Mededeling

Collapse
No announcement yet.

ongewenste popups

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • ongewenste popups

    Hi,

    waarschijnlijk is er ooit een keer bij het spelen of downloaden van een online spel of installeren van software een bepaald ongewenst bestand(en) meegekomen.
    Ik heb eerst de instructies aandachtig doorgelezen en uitgevoerd. Hieronder zet ik achtereenvolgens de logs van
    MBAM
    AdwCleaner
    DDS
    Gmer

    Zo nodig zet ik ze in aparte berichten.

    MBAM

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 22-10-2014
    Scan Time: 15:05:45
    Logfile: mbamlog.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.10.22.04
    Rootkit Database: v2014.10.21.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: NS Hispeed

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 553281
    Time Elapsed: 23 hr, 4 min, 54 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [0c5421f692ea45f1c827c55eba497a86],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 5
    PUP.Optional.Multiplug, C:\Program Files (x86)\YoutubeAdblocker, Quarantined, [79e725f2b0ccee48abe8ea0739c9619f],
    PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker, Quarantined, [bfa1d542fa8239fdf695c72c9969a759],
    PUP.Optional.SNBooster.A, C:\ProgramData\TopApp software\SO.Booster, Quarantined, [10504dcaea92aa8c0ff25babab5820e0],
    PUP.Optional.MultiPlug.A, C:\ProgramData\save. on, Quarantined, [38288790a1dbab8b4da7f80f9c67de22],
    PUP.Optional.MultiPlug.A, C:\Program Files (x86)\save. on, Quarantined, [81df27f02b515ed8da1b5fa852b1768a],

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    ADWCLEANER

    # AdwCleaner v4.001 - Rapport aangemaakt 23/10/2014 op 14:24:39
    # DB v2014-10-21.1
    # Laatste Update 20/10/2014 door Xplode
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Gebruikersnaam : NS Hispeed - NSHISPEED-HP
    # Gestart vanuit : C:\Users\NS Hispeed\Desktop\adwcleaner_4.001.exe
    # Optie : Verwijderen

    ***** [ Services ] *****


    ***** [ Bestanden / Mappen ] *****

    Map Verwijderd : C:\ProgramData\AVG Secure Search
    Map Verwijderd : C:\Program Files (x86)\Common Files\AVG Secure Search
    Map Verwijderd : C:\ProgramData\AVG Security Toolbar
    Map Verwijderd : C:\Users\Administrator\AppData\Local\Chromatic Browser
    Map Verwijderd : C:\Users\Gast\AppData\Local\Chromatic Browser
    Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
    Map Verwijderd : C:\Users\NS Hispeed\AppData\Local\Chromatic Browser
    Map Verwijderd : C:\ProgramData\topapp software
    Map Verwijderd : C:\Users\Administrator\AppData\Local\torch
    Map Verwijderd : C:\Users\Gast\AppData\Local\torch
    Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\torch
    Map Verwijderd : C:\Users\NS Hispeed\AppData\Local\torch
    Map Verwijderd : C:\ProgramData\DiscouNtExtenseI
    Map Verwijderd : C:\Program Files (x86)\DiscouNtExtenseI
    Map Verwijderd : C:\ProgramData\ExssttrACOuponn
    Map Verwijderd : C:\Program Files (x86)\ExssttrACOuponn
    Map Verwijderd : C:\ProgramData\ExStiraCaoupon
    Map Verwijderd : C:\ProgramData\NetoCOupion
    Map Verwijderd : C:\Program Files (x86)\NetoCOupion
    Map Verwijderd : C:\Users\NS Hispeed\AppData\Roaming\Mozilla\Firefox\Profiles\9182s4o8.default\Extensions\[email protected]
    Map Verwijderd : C:\Users\NS Hispeed\AppData\Roaming\Mozilla\Firefox\Profiles\9182s4o8.default\Extensions\[email protected] uk
    Map Verwijderd : C:\Users\NS Hispeed\AppData\Roaming\Mozilla\Firefox\Profiles\9182s4o8.default\Extensions\[email protected]
    Map Verwijderd : C:\Users\NS Hispeed\AppData\Roaming\Mozilla\Firefox\Profiles\9182s4o8.default\Extensions\[email protected]
    Map Verwijderd : C:\Users\NS Hispeed\AppData\Roaming\Mozilla\Firefox\Profiles\9182s4o8.default\Extensions\[email protected]
    Map Verwijderd : C:\Users\NS Hispeed\AppData\Roaming\Mozilla\Firefox\Profiles\9182s4o8.default\Extensions\[email protected]
    Map Verwijderd : C:\Users\NS Hispeed\AppData\Roaming\Mozilla\Firefox\Profiles\9182s4o8.default\Extensions\[email protected]
    Map Verwijderd : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akfpgjcjligcikpajaopnokbdapojkdn
    Map Verwijderd : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\akfpgjcjligcikpajaopnokbdapojkdn
    Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\akfpgjcjligcikpajaopnokbdapojkdn
    Map Verwijderd : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineaekgmjlmpleibchajdimpjkbaihoo
    Map Verwijderd : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineaekgmjlmpleibchajdimpjkbaihoo
    Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineaekgmjlmpleibchajdimpjkbaihoo
    Map Verwijderd : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akfpgjcjligcikpajaopnokbdapojkdn
    Map Verwijderd : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\akfpgjcjligcikpajaopnokbdapojkdn
    Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\akfpgjcjligcikpajaopnokbdapojkdn
    Map Verwijderd : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineaekgmjlmpleibchajdimpjkbaihoo
    Map Verwijderd : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineaekgmjlmpleibchajdimpjkbaihoo
    Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineaekgmjlmpleibchajdimpjkbaihoo
    Map Verwijderd : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akfpgjcjligcikpajaopnokbdapojkdn
    Map Verwijderd : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\akfpgjcjligcikpajaopnokbdapojkdn
    Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\akfpgjcjligcikpajaopnokbdapojkdn
    Map Verwijderd : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineaekgmjlmpleibchajdimpjkbaihoo
    Map Verwijderd : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineaekgmjlmpleibchajdimpjkbaihoo
    Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineaekgmjlmpleibchajdimpjkbaihoo
    Bestand Verwijderd : C:\Users\NS Hispeed\AppData\Roaming\Mozilla\Firefox\Profiles\9182s4o8.default\searchplugins\avg-secure-search.xml

    ***** [ Taken ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ Register ] *****

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ExstriaCOuupone.ExstriaCOuupone
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ExstriaCOuupone.ExstriaCOuupone.4.3
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\EExstraaCouponn.EExstraaCouponn
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\EExstraaCouponn.EExstraaCouponn.4.3
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DiisucountEExtaensi.DiisucountEExtaensi
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DiisucountEExtaensi.DiisucountEExtaensi.7.2
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\NetoCoupon.NetoCoupon
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\NetoCoupon.NetoCoupon.6.1
    Sleutel Verwijderd : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-603818780
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{585EC302-8306-415E-9DA2-16EDAEC973E2}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5B4A047C-0CC0-0429-9CDF-717056923CCE}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{89CF2499-F67D-B9F9-631A-BCE14C828305}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{D15A0CD5-F48E-7942-26AF-B286836F2A52}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{585EC302-8306-415E-9DA2-16EDAEC973E2}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5B4A047C-0CC0-0429-9CDF-717056923CCE}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{89CF2499-F67D-B9F9-631A-BCE14C828305}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D15A0CD5-F48E-7942-26AF-B286836F2A52}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{585EC302-8306-415E-9DA2-16EDAEC973E2}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5B4A047C-0CC0-0429-9CDF-717056923CCE}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{89CF2499-F67D-B9F9-631A-BCE14C828305}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D15A0CD5-F48E-7942-26AF-B286836F2A52}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{585EC302-8306-415E-9DA2-16EDAEC973E2}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5B4A047C-0CC0-0429-9CDF-717056923CCE}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89CF2499-F67D-B9F9-631A-BCE14C828305}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D15A0CD5-F48E-7942-26AF-B286836F2A52}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{585EC302-8306-415E-9DA2-16EDAEC973E2}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{89CF2499-F67D-B9F9-631A-BCE14C828305}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{D15A0CD5-F48E-7942-26AF-B286836F2A52}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Sleutel Verwijderd : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Sleutel Verwijderd : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Sleutel Verwijderd : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344


    -\\ Mozilla Firefox v32.0.3 (x86 nl)


    -\\ Google Chrome v35.0.1916.114


    *************************

    AdwCleaner[R0].txt - [13376 octets] - [23/10/2014 14:22:05]
    AdwCleaner[S0].txt - [13220 octets] - [23/10/2014 14:24:39]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13281 octets] ##########

    DDS log

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17344
    Run by NS Hispeed at 14:33:33 on 2014-10-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3960.1613 [GMT 2:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AV: AVG AntiVirus 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\windows\system32\svchost.exe -k GPSvcGroup
    C:\windows\system32\Hpservice.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\WLANExt.exe
    C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
    C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
    C:\windows\system32\Dwm.exe
    C:\windows\system32\taskhost.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
    c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    c:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    C:\windows\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
    C:\windows\system32\svchost.exe -k imgsvc
    c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
    C:\windows\system32\SearchIndexer.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\SysWOW64\RunDll32.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\windows\servicing\TrustedInstaller.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\windows\System32\WUDFHost.exe
    C:\windows\System32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun: [DsMgr] C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe
    mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    mRun: [IFXSPMGT] "c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 62.58.62.132 62.58.94.130
    TCP: Interfaces\{8D14F216-D372-4D23-AD75-A4D4869CAA40} : DHCPNameServer = 62.58.62.132 62.58.94.130
    TCP: Interfaces\{8D14F216-D372-4D23-AD75-A4D4869CAA40}\3416371602348696368616279647F6 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{8D14F216-D372-4D23-AD75-A4D4869CAA40}\960586F6E656026716E60265565627C656 : DHCPNameServer = 172.20.10.1
    TCP: Interfaces\{8D14F216-D372-4D23-AD75-A4D4869CAA40}\B405E4 : DHCPNameServer = 194.109.218.175 194.109.218.174
    TCP: Interfaces\{8D14F216-D372-4D23-AD75-A4D4869CAA40}\E4F4B4941402C457D6961602632303F503037393 : DHCPNameServer = 192.168.137.1
    TCP: Interfaces\{B20C4FCF-D01D-4CB5-AF09-1F52A6A20399} : DHCPNameServer = 10.4.34.11 10.12.145.11 172.19.1.244
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: DeviceNP - DeviceNP.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Notification Packages = DPPassFilter scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    mASetup: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
    x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\NS Hispeed\AppData\Roaming\Mozilla\Firefox\Profiles\9182s4o8.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/NSInternational/manager?tab=messages
    FF - prefs.js: keyword.URL -
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
    FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-6-18 190744]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-7-18 313624]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-3-27 19224]
    R0 MfeEpeOpal;MfeEpeOpal;C:\windows\System32\drivers\MfeEpeOpal.sys [2012-5-4 94792]
    R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2012-5-4 158792]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
    R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2013-3-27 58000]
    R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-7-24 247576]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-8-20 243480]
    R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-7-2 270616]
    R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2014-8-22 50976]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]
    R1 PersonalSecureDrive;PersonalSecureDrive;C:\windows\System32\drivers\psd.sys [2010-1-26 44576]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-9-5 3364368]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-9-5 293448]
    R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-3-14 152992]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-10 86072]
    R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-4-9 372824]
    R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-4-5 368512]
    R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2012-3-16 33560]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-12 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-3-27 128280]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-3-27 165144]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-22 1871160]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-22 968504]
    R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-5-4 1327104]
    R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-28 125584]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-6-12 1134584]
    R2 RoxioBurnLauncher;Roxio Burn Launcher;C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [2012-3-21 536848]
    R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 4915040]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-3-27 363800]
    R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [?]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\drivers\bcbtums.sys [2013-3-27 134696]
    R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\drivers\btwampfl.sys [2013-3-27 615976]
    R3 BTWDPAN;Bluetooth Personal Area Network;C:\windows\System32\drivers\btwdpan.sys [2013-3-27 89640]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2013-3-27 39976]
    R3 ecnssndis; Mobile Broadband Driver;C:\windows\System32\drivers\wwuss64.sys [2013-3-27 26664]
    R3 ecnssndisfltr; Mobile Broadband Driver Filter;C:\windows\System32\drivers\wwussf64.sys [2013-3-27 29736]
    R3 h36wgps;HP Mobile Broadband Module NMEA;C:\windows\System32\drivers\h36wgps64.sys [2013-3-27 103184]
    R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2012-6-12 1421728]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
    R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\windows\System32\drivers\iusb3hub.sys [2012-3-27 356632]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-3-27 789272]
    R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2012-2-28 173656]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-10-22 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-10-22 129752]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-10-22 63704]
    R3 Mbm3CBus;HP hs2350 HSPA+ Mobile Broadband Module USB Device (WDM);C:\windows\System32\drivers\Mbm3CBus.sys [2013-3-27 419400]
    R3 Mbm3DevMt;HP Mobile Broadband Module Device Management Driver (WDM);C:\windows\System32\drivers\Mbm3DevMt.sys [2013-3-27 430664]
    R3 Mbm3mdfl;HP Mobile Broadband Module Modem Filter;C:\windows\System32\drivers\Mbm3mdfl.sys [2013-3-27 19528]
    R3 Mbm3Mdm;HP Mobile Broadband Module Modem Driver;C:\windows\System32\drivers\Mbm3Mdm.sys [2013-3-27 483400]
    R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
    R3 WwanUsbServ;Mobile Broadband Driver;C:\windows\System32\drivers\WwanUsbMp64.sys [2013-3-27 279312]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [?]
    S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2012-11-9 64832]
    S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2012-11-19 477056]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-10-15 111616]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2012-3-7 1118480]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-7-2 1255736]
    S4 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2013-3-27 117552]
    .
    =============== Created Last 30 ================
    .
    2014-10-23 12:09:50 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{512C6247-9370-4BF5-ADD4-93897C6DAFBF}\mpengine.dll
    2014-10-22 13:23:22 -------- d-----w- C:\AdwCleaner
    2014-10-22 13:03:48 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
    2014-10-22 13:03:17 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
    2014-10-22 13:03:17 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
    2014-10-22 13:03:17 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
    2014-10-22 13:03:17 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-10-22 13:03:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-22 08:02:06 3231696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
    2014-10-21 15:42:11 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-10-21 15:26:19 -------- d-----w- C:\Users\NS Hispeed\AppData\Roaming\AVG2015
    2014-10-21 15:22:45 -------- d-----w- C:\ProgramData\AVG2015
    2014-10-21 15:16:40 -------- d-----w- C:\Users\NS Hispeed\AppData\Local\Avg2015
    2014-10-15 15:52:10 3198976 ----a-w- C:\windows\System32\win32k.sys
    2014-10-15 15:52:08 156824 ----a-w- C:\windows\SysWow64\mscorier.dll
    2014-10-15 15:52:08 156312 ----a-w- C:\windows\System32\mscorier.dll
    2014-10-15 15:52:08 1131664 ----a-w- C:\windows\SysWow64\dfshim.dll
    2014-10-15 15:52:07 81560 ----a-w- C:\windows\SysWow64\mscories.dll
    2014-10-15 15:52:07 73880 ----a-w- C:\windows\System32\mscories.dll
    2014-10-15 15:52:07 1943696 ----a-w- C:\windows\System32\dfshim.dll
    2014-10-15 15:50:59 752640 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2014-10-15 15:48:03 3241472 ----a-w- C:\windows\System32\msi.dll
    2014-10-15 15:48:03 2363904 ----a-w- C:\windows\SysWow64\msi.dll
    2014-10-04 07:34:23 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6D34229A-EEEE-4B8B-83D4-63BF40AE2272}\gapaengine.dll
    2014-10-04 07:33:26 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
    2014-10-04 07:33:26 371712 ----a-w- C:\windows\System32\qdvd.dll
    2014-10-04 07:33:23 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2014-10-04 07:33:23 2048 ----a-w- C:\windows\System32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2014-10-10 02:05:59 276480 ----a-w- C:\windows\System32\generaltel.dll
    2014-10-10 02:05:42 507392 ----a-w- C:\windows\System32\aepdu.dll
    2014-10-10 02:00:38 424448 ----a-w- C:\windows\System32\aeinv.dll
    2014-10-04 07:46:29 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-10-04 07:46:29 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2014-09-25 22:32:04 2017280 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2014-09-25 22:31:02 2108416 ----a-w- C:\windows\System32\inetcpl.cpl
    2014-09-22 06:42:39 278152 ------w- C:\windows\System32\MpSigStub.exe
    2014-09-19 01:56:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
    2014-09-19 01:55:49 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
    2014-09-19 01:40:43 66048 ----a-w- C:\windows\System32\iesetup.dll
    2014-09-19 01:40:03 547328 ----a-w- C:\windows\System32\vbscript.dll
    2014-09-19 01:39:58 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
    2014-09-19 01:38:27 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
    2014-09-19 01:36:57 5829632 ----a-w- C:\windows\System32\jscript9.dll
    2014-09-19 01:26:00 139264 ----a-w- C:\windows\System32\ieUnatt.exe
    2014-09-19 01:25:49 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
    2014-09-19 01:25:12 4201472 ----a-w- C:\windows\SysWow64\jscript9.dll
    2014-09-19 01:25:09 758272 ----a-w- C:\windows\System32\jscript9diag.dll
    2014-09-19 01:18:02 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
    2014-09-19 01:14:57 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2014-09-19 01:06:47 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
    2014-09-19 01:02:07 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
    2014-09-19 01:01:47 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
    2014-09-19 01:01:03 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
    2014-09-19 00:59:40 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
    2014-09-19 00:50:16 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2014-09-19 00:49:31 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
    2014-09-19 00:40:12 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
    2014-09-19 00:36:23 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-09-19 00:33:18 2309632 ----a-w- C:\windows\System32\wininet.dll
    2014-09-19 00:18:55 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
    2014-09-18 23:59:11 1810944 ----a-w- C:\windows\SysWow64\wininet.dll
    2014-09-13 01:58:18 77312 ----a-w- C:\windows\System32\packager.dll
    2014-09-13 01:40:05 67072 ----a-w- C:\windows\SysWow64\packager.dll
    2014-09-04 05:23:20 424448 ----a-w- C:\windows\System32\rastls.dll
    2014-09-04 05:04:15 372736 ----a-w- C:\windows\SysWow64\rastls.dll
    2014-08-23 02:07:00 404480 ----a-w- C:\windows\System32\gdi32.dll
    2014-08-23 01:45:55 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
    2014-08-22 05:53:42 50976 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
    2014-08-20 19:45:10 243480 ----a-w- C:\windows\System32\drivers\avgldx64.sys
    2014-08-19 03:11:28 693176 ----a-w- C:\windows\System32\winload.efi
    2014-08-19 03:10:10 616352 ----a-w- C:\windows\System32\winresume.efi
    2014-08-19 03:08:04 503808 ----a-w- C:\windows\System32\srcore.dll
    2014-08-19 03:08:04 50176 ----a-w- C:\windows\System32\srclient.dll
    2014-08-19 03:08:03 63488 ----a-w- C:\windows\System32\setbcdlocale.dll
    2014-08-19 03:07:51 58880 ----a-w- C:\windows\System32\appidapi.dll
    2014-08-19 03:07:51 32256 ----a-w- C:\windows\System32\appidsvc.dll
    2014-08-19 03:07:33 296960 ----a-w- C:\windows\System32\rstrui.exe
    2014-08-19 03:07:11 17920 ----a-w- C:\windows\System32\appidcertstorecheck.exe
    2014-08-19 03:07:11 146944 ----a-w- C:\windows\System32\appidpolicyconverter.exe
    2014-08-19 02:41:39 43008 ----a-w- C:\windows\SysWow64\srclient.dll
    2014-08-19 02:41:22 50688 ----a-w- C:\windows\SysWow64\appidapi.dll
    2014-08-19 02:06:56 61440 ----a-w- C:\windows\System32\drivers\appid.sys
    2014-08-06 19:39:52 123672 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
    2014-08-01 11:53:22 1031168 ----a-w- C:\windows\System32\TSWorkspace.dll
    2014-08-01 11:35:06 793600 ----a-w- C:\windows\SysWow64\TSWorkspace.dll
    .
    ============= FINISH: 14:34:49,36 ===============

  • #2
    Gmer log

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-10-23 14:45:42
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HGST_HTS rev.GHBO 298,09GB
    Running: 091esv13.exe; Driver: C:\Users\NSHISP~1\AppData\Local\Temp\kxdyyuow.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d31401 2 bytes JMP 768eb21b C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d31419 2 bytes JMP 768eb346 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d31431 2 bytes JMP 76968ea9 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d3144a 2 bytes CALL 768c48ad C:\windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d314dd 2 bytes JMP 769687a2 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d314f5 2 bytes JMP 76968978 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d3150d 2 bytes JMP 76968698 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d31525 2 bytes JMP 76968a62 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d3153d 2 bytes JMP 768dfca8 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d31555 2 bytes JMP 768e68ef C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d3156d 2 bytes JMP 76968f61 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d31585 2 bytes JMP 76968ac2 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d3159d 2 bytes JMP 7696865c C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d315b5 2 bytes JMP 768dfd41 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d315cd 2 bytes JMP 768eb2dc C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d316b2 2 bytes JMP 76968e24 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe[2248] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d316bd 2 bytes JMP 769685f1 C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d31401 2 bytes JMP 768eb21b C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d31419 2 bytes JMP 768eb346 C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d31431 2 bytes JMP 76968ea9 C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d3144a 2 bytes CALL 768c48ad C:\windows\syswow64\kernel32.dll
    .text ... * 9
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d314dd 2 bytes JMP 769687a2 C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d314f5 2 bytes JMP 76968978 C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d3150d 2 bytes JMP 76968698 C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d31525 2 bytes JMP 76968a62 C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d3153d 2 bytes JMP 768dfca8 C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d31555 2 bytes JMP 768e68ef C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d3156d 2 bytes JMP 76968f61 C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d31585 2 bytes JMP 76968ac2 C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d3159d 2 bytes JMP 7696865c C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d315b5 2 bytes JMP 768dfd41 C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d315cd 2 bytes JMP 768eb2dc C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d316b2 2 bytes JMP 76968e24 C:\windows\syswow64\kernel32.dll
    .text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2928] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d316bd 2 bytes JMP 769685f1 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d31401 2 bytes JMP 768eb21b C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d31419 2 bytes JMP 768eb346 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d31431 2 bytes JMP 76968ea9 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d3144a 2 bytes CALL 768c48ad C:\windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d314dd 2 bytes JMP 769687a2 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d314f5 2 bytes JMP 76968978 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d3150d 2 bytes JMP 76968698 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d31525 2 bytes JMP 76968a62 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d3153d 2 bytes JMP 768dfca8 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d31555 2 bytes JMP 768e68ef C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d3156d 2 bytes JMP 76968f61 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d31585 2 bytes JMP 76968ac2 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d3159d 2 bytes JMP 7696865c C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d315b5 2 bytes JMP 768dfd41 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d315cd 2 bytes JMP 768eb2dc C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d316b2 2 bytes JMP 76968e24 C:\windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[216] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d316bd 2 bytes JMP 769685f1 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d31401 2 bytes JMP 768eb21b C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d31419 2 bytes JMP 768eb346 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d31431 2 bytes JMP 76968ea9 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d3144a 2 bytes CALL 768c48ad C:\windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d314dd 2 bytes JMP 769687a2 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d314f5 2 bytes JMP 76968978 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d3150d 2 bytes JMP 76968698 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d31525 2 bytes JMP 76968a62 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d3153d 2 bytes JMP 768dfca8 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d31555 2 bytes JMP 768e68ef C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d3156d 2 bytes JMP 76968f61 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d31585 2 bytes JMP 76968ac2 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d3159d 2 bytes JMP 7696865c C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d315b5 2 bytes JMP 768dfd41 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d315cd 2 bytes JMP 768eb2dc C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d316b2 2 bytes JMP 76968e24 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[7988] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d316bd 2 bytes JMP 769685f1 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d31401 2 bytes JMP 768eb21b C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d31419 2 bytes JMP 768eb346 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d31431 2 bytes JMP 76968ea9 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d3144a 2 bytes CALL 768c48ad C:\windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d314dd 2 bytes JMP 769687a2 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d314f5 2 bytes JMP 76968978 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d3150d 2 bytes JMP 76968698 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d31525 2 bytes JMP 76968a62 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d3153d 2 bytes JMP 768dfca8 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d31555 2 bytes JMP 768e68ef C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d3156d 2 bytes JMP 76968f61 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d31585 2 bytes JMP 76968ac2 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d3159d 2 bytes JMP 7696865c C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d315b5 2 bytes JMP 768dfd41 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d315cd 2 bytes JMP 768eb2dc C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d316b2 2 bytes JMP 76968e24 C:\windows\syswow64\kernel32.dll
    .text C:\windows\SysWOW64\NOTEPAD.EXE[8832] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d316bd 2 bytes JMP 769685f1 C:\windows\syswow64\kernel32.dll

    ---- Threads - GMER 2.1 ----

    Thread C:\windows\System32\svchost.exe [1380:1948] 000007fef5bd59a0
    Thread C:\windows\System32\svchost.exe [1380:2112] 000007fefb561a70
    Thread C:\windows\System32\svchost.exe [1380:6228] 000007fee926a2b0
    Thread C:\windows\System32\svchost.exe [1380:7860] 000007feea5544e0
    Thread C:\windows\System32\svchost.exe [1380:4332] 000007feea9889b8
    Thread C:\windows\system32\svchost.exe [1456:5820] 000007feea49506c
    Thread C:\windows\system32\svchost.exe [1456:3080] 000007feea881c20
    Thread C:\windows\system32\svchost.exe [1456:5688] 000007feea881c20
    Thread C:\windows\system32\svchost.exe [1456:6784] 000007fee9201ab0
    Thread C:\windows\system32\svchost.exe [1456:8788] 000007fee120e1c4
    Thread C:\windows\system32\svchost.exe [1456:8196] 000007fee120e1c4
    Thread C:\windows\system32\svchost.exe [1672:1240] 000007fef64e8274
    Thread C:\windows\system32\svchost.exe [1672:2864] 000007fef64e8274
    Thread C:\windows\system32\svchost.exe [1936:1984] 000007fef5915798
    Thread C:\windows\system32\svchost.exe [1936:2148] 000007fefb561a70
    Thread C:\windows\system32\svchost.exe [1936:2172] 000007fefb561a70
    Thread C:\windows\system32\svchost.exe [1936:2188] 000007fefb561a70
    Thread C:\windows\system32\svchost.exe [1936:2228] 000007fef7ae2c70
    Thread C:\windows\system32\svchost.exe [1936:2232] 000007fef7b11000
    Thread C:\windows\system32\svchost.exe [1936:2280] 000007fef7aefb40
    Thread C:\windows\system32\svchost.exe [1936:2296] 000007fef7b01d20
    Thread C:\windows\system32\svchost.exe [1936:2300] 000007fef7aef6f0
    Thread C:\windows\system32\svchost.exe [1936:2488] 000007fef7c135c0
    Thread C:\windows\system32\svchost.exe [1936:6476] 000007fef7c15600
    Thread C:\windows\system32\svchost.exe [1936:6632] 000007fee8aa2888
    Thread C:\windows\system32\svchost.exe [1936:4908] 000007fee8a92940
    Thread C:\windows\System32\spoolsv.exe [2084:3224] 000007feefef4404
    Thread C:\windows\System32\spoolsv.exe [2084:3236] 000007fef2ee10c8
    Thread C:\windows\System32\spoolsv.exe [2084:3240] 000007fef2ac6144
    Thread C:\windows\System32\spoolsv.exe [2084:3244] 000007fef7bd5fd0
    Thread C:\windows\System32\spoolsv.exe [2084:3248] 000007fef2aa3438
    Thread C:\windows\System32\spoolsv.exe [2084:3252] 000007fef7bd63ec
    Thread C:\windows\System32\spoolsv.exe [2084:3260] 000007fef74c5e5c
    Thread C:\windows\System32\spoolsv.exe [2084:3268] 000007fef15a5074
    Thread C:\windows\System32\spoolsv.exe [2084:3552] 000007fef22921c4
    Thread C:\windows\System32\spoolsv.exe [2084:3556] 000007fef22921c4
    Thread C:\windows\System32\spoolsv.exe [2084:3560] 000007fef22921c4
    Thread C:\windows\System32\spoolsv.exe [2084:3564] 000007fef22921c4
    Thread C:\windows\system32\svchost.exe [2440:6952] 000007fee725f130
    Thread C:\windows\system32\svchost.exe [2440:7492] 000007fee7254734
    Thread C:\windows\system32\svchost.exe [2440:7172] 000007fee7254734
    Thread C:\windows\system32\svchost.exe [6540:6924] 000007fef58e2f9c
    Thread C:\windows\System32\WUDFHost.exe [7008:6580] 000007fee89a6998

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b8763fd6730a
    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\[email protected] 3851
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8D14F216-D372-4D23-AD75-A4D4869CAA40}@LeaseObtainedTime 1414067247
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8D14F216-D372-4D23-AD75-A4D4869CAA40}@T1 1414067697
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8D14F216-D372-4D23-AD75-A4D4869CAA40}@T2 1414068031
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8D14F216-D372-4D23-AD75-A4D4869CAA40}@LeaseTerminatesTime 1414068147
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b8763fd6730a (not active ControlSet)

    ---- EOF - GMER 2.1 ----


    Ik hoor graag eventuele vervolgstappen die ik kan nemen.

    Bedankt voor de hulp!

    Comment


    • #3
      Hoi wakkie,

      Download of Update Ccleaner

      Start CCleaner op.
      • Run Ccleaner en klik in de linkse kolom op Opties
      • Selecteer het tabblad Geavanceerd
      • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
      • Selecteer het tabblad Instellingen
      • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
      • Klik in de linkse kolom op Cleaner.
      • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
      • Klik vervolgens in de linkse kolom op Register
      • Klik op Scan naar problemen.
      • Op de vraag of je een backup wil maken van het register, klik je "Ja".
      • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK



      Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het installeren en gebruik van E-Peek.
      Dit omdat deze scanners bepaalde componenten die E-Peek gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

      Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

      Download E-PeekSetup.exe naar je bureaublad.
      Dubbelklik erop en volg de instructies.
      Op het einde van de installatie, zal E-Peek opstarten.
      Klik OK op het eerste scherm en vervolgens "Scan".
      Post de log.
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        Bij gebrek aan feedback zet ik dit topic op opgelost.

        Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
        Dit is gedaan om het forum netjes en overzichtelijk te houden.

        Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.


        Emphyrio
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Bij het 'scannen' van E-Peek komt er na 1 minuut ongeveer de melding in beeld: E-Peek werkt niet meer. Er wordt naar een oplossing gezocht. Daarna komt de volgende melding: E-Peek werkt niet meer. Er is een probleem opgetreden waardoor het programma niet meer goed werkt. Het programma wordt afgesloten en er wordt een melding weergegeven als een oplossing beschikbaar is.

          Ik heb AVG uitgeschakeld.

          Comment


          • #6
            oops ik had nog niet microsoft security essentials uitgeschakeld. MAar na uitschakelen daarvan loop ik nog tegen hetzelfde probleem aan.

            Comment


            • #7
              Download E-Peek opnieuw, maar deze maal zet je eerst je beveiliging uit.
              Na de dowbload, installeer en run je E-Peek.
              Post de log.
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                Ik moest SQL server downloaden? Was een prequisite requirement. Het is nu gelukt. In hoeverre moet ik dit overigens achteraf ongedaan maken?

                E-Peek v 1.0.5.4 © Emphyrio/Onsia Patrick 2013-2014
                Downloaded @ E Dev
                Run at ma 27 okt 2014 18:53
                .
                Windows 7 Home Premium SP 1 (64 bits)
                C:\windows [NTFS - Fixed]
                Default Browser: Firefox 32.0.3 (x86 nl)
                Boot mode: Normal boot
                User logged in: NS Hispeed
                .
                Java x86: n/a
                Java x64: n/a
                .
                AV : Microsoft Security Essentials [Updated - Not Running]
                AV : AVG AntiVirus 2015 [Updated - Not Running]
                AS : Microsoft Security Essentials [Updated - Not Running]
                AS : Windows Defender [Updated - Not Running]
                AS : AVG AntiVirus 2015 [Updated - Not Running]
                FW : Windows firewall
                .
                ==================== Files and Folders history =================================

                Folders Created Last 7 days :

                27-10-2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
                24-10-2014 ##### r-h-s-d+a- C:\Program Files\CCleaner
                22-10-2014 ##### r-h-s-d+a- C:\ProgramData\Malwarebytes
                22-10-2014 ##### r-h-s-d+a- C:\Program Files (x86)\Mozilla Firefox
                22-10-2014 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware
                22-10-2014 ##### r-h-s-d+a- C:\AdwCleaner
                21-10-2014 ##### r-h-s-d+a- C:\Users\NS Hispeed\AppData\Roaming\AVG2015
                21-10-2014 ##### r-h-s-d+a- C:\Users\NS Hispeed\AppData\Local\Avg2015
                21-10-2014 ##### r-h-s-d+a- C:\ProgramData\AVG2015

                Files Modified Last 7 days :

                27-10-2014 01670888 r-h-s-d-a+ C:\windows\system32\PerfStringBackup.INI
                27-10-2014 00745998 r-h-s-d-a+ C:\windows\system32\perfh013.dat
                27-10-2014 00654464 r-h-s-d-a+ C:\windows\system32\perfh009.dat
                27-10-2014 00153918 r-h-s-d-a+ C:\windows\system32\perfc013.dat
                27-10-2014 00122336 r-h-s-d-a+ C:\windows\system32\perfc009.dat
                27-10-2014 00028576 r-h+s-d-a+ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
                27-10-2014 00028576 r-h+s-d-a+ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
                27-10-2014 00000070 r-h-s-d-a+ C:\windows\SysWOW64\log.txt
                22-10-2014 00000166 r-h-s-d-a+ C:\windows\SysWOW64\DOErrors.log

                Files Created Last 7 days :

                22-10-2014 00000000 r-h-s-d-a+ C:\Users\NS Hispeed\defogger_reenable

                ==================== RUNNING PROCESSES =========================================

                [avgcsrva] -SYSTEM- C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe - (AVG Technologies CZ, s.r.o.)
                [avgemca] -SYSTEM- C:\Program Files (x86)\AVG\AVG2015\avgemca.exe - (AVG Technologies CZ, s.r.o.)
                [avgidsagent] -SYSTEM- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe - (AVG Technologies CZ, s.r.o.)
                [avgnsa] -SYSTEM- C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe - (AVG Technologies CZ, s.r.o.)
                [avgrsa] -SYSTEM- c:\PROGRA~2\AVG\AVG2015\avgrsa.exe - (AVG Technologies CZ, s.r.o.)
                [avgui] -NS Hispeed- C:\Program Files (x86)\AVG\AVG2015\avgui.exe - (AVG Technologies CZ, s.r.o.)
                [avgwdsvc] -SYSTEM- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe - (AVG Technologies CZ, s.r.o.)
                [BTStackServer] -NS Hispeed- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe - (Broadcom Corporation.)
                [BTTray] -NS Hispeed- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
                [btwdins] -SYSTEM- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe - (Broadcom Corporation.)
                [concentr] -NS Hispeed- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe - (Citrix Systems, Inc.)
                [conhost] -SYSTEM- C:\windows\system32\conhost.exe - (Microsoft Corporation)
                [csrss] -SYSTEM- C:\windows\system32\csrss.exe - (Microsoft Corporation)
                [csrss] -SYSTEM- C:\windows\system32\csrss.exe - (Microsoft Corporation)
                [ctfmon] -NS Hispeed- C:\windows\SysWOW64\ctfmon.exe - (Microsoft Corporation)
                [DPAgent] -NS Hispeed- c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe - (DigitalPersona, Inc.)
                [DpHostW] -SYSTEM- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe - (DigitalPersona, Inc.)
                [E-Peek 1.0.5] -NS Hispeed- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.0.5.exe - (E Dev)
                [explorer] -NS Hispeed- C:\windows\Explorer.EXE - (Microsoft Corporation)
                [firefox] -NS Hispeed- C:\Program Files (x86)\Mozilla Firefox\firefox.exe - (Mozilla Corporation)
                [HeciServer] -SYSTEM- c:\Program Files\Intel\iCLS Client\HeciServer.exe - (Intel(R) Corporation)
                [hkcmd] -NS Hispeed- C:\Windows\System32\hkcmd.exe - (Intel Corporation)
                [hpCMSrv] -SYSTEM- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe - (Hewlett-Packard Development Company, L.P.)
                [HPPA_Main] -NS Hispeed- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe - (Hewlett-Packard Company)
                [hpqWmiEx] -SYSTEM- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe - (Hewlett-Packard Company)
                [HPSA_Service] -SYSTEM- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe - (Hewlett-Packard Company)
                [hpservice] -SYSTEM- C:\windows\system32\Hpservice.exe - (Hewlett-Packard Company)
                [IAStorIcon] -NS Hispeed- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe - (Intel Corporation)
                [IfxPsdSv] -SYSTEM- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe - (Infineon Technologies AG)
                [IFXSPMGT] -SYSTEM- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe - (Infineon Technologies AG)
                [IFXTCS] -SYSTEM- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe - (Infineon Technologies AG)
                [igfxext] -NS Hispeed- C:\windows\system32\igfxext.exe - (Intel Corporation)
                [igfxsrvc] -NS Hispeed- C:\windows\system32\igfxsrvc.exe - (Intel Corporation)
                [igfxtray] -NS Hispeed- C:\Windows\System32\igfxtray.exe - (Intel Corporation)
                [IntelMeFWService] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe - ()
                [Jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
                [lsass] -SYSTEM- C:\windows\system32\lsass.exe - (Microsoft Corporation)
                [lsm] -SYSTEM- C:\windows\system32\lsm.exe - (Microsoft Corporation)
                [mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation)
                [MfeEpeHost] -SYSTEM- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe - ()
                [msiexec] -SYSTEM- C:\windows\system32\msiexec.exe - (Microsoft Corporation)
                [MsMpEng] -SYSTEM- c:\Program Files\Microsoft Security Client\MsMpEng.exe - (Microsoft Corporation)
                [msseces] -NS Hispeed- C:\Program Files\Microsoft Security Client\msseces.exe - (Microsoft Corporation)
                [notepad] -NS Hispeed- C:\windows\system32\NOTEPAD.EXE - (Microsoft Corporation)
                [pdfsvc] -SYSTEM- C:\Program Files (x86)\PDF Complete\pdfsvc.exe - (PDF Complete Inc)
                [pdiSDKHelperx64] -NS Hispeed- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe - (Portrait Displays, Inc.)
                [PresentationFontCache] -LOCAL SERVICE- C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe - (Microsoft Corporation)
                [PSDrt] -NS Hispeed- c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe - (Infineon Technologies AG)
                [Receiver] -NS Hispeed- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe - (Citrix Systems, Inc.)
                [redirector] -NS Hispeed- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe - (Citrix Systems, Inc.)
                [SearchFilterHost] -SYSTEM- C:\windows\system32\SearchFilterHost.exe - (Microsoft Corporation)
                [SearchIndexer] -SYSTEM- C:\windows\system32\SearchIndexer.exe - (Microsoft Corporation)
                [SearchProtocolHost] -SYSTEM- C:\windows\system32\SearchProtocolHost.exe - (Microsoft Corporation)
                [SelfServicePlugin] -NS Hispeed- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe - (Citrix Systems, Inc.)
                [spoolsv] -SYSTEM- C:\windows\System32\spoolsv.exe - (Microsoft Corporation)
                [stacsv64] -SYSTEM- C:\Program Files\IDT\WDM\STacSV64.exe - (IDT, Inc.)
                [sttray64] -NS Hispeed- C:\Program Files\IDT\WDM\sttray64.exe - (IDT, Inc.)
                [SynTPEnh] -NS Hispeed- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - (Synaptics Incorporated)
                [taskeng] -SYSTEM- C:\windows\system32\taskeng.exe - (Microsoft Corporation)
                [taskhost] -NS Hispeed- C:\windows\system32\taskhost.exe - (Microsoft Corporation)
                [TeamViewer_Service] -SYSTEM- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe - (TeamViewer GmbH)
                [unsecapp] -NS Hispeed- C:\windows\system32\wbem\unsecapp.exe - (Microsoft Corporation)
                [VSSVC] -SYSTEM- C:\windows\system32\vssvc.exe - (Microsoft Corporation)
                [wfcrun32] -NS Hispeed- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe - (Citrix Systems, Inc.)
                [wininit] -SYSTEM- C:\windows\system32\wininit.exe - (Microsoft Corporation)
                [wlanext] -SYSTEM- C:\windows\system32\WLANExt.exe - (Microsoft Corporation)
                [WLIDSVC] -SYSTEM- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - (Microsoft Corp.)
                [WLIDSVCM] -SYSTEM- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe - (Microsoft Corp.)
                [WLTRAY] -NS Hispeed- C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE - (Broadcom Corporation)
                [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation)
                [WUDFHost] -LOCAL SERVICE- C:\windows\System32\WUDFHost.exe - (Microsoft Corporation)
                [WUDFHost] -LOCAL SERVICE- C:\windows\System32\WUDFHost.exe - (Microsoft Corporation)
                [ZuneLauncher] -NS Hispeed- C:\Program Files\Zune\ZuneLauncher.exe - (Microsoft Corporation)

                ==================== IE PAGES ==================================================

                IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://g.uk.msn.com/HPCOM/12
                IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\windows\system32\blank.htm
                IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/12
                IE04 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
                IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll
                IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
                IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm
                IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
                IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                IE10 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
                IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://g.uk.msn.com/HPCOM/12
                IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\windows\system32\blank.htm
                IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/12
                IE04 x64 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                IE04 x64 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
                IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll
                IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
                IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm
                IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
                IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
                IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                IE10 x64 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

                ==================== Auto Load =================================================

                AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe,
                AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe
                AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
                AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe

                ==================== Firefox ===================================================

                FF - ProfilePath - C:\Users\NS Hispeed\AppData\Roaming\Mozilla\firefox\Profiles\9182s4o8.default
                FF - Ext: [British English Dictionary (Updated) 1.19.5 ] - dictionary - [email protected] visible: True active: True
                FF - Ext: [DigitalPersona Extension 5.0.0.5080 ] - extension - [email protected] visible: True active: False
                FF - Ext: [Default 32.0.3 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True

                FF - PlugIn: [Adobe® Flash® Player 15.0.0.152 Plugin] - C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll

                FF - prefs.js: user_pref("browser.search.defaultenginename", "AVG Secure Search");
                FF - prefs.js: user_pref("browser.startup.homepage", "hxxps://www.facebook.com/NSInternational/manager?tab=messages");
                FF - prefs.js: user_pref("keyword.URL", "");

                ==================== Google Chrome =============================================

                GC - Prefpath: C:\Users\NS Hispeed\AppData\Local\Google\Chrome\User Data\Default\Preferences

                GC - Profile Name: Eerste gebruiker
                GC - Homepage:
                GC - Default Search Provider: Google

                GC - Ext: [ Google Documenten ]
                Description: Documenten maken en bewerken
                version: 0.7
                Path: ..\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0

                = Known Disabled Extensions =



                ==================== Windows Host File =========================================


                ==================== BHO =======================================================

                BHO - [File Sanitizer for HP ProtectTools] - {3134413B-49B4-425C-98A5-893C1F195601} @ Default = C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
                BHO - [Groove GFS Browser Helper] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} @ Default = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
                BHO - [Aanmeldhulp voor Microsoft-account] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                BHO - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
                BHO x64 - [Groove GFS Browser Helper] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} @ Default = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
                BHO x64 - [Windows Live ID Sign-in Helper] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                BHO x64 - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

                ==================== Auto Start Programs =======================================

                ASP01 - HKLM\..\Run @ AVG_UI = "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
                ASP01 - HKLM\..\Run @ BCSSync = "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
                ASP01 - HKLM\..\Run @ ConnectionCenter = "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
                ASP01 - HKLM\..\Run @ DsMgr = C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe
                ASP01 - HKLM\..\Run @ File Sanitizer = C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
                ASP01 - HKLM\..\Run @ HPConnectionManager = c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
                ASP01 - HKLM\..\Run @ IAStorIcon = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
                ASP01 - HKLM\..\Run @ IFXSPMGT = "c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
                ASP01 - HKLM\..\Run @ PDF Complete = C:\Program Files (x86)\PDF Complete\pdfsty.exe
                ASP01 - HKLM\..\Run @ QLBController = C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
                ASP01 - HKLM\..\Run @ Redirector = "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
                ASP01 - HKLM\..\Run @ USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
                ASP04 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
                ASP01 x64 - HKLM\..\Run @ AVG_UI = "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
                ASP01 x64 - HKLM\..\Run @ BCSSync = "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
                ASP01 x64 - HKLM\..\Run @ ConnectionCenter = "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
                ASP01 x64 - HKLM\..\Run @ DsMgr = C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe
                ASP01 x64 - HKLM\..\Run @ File Sanitizer = C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
                ASP01 x64 - HKLM\..\Run @ HPConnectionManager = c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
                ASP01 x64 - HKLM\..\Run @ IAStorIcon = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
                ASP01 x64 - HKLM\..\Run @ IFXSPMGT = "c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
                ASP01 x64 - HKLM\..\Run @ PDF Complete = C:\Program Files (x86)\PDF Complete\pdfsty.exe
                ASP01 x64 - HKLM\..\Run @ QLBController = C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
                ASP01 x64 - HKLM\..\Run @ Redirector = "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
                ASP01 x64 - HKLM\..\Run @ USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
                ASP04 x64 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
                ASP - Startup - C:\Users\NS Hispeed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
                ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
                ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini



                ==================== Extra Items IE ============================================

                EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
                EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
                EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
                EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
                EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
                EI04 - App Ext - HKCU\..\Approved Extensions @ {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
                EI04 - App Ext - HKCU\..\Approved Extensions @ {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
                EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
                EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
                EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
                EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
                EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
                EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
                EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
                EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
                EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

                ==================== Internet Default Prefix ===================================

                IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
                IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://
                IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
                IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://

                ==================== Default Settings IE - DSIE ================================

                DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId
                DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId

                ==================== Protocol Hijackers - PH ===================================

                PH00 - Handler:wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} @ = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [4cf29c44e072c377b6866c399947e99a]
                PH01 - Filter:application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} @ = C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll <= Unknown
                PH01 - Filter:text/xml - {807573E5-5146-11D5-A672-00B0D022E945} @ = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL <= Unknown
                PH01 x64 - Filter:text/xml - {807573E5-5146-11D5-A672-00B0D022E945} @ = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL <= Unknown

                ==================== ShellServiceObjectDelayLoad - SSODL =======================

                SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =
                SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =

                ==================== Extra items - EXT (Torpig/ConduitSearch) ==================

                EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
                EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\windows\system32\shell32.dll
                EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Monitor @ {7842554E-6BED-11D2-8CDB-B05550C10000}
                EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\windows\system32\ntshrui.dll
                EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
                EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\windows\system32\shell32.dll
                EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Monitor @ {7842554E-6BED-11D2-8CDB-B05550C10000}= C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
                EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\windows\system32\ntshrui.dll

                ==================== DRIVERS and SERVICES ======================================

                *** Win32OwnProcess ***

                SERV - R2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\avg2015\avgidsagent.exe
                SERV - R2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\avg2015\avgwdsvc.exe
                SERV - R2 - [Bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
                SERV - R2 - [btwdins] - Bluetooth Service - c:\program files\widcomm\bluetooth software\btwdins.exe
                SERV - R2 - [DpHost] - Authentication Service - c:\program files\hewlett-packard\hp protecttools security manager\bin\dphostw.exe
                SERV - R2 - [HP Power Assistant Service] - HP Power Assistant Service - c:\program files\hewlett-packard\hp power assistant\hppa_service.exe
                SERV - R2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
                SERV - R2 - [HPFSService] - File Sanitizer for HP ProtectTools - c:\program files (x86)\hewlett-packard\file sanitizer\hpfsservice.exe
                SERV - R2 - [hpsrv] - HP Service - c:\windows\system32\hpservice.exe
                SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
                SERV - R2 - [IFXSpMgtSrv] - Security Platform Management Service - c:\program files (x86)\hewlett-packard\embedded security software\ifxspmgt.exe
                SERV - R2 - [IFXTCS] - Trusted Platform Core Service - c:\program files (x86)\hewlett-packard\embedded security software\ifxtcs.exe
                SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
                SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
                SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
                SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
                SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
                SERV - R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
                SERV - R2 - [McAfee Endpoint Encryption Agent] - McAfee Endpoint Encryption Agent - c:\program files\hewlett-packard\drive encryption\eeagent\mfeepehost.exe
                SERV - R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
                SERV - R2 - [pdfcDispatcher] - PDF Document Manager - c:\program files (x86)\pdf complete\pdfsvc.exe
                SERV - R2 - [PersonalSecureDriveService] - Personal Secure Drive Service - c:\program files (x86)\hewlett-packard\embedded security software\ifxpsdsv.exe
                SERV - R2 - [RoxioBurnLauncher] - Roxio Burn Launcher - c:\program files (x86)\roxio\roxio burn\roxioburnlauncher.exe
                SERV - R2 - [STacSV] - Audio Service - c:\program files\idt\wdm\stacsv64.exe
                SERV - R2 - [TeamViewer9] - TeamViewer 9 - c:\program files (x86)\teamviewer\version9\teamviewer_service.exe
                SERV - R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
                SERV - R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
                SERV - R2 - [wltrysvc] - Broadcom Wireless LAN Tray Service - c:\program files\broadcom\broadcom 802.11\wltrysvc.exe c:\program files\broadcom\broadcom 802.11\bcmwltry.exe [x]
                SERV - R2 - [WMCoreService] - Mobile Broadband Service - c:\program files (x86)\ericsson\mobile broadband drivers\wmcore\mini_wmcore.exe
                SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
                SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
                SERV - R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
                SERV - R3 - [hpCMSrv] - HP Connection Manager 4 Service - c:\program files (x86)\hewlett-packard\hp connection manager\hpcmsrv.exe
                SERV - R3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
                SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
                SERV - R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
                SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
                SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
                SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
                SERV - S2 - [hpHotkeyMonitor] - hpHotkeyMonitor - c:\program files (x86)\hewlett-packard\hp hotkey support\hphotkeymonitor.exe
                SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
                SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
                SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
                SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
                SERV - S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
                SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
                SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
                SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
                SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
                SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
                SERV - S3 - [FLCDLOCK] - HP ProtectTools Device Locking / Auditing - c:\windows\syswow64\flcdlock.exe
                SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
                SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
                SERV - S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe
                SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
                SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
                SERV - S3 - [NisSrv] - Microsoft Netwerkinspectie - c:\program files\microsoft security client\nissrv.exe
                SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
                SERV - S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
                SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
                SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
                SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
                SERV - S3 - [stllssvr] - stllssvr - c:\program files (x86)\common files\surething shared\stllssvr.exe
                SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
                SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
                SERV - S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe
                SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
                SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
                SERV - S3 - [WMZuneComm] - Zune Windows Mobile Connectivity Service - c:\program files\zune\wmzunecomm.exe
                SERV - S3 - [ZuneNetworkSvc] - Zune Network Sharing Service - c:\program files\zune\zunenss.exe
                SERV - S3 - [ZuneWlanCfgSvc] - Zune Wireless Configuration Service - c:\program files\zune\zunewlancfgsvc.exe
                SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
                SERV - S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
                SERV - S4 - [PdiService] - Portrait Displays SDK Service - c:\program files (x86)\common files\portrait displays\drivers\pdisrvc.exe
                SERV - Sx - [vToolbarUpdater3.2.0] - vToolbarUpdater3.2.0 - C:\windows\system32\sysWOW64\Drivers\vToolbarUpdater3.2.0.sys [x]

                *** Win32ShareProcess ***

                SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
                SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
                SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
                SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe
                SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
                SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe
                SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
                SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
                SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
                SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
                SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

                *** Others ***

                SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
                SERV - S3 - [RoxMediaDB12OEM] - RoxMediaDB12OEM - c:\program files (x86)\common files\roxio shared\oem\12.0\sharedcom\roxmediadb12oem.exe
                SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

                *** File System Driver ***

                DRV - R0 - [AVGIDSHA] - AVGIDSHA - C:\windows\system32\Drivers\AVGIDSHA.sys
                DRV - R0 - [Avgloga] - AVG Logging Driver - C:\windows\system32\Drivers\Avgloga.sys
                DRV - R0 - [Avgmfx64] - AVG Mini-Filter Resident Anti-Virus Shield - C:\windows\system32\Drivers\Avgmfx64.sys
                DRV - R0 - [Avgrkx64] - AVG Anti-Rootkit Driver - C:\windows\system32\Drivers\Avgrkx64.sys
                DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\windows\system32\Drivers\FileInfo.sys
                DRV - R0 - [FltMgr] - FltMgr - C:\windows\system32\Drivers\FltMgr.sys
                DRV - R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\windows\system32\Drivers\MpFilter.sys
                DRV - R0 - [Mup] - Mup - C:\windows\system32\Drivers\Mup.sys
                DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\windows\system32\Drivers\NetBIOS.sys
                DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\windows\system32\Drivers\srv.sys
                DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\windows\system32\Drivers\srv2.sys

                *** Kernel Driver ***

                DRV - R0 - [ACPI] - Microsoft ACPI Driver - C:\windows\system32\Drivers\ACPI.sys
                DRV - R0 - [amdxata] - amdxata - C:\windows\system32\Drivers\amdxata.sys
                DRV - R0 - [CLFS] - Common Log (CLFS) - C:\windows\system32\Drivers\CLFS.sys [x]
                DRV - R0 - [CNG] - CNG - C:\windows\system32\Drivers\CNG.sys
                DRV - R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\windows\system32\Drivers\Compbatt.sys
                DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\windows\system32\Drivers\Disk.sys
                DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\windows\system32\Drivers\fvevol.sys
                DRV - R0 - [hpdskflt] - HP Filter - C:\windows\system32\Drivers\hpdskflt.sys
                DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\windows\system32\Drivers\hwpolicy.sys
                DRV - R0 - [iaStor] - Intel RAID Controller - C:\windows\system32\Drivers\iaStor.sys
                DRV - R0 - [iusb3hcs] - Intel(R) USB 3.0 Host Controller Switch Driver - C:\windows\system32\Drivers\iusb3hcs.sys
                DRV - R0 - [KSecDD] - KSecDD - C:\windows\system32\Drivers\KSecDD.sys
                DRV - R0 - [KSecPkg] - KSecPkg - C:\windows\system32\Drivers\KSecPkg.sys
                DRV - R0 - [MfeEpeOpal] - MfeEpeOpal - C:\windows\system32\Drivers\MfeEpeOpal.sys
                DRV - R0 - [MfeEpePc] - MfeEpePc - C:\windows\system32\Drivers\MfeEpePc.sys
                DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\windows\system32\Drivers\mountmgr.sys
                DRV - R0 - [msisadrv] - msisadrv - C:\windows\system32\Drivers\msisadrv.sys
                DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\windows\system32\Drivers\NDIS.sys
                DRV - R0 - [partmgr] - Partitiebeheer - C:\windows\system32\Drivers\partmgr.sys
                DRV - R0 - [pci] - PCI Bus Driver - C:\windows\system32\Drivers\pci.sys
                DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\windows\system32\Drivers\pcw.sys
                DRV - R0 - [PxHlpa64] - PxHlpa64 - C:\windows\system32\Drivers\PxHlpa64.sys
                DRV - R0 - [rdyboost] - ReadyBoost - C:\windows\system32\Drivers\rdyboost.sys
                DRV - R0 - [spldr] - Security Processor Loader Driver - C:\windows\system32\Drivers\spldr.sys
                DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\windows\system32\Drivers\Tcpip.sys
                DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\windows\system32\Drivers\vdrvroot.sys
                DRV - R0 - [volmgr] - Volume Manager Driver - C:\windows\system32\Drivers\volmgr.sys
                DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\windows\system32\Drivers\volmgrx.sys
                DRV - R0 - [volsnap] - Opslagvolumes - C:\windows\system32\Drivers\volsnap.sys
                DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\windows\system32\Drivers\Wdf01000.sys
                DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\windows\system32\Drivers\AFD.sys
                DRV - R1 - [Beep] - Beep - C:\windows\system32\Drivers\Beep.sys
                DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\windows\system32\Drivers\tdx.sys
                DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\windows\system32\Drivers\tcpipreg.sys
                DRV - S3 - [atapi] - IDE-kanaal - C:\windows\system32\Drivers\atapi.sys

                ==================== SvcHost - White Listed ====================================

                All Ok

                WOW - All Ok

                ==================== SigCheck x86 Fast =========================================

                Fast Scan All ok

                ==================== SigCheck x64 Fast =========================================

                Fast Scan All ok

                ==================== Job tasks =================================================

                There are no .job files found.

                ==================== End scanning at ma 27 okt 2014 18:53 (0 Min 24 Sec ) ======

                Comment


                • #9
                  SQL Sever CE 3.5 SP2 wordt normaal gezien automatisch geinstalleerd en moet je niet downloaden.
                  Deze tool is een optinionele download van MS en moet je niet verwijderen.

                  Ik kan niets verdachts in je logs ontdekken.
                  Heb je nog problemen?
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    Nou, aan het begin toen ik voor het eerst postte werd ik knettergek van al die pop-ups. Maar ik had er vandaag al geen last meer van, maar echt 100% zeker weet ik het natuurlijk nog niet. MAar als jij zegt 'that should do it', dan geloof ik je gelijk.
                    Kan je me dan nog aangeven welke bestanden ik kan verwijderen misschien?

                    Comment


                    • #11
                      1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                      2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                      Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                      3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                      4) Allerlei tips en hints kan je hier raadplegen.


                      Ik zet het topic op opgelost.

                      Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
                      naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                      Dit is gedaan om het forum netjes en overzichtelijk te houden.

                      Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                      Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                      Emphyrio
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment


                      • #12
                        Mooi, dank je wel weer!

                        Comment


                        • #13
                          Graag gedaan
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X