Mededeling

Collapse
No announcement yet.

Gameharbor / extendedunlimited virus

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Gameharbor / extendedunlimited virus

    Hallo,

    Ik heb sinds enkele dagen dat er telkens een ms dos venster opende en daarna een internetsite werd geopend. Dit wilde ik weghalen en verschillende topics langsgelopen, want ik wilde jullie niet weer lastig vallen.

    Nu is een systeemherstel naar een eerder punt niet gelukt en na twee uur heb ik de computer uitgedaan. Nu is hij niet mee rop te starten en op dit moment heb ik eindelijke de computer weer aangekregen via veilige modus.

    Malwarebytes laten draaien maar die maakt ook de scan niet af dus kan ook geen logjes posten.

    Wat moet ik doen?!


    Ik heb ook zo'n topic aangehouden waar het over hetzelfde virus ging en men windows all in one repair gebruikte, heb idee dat er toen iets is aangepast waardoor ik nog meer problemen kreeg.
    Last edited by leoon.; 17-09-14, 22:16.

  • #2
    Malwarebytes wil dus niet voltooien.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: BrowserJavaVersion: 10.67.2
    Run by Leon at 23:17:43 on 2014-09-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6042.4275 [GMT 2:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\wbem\WmiPrvSE.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Spotify Web Helper] "C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    uRun: [ACEStream] C:\Users\Leon\AppData\Roaming\ACEStream\engine\ace_engine.exe
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    uRun: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    StartupFolder: C:\Users\Leon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Leon\AppData\Roaming\Dropbox\bin\Dropbox.exe
    uPolicies-Explorer: NoDrives = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{0D7E33B9-2F71-4842-8942-7202030909A9} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{0D7E33B9-2F71-4842-8942-7202030909A9}\65746573531393236473649324 : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
    TCP: Interfaces\{0D7E33B9-2F71-4842-8942-7202030909A9}\A594E496E4 : DHCPNameServer = 192.168.88.16
    TCP: Interfaces\{0D7E33B9-2F71-4842-8942-7202030909A9}\A5967676F6 : DHCPNameServer = 212.54.40.25 212.54.35.25
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2013-12-13 36608]
    R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2013-5-26 16152]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-16 283200]
    R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2013-5-26 355096]
    R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2013-5-26 786200]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-16 122584]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2014-3-2 2431792]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-3 565352]
    R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2013-5-26 21264]
    S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-3 65776]
    S0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-3 224896]
    S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-2-24 1041168]
    S1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-2-24 427360]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-18 239616]
    S2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-28 29208]
    S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-24 79184]
    S2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-20 92008]
    S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-28 50344]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
    S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-7-7 72992]
    S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-3 13592]
    S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 314696]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
    S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-3 128280]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-3 161560]
    S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-5-22 103064]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
    S3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-1-6 14652768]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-17 19456]
    S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2011-9-22 258664]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-5-22 203672]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-7 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-17 30208]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\WINWORD.EXE="C:\Program Files\Microsoft Office\Office15\WINWORD.EXE" /n "%1" [UserChoice] [default=edit - 'Open' doesn't exist]
    .
    =============== Created Last 30 ================
    .
    2014-09-16 20:07:49 -------- d-----w- C:\Program Files\CCleaner
    2014-09-16 19:58:49 -------- d-----w- C:\Windows\System32\catroot2
    2014-09-16 19:49:38 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
    2014-09-16 18:49:44 -------- d-----w- C:\Program Files (x86)\E Dev
    2014-09-16 17:19:19 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-09-16 17:19:05 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-09-16 17:19:05 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-09-16 17:19:05 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-09-16 17:19:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-09-16 16:02:46 -------- d-----w- C:\Program Files\Enigma Software Group
    2014-09-16 16:01:48 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-09-16 16:01:47 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2014-09-16 15:59:33 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41FF4FFF-8544-442A-B194-5EA049D5EEB1}\mpengine.dll
    2014-09-13 17:55:27 -------- d-----w- C:\Users\Leon\AppData\Local\SmartView2
    2014-09-13 17:53:58 -------- d-----w- C:\Program Files (x86)\SmartView2
    2014-09-11 13:58:42 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2014-09-11 13:58:42 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2014-09-11 07:51:25 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    2014-09-11 07:51:25 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-09-11 07:51:06 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2014-09-11 07:51:06 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2014-09-11 07:50:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-09-11 07:50:52 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-09-11 07:50:52 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-09-11 07:50:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-09-11 07:50:52 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-09-07 14:01:02 -------- d-----w- C:\Program Files (x86)\The SIMS 4 Deluxe Edition
    2014-09-07 13:32:50 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
    2014-09-07 13:32:50 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
    2014-09-07 13:32:49 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
    2014-09-07 13:32:48 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
    2014-09-06 19:23:27 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll
    2014-09-06 19:16:43 -------- d-----w- C:\Program Files (x86)\Origin Games
    2014-09-06 19:09:10 -------- d-----w- C:\Users\Leon\AppData\Roaming\Origin
    2014-09-06 19:09:08 -------- d-----w- C:\Users\Leon\AppData\Local\Origin
    2014-09-06 19:08:20 -------- d-----w- C:\ProgramData\Electronic Arts
    2014-09-06 19:08:18 -------- d-----w- C:\Program Files (x86)\Origin
    2014-09-06 18:55:22 -------- d-----w- C:\ProgramData\Origin
    2014-08-27 18:13:47 3163648 ----a-w- C:\Windows\System32\win32k.sys
    2014-08-27 18:13:46 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-08-27 18:13:46 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-08-25 10:30:53 -------- d-----w- C:\Program Files (x86)\GOGcom
    2014-08-24 20:41:03 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
    2014-08-24 20:41:03 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
    2014-08-24 20:41:03 171160 ----a-w- C:\Windows\System32\infocardapi.dll
    2014-08-24 20:41:03 1389208 ----a-w- C:\Windows\System32\icardagt.exe
    2014-08-24 20:40:59 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
    2014-08-24 20:40:59 8856 ----a-w- C:\Windows\System32\icardres.dll
    2014-08-24 20:40:32 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
    2014-08-24 20:40:32 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
    2014-08-24 12:55:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-08-24 12:55:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-08-24 12:54:54 3241984 ----a-w- C:\Windows\System32\msi.dll
    2014-08-24 12:54:53 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-08-24 12:54:53 1941504 ----a-w- C:\Windows\System32\authui.dll
    2014-08-24 12:54:52 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
    2014-08-24 12:54:51 504320 ----a-w- C:\Windows\System32\msihnd.dll
    2014-08-24 12:54:51 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
    2014-08-24 12:54:51 112064 ----a-w- C:\Windows\System32\consent.exe
    2014-08-24 12:54:45 986560 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2014-08-24 12:54:35 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2014-08-24 12:54:35 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
    .
    ==================== Find3M ====================
    .
    2014-08-25 04:53:42 270496 ----a-w- C:\Windows\System32\MpSigStub.exe
    2014-08-15 15:35:56 2339328 ----a-w- C:\Windows\System32\jscript9.dll
    2014-08-15 15:31:16 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2014-08-15 15:30:08 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2014-08-15 15:30:00 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-08-15 15:29:33 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-08-15 15:28:50 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-08-15 15:28:47 12800 ----a-w- C:\Windows\System32\mshta.exe
    2014-08-15 14:42:27 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-08-15 14:37:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-08-15 14:36:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-08-15 14:35:47 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-08-15 14:35:34 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-08-15 14:34:49 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
    2014-08-15 14:34:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-08-10 21:34:02 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-10 20:04:55 24064 ----a-w- C:\Windows\zoek-delete.exe
    2014-08-10 16:38:47 92008 ----a-w- C:\Windows\System32\drivers\aswstm.sys
    2014-08-10 16:38:47 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-08-10 16:38:47 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
    2014-08-10 16:38:46 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-08-10 16:38:46 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-08-10 16:38:46 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2014-08-10 16:38:45 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-08-10 16:38:45 43152 ----a-w- C:\Windows\avastSS.scr
    2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
    2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
    .
    ============= FINISH: 23:23:03,71 ===============

    Comment


    • #3
      Hoi leeon,

      We gaan dat eens nader onderzoeken, maar ik wil je nu al verwittigen dat we géén tovenaars zijn
      Je hebt zelf al het één en ander gedaan, zoals je zelf aangaf, waarna er nog meer problemen opgedoken zijn.
      Dit zie ik trouwens ook in je DDS log

      Ik moet je dus met aandrang vragen om enkel uit te voeren wat ik post en geen eigen initiatieven nemen.


      Download E-PeekSetup.exe naar je bureaublad.
      Dubbelklik erop en volg de instructies.
      Op het einde van de installatie, zal E-Peek opstarten.
      Klik OK op het eerste scherm en vervolgens "Scan".
      Post de log.
      Last edited by Emphyrio; 17-09-14, 22:46.
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        Logje van GMER:

        GMER 2.1.19357 - http://www.gmer.net
        Rootkit scan 2014-09-17 23:50:39
        Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB
        Running: 2bdncwwu.exe; Driver: C:\Users\Leon\AppData\Local\Temp\pgddrfod.sys


        ---- Kernel code sections - GMER 2.1 ----

        INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800023eb000 45 bytes [6E, 00, 65, 00, 72, 00, 5C, ...]
        INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff800023eb02e 17 bytes [41, 00, 64, 00, 5F, 00, 33, ...]

        ---- User code sections - GMER 2.1 ----

        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075831465 2 bytes [83, 75]
        .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758314bb 2 bytes [83, 75]
        .text ... * 2

        ---- EOF - GMER 2.1 ----


        Ga nu E-Peek draaien.

        Comment


        • #5
          Om Gmer heb ik niet gevraagd.
          Wil je enkel uitvoeren wat ik vraag aub, zoals ik reeds in mijn eerste post duidelijk heb gezegd.
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment


          • #6
            Oke excuus, ik volgde nog het topic 'lees dit eerst' en wilde die eerst voltooien.

