remcosw

Thanks a lot!

Those files were already deleted?? # AdwCleaner v3.019 - Report created 21/02/2014 at 13:22:28# Updated 17/02/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Remco - REMCO-PC# Running from : D:\Downloads\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\boost_interprocessFolder Deleted : C:\Users\Remco\AppData\Local\PackageAwareFile Deleted : C:\Users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\invalidprefs.jsFile Deleted : C:\Users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_test-my-hardware_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_test-my-hardware_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}Key Deleted : HKCU\Software\anchorfreeKey Deleted : HKCU\Software\PrivitizeVPNInstallDatesKey Deleted : HKCU\Software\StartSearch ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v27.0.1 (nl) [ File : C:\Users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultenginename", "Search The Web (privitize)"); -\\ Google Chrome v32.0.1700.107 [ File : C:\Users\Remco\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2274 octets] - [21/02/2014 13:21:19]AdwCleaner[s0].txt - [2086 octets] - [21/02/2014 13:22:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2146 octets] ########## Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` ESET Smart Security 4.2 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 51 Adobe Flash Player 12.0.0.44 Flash Player out of Date! Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (27.0.1) Google Chrome 32.0.1700.107 Google Chrome 33.0.1750.117 ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 36% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log``````````````````````

D:\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application deleted - quarantined D:\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined D:\Downloads\epm.exe Win32/OpenCandy potentially unsafe application deleted - quarantined D:\Downloads\FreemakeVideoConverterSetup.exe Win32/OpenCandy potentially unsafe application deleted - quarantined D:\Downloads\spsetup122.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined D:\Downloads\cpuminer-master\cpuminer-master\cpuminer\minerd.exe a variant of Win32/BitCoinMiner.W potentially unsafe application deleted - quarantined D:\Downloads\cudaminer-2014-02-02\cudaminer.exe a variant of Win32/BitCoinMiner.W potentially unsafe application deleted - quarantined D:\Downloads\cudaminer-2014-02-07\cudaminer-2014-02-07\x64\cudaminer.exe probably a variant of Win64/BitCoinMiner.U potentially unsafe application deleted - quarantined D:\Downloads\cudaminer-2014-02-07\cudaminer-2014-02-07\x86\cudaminer.exe a variant of Win32/BitCoinMiner.W potentially unsafe application deleted - quarantined D:\Software\ccleaner 3.2.6.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

Sorry, wrong MBAM log. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Databaseversie: v2014.02.19.06 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16518Remco :: REMCO-PC [administrator] 20-2-2014 13:50:49mbam-log-2014-02-20 (13-50-49).txt Scan type: Volledige scan (C:\|D:\|E:\|F:\|G:\|H:\|)Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUMUitgeschakelde scan opties: P2PObjecten gescand: 604908Verstreken tijd: 54 minuut/minuten, 14 seconde(n) Geheugenprocessen gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 2C:\ProgramData\boost_interprocess (PUP.Optional.BoostInterProcess.A) -> Zal worden verwijderd tijdens het herstarten.C:\ProgramData\boost_interprocess\20140220134815.610798 (PUP.Optional.BoostInterProcess.A) -> Zal worden verwijderd tijdens het herstarten. Bestanden gedetecteerd: 1C:\ProgramData\boost_interprocess\20140220134815.610798\BitcoinURI (PUP.Optional.BoostInterProcess.A) -> Zal worden verwijderd tijdens het herstarten. (einde)

Thanks for helping me. ComboFix 14-02-19.01 - Remco 20-02-2014 13:44:33.2.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8174.5128 [GMT 1:00]Gestart vanuit: d:\downloads\ComboFix.exegebruikte Opdracht switches :: d:\downloads\CFScript.txtAV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}FW: ESET Persoonlijke firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\TEMP\jna2722945145574667792.dll..(((((((((((((((((((( Bestanden Gemaakt van 2014-01-20 to 2014-02-20 ))))))))))))))))))))))))))))))..2014-02-20 12:47 . 2014-02-20 12:47 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp2014-02-20 12:47 . 2014-02-20 12:47 -------- d-----w- c:\users\Default\AppData\Local\temp2014-02-19 11:35 . 2014-02-20 11:18 -------- d-----w- c:\programdata\boost_interprocess2014-02-18 17:25 . 2014-02-18 17:25 -------- d-----w- c:\program files (x86)\AGEIA Technologies2014-02-18 17:25 . 2014-02-08 16:18 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe2014-02-18 09:17 . 2014-02-18 09:17 -------- d-----w- c:\program files (x86)\ERUNT2014-02-18 08:21 . 2014-02-18 08:22 -------- d-----w- c:\program files\HitmanPro2014-02-18 08:09 . 2014-02-18 08:20 -------- d-----w- c:\programdata\HitmanPro2014-02-13 06:48 . 2014-02-13 06:48 -------- d-----w- c:\windows\system32\drivers\en-US2014-02-13 06:46 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\SysWow64\mstscax.dll2014-02-13 06:46 . 2013-11-26 22:49 6573056 ----a-w- c:\windows\system32\mstscax.dll2014-02-13 05:17 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll2014-02-13 05:17 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll2014-02-13 05:15 . 2013-12-04 02:16 658432 ----a-w- c:\windows\system32\RMActivate_isv.exe2014-02-13 05:14 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll2014-02-13 05:14 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll2014-02-13 05:14 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll2014-02-13 05:14 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll2014-02-09 17:21 . 