• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

RunDLL error

Status
Niet open voor verdere reacties.

Robbertvs1

Nieuw lid
Lid geworden
10 okt 2013
Berichten
27
Waarderingsscore
0
Hallo,

Ik heb een vraag.
Gisteren kreeg ik opeens uit het niets deze melding Werm.gr exe.
Heb toen wat opgezocht en er werd gezegd dat het verstandig was om met malware bytes alles te checken.
Dit heb ik gedaan er waren redelijk veel PUP meldingen.
Toen heb ik ze allemaal verwijderd omdat ik dacht dat het moet cookies te maken had.
Daarna heb ik mijn pc opnieuw opgestart. En kreeg ik een andere melding.
Een RunDLL error

There was a problem starting

C:\Users\ROBBER~1\AppData\Local\Temp\CT2504091\plugins\TBVerifier.dll

The specified module could not be found.

Ik begin er nou toch wel een beetje moe van te worden.

OS: Windows 8 64 bit


Mvg,

Robbert van Soerland
 
Dit is waarschijnlijk een goed teken. Het betekent meestal dat er malware is verwijderd, maar niet de aanroep ervan. Ik verplaats dit topic, zodat een specialist er even naar kan kijken.
 
Super bedankt voor de snelle reactie. Heb er daarna nog een scan overheen gedaan. Wat bleek dat er weer 69 melding bij stonden.
Heb ze weer allemaal verwijderd.
Het waren wel weer allemaal PUP.optional
En er stond iets bij dat het in de map TEMP bevond met allemaal registery key's ofzoiets.
Ik ben geen expert op dat gebied dus zou niet weten wat het allemaal betekend. Maar het is wel heel irritant.
 
Hallo,

Download
51a612a8b27e2-Zoek.png
Zoek.zip naar het bureaublad.
  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
    Code:
    firefoxlook;
    emptyclsid;
    torpigcheck;
    emptyfolderscheck;delete
    chromelook;
    standardsearch;
    filesrcm;
    autoclean;
    startupall;
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.
 
Zoek.exe v5.0.0.0 Updated 23-December-2013
Tool run by Robbert van Soerland on za 28-12-2013 at 17:08:34,72.
Microsoft Windows 8 Pro 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ROBBER~1\AppData\Local\Temp\Rar$DIa0.801\zoek.com [Scan all users] [Script inserted]

==== System Restore Info ======================

28-12-2013 17:09:11 Zoek.exe System Restore Point Created Succesfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll


==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Origin Games deleted successfully
C:\ProgramData\Oracle deleted successfully
C:\Users\Robbert van Soerland\AppData\Local\CRE deleted successfully
C:\Users\Robbert van Soerland\AppData\Local\NativeMessaging deleted successfully
C:\Users\Robbert van Soerland\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1687467974-2363327161-508467261-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
E:\Fraps\fraps.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Overwolf\Overwolf.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
E:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Conduit deleted
C:\ProgramData\APN deleted
C:\ProgramData\Package Cache deleted
C:\Users\Robbert van Soerland\AppData\Local\SearchProtect deleted
C:\Users\Robbert van Soerland\AppData\Local\Programs deleted
C:\Users\Robbert van Soerland\AppData\Local\Conduit deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Cleaner deleted
C:\Users\Robbert van Soerland\AppData\LocalLow\Conduit deleted
C:\END deleted
C:\Windows\Syswow64\RegistryHelperLM.ocx deleted
C:\Windows\Syswow64\SearchProtect deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8137 MB
CPU Info: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
CPU Speed: 3403,2 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Display Adapters: NVIDIA GeForce GTX 760 | NVIDIA GeForce GTX 760 | NVIDIA GeForce GTX 760 | NVIDIA GeForce GTX 760
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
CD / DVD Drives: 2x (D: | G: | ) D: HL-DT-STDVDRAM GH24NSB0 | G: DTSOFT BDROM
Ports: COM1 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 111,8GB | E: 931,5GB
Hard Disks - Free: C: 70,6GB | E: 656,8GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 09/22/13 | ALASKA - 1072009
Time Zone: W. Europe Standard Time
Motherboard *: MSI Z87-G45 GAMING (MS-7821)
Country: Nederland
Language: NLD

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 31.0.1650.63
Internet Explorer Version: 10.0.9200.16750
Opera Browser version: 17.0.1241.45
Google Chrome version: 31.0.1650.63
Sun Java version: 1.7.0_45 (32-bit)

