Mededeling

Collapse
No announcement yet.

bedreiging: java: Malware-gen (trj)

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • bedreiging: java: Malware-gen (trj)

    Hallo,

    ik scan de computer regelmatig (allerlei programma's), met af en toe een opstartscan (avast) en ineens komt er een trj (2x iets met java) naar voren.
    Deze heb ik verwijderd maar de computer blijft traag..
    Misschien iets nog niet goed? verdere scans vinden niks

    Hierbij mijn logs, bedankt alvast!

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.11.16.02

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 10.0.9200.16736
    Leutscher :: LEUTSCHER-PC [administrator]

    16-11-2013 12:57:58
    mbam-log-2013-11-16 (12-57-58).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 194668
    Verstreken tijd: 9 minuut/minuten, 53 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2
    Run by Leutscher at 12:13:32 on 2013-11-16
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.2038.913 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\bgsvcgen.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mDefault_Page_URL = hxxp://www.google.com
    mSearchAssistant = hxxp://www.google.com
    mCustomizeSearch = hxxp://www.google.com
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
    uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    uRun: [ConduitFloatingPlugin_kdfbddbdpnahdahmamlolacimfdbeckk] "c:\windows\system32\rundll32.exe" "c:\program files\conduit\ct3281675\plugins\TBVerifier.dll",RunConduitFloatingPlugin kdfbddbdpnahdahmamlolacimfdbeckk
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
    mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\leutsc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Verzenden naar OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    TCP: NameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{7D6F87F4-5E5C-472F-9E9D-7AB2A03C2DA2} : DHCPNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{7D6F87F4-5E5C-472F-9E9D-7AB2A03C2DA2}\25F6562746F6D60733 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{7D6F87F4-5E5C-472F-9E9D-7AB2A03C2DA2}\3596475636F6D6031393641334 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{7D6F87F4-5E5C-472F-9E9D-7AB2A03C2DA2}\4505D2C494E4B4F5245454836363 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{F0E090E0-D983-4E3A-9DDD-B34FC8285613} : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-5 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-5 178304]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-28 774392]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2011-7-28 403440]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-28 35656]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-28 70384]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-23 50344]
    R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-4-25 30312]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-6-4 84248]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-12-23 36608]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-30 15872]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-4-25 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-4-25 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-4-25 136808]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-4-25 114280]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-6-4 181912]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-30 52224]
    S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-29 1343400]
    .
    =============== File Associations ===============
    .
    ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
    .
    =============== Created Last 30 ================
    .
    2013-11-16 10:30:33 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{78507f82-fdf3-45bb-8446-bc8d1b455789}\mpengine.dll
    2013-11-14 19:43:25 1796096 ----a-w- c:\windows\system32\authui.dll
    2013-11-14 07:49:01 -------- d-----w- C:\860facd1c2e8a1db39720326dce5ac
    2013-11-13 13:28:51 -------- d-----w- c:\users\leutscher\appdata\local\Adobe
    2013-10-23 13:48:23 -------- d-----w- c:\programdata\Oracle
    2013-10-23 12:52:30 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-10-23 11:20:18 -------- d-----w- c:\users\leutscher\appdata\roaming\AVAST Software
    .
    ==================== Find3M ====================
    .
    2013-10-23 11:16:21 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-10-23 11:16:21 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-10-23 11:16:21 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-10-23 11:16:21 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-10-23 11:16:21 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-10-23 11:16:20 43152 ----a-w- c:\windows\avastSS.scr
    2013-10-12 07:03:50 1767936 ----a-w- c:\windows\system32\wininet.dll
    2013-10-12 07:02:33 2877952 ----a-w- c:\windows\system32\jscript9.dll
    2013-10-12 07:02:29 61440 ----a-w- c:\windows\system32\iesetup.dll
    2013-10-12 07:02:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2013-10-12 06:08:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-10-12 05:15:39 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
    2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-10-09 10:57:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-10-09 10:57:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll
    2013-10-04 01:58:50 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
    2013-10-04 01:56:25 168960 ----a-w- c:\windows\system32\credui.dll
    2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll
    2013-09-25 02:01:08 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-09-25 02:01:06 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll
    2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll
    2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll
    2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe
    2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-09-11 08:05:55 6583664 ----a-w- c:\program files\AVAS
    2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
    2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
    2013-09-03 12:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
    2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
    2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
    2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys
    2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
    .
    ============= FINISH: 12:14:09,38 ===============

