015-07-16 02:11 7929616 ----a-w- c:\windows\SysWow64\atiumdva.dll 2015-07-16 02:11 . 2015-07-16 02:11 7408936 ----a-w- c:\windows\SysWow64\atiumdag.dll 2015-07-16 02:11 . 2015-07-16 02:11 8893160 ----a-w- c:\windows\system32\atiumd6a.dll 2015-07-16 02:11 . 2015-07-16 02:11 8779872 ----a-w- c:\windows\system32\atiumd64.dll 2015-07-16 02:09 . 2015-07-16 02:09 297672 ----a-w- c:\windows\system32\drivers\amdacpksd.sys 2015-07-16 02:06 . 2015-07-16 02:06 21622272 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2015-07-16 02:01 . 2015-07-16 02:01 235008 ----a-w- c:\windows\system32\clinfo.exe 2015-07-16 02:01 . 2015-07-16 02:01 47785472 ----a-w- c:\windows\system32\amdocl64.dll 2015-07-16 02:00 . 2015-07-16 02:00 39714816 ----a-w- c:\windows\SysWow64\amdocl.dll 2015-07-16 01:59 . 2015-07-16 01:59 65024 ----a-w- c:\windows\system32\OpenCL.dll 2015-07-16 01:59 . 2015-07-16 01:59 59392 ----a-w- c:\windows\SysWow64\OpenCL.dll 2015-07-16 01:58 . 2015-07-16 01:58 27535872 ----a-w- c:\windows\system32\amdocl12cl64.dll 2015-07-16 01:57 . 2015-07-16 01:57 22318592 ----a-w- c:\windows\SysWow64\amdocl12cl.dll 2015-07-16 01:35 . 2015-07-16 01:35 127488 ----a-w- c:\windows\system32\mantle64.dll 2015-07-16 01:35 . 2015-07-16 01:35 113664 ----a-w- c:\windows\SysWow64\mantle32.dll 2015-07-16 01:35 . 2015-07-16 01:35 6477312 ----a-w- c:\windows\system32\amdmantle64.dll 2015-07-16 01:30 . 2015-07-16 01:30 5068288 ----a-w- c:\windows\SysWow64\amdmantle32.dll 2015-07-16 01:28 . 2015-07-16 01:28 30752256 ----a-w- c:\windows\system32\atio6axx.dll 2015-07-16 01:26 . 2015-07-16 01:26 93184 ----a-w- c:\windows\system32\mantleaxl64.dll 2015-07-16 01:26 . 2015-07-16 01:26 86528 ----a-w- c:\windows\SysWow64\mantleaxl32.dll 2015-07-16 01:25 . 2015-07-16 01:25 50688 ----a-w- c:\windows\system32\amdmmcl6.dll 2015-07-16 01:25 . 2015-07-16 01:25 39424 ----a-w- c:\windows\SysWow64\amdmmcl.dll 2015-07-16 01:22 . 2015-07-16 01:22 25299968 ----a-w- c:\windows\SysWow64\atioglxx.dll 2015-07-16 01:21 . 2015-07-16 01:21 367104 ----a-w- c:\windows\system32\atiapfxx.exe 2015-07-16 01:21 . 2015-07-16 01:21 62464 ----a-w- c:\windows\system32\aticalrt64.dll 2015-07-16 01:21 . 2015-07-16 01:21 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll 2015-07-16 01:21 . 2015-07-16 01:21 55808 ----a-w- c:\windows\system32\aticalcl64.dll 2015-07-16 01:21 . 2015-07-16 01:21 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll 2015-07-16 01:21 . 2015-07-16 01:21 15716864 ----a-w- c:\windows\system32\aticaldd64.dll 2015-07-16 01:20 . 2015-07-16 01:20 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll 2015-07-16 01:17 . 2015-07-16 01:17 442368 ----a-w- c:\windows\system32\atidemgy.dll 2015-07-16 01:17 . 2015-07-16 01:17 160256 ----a-w- c:\windows\system32\atieah64.exe 2015-07-16 01:17 . 2015-07-16 01:17 204800 ----a-w- c:\windows\system32\amdgfxinfo64.dll 2015-07-16 01:17 . 2015-07-16 01:17 143872 ----a-w- c:\windows\SysWow64\atieah32.exe 2015-07-16 01:17 . 2015-07-16 01:17 29696 ----a-w- c:\windows\system32\atimuixx.dll 2015-07-16 01:17 . 2015-07-16 01:17 189952 ----a-w- c:\windows\SysWow64\amdgfxinfo32.dll 2015-07-16 01:17 . 2015-07-16 01:17 672768 ----a-w- c:\windows\system32\atieclxx.exe 2015-07-16 01:17 . 2015-07-16 01:17 246784 ----a-w- c:\windows\system32\atiesrxx.exe 2015-07-16 01:17 . 2015-07-16 01:17 190976 ----a-w- c:\windows\system32\atitmm64.dll 2015-07-16 01:14 . 2015-07-16 01:14 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2015-07-16 01:13 . 2015-07-16 01:13 1247744 ----a-w- c:\windows\system32\atiadlxx.dll 2015-07-16 01:13 . 2015-07-16 01:13 926720 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2015-07-16 01:13 . 2015-07-16 01:13 926720 ----a-w- c:\windows\SysWow64\atiadlxx.dll 2015-07-16 01:13 . 