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-12-12 15:22:10 2404D5AFE89BFB93B40D66E2F1123D4C 11832 ----a-w- C:\Windows\acpimof.dll
====== C:\Users\ROBBER~1\AppData\Local\Temp ====
2013-12-26 14:02:49 D8443B9F63353C4094664752D9B36E56 207872 ------w- C:\Users\Robbert van Soerland\AppData\Local\Temp\SRLDetectionLibrary2327082358513690246.dll
2013-12-23 17:14:53 D88FBDE5EAED1FAC1D15FE01835D6E25 54137856 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\OverwolfSetup.msi
2013-12-18 19:45:48 7B66ECA3D2EFDF0500CA63B0A4F18AC1 131072 ------w- C:\Users\Robbert van Soerland\AppData\Local\Temp\{4C8E39B7-671E-42E1-B330-FAA1018175BC}\{8A83AB8D-8F49-4DB1-BDF6-D74037508614}\Common.dll
2013-12-18 19:45:48 6C94C1A0C37E47181872E542A70E4074 28672 ------w- C:\Users\Robbert van Soerland\AppData\Local\Temp\{4C8E39B7-671E-42E1-B330-FAA1018175BC}\{8A83AB8D-8F49-4DB1-BDF6-D74037508614}\RTFUtil.dll
2013-12-18 19:45:48 693D110D37331A42B5035E73C447E31D 51200 ------w- C:\Users\Robbert van Soerland\AppData\Local\Temp\{4C8E39B7-671E-42E1-B330-FAA1018175BC}\{8A83AB8D-8F49-4DB1-BDF6-D74037508614}\InstHelp.exe
2013-12-18 19:45:48 5A19E45818366B49CC93B5BC483265E8 286720 ------w- C:\Users\Robbert van Soerland\AppData\Local\Temp\{4C8E39B7-671E-42E1-B330-FAA1018175BC}\{8A83AB8D-8F49-4DB1-BDF6-D74037508614}\CTCabEx.DLL
2013-12-18 19:45:48 32FA757C64FB62F07F3205016656A0A7 368640 ------w- C:\Users\Robbert van Soerland\AppData\Local\Temp\{4C8E39B7-671E-42E1-B330-FAA1018175BC}\{8A83AB8D-8F49-4DB1-BDF6-D74037508614}\_setup.dll
2013-12-18 19:45:48 29C060FABBBAE7B6977AEBC338425B6F 45056 ------w- C:\Users\Robbert van Soerland\AppData\Local\Temp\{4C8E39B7-671E-42E1-B330-FAA1018175BC}\{8A83AB8D-8F49-4DB1-BDF6-D74037508614}\RegEdit.dll
2013-12-18 19:43:58 8407FC98EE367CCB196894F7CD218792 120768 ------w- C:\Users\Robbert van Soerland\AppData\Local\Temp\{57A3E585-7D39-4023-A010-F9E4D01C8925}\ISBEW64.exe
2013-12-16 17:23:12 B4151DA250B8BFA0EB61D875C4F43310 307200 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\CompressionExtraction\RzStorage.dll
2013-12-16 17:23:12 90BC548092D741B73AE25AD7D889156E 104448 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\CompressionExtraction\RzCommon.dll
2013-12-16 17:23:12 766D46FAC89CC817640CBAF50BDDF52D 70656 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\CompressionExtraction\RzStorageIO.dll
2013-12-16 17:23:12 27A43B342F1E09C38FCC08A4F23193D8 141144 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\CompressionExtraction\RzSettingsConverter.exe
2013-12-16 17:22:54 F8B188DFE37B54FB6CCEB9BA948AEAD9 4608 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\fr-FR\RzSynapse.resources.dll
2013-12-16 17:22:54 F4E530E1A841A535FF45D6401586DE1C 5632 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\zh-CN\RzUpdateManager.resources.dll
2013-12-16 17:22:54 EB3D7794BAFD66A6903F1487E4D920B7 5632 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\ru-RU\RzUpdateManager.resources.dll
2013-12-16 17:22:54 E15A1DA2756ABAEE0DEDC1CE8F9FC67F 4608 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\zh-CHT\RzSynapse.resources.dll
2013-12-16 17:22:54 DCFA78A7EE8B7FB18BFF059E8D2EE444 5632 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\de-DE\RzUpdateManager.resources.dll
2013-12-16 17:22:54 DC92C8FD181788FA89933EA07DC9F87D 4608 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\ko-KR\RzSynapse.resources.dll
2013-12-16 17:22:54 CB6E42F8C87DA9680638E18143DC55FE 5632 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\zh-CHT\RzUpdateManager.resources.dll
2013-12-16 17:22:54 C9B5C109A01A01E10B1566E09F2C812B 504832 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\RzUpdateManagerUI.dll
2013-12-16 17:22:54 8A70F81C37025540D41378A9C0DF5796 5632 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\ko-KR\RzUpdateManager.resources.dll
2013-12-16 17:22:54 796DEF5965606F5C7DE90FA4EA8B6E9D 5632 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\fr-FR\RzUpdateManager.resources.dll