2014-02-11 05:57 -------- d-----w- c:\users\Remco\AppData\Roaming\MaxCoin2014-02-06 19:46 . 2014-02-06 19:46 -------- d-----w- c:\users\Remco\.ssh2014-02-06 19:46 . 2014-02-06 19:48 -------- d-----w- c:\users\Remco\AppData\Roaming\GitHub2014-02-06 19:46 . 2014-02-06 19:47 -------- d-----w- c:\users\Remco\AppData\Local\GitHub2014-02-03 06:51 . 2014-01-06 18:38 270336 ----a-w- c:\windows\SysWow64\ssleay32.dll2014-02-03 06:51 . 2014-01-06 18:38 270336 ----a-w- c:\windows\SysWow64\libssl32.dll2014-02-03 06:51 . 2014-01-06 18:38 1176576 ----a-w- c:\windows\SysWow64\libeay32.dll2014-02-03 06:51 . 2014-02-03 06:51 -------- d-----w- C:\OpenSSL-Win322014-01-27 15:42 . 2014-02-08 18:34 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll2014-01-24 11:10 . 2014-01-24 11:10 -------- d-----w- c:\program files (x86)\Sony2014-01-24 11:10 . 2014-01-24 11:10 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared...((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-13 05:20 . 2012-08-11 10:16 88567024 ----a-w- c:\windows\system32\MRT.exe2014-02-08 18:34 . 2013-09-17 20:22 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll2014-02-08 18:34 . 2012-08-14 09:31 947296 ----a-w- c:\windows\system32\nvumdshimx.dll2014-02-08 18:34 . 2012-08-14 09:31 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll2014-02-08 18:34 . 2011-09-15 11:34 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll2014-02-08 18:34 . 2011-09-15 11:34 3090184 ----a-w- c:\windows\system32\nvapi64.dll2014-02-08 17:42 . 2012-08-10 13:25 6712608 ----a-w- c:\windows\system32\nvcpl.dll2014-02-08 17:42 . 2012-08-10 13:25 3498272 ----a-w- c:\windows\system32\nvsvc64.dll2014-02-08 17:42 . 2012-08-10 13:25 923936 ----a-w- c:\windows\system32\nvvsvc.exe2014-02-08 17:42 . 2012-08-10 13:25 63776 ----a-w- c:\windows\system32\nvshext.dll2014-02-08 17:42 . 2012-08-10 13:25 386336 ----a-w- c:\windows\system32\nvmctray.dll2014-02-08 17:42 . 2012-08-10 13:25 2559776 ----a-w- c:\windows\system32\nvsvcr.dll2014-02-05 17:52 . 2012-08-14 09:31 3573739 ----a-w- c:\windows\system32\nvcoproc.bin2014-02-05 13:39 . 2012-08-10 15:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-05 13:39 . 2012-08-10 15:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-01-27 15:36 . 2012-08-10 13:46 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll2014-01-27 15:36 . 2012-08-10 13:46 35656 ----a-w- c:\windows\system32\LMIport.dll2014-01-27 15:36 . 2012-08-10 13:46 92488 ----a-w- c:\windows\system32\LMIinit.dll2013-12-19 20:33 . 2014-01-11 08:26 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll2013-12-19 20:33 . 2014-01-11 08:26 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll2013-12-18 20:09 . 2013-10-20 15:31 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-12-12 15:55 . 2012-08-10 13:46 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak2013-12-10 02:13 . 2013-10-28 15:20 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll2013-12-10 02:13 . 2013-10-28 15:20 1100248 ----a-w- c:\windows\system32\nvspcap64.dll2013-12-05 08:42 . 2013-12-17 18:27 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys2013-12-05 08:42 . 2013-12-17 18:27 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll2013-12-05 08:42 . 2013-10-22 09:06 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll2013-11-28 13:38 . 2014-01-11 08:26 31520 ----a-w- c:\windows\system32\nvhdap64.dll2013-11-28 13:38 . 2014-01-11 08:26 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys2013-11-27 01:41 . 2014-01-15 06:11 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-11-27 01:41 . 2014-01-15 06:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-11-27 01:41 . 2014-01-15 06:11 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-11-27 01:41 . 2014-01-15 06:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-11-27 01:41 . 2014-01-15 06:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-11-27 01:41 . 2014-01-15 06:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-11-27 01:41 . 2014-01-15 06:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-11-26 11:40 . 2014-01-15 06:11 376768 ----a-w- c:\windows\system32\drivers\netio.sys2013-11-26 10:32 . 2014-01-15 06:11 3156480 ----a-w- c:\windows\system32\win32k.sys2013-11-23 18:26 . 2013-12-12 06:32 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47 . 2013-12-12 06:32 465920 ----a-w- c:\windows\system32\WMPhoto.dll..((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DymoQuickPrint"="c:\program files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2012-01-30 1865808]"Allway Sync"="c:\program files (x86)\Allway Sync\Bin\syncappw.exe" [2011-11-10 94112]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]"GoogleChromeAutoLaunch_06B807F4EA18B3F627189D54D9DCC4B5"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-02-01 866632].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2013-11-27 899400]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336].c:\users\Remco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitcoin.lnk - c:\program files (x86)\Bitcoin\bitcoin-qt.exe -min [2011-1-30 22041600]CloudStation.lnk - c:\users\Remco\AppData\Local\CloudStation\bin\cloud.exe [2014-1-18 3726752]TeamViewer 8.lnk - c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe [2013-2-21 12641632].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".R0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmafd.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x]R4 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]S2 ShellfireVPN2Service;ShellfireVPN2Service;c:\program files (x86)\ShellfireVPN\jre6\bin\java -classpath c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe;c:\program files (x86)\ShellfireVPN\jre6\bin\java -classpath c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe [x]S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]S3 ts_arnusb;[CommView] Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\ts_arnusbx.sys;c:\windows\SYSNATIVE\DRIVERS\ts_arnusbx.