            Hier logje van e-peek:

            E-Peek v 1.0.5.2 © Emphyrio/Onsia Patrick 2013-2014
            Run at wo 17 sep 2014 23:53
            .
            Windows 7 Home Premium SP 1 (64 bits)
            C:\Windows [NTFS - Fixed]
            Default Browser: Google Chrome
            Boot mode: Fail-safe with network boot
            User logged in: Leon
            .
            Java x86: 1.7.0_67
            Java x64: n/a
            .
            AV : avast! Antivirus [Updated - Running]
            AS : Windows Defender [Updated - Running]
            AS : avast! Antivirus [Updated - Running]
            FW : Windows firewall
            .
            ==================== Files and Folders history =================================

            Folders Created Last 7 days :

            16-09-2014 ##### r-h-s-d+a- C:\Program Files\Enigma Software Group
            16-09-2014 ##### r-h-s-d+a- C:\Program Files\CCleaner
            16-09-2014 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware
            16-09-2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
            13-09-2014 ##### r-h-s-d+a- C:\Users\Leon\AppData\Local\SmartView2
            13-09-2014 ##### r-h-s-d+a- C:\Program Files (x86)\SmartView2

            Files Modified Last 7 days :

            17-09-2014 00031472 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
            17-09-2014 00031472 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
            17-09-2014 00000031 r-h-s-d-a+ C:\Windows\SysWOW64\log.txt
            16-09-2014 01670888 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI
            16-09-2014 00732178 r-h-s-d-a+ C:\Windows\system32\perfh013.dat
            16-09-2014 00650670 r-h-s-d-a+ C:\Windows\system32\perfh009.dat
            16-09-2014 00439280 r-h-s-d-a+ C:\Windows\system32\FNTCACHE.DAT
            16-09-2014 00149664 r-h-s-d-a+ C:\Windows\system32\perfc013.dat
            16-09-2014 00118542 r-h-s-d-a+ C:\Windows\system32\perfc009.dat
            14-09-2014 00000052 r-h-s-d-a+ C:\Windows\SysWOW64\DOErrors.log
            14-09-2014 00000000 r-h-s-d-a+ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
            11-09-2014 101694776 r-h-s-d-a+ C:\Windows\system32\MRT.exe
            11-09-2014 01645556 r-h-s-d-a+ C:\Windows\SysWOW64\PerfStringBackup.INI

            Files Created Last 7 days :

            16-09-2014 00000109 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
            11-09-2014 17868288 r-h-s-d-a+ C:\Windows\system32\mshtml.dll
            11-09-2014 12363264 r-h-s-d-a+ C:\Windows\SysWOW64\mshtml.dll
            11-09-2014 10920960 r-h-s-d-a+ C:\Windows\system32\ieframe.dll
            11-09-2014 09739776 r-h-s-d-a+ C:\Windows\SysWOW64\ieframe.dll
            11-09-2014 02777088 r-h-s-d-a+ C:\Windows\system32\msmpeg2vdec.dll
            11-09-2014 02565120 r-h-s-d-a+ C:\Windows\system32\d3d10warp.dll
            11-09-2014 02382848 r-h-s-d-a+ C:\Windows\SysWOW64\mshtml.tlb
            11-09-2014 02382848 r-h-s-d-a+ C:\Windows\system32\mshtml.tlb
            11-09-2014 02339328 r-h-s-d-a+ C:\Windows\system32\jscript9.dll
            11-09-2014 02285056 r-h-s-d-a+ C:\Windows\SysWOW64\msmpeg2vdec.dll
            11-09-2014 02156032 r-h-s-d-a+ C:\Windows\system32\iertutil.dll
            11-09-2014 01987584 r-h-s-d-a+ C:\Windows\SysWOW64\d3d10warp.dll
            11-09-2014 01810432 r-h-s-d-a+ C:\Windows\SysWOW64\jscript9.dll
            11-09-2014 01802240 r-h-s-d-a+ C:\Windows\SysWOW64\iertutil.dll
            11-09-2014 01494016 r-h-s-d-a+ C:\Windows\system32\inetcpl.cpl
            11-09-2014 01460736 r-h-s-d-a+ C:\Windows\system32\lsasrv.dll
            11-09-2014 01427968 r-h-s-d-a+ C:\Windows\SysWOW64\inetcpl.cpl
            11-09-2014 01392128 r-h-s-d-a+ C:\Windows\system32\wininet.dll
            11-09-2014 01384960 r-h-s-d-a+ C:\Windows\system32\urlmon.dll
            11-09-2014 01137664 r-h-s-d-a+ C:\Windows\SysWOW64\urlmon.dll
            11-09-2014 01129472 r-h-s-d-a+ C:\Windows\SysWOW64\wininet.dll
            11-09-2014 01031168 r-h-s-d-a+ C:\Windows\system32\TSWorkspace.dll
            11-09-2014 00816640 r-h-s-d-a+ C:\Windows\system32\jscript.dll
            11-09-2014 00793600 r-h-s-d-a+ C:\Windows\SysWOW64\TSWorkspace.dll
            11-09-2014 00729088 r-h-s-d-a+ C:\Windows\system32\msfeeds.dll
            11-09-2014 00728064 r-h-s-d-a+ C:\Windows\system32\kerberos.dll
            11-09-2014 00717824 r-h-s-d-a+ C:\Windows\SysWOW64\jscript.dll
            11-09-2014 00607744 r-h-s-d-a+ C:\Windows\SysWOW64\msfeeds.dll
            11-09-2014 00599040 r-h-s-d-a+ C:\Windows\system32\vbscript.dll
            11-09-2014 00550912 r-h-s-d-a+ C:\Windows\SysWOW64\kerberos.dll
            11-09-2014 00453120 r-h-s-d-a+ C:\Windows\system32\dxtmsft.dll
            11-09-2014 00421376 r-h-s-d-a+ C:\Windows\SysWOW64\vbscript.dll
            11-09-2014 00353792 r-h-s-d-a+ C:\Windows\SysWOW64\dxtmsft.dll
            11-09-2014 00282112 r-h-s-d-a+ C:\Windows\system32\dxtrans.dll
            11-09-2014 00248320 r-h-s-d-a+ C:\Windows\system32\ieui.dll
            11-09-2014 00237056 r-h-s-d-a+ C:\Windows\system32\url.dll
            11-09-2014 00231936 r-h-s-d-a+ C:\Windows\SysWOW64\url.dll
            11-09-2014 00223232 r-h-s-d-a+ C:\Windows\SysWOW64\dxtrans.dll
            11-09-2014 00176640 r-h-s-d-a+ C:\Windows\SysWOW64\ieui.dll
            11-09-2014 00173056 r-h-s-d-a+ C:\Windows\system32\ieUnatt.exe
            11-09-2014 00142848 r-h-s-d-a+ C:\Windows\SysWOW64\ieUnatt.exe
            11-09-2014 00096768 r-h-s-d-a+ C:\Windows\SysWOW64\sspicli.dll
            11-09-2014 00096768 r-h-s-d-a+ C:\Windows\system32\mshtmled.dll
            11-09-2014 00085504 r-h-s-d-a+ C:\Windows\system32\jsproxy.dll
            11-09-2014 00073216 r-h-s-d-a+ C:\Windows\SysWOW64\mshtmled.dll
            11-09-2014 00065024 r-h-s-d-a+ C:\Windows\SysWOW64\jsproxy.dll
            11-09-2014 00055296 r-h-s-d-a+ C:\Windows\system32\msfeedsbs.dll
            11-09-2014 00041472 r-h-s-d-a+ C:\Windows\SysWOW64\msfeedsbs.dll
            11-09-2014 00022016 r-h-s-d-a+ C:\Windows\SysWOW64\secur32.dll
            11-09-2014 00012800 r-h-s-d-a+ C:\Windows\system32\mshta.exe
            11-09-2014 00011776 r-h-s-d-a+ C:\Windows\SysWOW64\mshta.exe
            11-09-2014 00011264 r-h-s-d-a+ C:\Windows\system32\msfeedssync.exe
            11-09-2014 00010752 r-h-s-d-a+ C:\Windows\SysWOW64\msfeedssync.exe

            ==================== RUNNING PROCESSES =========================================

            [avastui] -Leon- C:\Program Files\AVAST Software\Avast\AvastUI.exe - (AVAST Software)
            [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation)
            [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation)
            [ctfmon] -Leon- C:\Windows\system32\ctfmon.exe - (Microsoft Corporation)
            [E-Peek 1.0.4] -Leon- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.0.4.exe - (E Dev)
            [explorer] -Leon- C:\Windows\Explorer.EXE - (Microsoft Corporation)
            [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation)
            [lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (Microsoft Corporation)
            [mbam] -Leon- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe - (Malwarebytes Corporation)
            [services] -SYSTEM- C:\Windows\system32\services.exe - (Microsoft Corporation)
            [smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation)
            [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation)
            [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation)
            [WmiPrvSE] -NETWORK SERVICE- C:\Windows\System32\wbem\WmiPrvSE.exe - (Microsoft Corporation)

            ==================== IE PAGES ==================================================

            IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://g.uk.msn.com/HPCON/8
            IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm
            IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
            IE04 - HKCU\..\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}
            IE04 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
            IE04 - HKCU\..\SearchScopes {D944BB61-2E34-4DBF-A683-47E505C587DC} @ DisplayName: [eBay] @ URL = hxxp://rover.ebay.com/rover/1/1346-111086-4124-10/4?satitle={searchTerms}
            IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll
            IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://g.uk.msn.com/HPCON/8
            IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
            IE10 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
            IE10 - HKLM\..\SearchScopes {D944BB61-2E34-4DBF-A683-47E505C587DC} @ DisplayName: [eBay] @ URL = hxxp://rover.ebay.com/rover/1/1346-111086-4124-10/4?satitle={searchTerms}
            IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://g.uk.msn.com/HPCON/8
            IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm
            IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
            IE04 x64 - HKCU\..\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}
            IE04 x64 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
            IE04 x64 - HKCU\..\SearchScopes {D944BB61-2E34-4DBF-A683-47E505C587DC} @ DisplayName: [eBay] @ URL = hxxp://rover.ebay.com/rover/1/1346-111086-4124-10/4?satitle={searchTerms}
            IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll
            IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
            IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
            IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
            IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
            IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
            IE10 x64 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
            IE10 x64 - HKLM\..\SearchScopes {D944BB61-2E34-4DBF-A683-47E505C587DC} @ DisplayName: [eBay] @ URL = hxxp://rover.ebay.com/rover/1/1346-111086-4124-10/4?satitle={searchTerms}

            ==================== Auto Load =================================================

            AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe,
            AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe
            AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe,
            AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = Explorer.exe

            ==================== Google Chrome =============================================

            GC - Prefpath: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Preferences

            GC - Profile Name: Standaardprofiel
            GC - Homepage: http://www.google.com/
            GC - Default Search Provider:

            GC - Ext: [ Magic Actions for YouTube™ ]
            Description: Enhance your YouTube watching experience! Auto HD, Ad Block, Cinema Mode, Mouse Wheel Volume Control, Screenshot...
            version: 6.7.9.2
            Path: ..\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.9.2_0

            GC - Ext: [ Awesome Screenshot: Capture & Annotate ]
            Description: Capture the whole page or any portion, annotate screenshot, blur sensitive info, one-click upload to share.
            version: 3.7.17
            Path: ..\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7.17_0