2013-12-16 17:22:54 775F3B0C36CF1168ADBC1B057E0470AC 5632 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\ja-JP\RzUpdateManager.resources.dll
2013-12-16 17:22:54 6DED8FCBF5F1D9E422B327CA51625E24 462336 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\Ionic.Zip.dll
2013-12-16 17:22:54 6C8423B24CA645CE99944A5943A969FB 5632 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\es-ES\RzUpdateManager.resources.dll
2013-12-16 17:22:54 6AD2D6FDBECD538DDC02A882D5820E1A 4608 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\pt-BR\RzSynapse.resources.dll
2013-12-16 17:22:54 5E2485699584969BEB70C8C1498579E8 4608 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\zh-CN\RzSynapse.resources.dll
2013-12-16 17:22:54 58E81C15C2D007CF7A57DD8E98E33814 5632 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\pt-BR\RzUpdateManager.resources.dll
2013-12-16 17:22:54 44B5C7090C470EABDC846C440C4B47C8 4608 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\ru-RU\RzSynapse.resources.dll
2013-12-16 17:22:54 40F697835AFB41481BFC94452FD5EF20 4608 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\es-ES\RzSynapse.resources.dll
2013-12-16 17:22:54 39E50F6D491BED1A8B7924EAF717DCA5 104448 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\RzCommon.dll
2013-12-16 17:22:54 240B7D7F08D500D3191D3C631F4CB675 305664 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\RzStorage.dll
2013-12-16 17:22:54 23D4E8B353E7B99B1F85736A94B88695 4608 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\de-DE\RzSynapse.resources.dll
2013-12-16 17:22:54 1287DE2AB65A70C6238C14C777C6E14D 4608 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\ja-JP\RzSynapse.resources.dll
2013-12-16 17:22:54 0F33F659858E4F55722735A6DEE888D7 365416 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\RzUpdater\RzUpdateManager.exe
====== Java Cache =====
2013-12-26 14:02:46 D41F3BBA3B6E699FD31957B5209C278F 354733 ----a-w- C:\Users\Robbert van Soerland\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\e729e45-40fbc7f4
2013-12-26 14:02:45 276340A085306D28CB0D4A9BA489DE3B 107 ----a-w- C:\Users\Robbert van Soerland\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18962dbd-6.0.lap
====== C:\Windows\SysWOW64 =====
2013-12-16 18:22:19 3C6968F69C1150ECDD0EDA8A8A2A289B 1727256 ----a-w- C:\Windows\SysWOW64\MBAPO232.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-12-26 23:39:57 4B4050855236C4656EEBDF225E3480FA 328712 ----a-w- C:\Windows\Sysnative\MijFrc.dll
2013-12-18 19:45:57 7AAB733392C6CA841E6804AB3EE9C638 40576 ------w- C:\Windows\Sysnative\MBCfg64.dll
2013-12-16 18:22:19 ECAEC5FBBBEF8612AF0A866AFA5F7EF2 101208 ----a-w- C:\Windows\Sysnative\RTEEL64A.dll
2013-12-16 18:22:19 E9D4A333DF15D06C68AC4BFB9B6581CB 310104 ----a-w- C:\Windows\Sysnative\RP3DAA64.dll
2013-12-16 18:22:19 E7BED47F7A097E59657310DEE7EB1FB0 1998104 ----a-w- C:\Windows\Sysnative\MBAPO264.dll
2013-12-16 18:22:19 D0D0D82B7366E691275E433CD34F89B2 375128 ----a-w- C:\Windows\Sysnative\RTEEP64A.dll
2013-12-16 18:22:19 CA1D7D09854D305A64B100DC1400BA21 331880 ----a-w- C:\Windows\Sysnative\RtlCPAPI64.dll
2013-12-16 18:22:19 C08DE9FE49B8DE126EE7A42C7C80450E 1021656 ----a-w- C:\Windows\Sysnative\RtkApi64.dll
2013-12-16 18:22:19 B6FE01558CC03F3866C9AD0ED19261D8 310104 ----a-w- C:\Windows\Sysnative\RP3DHT64.dll
2013-12-16 18:22:19 A88BE9A6C4E646A2B2A1BD3A7F4B58E7 198896 ----a-w- C:\Windows\Sysnative\SRSHP64.dll
2013-12-16 18:22:19 A6286A6C7A1BBFCBA17AA54384A21D1C 204120 ----a-w- C:\Windows\Sysnative\RTEED64A.dll
2013-12-16 18:22:19 A028717B791416182959B325D5B40679 211184 ----a-w- C:\Windows\Sysnative\SRSTSH64.dll
2013-12-16 18:22:19 9979375E79B7237DEC691A379BE3E7A7 154840 ----a-w- C:\Windows\Sysnative\RCoInstII64.dll
2013-12-16 18:22:19 8814A281406553A2640D6A04702C63BD 14952 ----a-w- C:\Windows\Sysnative\RtkCoLDR64.dll
2013-12-16 18:22:19 73F5245D81AC7922808255847ED0F401 397080 ----a-w- C:\Windows\Sysnative\MBWrp64.dll
2013-12-16 18:22:19 6F4CD493196100EEF349D7132CECAFD9 78680 ----a-w- C:\Windows\Sysnative\RTEEG64A.dll