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-02-05 06:49 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe.Inhoud van de 'Gedeelde Taken' map.2014-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 13:39].2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 16:38].2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 16:38]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01UnsuppModule]@="{AEB16659-2125-4ADA-A4AB-45EE21E86469}"[HKEY_CLASSES_ROOT\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}]2014-01-18 08:02 2328576 ----a-w- c:\users\Remco\AppData\Local\CloudStation\iconoverlay_v5\IconOverlayDLLs_x64\iconOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02SyncingModule]@="{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}"[HKEY_CLASSES_ROOT\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}]2014-01-18 08:02 2328576 ----a-w- c:\users\Remco\AppData\Local\CloudStation\iconoverlay_v5\IconOverlayDLLs_x64\iconOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03SyncedModule]@="{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}"[HKEY_CLASSES_ROOT\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}]2014-01-18 08:02 2328576 ----a-w- c:\users\Remco\AppData\Local\CloudStation\iconoverlay_v5\IconOverlayDLLs_x64\iconOverlay.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-06-08 57928]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-04 2919168]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712].------- Bijkomende Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>;192.168.*.*IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.2.254Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - FF - ProfilePath - c:\users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\.- - - - ORPHANS VERWIJDERD - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)AddRemove-Van Dale Grote woordenboeken Duits - c:\windows\ISUN0413.EXEAddRemove-Van Dale Grote woordenboeken Engels - c:\windows\ISUN0413.EXEAddRemove-Wubi - c:\ubuntu\uninstall-wubi.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellfireVPN2Service]"ImagePath"="\"c:\program files (x86)\ShellfireVPN\jre6\bin\java\" \"-classpath\" \"c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe\" \"-Xrs\" \"-Dwrapper.service=true\" \"-Dwrapper.working.dir=c:\program files (x86)\ShellfireVPN\" \"-Dwrapper.config=c:\users\Remco\AppData\Roaming\ShellfireVPN\start.conf\" \"-Dwrapper.additional.1x=-Xrs\" \"-Dwrapper.stop.conf=c:\users\Remco\AppData\Roaming\ShellfireVPN\stop.conf\" \"org.rzo.yajsw.boot.WrapperServiceBooter\" ".--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Andere Aktieve Processen ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\windows\SysWOW64\PnkBstrA.exec:\program files (x86)\ShellfireVPN\jre6\bin\java.exec:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exec:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exec:\program files (x86)\ShellfireVPN\jre6\bin\java.exec:\program files (x86)\Bitcoin\bitcoin-qt.exec:\users\Remco\AppData\Local\CloudStation\bin\client-win.exec:\program files (x86)\TeamViewer\Version8\tv_w32.exec:\program files (x86)\Microsoft Office\Office12\WINWORD.EXE.**************************************************************************.Voltooingstijd: 2014-02-20 13:50:05 - machine werd herstartComboFix-quarantined-files.txt 2014-02-20 12:50ComboFix2.txt 2014-02-20 11:19.Pre-Run: 18.398.416.896 bytes beschikbaarPost-Run: 18.359.259.136 bytes beschikbaar.- - End Of File - - 8A40EC0B3F80E7B1ABF36FBEB4492D96A36C5E4F47E84449FF07ED3517B43A31 Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.org Databaseversie: v2012.08.26.04 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Remco :: REMCO-PC [administrator] 26-8-2012 17:02:49mbam-log-2012-08-26 (17-02-49).txt Scantype: Volledige scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUMUitgeschakelde scanopties: P2PObjecten gescand: 347164Verstreken tijd: 10 minuut/minuten, 50 seconde(n) Geheugenprocessen gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd) (einde)

ComboFix 14-02-19.01 - Remco 20-02-2014 12:13:51.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8174.4697 [GMT 1:00] Gestart vanuit: d:\downloads\ComboFix.exe AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Persoonlijke firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Feed Notifier\notifier.exe c:\users\Remco\AppData\Roaming\poclbm c:\users\Remco\AppData\Roaming\poclbm\poclbm.ini c:\users\Remco\AppData\Roaming\poclbm\poclbm_scrypt.ini c:\users\Remco\AppData\Roaming\task335952159run.exe c:\windows\IsUn0413.exe c:\windows\TEMP\jna8613179708442820646.dll D:\install.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2014-01-20 to 2014-02-20 )))))))))))))))))))))))))))))) . . 2014-02-20 11:16 . 2014-02-20 11:16 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2014-02-20 11:16 . 2014-02-20 11:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-02-19 11:35 . 2014-02-20 05:36 -------- d-----w- c:\programdata\boost_interprocess 2014-02-18 17:25 . 2014-02-18 17:25 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2014-02-18 17:25 . 2014-02-08 16:18 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2014-02-18 09:17 . 2014-02-18 09:17 -------- d-----w- c:\program files (x86)\ERUNT 2014-02-18 08:21 . 2014-02-18 08:22 -------- d-----w- c:\program files\HitmanPro 2014-02-18 08:09 . 2014-02-18 08:20 -------- d-----w- c:\programdata\HitmanPro 2014-02-13 06:48 . 2014-02-13 06:48 -------- d-----w- c:\windows\system32\drivers\en-US 2014-02-13 06:46 . 2013-11-26 23:29 5693440 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-02-13 06:46 . 