            GC - Ext: [ Google Documenten ]
            Description: Documenten maken en bewerken
            version: 0.7
            Path: ..\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0

            GC - Ext: [ GeenStijl Extension for Google Chrome™ ]
            Description: Adds some nice features and formatting to GeenStijl.nl comments
            version: 2.12.0.0
            Path: ..\Default\Extensions\ggbhknghcbmhfeogkgiklahakfhfmbhb\2.12.0.0_0

            GC - Ext: [ AdBlock ]
            Description: De populairste Chrome extensie met meer dan 15 miljoen gebruikers! Blokkeert advertenties op het internet.
            version: 2.7.13
            Path: ..\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0

            GC - Ext: [ avast! Online Security ]
            Description: Avast Browser Security and Web Reputation Plugin.
            version: 9.0.2022.121
            Path: ..\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0

            GC - Ext: [ AS Magic Player ]
            Description: Web addon for Ace Stream desktop software
            version: 1.0.0
            Path: ..\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.0_0

            = Known Disabled Extensions =

            GC - Ext: [ Magic Actions for YouTube™ ]
            Description: Enhance your YouTube watching experience! Auto HD, Ad Block, Cinema Mode, Mouse Wheel Volume Control, Screenshot...
            version :6.7.9.2
            Path: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.9.2_0
            GC - Ext: [ Awesome Screenshot: Capture & Annotate ]
            Description: Capture the whole page or any portion, annotate screenshot, blur sensitive info, one-click upload to share.
            version :3.7.17
            Path: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7.17_0
            GC - Ext: [ GeenStijl Extension for Google Chrome™ ]
            Description: Adds some nice features and formatting to GeenStijl.nl comments
            version :2.12.0.0
            Path: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbhknghcbmhfeogkgiklahakfhfmbhb\2.12.0.0_0
            GC - Ext: [ AS Magic Player ]
            Description: Web addon for Ace Stream desktop software
            version :1.0.0
            Path: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.0_0


            ==================== Windows Host File =========================================

            127.0.0.1 localhost

            ==================== BHO =======================================================

            BHO - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
            BHO - [Java(tm) Plug-In SSV Helper] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} @ Default = C:\Program Files (x86)\Java\jre7\bin\ssv.dll
            BHO - [avast! Online Security] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} @ Default = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
            BHO - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
            BHO - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
            BHO - [Java(tm) Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
            BHO - [HP Network Check Helper] - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} @ Default = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
            BHO x64 - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll
            BHO x64 - [avast! Online Security] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} @ Default = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
            BHO x64 - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
            BHO x64 - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

            ==================== Auto Start Programs =======================================

            ASP01 - HKLM\..\Run @ Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
            ASP01 - HKLM\..\Run @ APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
            ASP01 - HKLM\..\Run @ AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
            ASP01 - HKLM\..\Run @ HP CoolSense = C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
            ASP01 - HKLM\..\Run @ HP Quick Launch = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
            ASP01 - HKLM\..\Run @ HPOSD = C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
            ASP01 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
            ASP01 - HKLM\..\Run @ KiesTrayAgent = C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
            ASP01 - HKLM\..\Run @ QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
            ASP01 - HKLM\..\Run @ StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
            ASP01 - HKLM\..\Run @ SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
            ASP01 - HKLM\..\Run @ USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
            ASP04 - HKCU\..\Run @ ACEStream = C:\Users\Leon\AppData\Roaming\ACEStream\engine\ace_engine.exe
            ASP04 - HKCU\..\Run @ CMD = cmd.exe /c start http://extendedunlimited.org && exit
            ASP04 - HKCU\..\Run @ DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
            ASP04 - HKCU\..\Run @ HydraVisionDesktopManager = "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
            ASP04 - HKCU\..\Run @ KiesPreload = C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
            ASP04 - HKCU\..\Run @ Spotify Web Helper = "C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
            ASP01 x64 - HKLM\..\Run @ Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
            ASP01 x64 - HKLM\..\Run @ APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
            ASP01 x64 - HKLM\..\Run @ AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
            ASP01 x64 - HKLM\..\Run @ HP CoolSense = C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
            ASP01 x64 - HKLM\..\Run @ HP Quick Launch = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
            ASP01 x64 - HKLM\..\Run @ HPOSD = C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
            ASP01 x64 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
            ASP01 x64 - HKLM\..\Run @ KiesTrayAgent = C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
            ASP01 x64 - HKLM\..\Run @ QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
            ASP01 x64 - HKLM\..\Run @ StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
            ASP01 x64 - HKLM\..\Run @ SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
            ASP01 x64 - HKLM\..\Run @ USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
            ASP04 x64 - HKCU\..\Run @ ACEStream = C:\Users\Leon\AppData\Roaming\ACEStream\engine\ace_engine.exe
            ASP04 x64 - HKCU\..\Run @ CMD = cmd.exe /c start http://extendedunlimited.org && exit
            ASP04 x64 - HKCU\..\Run @ DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
            ASP04 x64 - HKCU\..\Run @ HydraVisionDesktopManager = "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
            ASP04 x64 - HKCU\..\Run @ KiesPreload = C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
            ASP04 x64 - HKCU\..\Run @ Spotify Web Helper = "C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
            ASP - Startup - C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
            ASP - Startup - C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
            ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini



            ==================== Extra Items IE ============================================

            EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
            EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
            EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
            EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
            EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP 1.1 settings
            EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
            EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
            EI04 - App Ext - HKCU\..\Approved Extensions @ {18DF081C-E8AD-4283-A596-FA578C2EBDC3} = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
            EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
            EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
            EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
            EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
            EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP 1.1 settings
            EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
            EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
            EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {18DF081C-E8AD-4283-A596-FA578C2EBDC3} =
            EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {9030D464-4C02-4ABF-8ECC-5164760863C6} =

            ==================== Internet Default Prefix ===================================

            IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
            IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://
            IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
            IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://

            ==================== Default Settings IE - DSIE ================================

            DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/?LinkId
            DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId

            ==================== Protocol Hijackers - PH ===================================

            PH00 - Handlersf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [cb7e6052455d585dead6f637d8d0a3c9]
            PH01 - Filter:text/xml - {807583E5-5146-11D5-A672-00B0D022E945} @ = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown
            PH00 x64 - Handlersf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files\Microsoft Office\Office15\MSOSB.DLL # MD5 [59ac63d95071da4b8f1f5a9277b7f4fe]
            PH01 x64 - Filter:text/xml - {807583E5-5146-11D5-A672-00B0D022E945} @ = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown

            ==================== ShellServiceObjectDelayLoad - SSODL =======================

            SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =
            SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =

            ==================== Extra items - EXT (Torpig/ConduitSearch) ==================

            EXT00 - HKLM\SOFTWARE\AppDataLow\Software\Adobe
            EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Adobe
            EXT01 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
            EXT01 - HKCU\SOFTWARE\AppDataLow\Software\MarkAny
            EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
            EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll
            EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll
            EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Adobe
            EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
            EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\MarkAny
            EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
            EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll
            EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll

            ==================== DRIVERS and SERVICES ======================================

            *** Win32OwnProcess ***

            SERV - S2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
            SERV - S2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
            SERV - S2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
            SERV - S2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
            SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
            SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
            SERV - S2 - [ezSharedSvc] - Easybits Services for Windows - c:\windows\system32\ezsharedsvchost.exe [x]
            SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
            SERV - S2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
            SERV - S2 - [HPClientSvc] - HP Client Services - c:\program files\hewlett-packard\hp client services\hpclientservices.exe
            SERV - S2 - [hpsrv] - HP Service - c:\windows\system32\hpservice.exe
            SERV - S2 - [HPSupportSolutionsFrameworkService] - HP Support Solutions Framework Service - c:\program files (x86)\hp\common\hpsupportsolutionsframeworkservice.exe
            SERV - S2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
            SERV - S2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe
            SERV - S2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
            SERV - S2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
            SERV - S2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
            SERV - S2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
            SERV - S2 - [PnkBstrA] - PnkBstrA - c:\windows\system32\pnkbstra.exe [x]
            SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
            SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
            SERV - S2 - [STacSV] - Audio Service - c:\program files\idt\wdm\stacsv64.exe
            SERV - S2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
            SERV - S2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
            SERV - S2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
            SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
            SERV - S3 - [aspnet_state] - ASP.NET-statusservice - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
            SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
            SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
            SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
            SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
            SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
            SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
            SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
            SERV - S3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
            SERV - S3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
            SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
            SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
            SERV - S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
            SERV - S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
            SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
            SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
            SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
            SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
            SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
            SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
            SERV - S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe
            SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
            SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
            SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
            SERV - S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

            *** Win32ShareProcess ***

            SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
            SERV - S2 - [avast! Antivirus] - avast! Antivirus - c:\program files\avast software\avast\avastsvc.exe
            SERV - S2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
            SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
            SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe
            SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
            SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe
            SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
            SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
            SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
            SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
            SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

            *** Others ***

            SERV - S2 - [HPWMISVC] - HPWMISVC - c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe
            SERV - S2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
            SERV - S2 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

            *** File System Driver ***

            DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
            DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
            DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
            DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
            DRV - S3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys
            DRV - S3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys

            *** Kernel Driver ***

            DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys
            DRV - R0 - [amdkmpfd] - AMD PCI Root Bus Lower Filter - C:\Windows\system32\Drivers\amdkmpfd.sys
            DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
            DRV - R0 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys
            DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
            DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
            DRV - R0 - [Compbatt] - Microsoft Composite Battery-stuurprogramma - C:\Windows\system32\Drivers\Compbatt.sys
            DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys
            DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys
            DRV - R0 - [hpdskflt] - HP Filter - C:\Windows\system32\Drivers\hpdskflt.sys
            DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
            DRV - R0 - [iaStor] - Intel AHCI Controller - C:\Windows\system32\Drivers\iaStor.sys
            DRV - R0 - [iusb3hcs] - Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma - C:\Windows\system32\Drivers\iusb3hcs.sys
            DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
            DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
            DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys
            DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
            DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys
            DRV - R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys
            DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys
            DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
            DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
            DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys
            DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys
            DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys
            DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys
            DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys
            DRV - R0 - [Wd] - Microsoft Watchdog Timer-stuurprogramma - C:\Windows\system32\Drivers\Wd.sys
            DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
            DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
            DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
            DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys
            DRV - S0 - [aswRvrt] - avast! Revert - C:\Windows\system32\Drivers\aswRvrt.sys
            DRV - S0 - [aswVmm] - avast! VM Monitor - C:\Windows\system32\Drivers\aswVmm.sys
            DRV - S0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
            DRV - S2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

            ==================== SvcHost - White Listed ====================================

            All Ok

            WOW - All Ok

            ==================== SigCheck x86 Fast =========================================

            Fast Scan All ok

            ==================== SigCheck x64 Fast =========================================

            Fast Scan All ok

            ==================== Job tasks =================================================

            There are no .job files found.