2013-12-16 18:22:19 6090C634C996CBA3DEB6A4A18ED91345 2588888 ----a-w- C:\Windows\Sysnative\RtkAPO64.dll
2013-12-16 18:22:19 3F8A63EDF6E0E6827D5494CD8720F7CC 1662024 ----a-w- C:\Windows\Sysnative\RTSnMg64.cpl
2013-12-16 18:22:19 2FCADCC14F8E540F6ADE4BF92BD8AEDD 155888 ----a-w- C:\Windows\Sysnative\SRSWOW64.dll
2013-12-16 18:22:19 2A7224C314131592497D02A57D867218 618200 ----a-w- C:\Windows\Sysnative\RtDataProc64.dll
2013-12-16 18:22:19 22CAB76AF907B82664FEDE6A653ABA2A 1286872 ----a-w- C:\Windows\Sysnative\RTCOM64.dll
2013-12-16 18:22:19 0E2C5B7C842024F50B1795A980C4D0FF 2810072 ----a-w- C:\Windows\Sysnative\RtPgEx64.dll
2013-12-16 18:22:19 0C089E47D8BD3996742F0939DE7E2D48 2103040 ----a-w- C:\Windows\Sysnative\WavesGUILib64.dll
2013-12-16 18:22:19 0805289E121F3E3C458C970B08314EB2 149608 ----a-w- C:\Windows\Sysnative\RtkCfg64.dll
2013-12-16 18:22:19 018D3D2478754AA411DE6DA6DE5F8F21 518896 ----a-w- C:\Windows\Sysnative\SRSTSX64.dll
2013-12-16 18:22:18 D956C3D6ECE65A10A1018A72E08C4973 1013504 ----a-w- C:\Windows\Sysnative\MaxxAudioAPOShell64.dll
2013-12-16 18:22:18 B3E9EA31E37EDCC1D54CE20504549ABE 108640 ----a-w- C:\Windows\Sysnative\AERTAR64.dll
2013-12-16 18:22:18 922CDA544EB5C5A57795B38ED5871B69 2743328 ----a-w- C:\Windows\Sysnative\FMAPO64.dll
2013-12-16 18:22:18 75616F8DB5C092A8A50AFEC273859DD7 318808 ----a-w- C:\Windows\Sysnative\MaxxAudioAPO20.dll
2013-12-16 18:22:18 6E14F444A2506049EEC25CB5EDFE0905 113576 ----a-w- C:\Windows\Sysnative\CONEQMSAPOGUILibrary.dll
2013-12-16 18:22:18 2CBDC11690656A1A2D03EC65AE2BCE68 209096 ----a-w- C:\Windows\Sysnative\AERTAC64.dll
2013-12-16 18:22:18 1A6C91215105B6B6C48B0F531E1CD8FA 2036992 ----a-w- C:\Windows\Sysnative\MaxxAudioEQ64.dll
2013-12-16 18:21:37 EE3B848C6408395CAC88FBD51B3654C7 448152 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT
====== C:\Windows\Sysnative\drivers =====
2013-12-26 23:47:51 9176C0822FAA649E45121875BE32F5D2 74960 ----a-w- C:\Windows\Sysnative\drivers\xusb21.sys
2013-12-26 23:47:51 5FEC1FF5BB9A1FA5C9CF4544D19D6D5D 115272 ----a-w- C:\Windows\Sysnative\drivers\MijXfilt.sys
2013-12-16 18:22:19 8FF2D95CBA49B405C5DE27039FF0BF35 32344 ----a-w- C:\Windows\Sysnative\drivers\MBfilt64.sys
2013-12-16 18:22:19 7A3585C4000C8340AE6B7FA08F9EF50F 3760344 ----a-w- C:\Windows\Sysnative\drivers\RTKVHD64.sys
2013-12-16 18:22:19 3533C7D5CC53FDF149B72CCDAE1B92C0 693329 ----a-w- C:\Windows\Sysnative\drivers\RTAIODAT.DAT
2013-12-12 18:12:01 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-12-12 15:16:03 E6AF4DF1817953D73C519B17CF849756 1455448 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
2013-12-12 15:16:03 E5F7328B1D29BCE791862CD3C0DD382A 447320 ----a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS
2013-12-12 15:16:03 9110193D93960E38B8692E4519C75D72 285016 ----a-w- C:\Windows\Sysnative\drivers\spaceport.sys
2013-12-12 15:16:00 857433889008F86728E8C099C740729D 288768 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys
2013-12-11 22:09:35 E54A699931F73E52C6DA2DA2776BA98D 39200 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys
2013-12-02 17:12:34 8E98D21EE06192492A5671A6144D092F 33240 ----a-w- C:\Windows\Sysnative\drivers\GEARAspiWDM.sys
====== C:\Windows\Tasks ======
2013-12-05 23:02:45 4397F1778B7BEB9B119EFA54EFD5EFF5 5098 ----a-w- C:\Windows\Sysnative\Tasks\Microsoft Office 15 Sync Maintenance for RobbertPC-Robbert van Soerland RobbertPC
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-12-16 18:22:23 -------- d-----w- C:\Program Files\Realtek
2013-12-02 17:12:31 -------- d-----w- C:\Program Files\iTunes
2013-12-02 17:12:31 -------- d-----w- C:\Program Files\iPod
2013-12-02 17:12:21 -------- d-----w- C:\Program Files\Common Files\Apple
2013-12-02 17:12:18 -------- d-----w- C:\Program Files\Bonjour
======= C:\PROGRA~2 =====
2013-12-23 17:15:54 -------- d-----w- C:\PROGRA~2\Overwolf
2013-12-23 17:15:54 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