  • #2
    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-11-16 12:56:31
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500BPVT-00ZEST0 rev.01.01A01 232,89GB
    Running: 1znplg68.exe; Driver: C:\Users\LEUTSC~1\AppData\Local\Temp\kwtyyuoc.sys


    ---- System - GMER 2.1 ----

    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x890B4B10]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x890B55EE]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x890C15E0]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x890C162C]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x890C17C6]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x890C154E]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSection [0x890C1670]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x890C1596]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x890B5B24]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x890B5D40]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x890C1780]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x890B63DC]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x890B4B76]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x890B9B58]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x890B475E]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x890B4BDC]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x890B9F4E]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x890B6E6C]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x890C160A]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x890C164E]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x890C17EA]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x890C1574]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x890B9452]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x890C16FE]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x890C15BE]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x890B983A]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x890C17A4]
    SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8E6CD0CC]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x890B6D38]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x890B6A46]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x890B4C42]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x890B4CA8]
    SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x8E6CD316]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x890B47F8]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x890B49CE]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x890B495C]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x890B65A6]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x890B6708]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x890B4A56]
    SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x8E6CD194]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x890B6236]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x890B4D0E]
    SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x890B564A]

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C89A15 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC3212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CCA460 4 Bytes [10, 4B, 0B, 89]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82CCA4E8 4 Bytes [EE, 55, 0B, 89]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82CCA53C 8 Bytes [E0, 15, 0C, 89, 2C, 16, 0C, ...] {LOOPNZ 0x17; OR AL, 0x89; SUB AL, 0x16; OR AL, 0x89}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82CCA548 4 Bytes JMP 8EE46BCF
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82CCA564 4 Bytes [4E, 15, 0C, 89]
    .text ...
    ? C:\Users\LEUTSC~1\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven pad niet vinden. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\System32\hkcmd.exe[192] kernel32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text C:\Windows\system32\csrss.exe[524] kernel32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[564] kernel32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text C:\Windows\system32\csrss.exe[580] kernel32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text C:\Windows\system32\services.exe[628] kernel32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text ...
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtCreateFile + 6 77DA560E 4 Bytes [28, D8, AF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtCreateFile + B 77DA5613 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtMapViewOfSection + 6 77DA5C6E 4 Bytes [28, DB, AF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtMapViewOfSection + B 77DA5C73 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenFile + 6 77DA5D1E 4 Bytes [68, D8, AF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenFile + B 77DA5D23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcess + 6 77DA5DCE 4 Bytes [A8, D9, AF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcess + B 77DA5DD3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcessToken + B 77DA5DE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcessTokenEx + 6 77DA5DEE 4 Bytes [A8, DA, AF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenProcessTokenEx + B 77DA5DF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThread + 6 77DA5E4E 4 Bytes [68, D9, AF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThread + B 77DA5E53 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThreadToken + 6 77DA5E5E 4 Bytes [68, DA, AF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThreadToken + B 77DA5E63 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtOpenThreadTokenEx + B 77DA5E73 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtQueryAttributesFile + 6 77DA5F7E 4 Bytes [A8, D8, AF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtQueryAttributesFile + B 77DA5F83 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtQueryFullAttributesFile + B 77DA6033 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtSetInformationFile + 6 77DA667E 4 Bytes [28, D9, AF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtSetInformationFile + B 77DA6683 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtSetInformationThread + 6 77DA66DE 4 Bytes [28, DA, AF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtSetInformationThread + B 77DA66E3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtTerminateProcess 77DA6908 5 Bytes JMP 00378DED C:\Program Files\Google\Chrome\Application\chrome.exe