2013-11-26 22:49 6573056 ----a-w- c:\windows\system32\mstscax.dll 2014-02-13 05:17 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll 2014-02-13 05:17 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-02-13 05:15 . 2013-12-04 02:16 658432 ----a-w- c:\windows\system32\RMActivate_isv.exe 2014-02-13 05:14 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll 2014-02-13 05:14 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll 2014-02-13 05:14 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2014-02-13 05:14 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll 2014-02-09 17:21 . 2014-02-11 05:57 -------- d-----w- c:\users\Remco\AppData\Roaming\MaxCoin 2014-02-06 19:46 . 2014-02-06 19:46 -------- d-----w- c:\users\Remco\.ssh 2014-02-06 19:46 . 2014-02-06 19:48 -------- d-----w- c:\users\Remco\AppData\Roaming\GitHub 2014-02-06 19:46 . 2014-02-06 19:47 -------- d-----w- c:\users\Remco\AppData\Local\GitHub 2014-02-03 06:51 . 2014-01-06 18:38 270336 ----a-w- c:\windows\SysWow64\ssleay32.dll 2014-02-03 06:51 . 2014-01-06 18:38 270336 ----a-w- c:\windows\SysWow64\libssl32.dll 2014-02-03 06:51 . 2014-01-06 18:38 1176576 ----a-w- c:\windows\SysWow64\libeay32.dll 2014-02-03 06:51 . 2014-02-03 06:51 -------- d-----w- C:\OpenSSL-Win32 2014-01-27 15:42 . 2014-02-08 18:34 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll 2014-01-24 11:10 . 2014-01-24 11:10 -------- d-----w- c:\program files (x86)\Sony 2014-01-24 11:10 . 2014-01-24 11:10 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-13 05:20 . 2012-08-11 10:16 88567024 ----a-w- c:\windows\system32\MRT.exe 2014-02-08 18:34 . 2013-09-17 20:22 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-02-08 18:34 . 2012-08-14 09:31 947296 ----a-w- c:\windows\system32\nvumdshimx.dll 2014-02-08 18:34 . 2012-08-14 09:31 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2014-02-08 18:34 . 2011-09-15 11:34 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-02-08 18:34 . 2011-09-15 11:34 3090184 ----a-w- c:\windows\system32\nvapi64.dll 2014-02-08 17:42 . 2012-08-10 13:25 6712608 ----a-w- c:\windows\system32\nvcpl.dll 2014-02-08 17:42 . 2012-08-10 13:25 3498272 ----a-w- c:\windows\system32\nvsvc64.dll 2014-02-08 17:42 . 2012-08-10 13:25 923936 ----a-w- c:\windows\system32\nvvsvc.exe 2014-02-08 17:42 . 2012-08-10 13:25 63776 ----a-w- c:\windows\system32\nvshext.dll 2014-02-08 17:42 . 2012-08-10 13:25 386336 ----a-w- c:\windows\system32\nvmctray.dll 2014-02-08 17:42 . 2012-08-10 13:25 2559776 ----a-w- c:\windows\system32\nvsvcr.dll 2014-02-05 17:52 . 2012-08-14 09:31 3573739 ----a-w- c:\windows\system32\nvcoproc.bin 2014-02-05 13:39 . 2012-08-10 15:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-05 13:39 . 2012-08-10 15:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-01-27 15:36 . 2012-08-10 13:46 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2014-01-27 15:36 . 2012-08-10 13:46 35656 ----a-w- c:\windows\system32\LMIport.dll 2014-01-27 15:36 . 2012-08-10 13:46 92488 ----a-w- c:\windows\system32\LMIinit.dll 2013-12-19 20:33 . 2014-01-11 08:26 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll 2013-12-19 20:33 . 2014-01-11 08:26 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll 2013-12-18 20:09 . 2013-10-20 15:31 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-12-12 15:55 . 2012-08-10 13:46 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2013-12-10 02:13 . 2013-10-28 15:20 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll 2013-12-10 02:13 . 2013-10-28 15:20 1100248 ----a-w- c:\windows\system32\nvspcap64.dll 2013-12-05 08:42 . 2013-12-17 18:27 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-12-05 08:42 . 2013-12-17 18:27 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-12-05 08:42 . 2013-10-22 09:06 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-11-28 13:38 . 2014-01-11 08:26 31520 ----a-w- c:\windows\system32\nvhdap64.dll 2013-11-28 13:38 . 2014-01-11 08:26 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-11-27 01:41 . 2014-01-15 06:11 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-11-27 01:41 . 2014-01-15 06:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-11-27 01:41 . 2014-01-15 06:11 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-11-27 01:41 . 2014-01-15 06:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-11-27 01:41 . 2014-01-15 06:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-11-27 01:41 . 2014-01-15 06:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-11-27 01:41 . 2014-01-15 06:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-11-26 11:40 . 2014-01-15 06:11 376768 ----a-w- c:\windows\system32\drivers\netio.sys 2013-11-26 10:32 . 2014-01-15 06:11 3156480 ----a-w- c:\windows\system32\win32k.sys 2013-11-23 18:26 . 2013-12-12 06:32 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-11-23 17:47 . 2013-12-12 06:32 465920 ----a-w- c:\windows\system32\WMPhoto.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DymoQuickPrint"="c:\program files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2012-01-30 1865808] "Allway Sync"="c:\program files (x86)\Allway Sync\Bin\syncappw.exe" [2011-11-10 94112] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608] "GoogleChromeAutoLaunch_06B807F4EA18B3F627189D54D9DCC4B5"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-02-01 866632] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2013-11-27 899400] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\users\Remco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Bitcoin.lnk - c:\program files (x86)\Bitcoin\bitcoin-qt.exe -min [2011-1-30 22041600] CloudStation.lnk - c:\users\Remco\AppData\Local\CloudStation\bin\cloud.exe [2014-1-18 3726752] TeamViewer 8.lnk - c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe [2013-2-21 12641632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmafd.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x] R4 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x] S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x] S2 ShellfireVPN2Service;ShellfireVPN2Service;c:\program files (x86)\ShellfireVPN\jre6\bin\java -classpath c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe;c:\program files (x86)\ShellfireVPN\jre6\bin\java -classpath c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe [x] S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 ts_arnusb;[CommView] Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\ts_arnusbx.sys;c:\windows\SYSNATIVE\DRIVERS\ts_arnusbx.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-02-05 06:49 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2014-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 13:39] . 2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 16:38] . 2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 16:38] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01UnsuppModule] @="{AEB16659-2125-4ADA-A4AB-45EE21E86469}" [HKEY_CLASSES_ROOT\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}] 2014-01-18 08:02 2328576 ----a-w- c:\users\Remco\AppData\Local\CloudStation\iconoverlay_v5\IconOverlayDLLs_x64\iconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02SyncingModule] @="{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}" [HKEY_CLASSES_ROOT\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}] 2014-01-18 08:02 2328576 ----a-w- c:\users\Remco\AppData\Local\CloudStation\iconoverlay_v5\IconOverlayDLLs_x64\iconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03SyncedModule] @="{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}" [HKEY_CLASSES_ROOT\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}] 2014-01-18 08:02 2328576 ----a-w- c:\users\Remco\AppData\Local\CloudStation\iconoverlay_v5\IconOverlayDLLs_x64\iconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-06-08 57928] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-04 2919168] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>;192.168.*.* IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - FF - ProfilePath - c:\users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\ FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize) FF - user.js: extensions.privitize.hpOld0 - hxxp://www.google.nl/|http://www.gmail.com/ FF - user.js: extensions.privitize.id - 944c7aa400000000000000ff7cf998cf FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4} FF - user.js: extensions.privitize.instlDay - 15804 FF - user.js: extensions.privitize.vrsn - 1.8.16.22 FF - user.js: extensions.privitize.vrsni - 1.8.16.22 FF - user.js: extensions.privitize.vrsnTs - 1.8.16.2214:43 FF - user.js: extensions.privitize.prtnrId - privitize FF - user.js: extensions.privitize.prdct - privitize FF - user.js: extensions.privitize.aflt - orgnl FF - user.js: extensions.privitize.smplGrp - none FF - user.js: extensions.privitize.tlbrId - base FF - user.js: extensions.privitize.instlRef - FF - user.js: extensions.privitize.dfltLng - FF - user.js: extensions.privitize.excTlbr - true FF - user.js: extensions.privitize.ffxUnstlRst - false FF - user.js: extensions.privitize.admin - false FF - user.js: extensions.privitize.autoRvrt - false FF - user.js: extensions.privitize.rvrt - false FF - user.js: extensions.privitize.hmpg - true FF - user.js: extensions.privitize.dfltSrch - true FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize) FF - user.js: extensions.privitize.dnsErr - true FF - user.js: extensions.privitize.newTab - true . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKCU-Run-TrackerNotificationExtensions.exe - c:\program files (x86)\Copernic Tracker\TrackerNotificationExtensions.exe Wow6432Node-HKLM-Run-mumservice - c:\program files\Motorola\Software Update\mumservice.exe Wow6432Node-HKLM-Run-EaseUS EPM tray - c:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) c:\users\Remco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk - c:\program files (x86)\Feed Notifier\notifier.exe c:\users\Remco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\guiminer.exe - Snelkoppeling.lnk - c:\users\Remco\Desktop\guiminer\guiminer\guiminer.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Van Dale Grote woordenboeken Duits - c:\windows\ISUN0413.EXE AddRemove-Van Dale Grote woordenboeken Engels - c:\windows\ISUN0413.EXE AddRemove-Wubi - c:\ubuntu\uninstall-wubi.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellfireVPN2Service] "ImagePath"="\"c:\program files (x86)\ShellfireVPN\jre6\bin\java\" \"-classpath\" \"c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe\" \"-Xrs\" \"-Dwrapper.service=true\" \"-Dwrapper.working.dir=c:\program files (x86)\ShellfireVPN\" \"-Dwrapper.config=c:\users\Remco\AppData\Roaming\ShellfireVPN\start.conf\" \"-Dwrapper.additional.1x=-Xrs\" \"-Dwrapper.stop.conf=c:\users\Remco\AppData\Roaming\ShellfireVPN\stop.conf\" \"org.rzo.yajsw.boot.WrapperServiceBooter\" " . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\ShellfireVPN\jre6\bin\java.exe c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe c:\program files (x86)\ShellfireVPN\jre6\bin\java.exe c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe c:\program files (x86)\Bitcoin\bitcoin-qt.exe c:\users\Remco\AppData\Local\CloudStation\bin\client-win.exe c:\program files (x86)\TeamViewer\Version8\tv_w32.exe . ************************************************************************** . Voltooingstijd: 2014-02-20 12:19:30 - machine werd herstart ComboFix-quarantined-files.txt 2014-02-20 11:19 . Pre-Run: 18.419.666.944 bytes beschikbaar Post-Run: 18.682.056.704 bytes beschikbaar . - - End Of File - - 3B39061237FDF5CE7C860CB156BDCA37 A36C5E4F47E84449FF07ED3517B43A31

I removed cracks.

Thats ok, I am sorry. Could you please help me?