2013-12-23 17:15:54 -------- d-----w- C:\PROGRA~2\COMMON~1\Overwolf
2013-12-23 17:14:51 -------- d-----w- C:\PROGRA~2\TeamSpeak 3 Client
2013-12-16 18:20:36 -------- d-----w- C:\PROGRA~2\Realtek
2013-12-16 17:11:01 -------- d-----w- C:\PROGRA~2\Razer
2013-12-12 15:23:25 -------- d-----w- C:\PROGRA~2\Setup Files
2013-12-04 16:05:55 -------- d-----w- C:\PROGRA~2\SquirrelWeb
2013-12-02 17:12:24 -------- d-----w- C:\PROGRA~2\Apple Software Update
2013-12-02 17:12:18 -------- d-----w- C:\PROGRA~2\Bonjour
2013-12-02 17:12:14 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple
======= C: =====
====== C:\Users\Robbert van Soerland\AppData\Roaming ======
2013-12-26 23:40:00 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Roaming\MotioninJoy
2013-12-23 23:52:04 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Roaming\Trine2
2013-12-23 17:15:56 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2013-12-23 17:14:53 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Roaming\TS3Client
2013-12-23 17:14:52 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Local\Overwolf
2013-12-16 18:22:14 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-16 18:22:14 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-16 17:21:28 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Local\Razer
2013-12-08 17:40:23 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Local\Creative
2013-12-04 16:52:25 3C6034492ED538F24A29E614F58413C2 7602 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Resmon.ResmonCfg
2013-12-04 16:05:31 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft
2013-12-04 15:38:49 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Local\Warframe
2013-12-03 21:24:25 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Local\PAYDAY 2
2013-12-02 17:12:36 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Roaming\Apple Computer
2013-12-02 17:12:36 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Local\Apple Computer
2013-12-02 17:12:24 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Local\Apple
2013-12-02 17:12:22 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Apple Computer
2013-11-28 16:44:56 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Local\Introversion
2013-11-28 16:38:34 -------- d-----w- C:\Users\Robbert van Soerland\AppData\Roaming\Friends in War
====== C:\Users\Robbert van Soerland ======
2013-12-26 23:39:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2013-12-23 17:14:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-12-16 18:22:14 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Videos
2013-12-16 18:22:14 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Searches
2013-12-16 18:22:14 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Saved Games
2013-12-16 18:22:14 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Pictures
2013-12-16 18:22:14 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Music
2013-12-16 18:22:14 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Links
2013-12-16 18:22:14 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Favorites
2013-12-16 18:22:14 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Downloads
2013-12-16 18:22:14 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Documents
2013-12-16 18:22:14 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Desktop
2013-12-16 18:22:14 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Contacts
2013-12-16 17:21:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2013-12-16 17:21:24 -------- d-----w- C:\ProgramData\Razer
2013-12-12 15:22:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2013-12-02 17:12:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2013-12-02 17:12:31 -------- d-----w- C:\ProgramData\Apple Computer
2013-12-02 17:12:31 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-02 17:12:14 -------- d-----w- C:\ProgramData\Apple
2013-11-28 16:41:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prison Architect - Alpha 14