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtUnmapViewOfSection + 6 77DA69FE 4 Bytes [68, DB, AF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!NtUnmapViewOfSection + B 77DA6A03 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!LdrUnloadDll 77DBC8DE 5 Bytes JMP 00CC03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 00CC01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3660] KERNEL32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3716] kernel32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtCreateFile + 6 77DA560E 4 Bytes [28, 0C, E1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtCreateFile + B 77DA5613 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtMapViewOfSection + 6 77DA5C6E 4 Bytes [28, 0F, E1, 00] {SUB [EDI], CL; LOOPZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtMapViewOfSection + B 77DA5C73 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtOpenFile + 6 77DA5D1E 4 Bytes [68, 0C, E1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtOpenFile + B 77DA5D23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtOpenProcess + 6 77DA5DCE 4 Bytes [A8, 0D, E1, 00] {TEST AL, 0xd; LOOPZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtOpenProcess + B 77DA5DD3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtOpenProcessToken + B 77DA5DE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtOpenProcessTokenEx + 6 77DA5DEE 4 Bytes [A8, 0E, E1, 00] {TEST AL, 0xe; LOOPZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtOpenProcessTokenEx + B 77DA5DF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtOpenThread + 6 77DA5E4E 4 Bytes [68, 0D, E1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtOpenThread + B 77DA5E53 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtOpenThreadToken + 6 77DA5E5E 4 Bytes [68, 0E, E1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtOpenThreadToken + B 77DA5E63 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtOpenThreadTokenEx + B 77DA5E73 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtQueryAttributesFile + 6 77DA5F7E 4 Bytes [A8, 0C, E1, 00] {TEST AL, 0xc; LOOPZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtQueryAttributesFile + B 77DA5F83 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtQueryFullAttributesFile + B 77DA6033 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtSetInformationFile + 6 77DA667E 4 Bytes [28, 0D, E1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtSetInformationFile + B 77DA6683 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtSetInformationThread + 6 77DA66DE 4 Bytes [28, 0E, E1, 00] {SUB [ESI], CL; LOOPZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtSetInformationThread + B 77DA66E3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtTerminateProcess 77DA6908 5 Bytes JMP 00378DED C:\Program Files\Google\Chrome\Application\chrome.exe
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtUnmapViewOfSection + 6 77DA69FE 4 Bytes [68, 0F, E1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!NtUnmapViewOfSection + B 77DA6A03 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!LdrUnloadDll 77DBC8DE 5 Bytes JMP 00E703FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 00E701F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4584] KERNEL32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5044] kernel32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text C:\Windows\system32\taskhost.exe[6096] kernel32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6664] ntdll.dll!LdrUnloadDll 77DBC8DE 5 Bytes JMP 000E03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6664] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 000E01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6664] KERNEL32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtCreateFile + 6 77DA560E 4 Bytes [28, 04, 44, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtCreateFile + B 77DA5613 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtMapViewOfSection + 6 77DA5C6E 4 Bytes [28, 07, 44, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtMapViewOfSection + B 77DA5C73 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenFile + 6 77DA5D1E 4 Bytes [68, 04, 44, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenFile + B 77DA5D23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenProcess + 6 77DA5DCE 4 Bytes [A8, 05, 44, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenProcess + B 77DA5DD3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenProcessToken + 6 77DA5DDE 4 Bytes CALL 76DAA1E8 C:\Windows\system32\iertutil.dll
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenProcessToken + B 77DA5DE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenProcessTokenEx + 6 77DA5DEE 4 Bytes [A8, 06, 44, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenProcessTokenEx + B 77DA5DF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenThread + 6 77DA5E4E 4 Bytes [68, 05, 44, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenThread + B 77DA5E53 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenThreadToken + 6 77DA5E5E 4 Bytes [68, 06, 44, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenThreadToken + B 77DA5E63 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenThreadTokenEx + 6 77DA5E6E 4 Bytes CALL 76DAA279 C:\Windows\system32\iertutil.dll
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtOpenThreadTokenEx + B 77DA5E73 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtQueryAttributesFile + 6 77DA5F7E 4 Bytes [A8, 04, 44, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtQueryAttributesFile + B 77DA5F83 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtQueryFullAttributesFile + 6 77DA602E 4 Bytes CALL 76DAA437 C:\Windows\system32\iertutil.dll
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtQueryFullAttributesFile + B 77DA6033 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtSetInformationFile + 6 77DA667E 4 Bytes [28, 05, 44, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtSetInformationFile + B 77DA6683 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtSetInformationThread + 6 77DA66DE 4 Bytes [28, 06, 44, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtSetInformationThread + B 77DA66E3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtTerminateProcess 77DA6908 5 Bytes JMP 00378DED C:\Program Files\Google\Chrome\Application\chrome.exe