2015-07-16 01:13 75264 ----a-w- c:\windows\system32\atig6pxx.dll 2015-07-16 01:13 . 2015-07-16 01:13 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2015-07-16 01:13 . 2015-07-16 01:13 69632 ----a-w- c:\windows\system32\atiglpxx.dll 2015-07-16 01:13 . 2015-07-16 01:13 156672 ----a-w- c:\windows\system32\atig6txx.dll 2015-07-16 01:13 . 2015-07-16 01:13 141824 ----a-w- c:\windows\SysWow64\atigktxx.dll 2015-07-16 01:13 . 2015-07-16 01:13 665088 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2015-07-16 01:12 . 2015-07-16 01:12 865792 ----a-w- c:\windows\system32\coinst_15.20.dll 2015-07-16 01:12 . 2015-07-16 01:12 102912 ----a-w- c:\windows\system32\hsa-thunk64.dll 2015-07-16 01:12 . 2015-07-16 01:12 102400 ----a-w- c:\windows\SysWow64\hsa-thunk.dll 2015-07-15 17:54 . 2015-08-14 19:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-07-15 16:32 . 2015-06-18 07:23 110688 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2015-07-01 16:39 . 2013-07-17 07:04 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2015-06-23 11:30 . 2013-06-27 09:23 300704 ------w- c:\windows\system32\MpSigStub.exe 2015-06-18 06:41 . 2014-01-30 16:25 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-06-18 06:41 . 2014-01-30 16:25 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-06-18 06:41 . 2014-01-30 16:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-06-16 14:31 . 2015-06-16 14:31 1691816 ----a-w- c:\windows\system32\FM20.DLL 2015-05-31 18:00 . 2015-06-18 07:44 126976 ----a-w- c:\windows\system32\ff_vfw.dll 2015-05-31 18:00 . 2015-06-18 07:44 112128 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2015-05-26 22:28 . 2015-05-26 22:28 98816 ----a-w- c:\windows\system32\OpenVideo64.dll 2015-05-26 22:28 . 2015-05-26 22:28 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2015-05-26 22:28 . 2015-05-26 22:28 86528 ----a-w- c:\windows\system32\OVDecode64.dll 2015-05-26 22:28 . 2015-05-26 22:28 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-04-14 15:19 1729752 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-04-14 15:19 1729752 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-04-14 15:19 1729752 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\TimTa\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-08-05 2018360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-07-15 767176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;tsusbhub [x] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x] S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x] S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . Contents of the 'Scheduled Tasks' folder . 2015-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-27 18:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-04-14 15:14 2334936 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-04-14 15:14 2334936 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-04-14 15:14 2334936 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.ajaxshowtime.com/ mLocal Page = c:\windows\SYSTEM32\blank.htm IE: &Verzenden naar OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 195.121.1.34 195.121.1.66 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3023224 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3035490 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3037581 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-790048904-797808528-2902581416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-790048904-797808528-2902581416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.18" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-08-17 12:05:29 ComboFix-quarantined-files.txt 2015-08-17 10:05 . Pre-Run: 841.773.817.856 bytes beschikbaar Post-Run: 841.592.307.712 bytes beschikbaar . - - End Of File - - 4EDE314488E89B22D0DD5FBC62BED50C A36C5E4F47E84449FF07ED3517B43A31