====== C: exe-files ==
2013-12-28 13:06:19 B415FD51CD5CB36E77158B9FEA3027E4 320848 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\NVIDIA\NvBackend\Packages\00005680\streaming-assets-trine_2.17529143.exe
2013-12-27 13:05:36 FEF6357E86ED67A573B24FEBEE7A9ED5 2979424 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\NVIDIA\NvBackend\Packages\00005681\dao.17529219.exe
2013-12-26 23:47:38 6AF86F46BCDA144F79BEEB8D0EA13B95 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1687467974-2363327161-508467261-1001\$IYQSHK4.exe
2013-12-26 23:47:26 97E329C0974BB74CF97CBBD1AE3C5CBA 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1687467974-2363327161-508467261-1001\$IQ8ON20.exe
2013-12-26 23:46:16 A903136E356D1C18F87E357B74882944 2548160 ----a-w- C:\$Recycle.Bin\S-1-5-21-1687467974-2363327161-508467261-1001\$RQ8ON20.exe
2013-12-26 23:44:16 704FB725C9D29BE574DABAE178CC9984 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1687467974-2363327161-508467261-1001\$IIN7Q3D.exe
2013-12-26 23:44:12 A903136E356D1C18F87E357B74882944 2548160 ----a-w- C:\$Recycle.Bin\S-1-5-21-1687467974-2363327161-508467261-1001\$RIN7Q3D.exe
2013-12-26 23:39:21 5AE1BF5713CF1F0D682561D34779214D 4199240 ----a-w- C:\$Recycle.Bin\S-1-5-21-1687467974-2363327161-508467261-1001\$RYQSHK4.exe
2013-12-25 13:39:40 0D429B6C54941F22FC36E45124802580 111824 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OXQE3F3\ism[1].exe
2013-12-24 15:34:48 9542F688A4C507EF7E95E77FC8EF87F3 29696 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\NVIDIA\NvBackend\StreamingAssets\trine_2\automated_launch.exe
2013-12-23 17:15:55 58D61281F2D3EE0EE886D24936FCDCED 404408 ----a-w- C:\Program Files (x86)\Overwolf\owUpdater.exe
2013-12-23 17:15:55 2B7D360154E5324F9BA181AF0DBFB2AA 96184 ----a-w- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
2013-12-23 17:14:51 4B8FAFA33F7E11A8F426294F06A4B18F 126242 ----a-w- C:\Program Files (x86)\TeamSpeak 3 Client\Uninstall.exe
=== C: other files ==
2013-12-26 23:47:51 9176C0822FAA649E45121875BE32F5D2 74960 ----a-w- C:\Windows\System32\Drivers\xusb21.sys
2013-12-26 23:47:51 5FEC1FF5BB9A1FA5C9CF4544D19D6D5D 115272 ----a-w- C:\Windows\System32\Drivers\MijXfilt.sys
2013-12-25 13:38:16 F8265CED318665870D8336B9FFA9FD3B 7902204 ----a-w- C:\Users\Robbert van Soerland\AppData\Local\Temp\Vuze_5.2.0.0d_win64.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1687467974-2363327161-508467261-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"RGSC"="E:\Rockstar Games Social Club\RGSCLauncher.exe /silent"
"Overwolf"="C:\Program Files (x86)\Overwolf\Overwolf.exe -silent"
"ConduitFloatingPlugin_ojpijjmpahflnipadmlpgbjmagmjchkk"="C:\Windows\SysWOW64\Rundll32.exe C:\Users\ROBBER~1\AppData\Local\Temp\CT2504091\plugins\TBVerifier.dll,RunConduitFloatingPlugin ojpijjmpahflnipadmlpgbjmagmjchkk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\Windows\UpdReg.EXE"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="E:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Live Update 5"="E:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder"
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
"Sound Blaster Cinema"="E:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe /r"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"RGSC"="E:\Rockstar Games Social Club\RGSCLauncher.exe /silent"
"Overwolf"="C:\Program Files (x86)\Overwolf\Overwolf.exe -silent"
"ConduitFloatingPlugin_ojpijjmpahflnipadmlpgbjmagmjchkk"="C:\Windows\SysWOW64\Rundll32.exe C:\Users\ROBBER~1\AppData\Local\Temp\CT2504091\plugins\TBVerifier.dll,RunConduitFloatingPlugin ojpijjmpahflnipadmlpgbjmagmjchkk"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"MBCfg64"="C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll"