I just got a virus Project2.exe from a person on skype. Short after that, my gmail was logged in from Norway, also BTC-e aAttach.txtnd BTC-Guild (all 3 same password). I uploaded the file for check: http://r.virscan.org/report/c268b899...e8e570561.html seems a trojan downloader. I saw some files in system32, edited today. Those are perfc009.dat, -013, perfh009.dat ,-013, perfstringbackup.ini. There were some minutes ago some more in that folder (like bootdelete.exe). I runned MBAM and deleted all some files. But seems no cause of this malware, because I know all those files. The scan logs are attached. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2Run by Remco at 10:27:39 on 2014-02-18Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8174.3991 [GMT 1:00].AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: ESET Persoonlijke firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exeC:\Program Files\ESET\ESET Smart Security\x86\ekrn.exeC:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exeC:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exeC:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\ShellfireVPN\jre6\bin\java.exeC:\Windows\Explorer.EXEC:\Windows\system32\rundll32.exeC:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exeC:\Program Files (x86)\Allway Sync\Bin\syncappw.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Remco\AppData\Local\CloudStation\bin\cloud.exeC:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exeC:\Program Files (x86)\Feed Notifier\notifier.exeC:\Users\Remco\Desktop\guiminer\guiminer\guiminer.exeC:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exeC:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exeC:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exeC:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Users\Remco\AppData\Local\CloudStation\bin\client-win.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeC:\Program Files (x86)\ShellfireVPN\jre6\bin\java.exeC:\Program Files (x86)\Synology\Assistant\UsbClientService.exeC:\Windows\SysWOW64\vmnat.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\VMware\VMware Player\vmware-authd.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\SysWOW64\vmnetdhcp.exeC:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\TeamViewer\Version8\tv_w32.exeC:\Program Files (x86)\TeamViewer\Version8\tv_x64.exeC:\Windows\System32\WUDFHost.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\Windows\explorer.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\HitmanPro\hmpsched.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Sublime Text 2\sublime_text.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyOverride = localhost;127.0.0.1;<local>;192.168.*.*mWinlogon: Userinit = userinit.exe,BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startupuRun: [Allway Sync] "C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe" -muRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [TrackerNotificationExtensions.exe] "C:\Program Files (x86)\Copernic Tracker\TrackerNotificationExtensions.exe" /loadunread /cuRun: [GoogleChromeAutoLaunch_06B807F4EA18B3F627189D54D9DCC4B5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-windowmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exemRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exemRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Bitcoin.lnk - C:\Program Files (x86)\Bitcoin\bitcoin-qt.exeStartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CLOUDS~1.LNK - C:\Users\Remco\AppData\Local\CloudStation\bin\cloud.exeStartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FEEDNO~1.LNK - C:\Program Files (x86)\Feed Notifier\notifier.exeStartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GUIMIN~1.LNK - C:\Users\Remco\Desktop\guiminer\guiminer\guiminer.exeStartupFolder: C:\Users\Remco\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TEAMVI~1.LNK - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}LSP: %windir%\system32\vsocklib.dllTCP: NameServer = 192.168.2.254TCP: Interfaces\{7D07E1DB-D88F-41CB-8EA6-1101A9DAC047} : DHCPNameServer = 192.168.2.254TCP: Interfaces\{9A552CF3-AAEB-402A-8908-021E61A17E60} : DHCPNameServer = 195.121.1.34 195.121.1.66Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservicex64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStartx64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"x64-Handler: copernictracker - {BACF7D7D-DEB2-4B11-8C6D-1693DC2555B8} - <orphaned>x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Remco\AppData\Roaming\Mozilla\Firefox\Profiles\nfiijs28.default\FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize)FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll.---- FIREFOX POLICIES ----FF - user.js: extensions.privitize.hpOld0 - hxxp://www.google.nl/|http://www.gmail.com/FF - user.js: extensions.privitize.id - 944c7aa400000000000000ff7cf998cfFF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}FF - user.js: extensions.privitize.instlDay - 15804FF - user.js: extensions.privitize.vrsn - 1.8.16.22FF - user.js: extensions.privitize.vrsni - 1.8.16.22FF - user.js: extensions.privitize.vrsnTs - 1.8.16.2214:43:56FF - user.js: extensions.privitize.prtnrId - privitizeFF - user.js: extensions.privitize.prdct - privitizeFF - user.js: extensions.privitize.aflt - orgnlFF - user.js: extensions.privitize.smplGrp - noneFF - user.js: extensions.privitize.tlbrId - baseFF - user.js: extensions.privitize.instlRef - FF - user.js: extensions.privitize.dfltLng - FF - user.js: extensions.privitize.excTlbr - trueFF - user.js: extensions.privitize.ffxUnstlRst - falseFF - user.js: extensions.privitize.admin - falseFF - user.js: extensions.privitize.autoRvrt - falseFF - user.js: extensions.privitize.rvrt - falseFF - user.js: extensions.privitize.hmpg - trueFF - user.js: extensions.privitize.dfltSrch - trueFF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)FF - user.js: extensions.privitize.dnsErr - trueFF - user.js: extensions.privitize.newTab - true.============= SERVICES / DRIVERS ===============.R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-8-26 70296]R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-1-30 32336]R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-9-3 170104]R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-11-4 810144]R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-2-18 127752]R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 376144]R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 16056]R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-8-10 72216]R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-3 1494304]R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-22 15129376]R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-2-21 65657]R2 ShellfireVPN2Service;ShellfireVPN2Service;"C:\Program Files (x86)\ShellfireVPN\jre6\bin\java" "-classpath" "C:\Program Files (x86)\ShellfireVPN\ShellfireVPN2.exe" "-Xrs" "-Dwrapper.service=true" "-Dwrapper.working.dir=C:\Program Files (x86)\ShellfireVPN" "-Dwrapper.config=C:\Users\Remco\AppData\Roaming\ShellfireVPN\start.conf" "-Dwrapper.additional.1x=-Xrs" "-Dwrapper.stop.conf=C:\Users\Remco\AppData\Roaming\ShellfireVPN\stop.conf" "org.rzo.yajsw.boot.WrapperServiceBooter" --> C:\Program Files (x86)\ShellfireVPN\jre6\bin\java [?]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-21 5093216]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-8 2656280]R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2012-9-18 248704]R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-7 128488]R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-7 401896]R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-17 39200]R3 ts_arnusb;[CommView] Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\ts_arnusbx.sys [2013-7-3 1983176]R3 WsAudio_Device;WsAudio_Device;C:\Windows\System32\drivers\VirtualAudio.sys [2013-4-13 31080]S0 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\drivers\amdkmafd.sys [2013-7-5 21600]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-8-14 17480]S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-8-14 9800]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-12 19456]S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-7 533096]S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-8-13 42184]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-14 1255736]S4 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2010-7-29 50624].=============== File Associations ===============.FileExt: .txt: Applications\sublime_text.exe="C:\Program Files\Sublime Text 2\sublime_text.exe" "%1" [userChoice]FileExt: .js: Applications\sublime_text.exe="C:\Program Files\Sublime Text 2\sublime_text.exe" "%1" [userChoice]ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1".=============== Created Last 30 ================.2014-02-18 08:21:19 -------- d-----w- C:\Program Files\HitmanPro2014-02-18 08:09:56 -------- d-----w- C:\ProgramData\HitmanPro2014-02-18 08:02:09 608256 ----a-w- C:\Users\Remco\AppData\Roaming\task335952159run.exe2014-02-13 06:48:04 -------- d-----w- C:\Windows\System32\drivers\en-US2014-02-13 06:46:37 6573056 ----a-w- C:\Windows\System32\mstscax.dll2014-02-13 06:46:37 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll2014-02-13 05:17:03 548864 ----a-w- C:\Windows\System32\vbscript.dll2014-02-13 05:17:03 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll2014-02-13 05:15:13 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe2014-02-13 05:14:57 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll2014-02-13 05:14:57 2048 ----a-w- C:\Windows\System32\msxml3r.dll2014-02-13 05:14:57 1882112 ----a-w- C:\Windows\System32\msxml3.dll2014-02-13 05:14:57 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll2014-02-09 17:21:46 -------- d-----w- C:\Users\Remco\AppData\Roaming\MaxCoin2014-02-06 19:46:54 -------- d-----w- C:\Users\Remco\.ssh2014-02-06 19:46:31 -------- d-----w- C:\Users\Remco\AppData\Roaming\GitHub2014-02-06 19:46:29 -------- d-----w- C:\Users\Remco\AppData\Local\GitHub2014-02-03 06:51:51 270336 ----a-w- C:\Windows\SysWow64\ssleay32.dll2014-02-03 06:51:51 270336 ----a-w- C:\Windows\SysWow64\libssl32.dll2014-02-03 06:51:51 1176576 ----a-w- C:\Windows\SysWow64\libeay32.dll2014-02-03 06:51:50 -------- d-----w- C:\OpenSSL-Win322014-01-27 15:42:49 9480328 ----a-w- C:\Windows\SysWow64\nvopencl.dll2014-01-24 11:10:09 -------- d-----w- C:\Program Files (x86)\Sony2014-01-24 11:10:09 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared2014-01-20 06:25:26 -------- d-----w- C:\Users\Remco\AppData\Roaming\PaRaMeter2014-01-20 06:25:21 -------- d-----w- C:\Program Files (x86)\PaRaMeter.==================== Find3M ====================.2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-05 13:39:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-05 13:39:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-01-27 15:36:52 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll2014-01-27 15:36:51 92488 ----a-w- C:\Windows\System32\LMIinit.dll2014-01-27 15:36:51 35656 ----a-w- C:\Windows\System32\LMIport.dll2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll2013-12-19 20:33:31 1884448 ----a-w- C:\Windows\System32\nvdispco6433221.dll2013-12-19 20:33:31 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433221.dll2013-12-18 20:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-12-12 15:55:43 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak2013-12-10 02:13:11 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll2013-12-10 02:13:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll2013-12-05 08:42:30 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll2013-12-05 08:42:26 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll2013-11-22 08:36:08 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll.============= FINISH: 10:27:47,76 =============== Attach.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume3Install Date: 10-8-2012 15:14:26System Uptime: 18-2-2014 6:12:03 (4 hours ago).Motherboard: MEDIONPC | | MS-7728Processor: Intel® Core i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/400mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 118 GiB total, 17,166 GiB free.D: is FIXED (NTFS) - 1348 GiB total, 524,475 GiB free.E: is FIXED (NTFS) - 49 GiB total, 26,341 GiB free.F: is CDROM ()G: is CDROM ()H: is RemovableI: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: TAP-Win32 Adapter V9Device ID: ROOT\NET\0000Manufacturer: TAP-Win32 Provider V9Name: TAP-Win32 Adapter V9PNP Device ID: ROOT\NET\0000Service: tap0901.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: VirtualBox Host-Only Ethernet AdapterDevice ID: ROOT\NET\0001Manufacturer: Oracle CorporationName: VirtualBox Host-Only Ethernet AdapterPNP Device ID: ROOT\NET\0001Service: VBoxNetAdp.Class GUID: Description: SM-buscontrollerDevice ID: PCI\VEN_8086&DEV_1C22&SUBSYS_77281462&REV_05\3&11583659&0&FBManufacturer: Name: SM-buscontrollerPNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_77281462&REV_05\3&11583659&0&FBService: .Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft Virtual WiFi Miniport-adapterDevice ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\7&170834A3&0&01Manufacturer: MicrosoftName: Microsoft Virtual WiFi Miniport-adapterPNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\7&170834A3&0&01Service: vwifimp.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: VMware Virtual Ethernet Adapter for VMnet1Device ID: ROOT\VMWARE\0000Manufacturer: VMware, Inc.Name: VMware Virtual Ethernet Adapter for VMnet1PNP Device ID: ROOT\VMWARE\0000Service: VMnetAdapter.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: VMware Virtual Ethernet Adapter for VMnet8Device ID: ROOT\VMWARE\0001Manufacturer: VMware, Inc.Name: VMware Virtual Ethernet Adapter for VMnet8PNP Device ID: ROOT\VMWARE\0001Service: VMnetAdapter.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Realtek PCIe GBE Family ControllerDevice ID: PCI\VEN_10EC&DEV_8168&SUBSYS_77281462&REV_06\04000000684CE00000Manufacturer: RealtekName: Realtek PCIe GBE Family ControllerPNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_77281462&REV_06\04000000684CE00000Service: RTL8167.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.7-Zip 9.207-Zip 9.20 (x64 edition)Adobe AIRAdobe Bridge 1.0Adobe Common File InstallerAdobe Community HelpAdobe Dreamweaver CS5Adobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdobe Help Center 1.0Adobe Media PlayerAdobe Photoshop CS2Adobe Reader X (10.1.9) - NederlandsAdobe Stock Photos 1.0Allway Sync version 11.6.1Apple Application SupportµTorrentAudacity 2.0BitcoinBluefish 2.2.4Bullzip PDF Printer 8.2.0.1406CCleanerColorPicD3DX10DYMO Label v.8DYMO LabelWriter DriversEaseUS Partition Master 9.2.2ERUNT 1.1jESET Smart SecurityFeed Notifier 2.6FileZilla Client 3.7.4.1FormatFactory 2.30GeForce Experience NvStream Client ComponentsGemistDownloaderGF-TEC Bots PortalGitHubGoogle ChromeGoogle EarthGoogle Update HelperHD Tune 2.55HitmanPro 3.7Intel® Management Engine ComponentsJava 7 Update 17 (64-bit)Java 7 Update 51Java Auto UpdaterLAME v3.99.3 (for Windows)LightShirt LED Programmer 3.12LiveZillaLogMeInLubuntuMalwarebytes Anti-Malware versie 1.75.0.1300Metro 2033Microsoft .NET Framework 1.1Microsoft .NET Framework 4.5.1Microsoft .NET Framework 4.5.1 (Nederlands)Microsoft .NET Framework 4.5.1 (NLD)Microsoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (Dutch) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (Dutch) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (Dutch) 2007Microsoft Office InfoPath MUI (Dutch) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (Dutch) 2007Microsoft Office Outlook MUI (Dutch) 2007Microsoft Office PowerPoint MUI (Dutch) 2007Microsoft Office Proof (Dutch) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (German) 2007Microsoft Office Proofing (Dutch) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (Dutch) 2007Microsoft Office Shared 64-bit MUI (Dutch) 2007Microsoft Office Shared MUI (Dutch) 2007Microsoft Office Word MUI (Dutch) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_ATL_x86Microsoft_VC90_CRT_x86Microsoft_VC90_MFC_x86Motorola Device ManagerMotorola Device Software UpdateMotorola MMCP Drivers Installation 1.0.3Motorola Mobile Drivers Installation 5.9.0Motorola Software UpdateMovie MakerMozilla Firefox 27.0.1 (x86 nl)Mozilla Maintenance ServiceMSVCRTMSVCRT110MSVCRT110_amd64MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2758694)NirSoft Wireless Network WatcherNSUNVIDIA-configuratiescherm 331.65NVIDIA 3D Vision controllerstuurprogramma 332.21NVIDIA 3D Vision stuurprogramma 331.65NVIDIA GeForce Experience 1.8.1NVIDIA Grafisch stuurprogramma 331.65NVIDIA HD Audio-stuurprogramma 1.3.30.1NVIDIA Install ApplicationNVIDIA LED Visualizer 1.0NVIDIA Network ServiceNVIDIA PhysXNVIDIA PhysX systeemsoftware 9.13.0725NVIDIA ShadowPlay 10.11.15NVIDIA Stereoscopic 3D DriverNVIDIA Update 10.11.15NVIDIA Update CoreNVIDIA Virtual Audio 1.2.19OpenSSL 1.0.1f Light (32-bit)Oracle VM VirtualBox 4.2.16PaRaMeter 1.3PDF-ViewerPhoto CommonPhoto GalleryPL-2303 Vista Driver InstallerPlugin 7PocketwoordenboekenPowerISOproXPN 2.6.1QuickTimeReader for PCRealtek High Definition Audio DriverRevo Uninstaller 1.95Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition ShellfireVPN 2.1SHIELD StreamingSkype™ 6.11SpeccySpotifySpotnetSteamSublime Text 2.0.2Synology Assistant (remove only)Synology Cloud Station (remove only)TeamViewer 8Test My Hardware 3.0TI Connect 1.6TI NoteFolio CreatorTL-WN822N/TL-WN821N Drivertools-windowsTweetDeckTwiPingUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit EditionUpdate voor Microsoft Office Excel 2007 Help (KB963678)Update voor Microsoft Office Powerpoint 2007 Help (KB963669)Update voor Microsoft Office Word 2007 Help (KB963665)Van Dale Grote woordenboeken DuitsVan Dale Grote woordenboeken EngelsVisual BCDVLC media player 2.1.2VMware PlayerWindows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MessengerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWinRAR 4.20 (64-bit)Wondershare Video Converter Free(Build 6.0.3.1).==== End Of File =========================== HitmanPro_20140219_1109.log aswMBR.txt MBAM-log-2014-02-18 (10-37-07).txt DDS.txt HitmanPro_20140218_1020.txt