            ==================== End scanning at wo 17 sep 2014 23:54 (0 Min 38 Sec ) ======

            E-Peek support @ http://www.antimalwarehelp.be/forum/index.php




            Staat dat avast aan staat, maar is niet zo. Is gewoon uitgeschakeld.
            Last edited by leoon.; 17-09-14, 23:07.

            Comment


            • #7
              Download nucia.bat naar je bureaublad.
              Rechtsklik erop en voer uit als Admin.
              Post de log.
              Bijgevoegde Bestanden
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                Deleting Registry Values
                "registersleutel : waarde" deleted successfully

                Dit komt er ineens te staan in beeld, heb ik het wel goed gedaan? Ging allemaal wel heel snel.

                Comment


                • #9
                  Prima hoor

                  Start nu eens in normale modus op en post een verse E-Peek log.
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    Ga ik doen, fingers crossed. Als het niet wil, ga ik slapen en zal ik morgen op een andere laptop reageren of direct proberen weer in veilige modus te komen

                    Comment


                    • #11
                      E-Peek v 1.0.5.2 © Emphyrio/Onsia Patrick 2013-2014
                      Run at do 18 sep 2014 00:28
                      .
                      Windows 7 Home Premium SP 1 (64 bits)
                      C:\Windows [NTFS - Fixed]
                      Default Browser: Google Chrome
                      Boot mode: Normal boot
                      User logged in: Leon
                      .
                      Java x86: 1.7.0_67
                      Java x64: n/a
                      .
                      AV : avast! Antivirus [Updated - Running]
                      AS : Windows Defender [Updated - Running]
                      AS : avast! Antivirus [Updated - Running]
                      FW : Windows firewall
                      .
                      ==================== Files and Folders history =================================

                      Folders Created Last 7 days :

                      16-09-2014 ##### r-h-s-d+a- C:\Program Files\Enigma Software Group
                      16-09-2014 ##### r-h-s-d+a- C:\Program Files\CCleaner
                      16-09-2014 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware
                      16-09-2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
                      13-09-2014 ##### r-h-s-d+a- C:\Users\Leon\AppData\Local\SmartView2
                      13-09-2014 ##### r-h-s-d+a- C:\Program Files (x86)\SmartView2

                      Files Modified Last 7 days :

                      18-09-2014 00000018 r-h-s-d-a+ C:\Windows\SysWOW64\log.txt
                      17-09-2014 00031472 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
                      17-09-2014 00031472 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
                      16-09-2014 01670888 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI
                      16-09-2014 00732178 r-h-s-d-a+ C:\Windows\system32\perfh013.dat
                      16-09-2014 00650670 r-h-s-d-a+ C:\Windows\system32\perfh009.dat
                      16-09-2014 00439280 r-h-s-d-a+ C:\Windows\system32\FNTCACHE.DAT
                      16-09-2014 00149664 r-h-s-d-a+ C:\Windows\system32\perfc013.dat
                      16-09-2014 00118542 r-h-s-d-a+ C:\Windows\system32\perfc009.dat
                      14-09-2014 00000052 r-h-s-d-a+ C:\Windows\SysWOW64\DOErrors.log
                      14-09-2014 00000000 r-h-s-d-a+ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
                      11-09-2014 101694776 r-h-s-d-a+ C:\Windows\system32\MRT.exe
                      11-09-2014 01645556 r-h-s-d-a+ C:\Windows\SysWOW64\PerfStringBackup.INI

                      Files Created Last 7 days :

                      16-09-2014 00000109 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
                      11-09-2014 17868288 r-h-s-d-a+ C:\Windows\system32\mshtml.dll
                      11-09-2014 12363264 r-h-s-d-a+ C:\Windows\SysWOW64\mshtml.dll
                      11-09-2014 10920960 r-h-s-d-a+ C:\Windows\system32\ieframe.dll
                      11-09-2014 09739776 r-h-s-d-a+ C:\Windows\SysWOW64\ieframe.dll
                      11-09-2014 02777088 r-h-s-d-a+ C:\Windows\system32\msmpeg2vdec.dll
                      11-09-2014 02565120 r-h-s-d-a+ C:\Windows\system32\d3d10warp.dll
                      11-09-2014 02382848 r-h-s-d-a+ C:\Windows\SysWOW64\mshtml.tlb
                      11-09-2014 02382848 r-h-s-d-a+ C:\Windows\system32\mshtml.tlb
                      11-09-2014 02339328 r-h-s-d-a+ C:\Windows\system32\jscript9.dll
                      11-09-2014 02285056 r-h-s-d-a+ C:\Windows\SysWOW64\msmpeg2vdec.dll
                      11-09-2014 02156032 r-h-s-d-a+ C:\Windows\system32\iertutil.dll
                      11-09-2014 01987584 r-h-s-d-a+ C:\Windows\SysWOW64\d3d10warp.dll
                      11-09-2014 01810432 r-h-s-d-a+ C:\Windows\SysWOW64\jscript9.dll
                      11-09-2014 01802240 r-h-s-d-a+ C:\Windows\SysWOW64\iertutil.dll
                      11-09-2014 01494016 r-h-s-d-a+ C:\Windows\system32\inetcpl.cpl
                      11-09-2014 01460736 r-h-s-d-a+ C:\Windows\system32\lsasrv.dll
                      11-09-2014 01427968 r-h-s-d-a+ C:\Windows\SysWOW64\inetcpl.cpl
                      11-09-2014 01392128 r-h-s-d-a+ C:\Windows\system32\wininet.dll
                      11-09-2014 01384960 r-h-s-d-a+ C:\Windows\system32\urlmon.dll
                      11-09-2014 01137664 r-h-s-d-a+ C:\Windows\SysWOW64\urlmon.dll
                      11-09-2014 01129472 r-h-s-d-a+ C:\Windows\SysWOW64\wininet.dll
                      11-09-2014 01031168 r-h-s-d-a+ C:\Windows\system32\TSWorkspace.dll
                      11-09-2014 00816640 r-h-s-d-a+ C:\Windows\system32\jscript.dll
                      11-09-2014 00793600 r-h-s-d-a+ C:\Windows\SysWOW64\TSWorkspace.dll
                      11-09-2014 00729088 r-h-s-d-a+ C:\Windows\system32\msfeeds.dll
                      11-09-2014 00728064 r-h-s-d-a+ C:\Windows\system32\kerberos.dll
                      11-09-2014 00717824 r-h-s-d-a+ C:\Windows\SysWOW64\jscript.dll
                      11-09-2014 00607744 r-h-s-d-a+ C:\Windows\SysWOW64\msfeeds.dll
                      11-09-2014 00599040 r-h-s-d-a+ C:\Windows\system32\vbscript.dll
                      11-09-2014 00550912 r-h-s-d-a+ C:\Windows\SysWOW64\kerberos.dll
                      11-09-2014 00453120 r-h-s-d-a+ C:\Windows\system32\dxtmsft.dll
                      11-09-2014 00421376 r-h-s-d-a+ C:\Windows\SysWOW64\vbscript.dll
                      11-09-2014 00353792 r-h-s-d-a+ C:\Windows\SysWOW64\dxtmsft.dll
                      11-09-2014 00282112 r-h-s-d-a+ C:\Windows\system32\dxtrans.dll
                      11-09-2014 00248320 r-h-s-d-a+ C:\Windows\system32\ieui.dll
                      11-09-2014 00237056 r-h-s-d-a+ C:\Windows\system32\url.dll
                      11-09-2014 00231936 r-h-s-d-a+ C:\Windows\SysWOW64\url.dll
                      11-09-2014 00223232 r-h-s-d-a+ C:\Windows\SysWOW64\dxtrans.dll
                      11-09-2014 00176640 r-h-s-d-a+ C:\Windows\SysWOW64\ieui.dll
                      11-09-2014 00173056 r-h-s-d-a+ C:\Windows\system32\ieUnatt.exe
                      11-09-2014 00142848 r-h-s-d-a+ C:\Windows\SysWOW64\ieUnatt.exe
                      11-09-2014 00096768 r-h-s-d-a+ C:\Windows\SysWOW64\sspicli.dll
                      11-09-2014 00096768 r-h-s-d-a+ C:\Windows\system32\mshtmled.dll
                      11-09-2014 00085504 r-h-s-d-a+ C:\Windows\system32\jsproxy.dll
                      11-09-2014 00073216 r-h-s-d-a+ C:\Windows\SysWOW64\mshtmled.dll
                      11-09-2014 00065024 r-h-s-d-a+ C:\Windows\SysWOW64\jsproxy.dll
                      11-09-2014 00055296 r-h-s-d-a+ C:\Windows\system32\msfeedsbs.dll
                      11-09-2014 00041472 r-h-s-d-a+ C:\Windows\SysWOW64\msfeedsbs.dll
                      11-09-2014 00022016 r-h-s-d-a+ C:\Windows\SysWOW64\secur32.dll
                      11-09-2014 00012800 r-h-s-d-a+ C:\Windows\system32\mshta.exe
                      11-09-2014 00011776 r-h-s-d-a+ C:\Windows\SysWOW64\mshta.exe
                      11-09-2014 00011264 r-h-s-d-a+ C:\Windows\system32\msfeedssync.exe
                      11-09-2014 00010752 r-h-s-d-a+ C:\Windows\SysWOW64\msfeedssync.exe

                      ==================== RUNNING PROCESSES =========================================

                      [ace_engine] -Leon- C:\Users\Leon\AppData\Roaming\ACEStream\engine\ace_engine.exe - ()
                      [ace_update] -Leon- C:\Users\Leon\AppData\Roaming\ACEStream\updater\ace_update.exe - ()
                      [AdobeARM] -Leon- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - (Adobe Systems Incorporated)
                      [AppleMobileDeviceService] -SYSTEM- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - (Apple Inc.)
                      [armsvc] -SYSTEM- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated)
                      [atieclxx] -SYSTEM- C:\Windows\system32\atieclxx.exe - (AMD)
                      [atiesrxx] -SYSTEM- C:\Windows\system32\atiesrxx.exe - (AMD)
                      [AvastSvc] -SYSTEM- C:\Program Files\AVAST Software\Avast\AvastSvc.exe - (AVAST Software)
                      [avastui] -Leon- C:\Program Files\AVAST Software\Avast\avastui.exe - (AVAST Software)
                      [CLIStart] -Leon- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe - (Advanced Micro Devices, Inc.)
                      [conhost] -Leon- C:\Windows\system32\conhost.exe - (Microsoft Corporation)
                      [CoolSense] -Leon- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe - (Hewlett-Packard Development Company, L.P.)
                      [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation)
                      [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation)
                      [Dropbox] -Leon- C:\Users\Leon\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
                      [dwm] -Leon- C:\Windows\system32\Dwm.exe - (Microsoft Corporation)
                      [E-Peek 1.0.4] -Leon- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.0.4.exe - (E Dev)
                      [explorer] -Leon- C:\Windows\Explorer.EXE - (Microsoft Corporation)
                      [ezSharedSvcHost] -SYSTEM- C:\Windows\SysWOW64\ezSharedSvcHost.exe - (EasyBits Software AS)
                      [GoogleUpdate] -SYSTEM- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - (Google Inc.)
                      [HeciServer] -SYSTEM- C:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation)
                      [HPClientServices] -SYSTEM- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe - (Hewlett-Packard Company)
                      [HPMSGSVC] -Leon- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe - (Hewlett-Packard Development Company, L.P.)
                      [HPOSD] -Leon- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe - (Hewlett-Packard Development Company, L.P.)
                      [hpqWmiEx] -SYSTEM- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe - (Hewlett-Packard Company)
                      [HPSA_Service] -SYSTEM- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe - (Hewlett-Packard Company)
                      [hpservice] -SYSTEM- C:\Windows\system32\Hpservice.exe - (Hewlett-Packard Company)
                      [HPSupportSolutionsFrameworkService] -SYSTEM- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe - (Hewlett-Packard Company)
                      [HPWMISVC] -SYSTEM- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe - (Hewlett-Packard Development Company, L.P.)
                      [HydraDM] -Leon- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe - (AMD)
                      [HydraDM64] -Leon- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe - (AMD)
                      [IAStorDataMgrSvc] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
                      [igfxCUIService] -SYSTEM- C:\Windows\system32\igfxCUIService.exe - (Intel Corporation)
                      [igfxHK] -Leon- C:\Windows\system32\igfxHK.exe - (Intel Corporation)
                      [igfxTray] -Leon- C:\Windows\system32\igfxTray.exe - (Intel Corporation)
                      [IntelMeFWService] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe - ()
                      [iPodService] -SYSTEM- C:\Program Files\iPod\bin\iPodService.exe - (Apple Inc.)
                      [iTunesHelper] -Leon- C:\Program Files (x86)\iTunes\iTunesHelper.exe - (Apple Inc.)
                      [iusb3mon] -Leon- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe - (Intel Corporation)
                      [Jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
                      [jusched] -Leon- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - (Oracle Corporation)
                      [Kies] -Leon- C:\Program Files (x86)\Samsung\Kies\Kies.exe - (Samsung)
                      [KiesTrayAgent] -Leon- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe - (Samsung Electronics Co., Ltd.)
                      [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
                      [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation)
                      [lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (Microsoft Corporation)
                      [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.)
                      [PnkBstrA] -SYSTEM- C:\Windows\SysWOW64\PnkBstrA.exe - ()
                      [PresentationFontCache] -LOCAL SERVICE- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe - (Microsoft Corporation)
                      [SearchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation)
                      [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation)
                      [SearchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation)
                      [services] -SYSTEM- C:\Windows\system32\services.exe - (Microsoft Corporation)
                      [sigcheck] -Leon- C:\Program Files (x86)\E Dev\E-Peek\sigcheck.exe - (Sysinternals - www.sysinternals.com)
                      [smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation)
                      [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation)
                      [SpotifyWebHelper] -Leon- C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe - (Spotify Ltd)
                      [sppsvc] -NETWORK SERVICE- C:\Windows\system32\sppsvc.exe - (Microsoft Corporation)
                      [stacsv64] -SYSTEM- C:\Program Files\IDT\WDM\STacSV64.exe - (IDT, Inc.)
                      [sttray64] -Leon- C:\Program Files\IDT\WDM\sttray64.exe - (IDT, Inc.)
                      [SynTPEnh] -Leon- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - (Synaptics Incorporated)
                      [SynTPHelper] -Leon- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE - (Synaptics Incorporated)
                      [taskeng] -Leon- C:\Windows\system32\taskeng.exe - (Microsoft Corporation)
                      [taskeng] -SYSTEM- C:\Windows\system32\taskeng.exe - (Microsoft Corporation)
                      [taskhost] -Leon- C:\Windows\system32\taskhost.exe - (Microsoft Corporation)
                      [TrustedInstaller] -SYSTEM- C:\Windows\servicing\TrustedInstaller.exe - (Microsoft Corporation)
                      [UI0Detect] -SYSTEM- C:\Windows\system32\UI0Detect.exe - (Microsoft Corporation)
                      [unsecapp] -Leon- C:\Windows\System32\wbem\unsecapp.exe - (Microsoft Corporation)
                      [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation)
                      [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation)
                      [WmiPrvSE] -NETWORK SERVICE- C:\Windows\System32\wbem\WmiPrvSE.exe - (Microsoft Corporation)
                      [WmiPrvSE] -SYSTEM- C:\Windows\System32\wbem\WmiPrvSE.exe - (Microsoft Corporation)
                      [WmiPrvSE] -SYSTEM- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe - (Microsoft Corporation)
                      [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation)
                      [YCMMirage] -Leon- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe - (CyberLink)

                      ==================== IE PAGES ==================================================

                      IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://g.uk.msn.com/HPCON/8
                      IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm
                      IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
                      IE04 - HKCU\..\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}
                      IE04 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
                      IE04 - HKCU\..\SearchScopes {D944BB61-2E34-4DBF-A683-47E505C587DC} @ DisplayName: [eBay] @ URL = hxxp://rover.ebay.com/rover/1/1346-111086-4124-10/4?satitle={searchTerms}
                      IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll
                      IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://g.uk.msn.com/HPCON/8
                      IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                      IE10 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
                      IE10 - HKLM\..\SearchScopes {D944BB61-2E34-4DBF-A683-47E505C587DC} @ DisplayName: [eBay] @ URL = hxxp://rover.ebay.com/rover/1/1346-111086-4124-10/4?satitle={searchTerms}
                      IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://g.uk.msn.com/HPCON/8
                      IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm
                      IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
                      IE04 x64 - HKCU\..\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}
                      IE04 x64 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
                      IE04 x64 - HKCU\..\SearchScopes {D944BB61-2E34-4DBF-A683-47E505C587DC} @ DisplayName: [eBay] @ URL = hxxp://rover.ebay.com/rover/1/1346-111086-4124-10/4?satitle={searchTerms}
                      IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll
                      IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
                      IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
                      IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                      IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                      IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                      IE10 x64 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
                      IE10 x64 - HKLM\..\SearchScopes {D944BB61-2E34-4DBF-A683-47E505C587DC} @ DisplayName: [eBay] @ URL = hxxp://rover.ebay.com/rover/1/1346-111086-4124-10/4?satitle={searchTerms}

                      ==================== Auto Load =================================================

                      AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe,
                      AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe
                      AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe,
                      AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = Explorer.exe

                      ==================== Google Chrome =============================================

                      GC - Prefpath: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      GC - Profile Name: Standaardprofiel
                      GC - Homepage: http://www.google.com/
                      GC - Default Search Provider:

                      GC - Ext: [ Magic Actions for YouTube™ ]
                      Description: Enhance your YouTube watching experience! Auto HD, Ad Block, Cinema Mode, Mouse Wheel Volume Control, Screenshot...
                      version: 6.7.9.2
                      Path: ..\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.9.2_0

                      GC - Ext: [ Awesome Screenshot: Capture & Annotate ]
                      Description: Capture the whole page or any portion, annotate screenshot, blur sensitive info, one-click upload to share.
                      version: 3.7.17
                      Path: ..\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7.17_0

                      GC - Ext: [ Google Documenten ]
                      Description: Documenten maken en bewerken
                      version: 0.7
                      Path: ..\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0

                      GC - Ext: [ GeenStijl Extension for Google Chrome™ ]
                      Description: Adds some nice features and formatting to GeenStijl.nl comments
                      version: 2.12.0.0
                      Path: ..\Default\Extensions\ggbhknghcbmhfeogkgiklahakfhfmbhb\2.12.0.0_0

                      GC - Ext: [ AdBlock ]
                      Description: De populairste Chrome extensie met meer dan 15 miljoen gebruikers! Blokkeert advertenties op het internet.
                      version: 2.7.13
                      Path: ..\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0

                      GC - Ext: [ avast! Online Security ]
                      Description: Avast Browser Security and Web Reputation Plugin.
                      version: 9.0.2022.121
                      Path: ..\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0

                      GC - Ext: [ AS Magic Player ]
                      Description: Web addon for Ace Stream desktop software
                      version: 1.0.0
                      Path: ..\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.0_0

                      = Known Disabled Extensions =

                      GC - Ext: [ Magic Actions for YouTube™ ]
                      Description: Enhance your YouTube watching experience! Auto HD, Ad Block, Cinema Mode, Mouse Wheel Volume Control, Screenshot...
                      version :6.7.9.2
                      Path: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.9.2_0
                      GC - Ext: [ Awesome Screenshot: Capture & Annotate ]
                      Description: Capture the whole page or any portion, annotate screenshot, blur sensitive info, one-click upload to share.
                      version :3.7.17
                      Path: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7.17_0
                      GC - Ext: [ GeenStijl Extension for Google Chrome™ ]
                      Description: Adds some nice features and formatting to GeenStijl.nl comments
                      version :2.12.0.0
                      Path: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbhknghcbmhfeogkgiklahakfhfmbhb\2.12.0.0_0
                      GC - Ext: [ AS Magic Player ]
                      Description: Web addon for Ace Stream desktop software
                      version :1.0.0
                      Path: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.0_0


                      ==================== Windows Host File =========================================

                      127.0.0.1 localhost

                      ==================== BHO =======================================================

                      BHO - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
                      BHO - [Java(tm) Plug-In SSV Helper] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} @ Default = C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                      BHO - [avast! Online Security] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} @ Default = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
                      BHO - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
                      BHO - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
                      BHO - [Java(tm) Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                      BHO - [HP Network Check Helper] - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} @ Default = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
                      BHO x64 - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office\Office15\OCHelper.dll
                      BHO x64 - [avast! Online Security] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} @ Default = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
                      BHO x64 - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
                      BHO x64 - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

                      ==================== Auto Start Programs =======================================

                      ASP01 - HKLM\..\Run @ Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                      ASP01 - HKLM\..\Run @ APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                      ASP01 - HKLM\..\Run @ AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
                      ASP01 - HKLM\..\Run @ HP CoolSense = C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
                      ASP01 - HKLM\..\Run @ HP Quick Launch = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
                      ASP01 - HKLM\..\Run @ HPOSD = C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
                      ASP01 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                      ASP01 - HKLM\..\Run @ KiesTrayAgent = C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
                      ASP01 - HKLM\..\Run @ QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                      ASP01 - HKLM\..\Run @ StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
                      ASP01 - HKLM\..\Run @ SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                      ASP01 - HKLM\..\Run @ USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
                      ASP04 - HKCU\..\Run @ ACEStream = C:\Users\Leon\AppData\Roaming\ACEStream\engine\ace_engine.exe
                      ASP04 - HKCU\..\Run @ DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
                      ASP04 - HKCU\..\Run @ HydraVisionDesktopManager = "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
                      ASP04 - HKCU\..\Run @ KiesPreload = C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
                      ASP04 - HKCU\..\Run @ Spotify Web Helper = "C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
                      ASP01 x64 - HKLM\..\Run @ Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                      ASP01 x64 - HKLM\..\Run @ APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                      ASP01 x64 - HKLM\..\Run @ AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
                      ASP01 x64 - HKLM\..\Run @ HP CoolSense = C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
                      ASP01 x64 - HKLM\..\Run @ HP Quick Launch = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
                      ASP01 x64 - HKLM\..\Run @ HPOSD = C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
                      ASP01 x64 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                      ASP01 x64 - HKLM\..\Run @ KiesTrayAgent = C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
                      ASP01 x64 - HKLM\..\Run @ QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                      ASP01 x64 - HKLM\..\Run @ StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
                      ASP01 x64 - HKLM\..\Run @ SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                      ASP01 x64 - HKLM\..\Run @ USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
                      ASP04 x64 - HKCU\..\Run @ ACEStream = C:\Users\Leon\AppData\Roaming\ACEStream\engine\ace_engine.exe
                      ASP04 x64 - HKCU\..\Run @ DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
                      ASP04 x64 - HKCU\..\Run @ HydraVisionDesktopManager = "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
                      ASP04 x64 - HKCU\..\Run @ KiesPreload = C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
                      ASP04 x64 - HKCU\..\Run @ Spotify Web Helper = "C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
                      ASP - Startup - C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
                      ASP - Startup - C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
                      ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini



                      ==================== Extra Items IE ============================================

                      EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                      EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                      EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
                      EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
                      EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP 1.1 settings
                      EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
                      EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
                      EI04 - App Ext - HKCU\..\Approved Extensions @ {18DF081C-E8AD-4283-A596-FA578C2EBDC3} = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
                      EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                      EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                      EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
                      EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
                      EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP 1.1 settings
                      EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
                      EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
                      EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {18DF081C-E8AD-4283-A596-FA578C2EBDC3} =
                      EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {9030D464-4C02-4ABF-8ECC-5164760863C6} =

                      ==================== Internet Default Prefix ===================================

                      IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
                      IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://
                      IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
                      IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://

                      ==================== Default Settings IE - DSIE ================================

                      DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/?LinkId
                      DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId

                      ==================== Protocol Hijackers - PH ===================================

                      PH00 - Handlersf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL # MD5 [cb7e6052455d585dead6f637d8d0a3c9]
                      PH01 - Filter:text/xml - {807583E5-5146-11D5-A672-00B0D022E945} @ = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown
                      PH00 x64 - Handlersf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files\Microsoft Office\Office15\MSOSB.DLL # MD5 [59ac63d95071da4b8f1f5a9277b7f4fe]
                      PH01 x64 - Filter:text/xml - {807583E5-5146-11D5-A672-00B0D022E945} @ = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL <= Unknown

                      ==================== ShellServiceObjectDelayLoad - SSODL =======================

                      SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =
                      SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =

                      ==================== Extra items - EXT (Torpig/ConduitSearch) ==================

                      EXT00 - HKLM\SOFTWARE\AppDataLow\Software\Adobe
                      EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Adobe
                      EXT01 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
                      EXT01 - HKCU\SOFTWARE\AppDataLow\Software\MarkAny
                      EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
                      EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll
                      EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll
                      EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Adobe
                      EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
                      EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\MarkAny
                      EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
                      EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll
                      EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll

                      ==================== DRIVERS and SERVICES ======================================

                      *** Win32OwnProcess ***

                      SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
                      SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
                      SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
                      SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
                      SERV - R2 - [ezSharedSvc] - Easybits Services for Windows - c:\windows\system32\ezsharedsvchost.exe [x]
                      SERV - R2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
                      SERV - R2 - [HPClientSvc] - HP Client Services - c:\program files\hewlett-packard\hp client services\hpclientservices.exe
                      SERV - R2 - [hpsrv] - HP Service - c:\windows\system32\hpservice.exe
                      SERV - R2 - [HPSupportSolutionsFrameworkService] - HP Support Solutions Framework Service - c:\program files (x86)\hp\common\hpsupportsolutionsframeworkservice.exe
                      SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
                      SERV - R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe
                      SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
                      SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
                      SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
                      SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
                      SERV - R2 - [PnkBstrA] - PnkBstrA - c:\windows\system32\pnkbstra.exe [x]
                      SERV - R2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
                      SERV - R2 - [STacSV] - Audio Service - c:\program files\idt\wdm\stacsv64.exe
                      SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
                      SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
                      SERV - R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
                      SERV - R3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
                      SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
                      SERV - R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
                      SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
                      SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
                      SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
                      SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
                      SERV - S2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
                      SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
                      SERV - S3 - [aspnet_state] - ASP.NET-statusservice - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
                      SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
                      SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
                      SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
                      SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
                      SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
                      SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
                      SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
                      SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
                      SERV - S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
                      SERV - S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
                      SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
                      SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
                      SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
                      SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
                      SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
                      SERV - S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe
                      SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
                      SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
                      SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
                      SERV - S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

                      *** Win32ShareProcess ***

                      SERV - R2 - [avast! Antivirus] - avast! Antivirus - c:\program files\avast software\avast\avastsvc.exe
                      SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
                      SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
                      SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
                      SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe
                      SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
                      SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe
                      SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
                      SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
                      SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
                      SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
                      SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

                      *** Others ***

                      SERV - R2 - [HPWMISVC] - HPWMISVC - c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe
                      SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
                      SERV - R2 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

                      *** File System Driver ***

                      DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
                      DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
                      DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
                      DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
                      DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys
                      DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys

                      *** Kernel Driver ***

                      DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys
                      DRV - R0 - [amdkmpfd] - AMD PCI Root Bus Lower Filter - C:\Windows\system32\Drivers\amdkmpfd.sys
                      DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
                      DRV - R0 - [aswRvrt] - avast! Revert - C:\Windows\system32\Drivers\aswRvrt.sys
                      DRV - R0 - [aswVmm] - avast! VM Monitor - C:\Windows\system32\Drivers\aswVmm.sys
                      DRV - R0 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys
                      DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
                      DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
                      DRV - R0 - [Compbatt] - Microsoft Composite Battery-stuurprogramma - C:\Windows\system32\Drivers\Compbatt.sys
                      DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys
                      DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys
                      DRV - R0 - [hpdskflt] - HP Filter - C:\Windows\system32\Drivers\hpdskflt.sys
                      DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
                      DRV - R0 - [iaStor] - Intel AHCI Controller - C:\Windows\system32\Drivers\iaStor.sys
                      DRV - R0 - [iusb3hcs] - Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma - C:\Windows\system32\Drivers\iusb3hcs.sys
                      DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
                      DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
                      DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys
                      DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
                      DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys
                      DRV - R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys
                      DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys
                      DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
                      DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
                      DRV - R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
                      DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys
                      DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys
                      DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys
                      DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys
                      DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys
                      DRV - R0 - [Wd] - Microsoft Watchdog Timer-stuurprogramma - C:\Windows\system32\Drivers\Wd.sys
                      DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
                      DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
                      DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
                      DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys
                      DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

                      ==================== SvcHost - White Listed ====================================

                      All Ok

                      WOW - All Ok

                      ==================== SigCheck x86 Fast =========================================

                      Fast Scan All ok

                      ==================== SigCheck x64 Fast =========================================

                      Fast Scan All ok

                      ==================== Job tasks =================================================

                      There are no .job files found.

                      ==================== End scanning at do 18 sep 2014 00:29 (0 Min 54 Sec ) ======

                      E-Peek support @ http://www.antimalwarehelp.be/forum/index.php
                      Last edited by Emphyrio; 18-09-14, 00:19. Reden: Smileys uitgezet

                      Comment


                      • #12
                        Mooi zo, we gaan verder....

                        Stap 1:

                        Malware scannen en verwijderen....

                        Installeer MBAM 2.0 (info & download link)

                        Start MBAM.
                        Klik bovenin het scherm van Malwarebytes Anti-Malware op Scan.
                        Kies in het scherm voor de Aangepaste scan en vink de partities aan die van toepassing zijn (c:\ d\ enz..)
                        Klik vervolgens op de knop Scan nu.

                        Voor het scannen wordt er altijd eerst automatisch gecontroleerd of er updates van de virusdefinities beschikbaar zijn, indien er een update beschikbaar is, moet je deze eerst laten installeren.

                        Wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijg je hier een overzicht van.
                        Selecteer om allen in quarantaine te plaatsen.
                        Bij de melding dat uw computer opnieuw opgestart moet worden klik je op Ja.

                        Na herstart van de PC, indien Malwarebytes heeft gevraagd om de PC opnieuw op te starten, open Malwarebytes opnieuw.
                        Klik de Historie knop bovenaan in het menu.
                        Klik vervolgens op de optie programmalogboeken en selecteer het Scanlogboek wat u wilt exporteren. Dit is de laatste scan die je hebt gedaan (kan je zien aan de datum en tijd).
                        Selecteer deze om te bekijken.
                        In een nieuw venster dat zal openen zal je de resultaten van je scan zien.

                        Onderaan, selecteer ofwel om te exporteren als tekstbestand en geef het tekstbestand een naam, bijvoorbeeld mbamlog.
                        Ofwel kan je selecteren om te kopieren naar het klembord, zodat de inhoud van de log naar je klembord wordt gekopieerd en je die zo in je volgende post kan plakken.


                        Stap 2:

                        Controle op slechte toolbars...

                        Download AdwCleaner by Xplode naar je Bureaublad.
                        • Sluit alle openstaande vensters
                        • Start AdwCleaner
                        • Klik op Scannen
                        • Klik op Verwijderen
                        • KLIK HIER voor een vergroting! 

                        Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
                        Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
                        Post deze inhoud hier op het Forum.

                        Enkel de log na de "Verwijderen" optie heb ik nodig.

                        Vergeet niet om je "smileys" uit te schakelen.

                        Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
                        Deze word standaard door AdwCleaner terug gezet naar Google.com


                        Stap 3:

                        Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


                        DDS is een diagnosetool en maakt gebruik van scripts.
                        Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


                        Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
                        Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
                        Beide logfiles sla je op je bureaublad.

                        Post de inhoud van DDS.txt.

                        De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


                        Stap 4:

                        Download Security Check op je bureaublad via hier of hier

                        Start Security Check
                        Volg de Instructies in het scherm
                        Aan het eind verschijnt een log ( checkup.txt )
                        Plaats de inhoud ervan in je volgende antwoord.


                        In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
                        .
                        • MBAM
                        • AdwCleaner
                        • DDS
                        • checkup.txt

                        .
                        Deze logs NIET als bijlage of tussen codetags posten aub.
                        (Desnoods in meerdere postingen.)

                        Emphyrio
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Malwarebytes Anti-Malware
                          www.malwarebytes.org

                          Scandatum: 18-9-2014
                          Scantijd: 0:43:37
                          Logbestand:
                          Beheerder: Ja

                          Versie: 2.00.2.1012
                          Malwaredatabase: v2014.09.17.09
                          Rootkitdatabase: v2014.09.15.01
                          Licentie: Gratis
                          Malwarebescherming: Uitgeschakeld
                          Kwaadaardige Website Bescherming: Uitgeschakeld
                          Self-protection: Uitgeschakeld

                          Besturingssysteem: Windows 7 Service Pack 1
                          Processor: x64
                          Bestandssysteem: NTFS
                          Gebruiker: Leon

                          Scantype: Aangepaste Scan
                          Resultaat: Voltooid
                          Objecten Gescand: 608877
                          Verstreken Tijd: 2 u, 24 m, 33 s

                          Geheugen: Ingeschakeld
                          Opstarten: Ingeschakeld
                          Bestandssysteem: Ingeschakeld
                          Archieven: Ingeschakeld
                          Rootkits: Uitgeschakeld
                          Heuristics: Ingeschakeld
                          POP: Ingeschakeld
                          POA: Ingeschakeld

                          Processen: 0
                          (No malicious items detected)

                          Modules: 0
                          (No malicious items detected)

                          Registersleutels: 0
                          (No malicious items detected)

                          Registerwaardes: 0
                          (No malicious items detected)

                          Registerdata: 0
                          (No malicious items detected)

                          Mappen: 0
                          (No malicious items detected)

                          Bestanden: 5
                          Trojan.Passwords.GM, C:\Users\Leon\Documents\Downloads\complete\Sims 4 met medicijn\Crack\Game\Bin\3dmgame.dll, In Quarantaine, [a21b28c6c0bbef47e598dfe225dc1ce4],
                          Trojan.Passwords.GM, C:\Users\Leon\Documents\Downloads\complete\Sims 4 met medicijn\sims_4\Game\Bin\3dmgame.dll, In Quarantaine, [f0cd9d512457fa3c334a0bb6728f9b65],
                          Trojan.Passwords.GM, C:\Users\Leon\Documents\Downloads\complete\Sims 4 met medicijn\sims_4\Game\Bin\Crack\Game\Bin\3dmgame.dll, In Quarantaine, [8538846ad2a970c6cfaeb20fcb368c74],
                          VirTool.Obfuscator, C:\Users\Leon\Documents\Downloads\complete\The SIMS 4 Deluxe Edition NL ( Werkt 100_ )\LEZEN INSTALLATIE\Crack\Game\Bin\3dmgame.dll, In Quarantaine, [3b82945a84f73105eaa69031f60b4db3],
                          VirTool.Obfuscator, C:\Program Files (x86)\The SIMS 4 Deluxe Edition\Game\Bin\3dmgame.dll, In Quarantaine, [e7d6a44adc9f87af6d23a021d22f45bb],

                          Fysieke Sectoren: 0
                          (No malicious items detected)


                          (end)



                          ADW:

                          # AdwCleaner v3.310 - Rapport aangemaakt 18/09/2014 op 10:08:50
                          # Laatste Update 12/09/2014 door Xplode
                          # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
                          # Gebruikersnaam : Leon - COMPUTER2013
                          # Gestart vanuit : C:\Users\Leon\Downloads\adwcleaner_3.310.exe
                          # Optie : Verwijderen

                          ***** [ Services ] *****


                          ***** [ Bestanden / Mappen ] *****


                          ***** [ Taken ] *****


                          ***** [ Snelkoppelingen ] *****


                          ***** [ Register ] *****


                          ***** [ Browsers ] *****

                          -\\ Internet Explorer v0.0.0.0


                          -\\ Google Chrome v37.0.2062.120

                          [ Bestand : C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\preferences ]

                          Verwijderd [Search Provider] : hxxp://www.vd.nl/search.jsf?suggesturl=hxxp%3A%2F%2Fquery.published.live1.suggest.eu1.fredhopperservices.com%2Fvd_nl% 2Fjscript%3Fscope%3D%2F%2Fcatalog01%2Fnl_NL%26search%3D%25query%25%26random%3D%25random%25&searchQue ry={searchTerms}&SearchSuggestUsed=true
                          Verwijderd [Search Provider] : hxxp://nl.softonic.com/s/{searchTerms}

                          *************************

                          AdwCleaner[R0].txt - [5308 octets] - [10/08/2014 17:36:48]
                          AdwCleaner[R1].txt - [1099 octets] - [11/08/2014 12:21:34]
                          AdwCleaner[R2].txt - [1427 octets] - [11/08/2014 12:41:50]
                          AdwCleaner[R3].txt - [1180 octets] - [15/09/2014 15:10:55]
                          AdwCleaner[R4].txt - [1306 octets] - [16/09/2014 20:23:32]
                          AdwCleaner[R5].txt - [1783 octets] - [16/09/2014 22:20:01]
                          AdwCleaner[R6].txt - [1843 octets] - [16/09/2014 22:22:39]
                          AdwCleaner[R7].txt - [1963 octets] - [18/09/2014 10:07:39]
                          AdwCleaner[S0].txt - [4945 octets] - [10/08/2014 17:37:39]
                          AdwCleaner[S1].txt - [1528 octets] - [11/08/2014 12:22:29]
                          AdwCleaner[S2].txt - [1495 octets] - [11/08/2014 12:42:41]
                          AdwCleaner[S3].txt - [1605 octets] - [15/09/2014 15:11:48]
                          AdwCleaner[S4].txt - [1731 octets] - [16/09/2014 20:24:30]
                          AdwCleaner[S5].txt - [1911 octets] - [16/09/2014 22:23:16]
                          AdwCleaner[S6].txt - [1891 octets] - [18/09/2014 10:08:50]

                          ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1951 octets] ##########

                          Comment


                          • #14
                            DDS (Ver_2012-11-20.01) - NTFS_AMD64
                            Internet Explorer: BrowserJavaVersion: 10.67.2
                            Run by Leon at 10:14:49 on 2014-09-18
                            Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6042.4006 [GMT 2:00]
                            .
                            AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
                            SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                            SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
                            .
                            ============== Running Processes ===============
                            .
                            C:\Windows\system32\lsm.exe
                            C:\Windows\system32\svchost.exe -k DcomLaunch
                            C:\Windows\system32\svchost.exe -k RPCSS
                            C:\Windows\system32\atiesrxx.exe
                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                            C:\Windows\system32\svchost.exe -k LocalService
                            C:\Windows\system32\svchost.exe -k netsvcs
                            C:\Program Files\IDT\WDM\STacSV64.exe
                            C:\Windows\system32\svchost.exe -k GPSvcGroup
                            C:\Windows\system32\igfxCUIService.exe
                            C:\Windows\system32\atieclxx.exe
                            C:\Windows\system32\Hpservice.exe
                            C:\Windows\system32\svchost.exe -k NetworkService
                            C:\Program Files\AVAST Software\Avast\AvastSvc.exe
                            C:\Windows\system32\taskeng.exe
                            C:\Windows\System32\spoolsv.exe
                            C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                            C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                            C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                            C:\Program Files\Bonjour\mDNSResponder.exe
                            C:\Windows\SysWOW64\ezSharedSvcHost.exe
                            C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                            C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
                            C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
                            C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
                            C:\Program Files\Intel\iCLS Client\HeciServer.exe
                            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
                            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
                            C:\Windows\SysWOW64\PnkBstrA.exe
                            C:\Windows\system32\svchost.exe -k imgsvc
                            C:\Windows\system32\UI0Detect.exe
                            C:\Windows\servicing\TrustedInstaller.exe
                            C:\Windows\system32\taskhost.exe
                            C:\Windows\system32\taskeng.exe
                            C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
                            C:\Windows\system32\Dwm.exe
                            C:\Windows\Explorer.EXE
                            C:\Windows\system32\igfxEM.exe
                            C:\Windows\system32\igfxHK.exe
                            C:\Windows\system32\igfxTray.exe
                            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            C:\Program Files\IDT\WDM\sttray64.exe
                            C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
                            C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
                            C:\Program Files (x86)\Samsung\Kies\Kies.exe
                            C:\Users\Leon\AppData\Roaming\ACEStream\engine\ace_engine.exe
                            C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
                            C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
                            C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
                            C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
                            C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
                            C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
                            C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
                            C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
                            C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
                            C:\Program Files\AVAST Software\Avast\avastui.exe
                            C:\Program Files (x86)\iTunes\iTunesHelper.exe
                            C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                            C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
                            C:\Windows\System32\wbem\WmiPrvSE.exe
                            C:\Program Files\iPod\bin\iPodService.exe
                            C:\Windows\system32\SearchIndexer.exe
                            C:\Program Files\Windows Media Player\wmpnetwk.exe
                            C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
                            C:\Windows\System32\wbem\WmiPrvSE.exe
                            C:\Windows\System32\wbem\unsecapp.exe
                            C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
                            C:\Users\Leon\AppData\Roaming\Dropbox\bin\Dropbox.exe
                            C:\Windows\System32\svchost.exe -k LocalServicePeerNet
                            C:\Users\Leon\AppData\Roaming\ACEStream\updater\ace_update.exe
                            C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
                            C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
                            C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
                            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
                            C:\Windows\system32\sppsvc.exe
                            C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
                            C:\Windows\System32\svchost.exe -k secsvcs
                            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
                            C:\Windows\System32\cscript.exe
                            .
                            ============== Pseudo HJT Report ===============
                            .
                            BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
                            BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                            BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
                            BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
                            BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
                            BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                            BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
                            uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
                            uRun: [Spotify Web Helper] "C:\Users\Leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
                            uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
                            uRun: [ACEStream] C:\Users\Leon\AppData\Roaming\ACEStream\engine\ace_engine.exe
                            uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
                            mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
                            mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
                            mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
                            mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
                            mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
                            mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
                            mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
                            mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
                            mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
                            mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
                            mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                            mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
                            StartupFolder: C:\Users\Leon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Leon\AppData\Roaming\Dropbox\bin\Dropbox.exe
                            uPolicies-Explorer: NoDrives = dword:0
                            uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
                            mPolicies-Explorer: EnableShellExecuteHooks = dword:1
                            mPolicies-Explorer: NoDrives = dword:0
                            mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                            mPolicies-System: ConsentPromptBehaviorUser = dword:3
                            mPolicies-System: EnableUIADesktopToggle = dword:0
                            mPolicies-System: HideFastUserSwitching = dword:0
                            IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
                            IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
                            IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
                            IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
                            IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
                            IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
                            IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
                            IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
                            TCP: NameServer = 192.168.0.1
                            TCP: Interfaces\{0D7E33B9-2F71-4842-8942-7202030909A9} : DHCPNameServer = 192.168.0.1
                            TCP: Interfaces\{0D7E33B9-2F71-4842-8942-7202030909A9}\65746573531393236473649324 : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
                            TCP: Interfaces\{0D7E33B9-2F71-4842-8942-7202030909A9}\A594E496E4 : DHCPNameServer = 192.168.88.16
                            TCP: Interfaces\{0D7E33B9-2F71-4842-8942-7202030909A9}\A5967676F6 : DHCPNameServer = 212.54.40.25 212.54.35.25
                            TCP: Interfaces\{2AD15C49-78A0-44E9-AAF9-970AD69C4FA1} : DHCPNameServer = 192.168.0.1
                            Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
                            Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
                            Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
                            SSODL: WebCheck - <orphaned>
                            mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                            x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
                            x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
                            x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
                            x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
                            x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
                            x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
                            x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
                            x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
                            x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
                            x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
                            x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
                            x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
                            x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
                            x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
                            x64-Notify: igfxcui - igfxdev.dll
                            x64-SSODL: WebCheck - <orphaned>
                            .
                            ============= SERVICES / DRIVERS ===============
                            .
                            R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2013-12-13 36608]
                            R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-3 65776]
                            R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-3 224896]
                            R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2013-5-26 16152]
                            R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-2-24 1041168]
                            R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-2-24 427360]
                            R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-16 283200]
                            R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-18 239616]
                            R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-28 29208]
                            R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-24 79184]
                            R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-20 92008]
                            R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-28 50344]
                            R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
                            R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
                            R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
                            R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
                            R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-7-7 72992]
                            R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
                            R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-3 13592]
                            R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 314696]
                            R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
                            R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-3 128280]
                            R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-3 161560]
                            R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-3 363800]
                            R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
                            R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2013-5-26 355096]
                            R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2013-5-26 786200]
                            R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-18 122584]
                            R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2014-3-2 2431792]
                            R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-3 565352]
                            R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2013-5-26 21264]
                            S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                            S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                            S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
                            S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-5-22 103064]
                            S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
                            S3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-1-6 14652768]
                            S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
                            S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-17 19456]
                            S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2011-9-22 258664]
                            S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
                            S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
                            S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
                            S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-5-22 203672]
                            S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-7 56832]
                            S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-17 30208]
                            S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
                            S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-17 1255736]
                            .
                            =============== File Associations ===============
                            .
                            FileExt: .txt: Applications\WINWORD.EXE="C:\Program Files\Microsoft Office\Office15\WINWORD.EXE" /n "%1" [UserChoice] [default=edit - 'Open' doesn't exist]
                            .
                            =============== Created Last 30 ================
                            .
                            2014-09-17 22:43:01 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
                            2014-09-17 22:42:50 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
                            2014-09-17 22:42:50 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
                            2014-09-17 22:42:50 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
                            2014-09-17 22:42:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
                            2014-09-16 20:07:49 -------- d-----w- C:\Program Files\CCleaner
                            2014-09-16 19:58:49 -------- d-----w- C:\Windows\System32\catroot2
                            2014-09-16 19:49:38 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
                            2014-09-16 18:49:44 -------- d-----w- C:\Program Files (x86)\E Dev
                            2014-09-16 16:02:46 -------- d-----w- C:\Program Files\Enigma Software Group
                            2014-09-16 16:01:48 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
                            2014-09-16 16:01:47 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
                            2014-09-16 15:59:33 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41FF4FFF-8544-442A-B194-5EA049D5EEB1}\mpengine.dll
                            2014-09-13 17:55:27 -------- d-----w- C:\Users\Leon\AppData\Local\SmartView2
                            2014-09-13 17:53:58 -------- d-----w- C:\Program Files (x86)\SmartView2
                            2014-09-11 13:58:42 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
                            2014-09-11 13:58:42 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
                            2014-09-11 07:51:25 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
                            2014-09-11 07:51:25 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
                            2014-09-11 07:51:06 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
                            2014-09-11 07:51:06 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
                            2014-09-11 07:50:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
                            2014-09-11 07:50:52 728064 ----a-w- C:\Windows\System32\kerberos.dll
                            2014-09-11 07:50:52 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
                            2014-09-11 07:50:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
                            2014-09-11 07:50:52 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
                            2014-09-07 14:01:02 -------- d-----w- C:\Program Files (x86)\The SIMS 4 Deluxe Edition
                            2014-09-07 13:32:50 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
                            2014-09-07 13:32:50 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
                            2014-09-07 13:32:49 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
                            2014-09-07 13:32:48 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
                            2014-09-06 19:23:27 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll
                            2014-09-06 19:16:43 -------- d-----w- C:\Program Files (x86)\Origin Games
                            2014-09-06 19:09:10 -------- d-----w- C:\Users\Leon\AppData\Roaming\Origin
                            2014-09-06 19:09:08 -------- d-----w- C:\Users\Leon\AppData\Local\Origin
                            2014-09-06 19:08:20 -------- d-----w- C:\ProgramData\Electronic Arts
                            2014-09-06 19:08:18 -------- d-----w- C:\Program Files (x86)\Origin
                            2014-09-06 18:55:22 -------- d-----w- C:\ProgramData\Origin
                            2014-08-27 18:13:47 3163648 ----a-w- C:\Windows\System32\win32k.sys
                            2014-08-27 18:13:46 404480 ----a-w- C:\Windows\System32\gdi32.dll
                            2014-08-27 18:13:46 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
                            2014-08-25 10:30:53 -------- d-----w- C:\Program Files (x86)\GOGcom
                            2014-08-24 20:41:03 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
                            2014-08-24 20:41:03 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
                            2014-08-24 20:41:03 171160 ----a-w- C:\Windows\System32\infocardapi.dll
                            2014-08-24 20:41:03 1389208 ----a-w- C:\Windows\System32\icardagt.exe
                            2014-08-24 20:40:59 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
                            2014-08-24 20:40:59 8856 ----a-w- C:\Windows\System32\icardres.dll
                            2014-08-24 20:40:32 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
                            2014-08-24 20:40:32 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
                            2014-08-24 12:55:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
                            2014-08-24 12:55:09 2048 ----a-w- C:\Windows\System32\tzres.dll
                            2014-08-24 12:54:54 3241984 ----a-w- C:\Windows\System32\msi.dll
                            2014-08-24 12:54:53 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
                            2014-08-24 12:54:53 1941504 ----a-w- C:\Windows\System32\authui.dll
                            2014-08-24 12:54:52 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
                            2014-08-24 12:54:51 504320 ----a-w- C:\Windows\System32\msihnd.dll
                            2014-08-24 12:54:51 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
                            2014-08-24 12:54:51 112064 ----a-w- C:\Windows\System32\consent.exe
                            2014-08-24 12:54:45 986560 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
                            2014-08-24 12:54:35 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
                            2014-08-24 12:54:35 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
                            .
                            ==================== Find3M ====================
                            .
                            2014-08-25 04:53:42 270496 ----a-w- C:\Windows\System32\MpSigStub.exe
                            2014-08-15 15:35:56 2339328 ----a-w- C:\Windows\System32\jscript9.dll
                            2014-08-15 15:31:16 1392128 ----a-w- C:\Windows\System32\wininet.dll
                            2014-08-15 15:30:08 599040 ----a-w- C:\Windows\System32\vbscript.dll
                            2014-08-15 15:30:00 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
                            2014-08-15 15:29:33 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
                            2014-08-15 15:28:50 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
                            2014-08-15 15:28:47 12800 ----a-w- C:\Windows\System32\mshta.exe
                            2014-08-15 14:42:27 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
                            2014-08-15 14:37:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
                            2014-08-15 14:36:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                            2014-08-15 14:35:47 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
                            2014-08-15 14:35:34 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                            2014-08-15 14:34:49 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
                            2014-08-15 14:34:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                            2014-08-10 21:34:02 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                            2014-08-10 20:04:55 24064 ----a-w- C:\Windows\zoek-delete.exe
                            2014-08-10 16:38:47 92008 ----a-w- C:\Windows\System32\drivers\aswstm.sys
                            2014-08-10 16:38:47 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
                            2014-08-10 16:38:47 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
                            2014-08-10 16:38:46 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
                            2014-08-10 16:38:46 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
                            2014-08-10 16:38:46 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
                            2014-08-10 16:38:45 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
                            2014-08-10 16:38:45 43152 ----a-w- C:\Windows\avastSS.scr
                            2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
                            2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
                            .
                            ============= FINISH: 10:17:35,56 ===============

                            Comment


                            • #15
                              Results of screen317's Security Check version 0.99.87
                              Windows 7 Service Pack 1 x64 (UAC is enabled)
                              Internet Explorer 11
                              ``````````````Antivirus/Firewall Check:``````````````
                              avast! Antivirus
                              Antivirus up to date!
                              `````````Anti-malware/Other Utilities Check:`````````
                              Java 7 Update 67
                              Adobe Reader 10.1.10 Adobe Reader out of Date!
                              Google Chrome 37.0.2062.103
                              Google Chrome 37.0.2062.120
                              ````````Process Check: objlist.exe by Laurent````````
                              Malwarebytes Anti-Malware mbam.exe
                              AVAST Software Avast AvastSvc.exe
                              AVAST Software Avast avastui.exe
                              `````````````````System Health check`````````````````
                              Total Fragmentation on Drive C: 2%
                              ````````````````````End of Log``````````````````````

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X