==== Startup Folders ======================

2013-10-05 14:12:21 2279 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\De Killer Network Manager van Qualcomm Atheros.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05-10-2013 15:13]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05-10-2013 15:13]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\FRAPS" [E:\Fraps\fraps.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Trigger KMS Activation" ["E:\KMSNano (Windows Activatie)\Activation\KMSnanov20.1\TriggerKMS.exe"]

==== Folders in C:\ProgramData 0-6 Months Old ======================

2013-10-05 13:58:52 -------- d-----w- C:\ProgramData\PRICache
2013-10-05 14:06:41 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-10-05 14:06:52 -------- d-----w- C:\ProgramData\NVIDIA
2013-10-05 14:12:17 -------- d-----w- C:\ProgramData\Bigfoot Networks
2013-10-05 14:15:35 -------- d-----w- C:\ProgramData\Creative
2013-10-05 14:15:44 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2013-10-05 14:18:40 -------- d-----w- C:\ProgramData\Microsoft Help
2013-10-05 14:28:33 -------- d-----w- C:\ProgramData\Electronic Arts
2013-10-05 14:28:33 -------- d-----w- C:\ProgramData\Origin
2013-10-05 20:03:53 -------- d-----w- C:\ProgramData\EA Core
2013-10-05 22:38:50 -------- d-----w- C:\ProgramData\Sun
2013-10-05 22:39:11 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2013-10-07 18:28:29 -------- d-----w- C:\ProgramData\Skype
2013-11-05 14:40:59 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-11 18:35:44 -------- d-sh--w- C:\ProgramData\SecuROM
2013-11-21 20:49:50 -------- d-----w- C:\ProgramData\Orbit
2013-12-02 17:12:14 -------- d-----w- C:\ProgramData\Apple
2013-12-02 17:12:31 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-02 17:12:31 -------- d-----w- C:\ProgramData\Apple Computer
2013-12-16 17:21:24 -------- d-----w- C:\ProgramData\Razer

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gdnafjfahbdfphihncgadbegiaebehio - C:\Program Files (x86)\SquirrelWeb\gdnafjfahbdfphihncgadbegiaebehio.crx[]

Google Docs - Robbert van Soerland - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Robbert van Soerland - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Robbert van Soerland - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Tribal Wars Time Extension - Robbert van Soerland - Default\Extensions\ckolnemglnnaaaeopconbampbdejaika
Google Search - Robbert van Soerland - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Robbert van Soerland - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Robbert van Soerland - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Robbert van Soerland - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Robbert van Soerland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully
C:\Users\Robbert van Soerland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Robbert van Soerland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully
C:\Users\Robbert van Soerland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully
C:\Users\Robbert van Soerland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage deleted successfully
C:\Users\Robbert van Soerland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Robbert van Soerland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully
C:\Users\Robbert van Soerland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Robbert van Soerland\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdnafjfahbdfphihncgadbegiaebehio deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gdnafjfahbdfphihncgadbegiaebehio deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Live Update 5] E:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [Sound Blaster Cinema] "E:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [RGSC] E:\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKCU\..\Run: [ConduitFloatingPlugin_ojpijjmpahflnipadmlpgbjmagmjchkk] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\ROBBER~1\AppData\Local\Temp\CT2504091\plugins\TBVerifier.dll",RunConduitFloatingPlugin ojpijjmpahflnipadmlpgbjmagmjchkk
O4 - Global Startup: De Killer Network Manager van Qualcomm Atheros.lnk = C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Qualcomm Atheros Killer Service - Unknown owner - C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robbert van Soerland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robbert van Soerland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Robbert van Soerland\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=35 folders=33 12423979 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Robbert van Soerland\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ROBBER~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on za 28-12-2013 at 17:14:54,16 ======================

Foutje dit was de log :)
 
Hallo,

Voer zoek.exe nogmaals uit met de volgende code;
Code:
[HKEY_USERS\S-1-5-21-1687467974-2363327161-508467261-1001\Software\Microsoft\Windows\CurrentVersion\Run]r
"ConduitFloatingPlugin_ojpijjmpahflnipadmlpgbjmagm jchkk"=-;r
C:\Users\ROBBER~1\AppData\Local\Temp\CT2504091;fs
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run];r
"ConduitFloatingPlugin_ojpijjmpahflnipadmlpgbjmagm jchkk"=-;r
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r64
"AppInit_DLLs"=-;r64
C:\PROGRA~2\SearchProtect;fs

Plaats het verkregen logje en vertel erbij hoe het gaat.
 