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtUnmapViewOfSection + 6 77DA69FE 4 Bytes [68, 07, 44, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!NtUnmapViewOfSection + B 77DA6A03 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!LdrUnloadDll 77DBC8DE 5 Bytes JMP 005503FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 005501F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6876] KERNEL32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtCreateFile + 6 77DA560E 4 Bytes [28, BC, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtCreateFile + B 77DA5613 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtMapViewOfSection + 6 77DA5C6E 4 Bytes [28, BF, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtMapViewOfSection + B 77DA5C73 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenFile + 6 77DA5D1E 4 Bytes [68, BC, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenFile + B 77DA5D23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenProcess + 6 77DA5DCE 4 Bytes [A8, BD, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenProcess + B 77DA5DD3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenProcessToken + 6 77DA5DDE 4 Bytes CALL 76DAB8A0 C:\Windows\system32\iertutil.dll
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenProcessToken + B 77DA5DE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenProcessTokenEx + 6 77DA5DEE 4 Bytes [A8, BE, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenProcessTokenEx + B 77DA5DF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenThread + 6 77DA5E4E 4 Bytes [68, BD, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenThread + B 77DA5E53 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenThreadToken + 6 77DA5E5E 4 Bytes [68, BE, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenThreadToken + B 77DA5E63 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenThreadTokenEx + 6 77DA5E6E 4 Bytes CALL 76DAB931 C:\Windows\system32\iertutil.dll
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtOpenThreadTokenEx + B 77DA5E73 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtQueryAttributesFile + 6 77DA5F7E 4 Bytes [A8, BC, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtQueryAttributesFile + B 77DA5F83 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtQueryFullAttributesFile + 6 77DA602E 4 Bytes CALL 76DABAEF C:\Windows\system32\iertutil.dll
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtQueryFullAttributesFile + B 77DA6033 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtSetInformationFile + 6 77DA667E 4 Bytes [28, BD, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtSetInformationFile + B 77DA6683 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtSetInformationThread + 6 77DA66DE 4 Bytes [28, BE, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtSetInformationThread + B 77DA66E3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtTerminateProcess 77DA6908 5 Bytes JMP 00378DED C:\Program Files\Google\Chrome\Application\chrome.exe
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtUnmapViewOfSection + 6 77DA69FE 4 Bytes [68, BF, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!NtUnmapViewOfSection + B 77DA6A03 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!LdrUnloadDll 77DBC8DE 5 Bytes JMP 005F03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 005F01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8012] KERNEL32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text C:\Users\Leutscher\Downloads\1znplg68.exe[8148] kernel32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtCreateFile + 6 77DA560E 4 Bytes [28, 24, 1D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtCreateFile + B 77DA5613 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtMapViewOfSection + 6 77DA5C6E 4 Bytes [28, 27, 1D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtMapViewOfSection + B 77DA5C73 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenFile + 6 77DA5D1E 4 Bytes [68, 24, 1D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenFile + B 77DA5D23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenProcess + 6 77DA5DCE 4 Bytes [A8, 25, 1D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenProcess + B 77DA5DD3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenProcessToken + 6 77DA5DDE 4 Bytes CALL 76DA7B08 C:\Windows\system32\iertutil.dll
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenProcessToken + B 77DA5DE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenProcessTokenEx + 6 77DA5DEE 4 Bytes [A8, 26, 1D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenProcessTokenEx + B 77DA5DF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenThread + 6 77DA5E4E 4 Bytes [68, 25, 1D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenThread + B 77DA5E53 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenThreadToken + 6 77DA5E5E 4 Bytes [68, 26, 1D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenThreadToken + B 77DA5E63 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenThreadTokenEx + 6 77DA5E6E 4 Bytes CALL 76DA7B99 C:\Windows\system32\iertutil.dll
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtOpenThreadTokenEx + B 77DA5E73 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtQueryAttributesFile + 6 77DA5F7E 4 Bytes [A8, 24, 1D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtQueryAttributesFile + B 77DA5F83 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtQueryFullAttributesFile + 6 77DA602E 4 Bytes CALL 76DA7D57 C:\Windows\system32\iertutil.dll
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtQueryFullAttributesFile + B 77DA6033 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtSetInformationFile + 6 77DA667E 4 Bytes [28, 25, 1D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtSetInformationFile + B 77DA6683 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtSetInformationThread + 6 77DA66DE 4 Bytes [28, 26, 1D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtSetInformationThread + B 77DA66E3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtTerminateProcess 77DA6908 5 Bytes JMP 00378DED C:\Program Files\Google\Chrome\Application\chrome.exe
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtUnmapViewOfSection + 6 77DA69FE 4 Bytes [68, 27, 1D, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!NtUnmapViewOfSection + B 77DA6A03 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!LdrUnloadDll 77DBC8DE 5 Bytes JMP 003303FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 003301F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[8152] KERNEL32.dll!GetBinaryTypeW + 70 77F169E4 1 Byte [62]

    ---- User IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748724CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7485562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748556EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74872546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748685AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74864D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74865105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748651DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74866707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74868301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74868850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748690B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7486E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[2952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74864C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b3 6\gdiplus.dll

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys

    ---- EOF - GMER 2.1 ----

    Comment


    • #3
      Download Zoek.zip naar het bureaublad.
      1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
      2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

      • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
      • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
      • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
      • Kopieer nu onderstaande code en plak die in het grote invulvenster:
      • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
        Code:
         
        [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers];e
        torpigcheck;
        emptyclsid;
        emptyfolderscheck;delete
        firefoxlook; 
        Chromelook;  
        autoclean; 
        iedefaults; 
        filesrcm;
      • Klik nu op de knop "Run script".
      • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
      • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
      • Post het geopende logje in het volgende bericht als bijlage.

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        Zoek.exe Version 4.0.0.5 Updated 14-November-2013
        Tool run by Leutscher on zo 17-11-2013 at 19:42:11,04.
        Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
        Running in: Normal Mode Internet Access Detected
        Launched: C:\Users\Leutscher\Desktop\zoek.exe [Script inserted]

        ==== System Restore Info ======================

        17-11-2013 19:43:43 Zoek.exe System Restore Point Created Succesfully.

        ==== Torpig Check ======================

        HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
        HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll


        ==== Empty Folders Check ======================

        C:\Program Files\AVS4YOU deleted successfully
        C:\Program Files\Freemake deleted successfully
        C:\Program Files\MSXML 4.0 deleted successfully
        C:\ProgramData\Oracle deleted successfully

        ==== Deleting CLSID Registry Keys ======================


        ==== Deleting CLSID Registry Values ======================


        ==== Deleting Services ======================


        ==== FireFox Fix ======================

        ProfilePath: C:\Users\Leutscher\AppData\Roaming\Mozilla\Firefox\Profiles\0

        prefs.js not found
        user.js not found
        ---- FireFox user.js and prefs.js backups ----


        ==== Deleting Files \ Folders ======================

        C:\Users\Leutscher\AppData\Local\CRE deleted
        C:\Users\Leutscher\Downloads\sopcast.nl.zip deleted
        C:\Users\Leutscher\AppData\LocalLow\Conduit deleted
        C:\Windows\system32\tasks\Desk 365 RunAsStdUser deleted
        C:\END deleted
        C:\Windows\System32\searchplugins deleted
        C:\Windows\System32\Extensions deleted
        "C:\Users\Leutscher\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]" deleted

        ==== Registry Exports ======================

        [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers]

        [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem]
        @="{217FC9C0-3AEA-1069-A2DB-08002B30309D}"

        [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing]
        @="{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"


        ==== Files Recently Created / Modified ======================

        ====== C:\Windows ====
        ====== C:\Users\LEUTSC~1\AppData\Local\Temp ====
        2013-11-17 11:44:33 949AF3E92B8ADF423A222F4A27A41A30 115137 ----a-w- C:\Users\Leutscher\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
        ====== Java Cache =====
        ====== C:\Windows\system32 =====
        2013-11-14 19:59:59 FED1803F2F9C4BDBA8267EA2DE47CFE2 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
        2013-11-14 19:59:59 6AD683FF326836EB6AE63B1F144A4F9D 690688 ----a-w- C:\Windows\System32\jscript.dll
        2013-11-14 19:59:58 D42525513055C0A65FD4BEFAFACEB134 2877952 ----a-w- C:\Windows\System32\jscript9.dll
        2013-11-14 19:59:57 98B05ADD60BAA432E708BAFEBE5B1D70 39424 ----a-w- C:\Windows\System32\jsproxy.dll
        2013-11-14 19:59:56 FEB2F07A980A9844AD1B5E886C9B5338 391168 ----a-w- C:\Windows\System32\ieui.dll
        2013-11-14 19:59:56 E841206E319069920C394A5E3842568F 61440 ----a-w- C:\Windows\System32\iesetup.dll
        2013-11-14 19:59:55 AD6639EF2BD655C7E630B6BCF7203463 493056 ----a-w- C:\Windows\System32\msfeeds.dll
        2013-11-14 19:59:55 8317DD8D4095FE4076E9F6EC3A747940 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
        2013-11-14 19:59:55 70F131E94E1B4496469A563C85279192 33280 ----a-w- C:\Windows\System32\iernonce.dll
        2013-11-14 19:59:55 22A7CC05BE272D9500B312489E6950EB 42496 ----a-w- C:\Windows\System32\ie4uinit.exe
        2013-11-14 19:59:54 A5897063A4B6796EFB7B34CEC5BC739F 1138176 ----a-w- C:\Windows\System32\urlmon.dll
        2013-11-14 19:59:54 8D98D99DC6D4033591354156CEB25153 109056 ----a-w- C:\Windows\System32\iesysprep.dll
        2013-11-14 19:59:53 DA5374911037841F81072A4DCBB02D93 2049024 ----a-w- C:\Windows\System32\iertutil.dll
        2013-11-14 19:59:51 5FD4335DCD343D0FEA9FA6B18ED408D9 1767936 ----a-w- C:\Windows\System32\wininet.dll
        2013-11-14 19:59:48 1191434BB424F18C2609AB5C955DD14E 13761024 ----a-w- C:\Windows\System32\ieframe.dll
        2013-11-14 19:59:46 02A04841906A8892AD6CC7BDBCB5F61D 14355968 ----a-w- C:\Windows\System32\mshtml.dll
        2013-11-14 19:43:25 EE7CB55F77465CDAC4C80F587FF7C278 1796096 ----a-w- C:\Windows\System32\authui.dll
        2013-11-14 19:43:25 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 ----a-w- C:\Windows\System32\credui.dll
        2013-11-14 19:43:25 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
        2013-11-14 19:43:20 AA6F6457116B559B76BC6A012CB4C293 247808 ----a-w- C:\Windows\System32\schannel.dll
        2013-11-14 19:43:19 EF6950D7B24AAF4E477065F5455DD4F8 1038848 ----a-w- C:\Windows\System32\lsasrv.dll
        2013-11-14 19:43:19 BD6B9BC84D004C6BEE89CF7BDB95E1FC 99840 ----a-w- C:\Windows\System32\sspicli.dll
        2013-11-14 19:43:18 AD7FB087A238883D1618F29F7BBBD584 220160 ----a-w- C:\Windows\System32\ncrypt.dll
        2013-11-14 19:43:18 803B370865D907EA21DC0C2B6A8936B5 22016 ----a-w- C:\Windows\System32\lsass.exe
        2013-11-14 19:43:18 372948BB5E41CE42341C4398DE572E56 22016 ----a-w- C:\Windows\System32\secur32.dll
        2013-11-14 19:43:17 D89077E2E1C88A29C57F21FAD28DAC45 15872 ----a-w- C:\Windows\System32\sspisrv.dll
        2013-11-14 19:43:13 5A775CAE7CCCAC581C05B8D2C92C0DF1 305152 ----a-w- C:\Windows\System32\gdi32.dll
        2013-11-14 19:43:12 B9C54120F46392100478F58F374E5709 679424 ----a-w- C:\Windows\System32\IKEEXT.DLL
        2013-11-14 19:43:11 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
        2013-11-14 19:43:11 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\System32\nshwfp.dll
        2013-11-14 19:43:08 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\System32\crypt32.dll
        ====== C:\Windows\system32\drivers =====
        2013-11-14 19:43:19 F286830298323272260332D6ABC905C1 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
        2013-11-14 19:43:19 D7C760D57B1656DD748B9E4AB6CB5A51 136640 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
        2013-11-14 19:43:19 85449EEBE8F8EBD6481EFBF0F352B4EB 369848 ----a-w- C:\Windows\System32\drivers\cng.sys
        ====== C:\Windows\Tasks ======
        ====== C:\Windows\Temp ======
        ======= C:\Program Files =====
        2013-10-23 12:52:47 -------- d-----w- C:\Program Files\Common Files\Java
        ======= C: =====
        ====== C:\Users\Leutscher\AppData\Roaming ======
        2013-11-13 13:28:51 -------- d-----w- C:\Users\Leutscher\AppData\Local\Adobe
        2013-11-06 15:17:11 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm
        2013-11-06 15:14:05 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking
        ====== C:\Users\Leutscher ======
        2013-11-16 11:32:12 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Leutscher\Downloads\1znplg68.exe
        2013-11-16 11:15:10 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Leutscher\Downloads\6dpdpd0j.exe
        2013-11-16 11:11:52 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Leutscher\Downloads\dds.com
        2013-11-16 11:10:40 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Leutscher\Downloads\Defogger.exe
        2013-11-13 11:01:35 76B1717148C114D3A47147B1A5CCFFEA 4379048 ----a-w- C:\Users\Leutscher\Downloads\ccsetup407.exe
        2013-10-23 12:52:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
        2013-10-23 11:16:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

        ====== C: exe-files ==
        2013-11-16 11:32:12 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Leutscher\Downloads\1znplg68.exe
        2013-11-16 11:15:10 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Leutscher\Downloads\6dpdpd0j.exe
        2013-11-16 11:10:40 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Leutscher\Downloads\Defogger.exe
        2013-11-16 10:18:45 E714A26715478EAC94DEB4514BF68EA2 35300192 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\31.0.1650.57\31.0.1650.57_chrome_installer.exe
        2013-11-15 13:23:29 1A7C91AC6F14EBB22688704A13DC8D17 12598112 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\31.0.1650.57\31.0.1650.57_30.0.1599.101_chrome_updater.exe
        2013-11-14 19:59:55 8317DD8D4095FE4076E9F6EC3A747940 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
        2013-11-14 19:59:55 22A7CC05BE272D9500B312489E6950EB 42496 ----a-w- C:\Windows\System32\ie4uinit.exe
        2013-11-14 19:59:51 D7D5768B8A697FCBAEE2CFE137070F02 770736 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
        2013-11-14 19:43:18 803B370865D907EA21DC0C2B6A8936B5 22016 ----a-w- C:\Windows\System32\lsass.exe
        2013-11-13 11:01:35 76B1717148C114D3A47147B1A5CCFFEA 4379048 ----a-w- C:\Users\Leutscher\Downloads\ccsetup407.exe
        === C: other files ==
        2013-11-16 12:14:47 793A02AF833567E7D02D6705913515B4 49565 ----a-w- C:\Users\Leutscher\Downloads\dit kan ik al.zip
        2013-11-16 11:11:52 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Leutscher\Downloads\dds.com
        2013-11-14 19:43:19 F286830298323272260332D6ABC905C1 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
        2013-11-14 19:43:19 D7C760D57B1656DD748B9E4AB6CB5A51 136640 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
        2013-11-14 19:43:19 85449EEBE8F8EBD6481EFBF0F352B4EB 369848 ----a-w- C:\Windows\System32\drivers\cng.sys

        ==== Folders in C:\ProgramData 0-6 Months Old ======================

        2013-07-27 19:40:21 -------- d-----w- C:\ProgramData\Spotnet
        2013-07-31 18:23:15 -------- d--h--w- C:\ProgramData\Common Files
        2013-07-31 18:23:16 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
        2013-08-03 18:55:21 -------- d-----w- C:\ProgramData\AVS4YOU

        ==== Firefox Extensions ======================

        ==== Firefox Plugins ======================


        ==== Chrome Look ======================

        HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
        jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found
        kdfbddbdpnahdahmamlolacimfdbeckk - C:\Users\Leutscher\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx

        HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
        kdfbddbdpnahdahmamlolacimfdbeckk - C:\Users\Leutscher\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx

        YouTube - Leutscher - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
        Google Search - Leutscher - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
        avast Online Security - Leutscher - Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
        Google Wallet - Leutscher - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
        Gmail - Leutscher - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

        ==== Set IE to Default ======================

        Old Values:
        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
        "Start Page"="http://www.google.com"
        "Default_Page_URL"="http://www.google.com"
        [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
        "Default_Page_URL"="http://www.google.com"
        "Start Page"="http://www.google.com"
        [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
        "CustomizeSearch"="http://www.google.com"
        "SearchAssistant"="http://www.google.com"

        New Values:
        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
        "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
        "Start Page"="http://www.google.com"
        [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
        "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
        "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
        [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
        "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
        "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

        ==== All HKCU SearchScopes ======================

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
        "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
        {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
        {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"

        ==== Deleting Registry Keys ======================

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4E970999-FA02-8C0B-FFE2-B83419959FF3} deleted successfully
        HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully
        HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk deleted successfully
        HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk deleted successfully

        ==== Empty IE Cache ======================

        C:\Users\Leutscher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
        C:\Users\Leutscher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
        C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
        C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
        C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

        ==== Empty FireFox Cache ======================

        No FireFox Cache found

        ==== Empty Chrome Cache ======================

        C:\Users\Leutscher\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

        ==== Empty All Flash Cache ======================

        Flash Cache Emptied Successfully

        ==== Empty All Java Cache ======================

        Java Cache cleared successfully

        ==== After Reboot ======================

        ==== Empty Temp Folders ======================

        C:\Windows\Temp successfully emptied
        C:\Users\LEUTSC~1\AppData\Local\Temp successfully emptied

        ==== Empty Recycle Bin ======================

        C:\$RECYCLE.BIN successfully emptied

        ==== EOF on zo 17-11-2013 at 19:58:56,32 ======================

        Comment


        • #5
          zie nu dat het als bijlage moest, hopelijk is het zo ook goed?

          Comment


          • #6
            Prima hoor, hoe gaat het nu?

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Het internetten gaat weer zoals het hoort.
              Ik heb alleen bij het opstarten een fout melding, enig idee hoe ik dat goed krijg?
              Click image for larger version

Name:	2013-11-17 20.19.59-1.jpg
Views:	1
Size:	28,7 KB
ID:	1067412

              Comment


              • #8
                Tja dat is verwijderd, wellicht staat er nog een restje,.

                Download AdwCleaner by Xplode naar het bureaublad.
                • Sluit alle openstaande vensters.
                • Dubbelklik op AdwCleaner om hem te starten.
                • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
                • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                • Klik vervolgens op Scan.
                • Klik vervolgens op Clean als er items zijn gevonden.
                • Klik bij Herstarten Noodzakelijk op OK


                Nadat de PC opnieuw is opgestart, opent meestal een logfile.
                Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[S0].txt.

                Logbestand plaatsen
                • Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[S0].txt als bijlage toe aan het volgende bericht.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  # AdwCleaner v3.012 - Report created 18/11/2013 at 20:28:42
                  # Updated 11/11/2013 by Xplode
                  # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
                  # Username : Leutscher - LEUTSCHER-PC
                  # Running from : C:\Users\Leutscher\Downloads\adwcleaner.exe
                  # Option : Clean

                  ***** [ Services ] *****


                  ***** [ Files / Folders ] *****

                  Folder Deleted : C:\ProgramData\NCH Software
                  Folder Deleted : C:\Program Files\NCH Software
                  Folder Deleted : C:\Users\Leutscher\AppData\Roaming\NCH Software

                  ***** [ Shortcuts ] *****


                  ***** [ Registry ] *****

                  [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5C822EA-6BD9-44C6-89FD-5275012B8D31}
                  [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5C822EA-6BD9-44C6-89FD-5275012B8D31}
                  Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
                  Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
                  Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
                  Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
                  Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
                  Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_mp3directcut_RASAPI32
                  Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_mp3directcut_RASMANCS
                  Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_kdfbddbdpnahdahmamlolacimfdbeckk]
                  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
                  Key Deleted : HKCU\Software\APN PIP
                  Key Deleted : HKCU\Software\Conduit
                  Key Deleted : HKCU\Software\NCH Software
                  Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
                  Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
                  Key Deleted : HKLM\Software\Conduit
                  Key Deleted : HKLM\Software\hdcode
                  Key Deleted : HKLM\Software\NCH Software
                  Key Deleted : HKLM\Software\PIP

                  ***** [ Browsers ] *****

                  -\\ Internet Explorer v10.0.9200.16736


                  -\\ Mozilla Firefox v

                  [ File : C:\Users\Leutscher\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


                  -\\ Google Chrome v31.0.1650.57

                  [ File : C:\Users\Leutscher\AppData\Local\Google\Chrome\User Data\Default\preferences ]

                  Deleted : homepage

                  *************************

                  AdwCleaner[R0].txt - [2428 octets] - [18/11/2013 20:26:13]
                  AdwCleaner[S0].txt - [2392 octets] - [18/11/2013 20:28:42]

                  ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2452 octets] ##########

                  Comment


                  • #10
                    Melding weg ?

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      ja, de melding is ook weg. Bedankt!
                      Moet ik nu de programma's die geïnstalleerd zijn verwijderen?

                      Comment


                      • #12
                        Ja, dat kan dmv dit tooltje, mocht er nog iets blijven staan kan je die handmatig verwijderen.

                        Download Delfix by Xplode naar het bureaublad.

                        Dubbelklik op Delfix.exe om de tool te starten.
                        Zet nu vinkjes voor de volgende items:
                        • Activate UAC
                        • Remove disinfection tools
                        • Create registry backup
                        • Purge System Restore
                        • Reset system settings

                        Klik nu op "Run" en wacht geduldig tot de tool gereed is.
                        Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Gedaan, bedankt voor alle hulp!

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X