[/COLOR]Zoek.exe v5.0.0.0 Updated 02-Januari-2014
Tool run by Robbert van Soerland on do 02-01-2014 at 16:48:36,75.
Microsoft Windows 8 Pro 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Robbert van Soerland\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2013-12-28-161454.log 44651 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

"ConduitFloatingPlugin_ojpijjmpahflnipadmlpgbjmagm jchkk"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ConduitFloatingPlugin_ojpijjmpahflnipadmlpgbjmagm jchkk"=-

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Users\ROBBER~1\AppData\Local\Temp\CT2504091 not found
C:\PROGRA~2\SearchProtect not found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=35 folders=33 12423979 bytes)

==== EOF on do 02-01-2014 at 16:49:25,01 ======================

Dit was het logje wat ik kreeg. Verder gebeurde er niks.
Heb mijn pc daarna opnieuw opgestart en kreeg weer hetzelfde berichtje.

There was a problem starting

C:\Users\ROBBER~1\AppData\Local\Temp\CT2504091\plu gins\TBVerifier.dll

The specified module could not be found.
 
Hallo,
Download de
51a5c8edc4692-icon1337952077.png
Farbar Recovery Scan Tool 32 of 64 bit van n van de onderstaande links
Farbar Recovery Scan Tool 32 bit (x86)
Farbar Recovery Scan Tool 64 bit (x64)
Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

Farbar Recovery Scan Tool uitvoeren
  • Dubbelklik op FRST.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
  • Druk vervolgens op de Scan knop, er zal nu eerst een back-up van het register worden gemaakt.
  • Wanneer de scan gereed is worden er twee logbestanden aangemaakt met de naam (FRST.txt) & (Addition.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
  • Voeg dit logbestand toe aan het volgende bericht.
 
Bricht heropend op verzoek.


Hier zijn de links. Heb het even in dropbox gezet omdat het te groot was voor dit bericht.

Addition.txt:https://www.dropbox.com/s/1lnlf0w1mi59xtc/Addition.txt
FRST.txt:https://www.dropbox.com/s/52hvmo3484y32pe/FRST.txt

Ik hoop dat je er wat mee kan, want dat berichtje van die rundll. error begint wel heel irritant te worden als ik elke keer mijn pc opnieuw opstart.
Alvast super bedankt.

Mvg,

Robbert

---------- Bericht toegevoegd op 09:54 ---------- Vorige bericht was op 09:35 ----------

Hallo,

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

HKU\S-1-5-21-1687467974-2363327161-508467261-1001\...\Run: [ConduitFloatingPlugin_ojpijjmpahflnipadmlpgbjmagmjchkk] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\ROBBER~1\AppData\Local\Temp\CT2504091\plugins\TBVerifier.dll",RunConduitFloatingPlugin ojpijjmpahflnipadmlpgbjmagmjchkk <===== ATTENTION
CHR HomePage: hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=48&CUI=UN16765411511201610&UM=1&UP=SPBF19A616-A93E-41E9-B99C-9684CDBBB789&SSPV=
C:\Users\Robbert van Soerland\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Robbert van Soerland\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgfg55u.dll
C:\Users\Robbert van Soerland\AppData\Local\Temp\Gw2.exe
C:\Users\Robbert van Soerland\AppData\Local\Temp\i4jdel0.exe
C:\Users\Robbert van Soerland\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Robbert van Soerland\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Robbert van Soerland\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Robbert van Soerland\AppData\Local\Temp\nvStInst.exe


Sla hem op als fixlist.txt en plaats hem op je bureaublad.
Zorg dat FRST.exe ook op het bureaublad staat.

Start de
51a5c8edc4692-icon1337952077.png
Farbar Recovery Scan Tool nogmaals.

  • Dubbelklik op FRST.exe om de tool te starten.
  • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
  • Druk op de Fix knop
  • Er zal u een logbestand aangemaakt worden (fixlog.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
  • Voeg dit logbestand toe aan het volgende bericht..
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan