Mededeling

Collapse
No announcement yet.

Vraag over virus Surfvox.com

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Vraag over virus Surfvox.com

    Beste forumgbruikers,

    Ik heb een vraagje, ik heb sinds twee dagen last van iets wat ik denk een browser infectie is. De homepage van al mijn browsers zijn veranderd naar Surfvox.com. Er is hier al een vraag over gesteld op Nucia.eu maar die heeft mij helaas niet verder geholpen dus dacht laat ik zelf eens een vraag stellen. Heb al een aantal (ook Engelse) sites bekeken maar deze berichten komen uit 2014 en lijken niet meer relevant te zijn (?), of ik doe iets verkeerd .

    Ook kan ik taakbeheer, MSCONFIG via Windowstoets + R, en %appdata% niet meer openen, en vast nog meer dingen maar daar ben ik nog niet achter gekomen denk ik. Ik weet niet of dat ook aan dat surfvox gebeuren ligt? ik ben eerlijk gezegd een beetje ten einde raad over hoe ik verder moet en hoop dat een van jullie me kan helpen.

    MVG Bryan

  • #2
    De eerste stap is het uitvoeren van deze richtlijn: !!! BELANGRIJK !!!: Lees dit eerst voor je een bericht plaatst!

    Post de gevraagde logjes.

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Beste, bedankt voor je reactie, ik heb de instructies gevolgd. Echter heb ik Mbam setup niet kunnen voltooien. Als ik dit progamma wil installeren (ook als administrator uitvoeren) dan kom ik niets verder. (?). De rest is me wel gelukt hier de logs:

      DE Frogger:

      defogger_disable by jpshortstuff (23.02.10.1)
      Log created at 14:58 on 06/02/2015 (Bryan)

      Checking for autostart values...
      HKCU\~\Run values retrieved.
      HKLM\~\Run values retrieved.

      Checking for services/drivers...


      -=E.O.F=-

      AdwareCleaner:

      # AdwCleaner v4.110 - Logfile created 06/02/2015 at 15:38:23
      # Updated 05/02/2015 by Xplode
      # Database : 2015-02-05.2 [Server]
      # Operating system : Windows 8.1 (x64)
      # Username : Bryan - BRYAN
      # Running from : C:\Users\Bryan\Downloads\adwcleaner_4.110.exe
      # Option : Cleaning

      ***** [ Services ] *****


      ***** [ Files / Folders ] *****

      File Deleted : C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\y2mqthql.default\invalidprefs.js

      ***** [ Scheduled tasks ] *****


      ***** [ Shortcuts ] *****


      ***** [ Registry ] *****

      Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}

      ***** [ Web browsers ] *****

      -\\ Internet Explorer v11.0.9600.17344


      -\\ Mozilla Firefox v35.0.1 (x86 nl)


      -\\ Google Chrome v40.0.2214.111


      -\\ Chromium v


      -\\ Opera v27.0.1689.66


      *************************

      AdwCleaner[R1].txt - [1403 bytes] - [05/02/2015 19:51:03]
      AdwCleaner[R2].txt - [1142 bytes] - [06/02/2015 15:28:33]
      AdwCleaner[S1].txt - [1435 bytes] - [05/02/2015 20:00:20]
      AdwCleaner[S2].txt - [1074 bytes] - [06/02/2015 15:38:23]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1133 bytes] ##########

      EPeek

      E-Peek v 1.9.9.0 © Emphyrio/Onsia Patrick 2013-2015
      E Dev
      Run at vr 6 feb 2015 15:46
      .
      Windows 8.1 (64 bits)
      C:\Windows [NTFS - Fixed]
      Default Browser: Firefox 35.0.1 (x86 nl)
      Boot mode: Normal boot
      User logged in: Bryan
      .
      Java x86: n/a
      Java x64: 1.8
      .
      AV : Windows Defender [Updated - Not Running]
      AS : Windows Defender [Updated - Not Running]
      FW : Windows firewall
      .
      ==================== Files and Folders history =================================

      Folders Created Last 7 days :

      30-01-2015 ##### r-h-s-d+a- C:\Users\Bryan\AppData\Roaming\java
      30-01-2015 ##### r-h-s-d+a- C:\Program Files\Java
      06-02-2015 ##### r-h-s-d+a- C:\zoek_backup
      06-02-2015 ##### r-h-s-d+a- C:\Users\Bryan\Start Menu
      06-02-2015 ##### r-h-s-d+a- C:\Users\Bryan\AppData\Roaming\Mozilla
      06-02-2015 ##### r-h-s-d+a- C:\Users\Bryan\AppData\Roaming\E Dev
      06-02-2015 ##### r-h-s-d+a- C:\Users\Bryan\AppData\Local\Temp
      06-02-2015 ##### r-h-s-d+a- C:\Users\Bryan\AppData\Local\Mozilla
      06-02-2015 ##### r-h-s-d+a- C:\ProgramData\Mozilla
      06-02-2015 ##### r-h-s-d+a- C:\ProgramData\HitmanPro
      06-02-2015 ##### r-h-s-d+a- C:\Program Files\HitmanPro
      06-02-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Mozilla Maintenance Service
      06-02-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Mozilla Firefox
      06-02-2015 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev
      06-02-2015 ##### r-h+s+d+a- C:\$RECYCLE.BIN
      05-02-2015 ##### r-h-s-d+a- C:\Users\Bryan\AppData\Roaming\chportu
      05-02-2015 ##### r-h-s-d+a- C:\Program Files\Adware-Removal-Tool
      05-02-2015 ##### r-h-s-d+a- C:\Program Files (x86)\NBA 2K15
      05-02-2015 ##### r-h-s-d+a- C:\Program Files (x86)\InstallDir
      05-02-2015 ##### r-h-s-d+a- C:\AdwCleaner
      05-02-2015 ##### r+h+s+d+a+ C:\Users\Bryan\AppData\Roaming\nvxasync
      05-02-2015 ##### r+h+s+d+a+ C:\ProgramData\nvxasync
      01-02-2015 ##### r-h-s-d+a- C:\Program Files (x86)\NBA 2K14
      01-02-2015 ##### r-h-s-d+a- C:\Program Files (x86)\Maxis

      Files Modified Last 7 days :

      30-01-2015 00319912 r-h-s-d-a+ C:\Windows\system32\javaws.exe
      30-01-2015 00191400 r-h-s-d-a+ C:\Windows\system32\javaw.exe
      30-01-2015 00190888 r-h-s-d-a+ C:\Windows\system32\java.exe
      30-01-2015 00111016 r-h-s-d-a+ C:\Windows\system32\WindowsAccessBridge-64.dll
      05-02-2015 01970564 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI
      05-02-2015 00842182 r-h-s-d-a+ C:\Windows\system32\perfh013.dat
      05-02-2015 00787990 r-h-s-d-a+ C:\Windows\system32\perfh009.dat
      05-02-2015 00290304 r-h-s-d-a+ C:\Windows\SysWOW64\subinacl.exe
      05-02-2015 00178462 r-h-s-d-a+ C:\Windows\system32\perfc013.dat
      05-02-2015 00161748 r-h-s-d-a+ C:\Windows\system32\perfc009.dat
      03-02-2015 00291496 r-h-s-d-a+ C:\Windows\SysWOW64\PnkBstrB.ex0
      03-02-2015 00226680 r-h-s-d-a+ C:\Windows\SysWOW64\PnkBstrB.exe
      03-02-2015 00076152 r-h-s-d-a+ C:\Windows\SysWOW64\PnkBstrA.exe

      Files Created Last 7 days :

      30-01-2015 00111016 r-h-s-d-a+ C:\Windows\system32\WindowsAccessBridge-64.dll
      06-02-2015 00000178 r-h-s-d-a+ C:\Users\Bryan\defogger_reenable
      05-02-2015 00290304 r-h-s-d-a+ C:\Windows\SysWOW64\subinacl.exe
      01-02-2015 00319912 r-h-s-d-a+ C:\Windows\system32\javaws.exe
      01-02-2015 00191400 r-h-s-d-a+ C:\Windows\system32\javaw.exe
      01-02-2015 00190888 r-h-s-d-a+ C:\Windows\system32\java.exe

      ==================== RUNNING PROCESSES =========================================

      [AccelerometerSt] -Bryan- C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe - (Hewlett-Packard Company)
      [Adobe CEF Helper] -Bryan- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe - (Adobe Systems Incorporated)
      [Adobe CEF Helper] -Bryan- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe - (Adobe Systems Incorporated)
      [Adobe CEF Helper] -Bryan- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe - (Adobe Systems Incorporated)
      [AdobeIPCBroker] -Bryan- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe - (Adobe Systems Incorporated)
      [alg] -LOCAL SERVICE- C:\Windows\System32\alg.exe - (Microsoft Corporation)
      [armsvc] -SYSTEM- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated)
      [ClientCore] -Bryan- C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe - (Hewlett-Packard)
      [conhost] -NETWORK SERVICE- C:\Windows\system32\conhost.exe - (Microsoft Corporation)
      [conhost] -SYSTEM- C:\Windows\system32\conhost.exe - (Microsoft Corporation)
      [CoolSense] -Bryan- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe - (Hewlett-Packard Development Company, L.P.)
      [CoreSync] -Bryan- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe - ()
      [csrss] -SYSTEM- C:\Windows\System32\csrss.exe - (csrss.exe)
      [cvxasync] -Bryan- C:\ProgramData\nvxasync\cvxasync.exe - ()
      [dasHost] -LOCAL SERVICE- C:\Windows\system32\dashost.exe - (Microsoft Corporation)
      [dllhost] -SYSTEM- C:\Windows\system32\DllHost.exe - (Microsoft Corporation)
      [dwm] -DWM-1- C:\Windows\system32\dwm.exe - (Microsoft Corporation)
      [explorer] -Bryan- C:\Windows\explorer.exe - (Microsoft Corporation)
      [firefox] -Bryan- C:\Program Files (x86)\Mozilla Firefox\firefox.exe - (Mozilla Corporation)
      [GameScannerService] -SYSTEM- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe - ()
      [HPMSGSVC] -Bryan- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe - (Hewlett-Packard Development Company, L.P.)
      [hpqwmiex] -SYSTEM- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe - (Hewlett-Packard Company)
      [HPSA_Service] -SYSTEM- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe - (Hewlett-Packard Company)
      [hpservice] -SYSTEM- C:\Windows\system32\Hpservice.exe - (Hewlett-Packard Company)
      [HPWMISVC] -SYSTEM- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe - (Hewlett-Packard Development Company, L.P.)
      [IAStorDataMgrSvc] -SYSTEM- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)
      [igfxCUIService] -SYSTEM- C:\Windows\system32\igfxCUIService.exe - (Intel Corporation)
      [igfxHK] -Bryan- C:\Windows\system32\igfxHK.exe - (Intel Corporation)
      [igfxTray] -Bryan- C:\Windows\system32\igfxTray.exe - (Intel Corporation)
      [IntelMeFWService] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe - (Intel Corporation)
      [iSCTAgent] -SYSTEM- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe - ()
      [iSCTsysTray8] -Bryan- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe - (Intel Corporation)
      [jhi_service] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe - (Intel Corporation)
      [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - (Intel Corporation)
      [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation)
      [main] -Bryan- C:\Program Files (x86)\Razer\Razer Cortex\main.exe - (Razer Inc.)
      [msiexec] -SYSTEM- C:\Windows\system32\msiexec.exe - (Microsoft Corporation)
      [MsMpEng] -SYSTEM- C:\Program Files\Windows Defender\MsMpEng.exe - (MsMpEng.exe)
      [NvBackend] -Bryan- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe - (NVIDIA Corporation)
      [NvNetworkService] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe - (NVIDIA Corporation)
      [nvstreamsvc] -NETWORK SERVICE- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation)
      [nvstreamsvc] -SYSTEM- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation)
      [nvstreamsvc] -SYSTEM- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe - (NVIDIA Corporation)
      [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)
      [nvxasync] -Bryan- C:\Users\Bryan\AppData\Roaming\nvxasync\nvxasync.exe - ()
      [OPBHOBroker] -Bryan- C:\Program Files\Hewlett-Packard\SimplePass\opbhobroker.exe - (Hewlett-Packard)
      [OPBHOBrokerDsktop] -Bryan- C:\Program Files\Hewlett-Packard\SimplePass\opbhobrokerdsktop.exe - (Hewlett-Packard)
      [opvapp] -SYSTEM- C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe - ()
      [PnkBstrA] -SYSTEM- C:\Windows\SysWOW64\PnkBstrA.exe - ()
      [PresentationFontCache] -LOCAL SERVICE- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe - (Microsoft Corporation)
      [PublicWiFiService] -SYSTEM- C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe - ()
      [RtkAudioService64] -SYSTEM- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe - (Realtek Semiconductor)
      [RtkNGUI64] -Bryan- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe - (Realtek Semiconductor)
      [RzKLService] -SYSTEM- C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe - (Razer Inc.)
      [services] -SYSTEM- C:\Windows\System32\services.exe - (services.exe)
      [smss] -SYSTEM- C:\Windows\System32\smss.exe - (smss.exe)
      [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation)
      [SpotifyWebHelper] -Bryan- C:\Users\Bryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe - (Spotify Ltd)
      [SynTPEnh] -Bryan- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - (Synaptics Incorporated)
      [SynTPHelper] -Bryan- C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE - (Synaptics Incorporated)
      [taskeng] -SYSTEM- C:\Windows\system32\taskeng.exe - (Microsoft Corporation)
      [taskhostex] -Bryan- C:\Windows\system32\taskhostex.exe - (Microsoft Corporation)
      [TeamViewer_Service] -SYSTEM- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe - (TeamViewer GmbH)
      [tv_w32] -SYSTEM- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe - (TeamViewer GmbH)
      [tv_x64] -SYSTEM- C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe - (TeamViewer GmbH)
      [Wacom_TabletUser] -Bryan- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe - (Wacom Technology, Corp.)
      [WacomHost] -SYSTEM- C:\Program Files\Tablet\Wacom\WacomHost.exe - (Wacom Technology)
      [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation)
      [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation)
      [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
      [WmiPrvSE] -SYSTEM- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)
      [wscript] -SYSTEM- C:\Windows\System32\WScript.exe - (Microsoft Corporation)
      [YouCamService] -Bryan- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe - (CyberLink Corp.)

      ==================== IE PAGES ==================================================

      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main
      Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
      Local Page = C:\Windows\SysWOW64\blank.htm
      Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
      Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
      DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      DisplayName = @ieframe.dll,-12512
      URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
      DisplayName = Google
      URL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}

      ==================== IE PAGES x64 ==============================================

      HKLM\Software\Microsoft\Internet Explorer\Main
      Start Page = hxxp://www.google.com
      Local Page = C:\Windows\System32\blank.htm
      Default_Page_URL = hxxp://www.google.com
      Default_Search_URL = hxxp://www.google.com
      Search Page = hxxp://www.google.com

      HKLM\Software\Microsoft\Internet Explorer\SearchScopes
      DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

      HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      DisplayName = @ieframe.dll,-12512
      URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{550FABB9-794A-4FC3-B2BA-5EDC2CCD4102}
      DisplayName = Amazon (UK) Search Suggestions
      URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

      ==================== Auto Load =================================================

      HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
      Userinit = userinit.exe
      Shell = explorer.exe

      ==================== Auto Load x64 =============================================

      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
      Userinit = C:\Windows\system32\userinit.exe,
      Shell = explorer.exe

      ==================== Firefox ===================================================

      FF - ProfilePath - C:\Users\Bryan\AppData\Roaming\Mozilla\firefox\Profiles\y2mqthql.default
      FF - Ext: [Default 35.0.1 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True

      FF - PlugIn: [Adobe® Flash® Player 15.0.0.152 Plugin] - C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll
      FF - PlugIn: [Battlelog Game Launcher 2.6.2] - C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll
      FF - PlugIn: [Java™ Deployment Toolkit] - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll
      FF - PlugIn: [Oracle® Java™ Plug-In] - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
      FF - PlugIn: [Ag Player] - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
      FF - PlugIn: [WebTablet FB Plugin 64 bit] - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll

      FF - prefs.js: user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");
      FF - prefs.js: user_pref("extensions.lastPlatformVersion");user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");
      FF - prefs.js: user_pref("extensions.lastPlatformVersion");user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");
      FF - prefs.js: user_pref("extensions.lastPlatformVersion");user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");
      FF - prefs.js: user_pref("extensions.lastPlatformVersion");user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");
      FF - prefs.js: user_pref("extensions.lastPlatformVersion");user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");
      FF - prefs.js: user_pref("extensions.lastPlatformVersion");user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");
      FF - prefs.js: user_pref("extensions.lastPlatformVersion");user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");
      FF - prefs.js: user_pref("extensions.lastPlatformVersion");user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");
      FF - prefs.js: user_pref("extensions.lastPlatformVersion");user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");
      FF - prefs.js: user_pref("extensions.lastPlatformVersion");user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");
      FF - prefs.js: user_pref("extensions.lastPlatformVersion");user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");
      FF - prefs.js: user_pref("extensions.lastPlatformVersion");user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");
      FF - prefs.js: user_pref("extensions.lastPlatformVersion");user_pref("browser.startup.homepage", "hxxp://www.surfvox.com");
      FF - prefs.js: user_pref("browser.search.defaultenginename", "SurfVox");

      ==================== Google Chrome =============================================

      GC - Prefpath: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Preferences

      GC - Profile Name: Eerste gebruiker
      GC - Homepage: n/a
      GC - Default Search Provider: n/a

      = Known Disabled Extensions =



      ==================== Windows Host File =========================================


      ==================== BHO x64 ===================================================

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
      {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
      HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Default = Java(tm) Plug-In SSV Helper
      => HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InProcServer32 Default = C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll

      {DBC80044-A445-435b-BC74-9C25C1C588A9}
      HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Default = Java(tm) Plug-In 2 SSV Helper
      => HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32 Default = C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll

      ==================== Auto Start Programs =======================================

      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
      AccelerometerSysTrayApplet = C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
      Adobe Creative Cloud = "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
      AdobeCS6ServiceManager = "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
      GrooveMonitor = "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      HPMessageService = C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
      RazerCortex = C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
      SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      SwitchBoard = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

      HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
      Lyrify = C:\Program Files (x86)\Lyrify\lyrify.exe
      nvxasync = C:\Users\Bryan\AppData\Roaming\nvxasync\nvxasync.exe
      Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      Spotify Web Helper = "C:\Users\Bryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      Unified Remote v2 = C:\Program Files (x86)\Unified Remote\RemoteServer.exe

      ==================== Auto Start Programs x64 ===================================

      HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
      AdobeAAMUpdater-1.0 = "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      Classic Start Menu = "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
      NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
      OPBHOBroker = C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
      OPBHOBrokerDesktop = C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
      RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
      ShadowPlay = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
      SimplePass = C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui
      SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved [2 = enabled 3= disabled]
      !DiskInfo = 4
      AdobeAAMUpdater-1.0 = 2
      Classic Start Menu = 2
      Connectify Dispatch = 2
      Connectify Hotspot = 2
      DisableStartScreen = 4
      NvBackend = 6
      OPBHOBroker = 6
      OPBHOBrokerDesktop = 6
      RTHDVCPL = 6
      RUNFBI = 4
      ShadowPlay = 6
      SimplePass = 6
      SynTPEnh = 6
      AccelerometerSysTrayApplet = 6
      Adobe ARM = 2
      AdobeCS6ServiceManager = 2
      BCSSync = 2
      HPMessageService = 6
      mcpltui_exe = 6
      RazerCortex = 2
      SunJavaUpdateSched = 2
      SwitchBoard = 2
      ISCTSystray.lnk = 6

      HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      Lyrify = C:\Program Files (x86)\Lyrify\lyrify.exe
      nvxasync = C:\Users\Bryan\AppData\Roaming\nvxasync\nvxasync.exe
      Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      Spotify Web Helper = "C:\Users\Bryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      Unified Remote v2 = C:\Program Files (x86)\Unified Remote\RemoteServer.exe

      CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
      ==================== Extra Items IE ============================================

      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions
      Tools - {A95fe080-8f5d-11d2-a20b-00aa003c157a} Script = C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
      HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

      ==================== Extra Items IE x64 ========================================

      HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
      Tools - {A95fe080-8f5d-11d2-a20b-00aa003c157a} Script = C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP settings
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International
      HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

      ==================== Internet Default Prefix ===================================

      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
      Default = http://

      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes
      WWW = http://

      ==================== Internet Default Prefix x64 ===============================

      HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
      Default = http://

      HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes
      WWW = http://

      ==================== Protocol Hijackers ========================================

      HKLM\SOFTWARE\Wow6432Node\Classes\PROTOCOLS\Handler\grooveLocalGWS
      CLSID = {88FED34C-F0CA-4636-A375-3CB6248B04CD}
      => SOFTWARE\Classes\\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\InProcServer32 @ Default = Unknown # C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL # MD5 [bd25e3537b54c1bff40335992b3686fd]



      ==================== Automatic Started DLL's ===================================

      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
      AppInit_DLLs =

      HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows
      AppInit_DLLs =

      ==================== Automatic Started DLL's x64 ===============================

      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
      AppInit_DLLs =

      ==================== ShellServiceObjectDelayLoad ===============================

      HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
      WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
      => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


      ==================== ShellServiceObjectDelayLoad x64 =========================

      HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
      WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
      => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present]


      ==================== Extra (Torpig/ConduitSearch) ==============================

      HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
      => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\Windows\system32\shell32.dll

      HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
      => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\Windows\system32\ntshrui.dll


      ==================== DRIVERS and SERVICES ======================================

      *** Win32OwnProcess ***

      SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
      SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
      SERV - R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe
      SERV - R2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
      SERV - R2 - [hpsrv] - HP Service - c:\windows\system32\hpservice.exe
      SERV - R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
      SERV - R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe
      SERV - R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
      SERV - R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
      SERV - R2 - [ISCTAgent] - Intel(R) Smart Connect Technology Agent - c:\program files\intel\intel(r) smart connect technology agent\isctagent.exe
      SERV - R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
      SERV - R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
      SERV - R2 - [MyPublicWiFiService] - MyPublicWiFi Service - c:\program files (x86)\mypublicwifi\publicwifiservice.exe
      SERV - R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe
      SERV - R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe
      SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
      SERV - R2 - [omniserv] - HP SimplePass Service - c:\program files\hewlett-packard\simplepass\omniserv.exe
      SERV - R2 - [PnkBstrA] - PnkBstrA - c:\windows\system32\pnkbstra.exe [x]
      SERV - R2 - [Razer Game Scanner Service] - Razer Game Scanner - c:\program files (x86)\razer\razer services\gss\gamescannerservice.exe
      SERV - R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice64.exe
      SERV - R2 - [RzKLService] - RzKLService - c:\program files (x86)\razer\razer cortex\rzklservice.exe
      SERV - R2 - [SynTPEnhService] - SynTPEnh Caller Service - c:\program files\synaptics\syntp\syntpenhservice.exe
      SERV - R2 - [TeamViewer9] - TeamViewer 9 - c:\program files (x86)\teamviewer\version9\teamviewer_service.exe
      SERV - R2 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
      SERV - R2 - [WTabletServicePro] - Wacom Professional Service - c:\program files\tablet\wacom\wtabletservicepro.exe
      SERV - R3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
      SERV - R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
      SERV - R3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
      SERV - R3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
      SERV - S2 - [BcmBtRSupport] - Bluetooth Driver Management Service - c:\windows\system32\btwrsupportservice.exe
      SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
      SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
      SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
      SERV - S2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
      SERV - S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
      SERV - S3 - [BEService] - BattlEye Service - c:\program files (x86)\common files\battleye\beservice.exe
      SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
      SERV - S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
      SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
      SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
      SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
      SERV - S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
      SERV - S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files (x86)\microsoft office\office12\grooveauditservice.exe
      SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
      SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
      SERV - S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe
      SERV - S3 - [Origin Client Service] - Origin Client Service - c:\program files (x86)\origin\originclientservice.exe
      SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
      SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
      SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
      SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
      SERV - S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe
      SERV - S3 - [Survarium Update Service] - Survarium Update Service - c:\program files (x86)\survarium\game\binaries\x86\survarium_service.exe
      SERV - S3 - [SwitchBoard] - Adobe SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
      SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
      SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
      SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
      SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
      SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
      SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
      SERV - S4 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe

      *** Win32ShareProcess ***

      SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
      SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
      SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
      SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
      SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
      SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

      *** Others ***

      SERV - R2 - [HPWMISVC] - HPWMISVC - c:\program files (x86)\hewlett-packard\hp system event\hpwmisvc.exe
      SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
      SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

      *** File System Driver ***

      DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
      DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
      DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
      DRV - R0 - [WdFilter] - Windows Defender Mini-Filter Driver - C:\Windows\system32\Drivers\WdFilter.sys
      DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\Windows\system32\Drivers\Wof.sys
      DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
      DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
      DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys

      *** Kernel Driver ***

      DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys
      DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\Windows\system32\Drivers\acpiex.sys
      DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys
      DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
      DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\disk.sys
      DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\Windows\system32\Drivers\EhStorClass.sys
      DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
      DRV - R0 - [hpdskflt] - HP Filter - C:\Windows\system32\Drivers\hpdskflt.sys
      DRV - R0 - [iaStorA] - iaStorA - C:\Windows\system32\Drivers\iaStorA.sys
      DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing - C:\Windows\system32\Drivers\intelpep.sys
      DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
      DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
      DRV - R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
      DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
      DRV - R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
      DRV - R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
      DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys
      DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
      DRV - R0 - [pdc] - pdc - C:\Windows\system32\Drivers\pdc.sys
      DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
      DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\Windows\system32\Drivers\spaceport.sys
      DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys
      DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\Windows\system32\Drivers\vdrvroot.sys
      DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys
      DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
      DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys
      DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
      DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\Windows\system32\Drivers\WFPLWFS.sys
      DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
      DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
      DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys
      DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
      DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
      DRV - S0 - [WdBoot] - Windows Defender Boot Driver - C:\Windows\system32\Drivers\WdBoot.sys
      DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys

      ==================== SvcHost - White Listed ====================================

      HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
      apphostsvc = ServiceDll = C:\Windows\system32\inetsrv\apphostsvc.dll [9dcb42905f1ebf9cec57ee5df0bda965]

      w3logsvc = ServiceDll = C:\Windows\system32\inetsrv\w3logsvc.dll [8e553c859c83784dec08b10afc3eac92]

      HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\[email protected]
      w3svc = [8e553c859c83784dec08b10afc3eac92]

      was = ServiceDll = C:\Windows\system32\inetsrv\iisw3adm.dll [9bae40bd31e3ee0b0c70bef167e0a2bc]



      ==================== SvcHost x64 - White Listed ================================

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
      apphostsvc = ServiceDll = C:\Windows\system32\inetsrv\apphostsvc.dll [9dcb42905f1ebf9cec57ee5df0bda965]

      w3logsvc = ServiceDll = C:\Windows\system32\inetsrv\w3logsvc.dll [8e553c859c83784dec08b10afc3eac92]

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
      BthHFSrv = ServiceDll = C:\Windows\System32\BthHFSrv.dll [52ab4fa794ae775bdaf63bbf28ade65d]

      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
      w3svc = [52ab4fa794ae775bdaf63bbf28ade65d]

      was = ServiceDll = C:\Windows\system32\inetsrv\iisw3adm.dll [9bae40bd31e3ee0b0c70bef167e0a2bc]



      ==================== SigCheck x86 Fast =========================================

      Fast Scan All ok

      ==================== SigCheck x64 Fast =========================================

      Fast Scan All ok

      ==================== Job tasks at C:\Windows\Tasks =============================

      C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 1062 bytes [ 5-2-2015 19:13:37 ]

      C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 1066 bytes [ 5-2-2015 19:13:38 ]

      C:\Windows\Tasks\SA.DAT 6 bytes [ 22-8-2013 16:45:54 ]


      ==================== Job tasks at C:\Windows\system32\Tasks ====================

      C:\Windows\system32\Tasks\Adobe Acrobat Update Task 3886 bytes [ 3-1-2015 23:01:57 ]
      => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

      C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-BRYAN-Bryan 3496 bytes [ 21-9-2014 21:01:17 ]
      => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

      C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 3802 bytes [ 5-2-2015 19:13:37 ]
      => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

      C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 4038 bytes [ 5-2-2015 19:13:38 ]
      => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

      C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1409936991 3824 bytes [ 5-9-2014 19:10:03 ]
      => C:\Program Files (x86)\Opera\launcher.exe

      C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1725350855-1927001909-1276192757-500 3596 bytes [ 2-4-2014 11:35:50 ]

      C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2564153378-2625008980-1906920107-500 3598 bytes [ 17-6-2014 06:28:49 ]

      C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3724024821-3719019481-1259879884-500 3596 bytes [ 9-5-2014 10:00:21 ]

      C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4040412350-3650323534-2712008979-1001 3600 bytes [ 30-8-2014 11:22:36 ]

      C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4040412350-3650323534-2712008979-500 2384 bytes [ 17-6-2014 08:02:23 ]

      C:\Windows\system32\Tasks\Origin 3120 bytes [ 2-2-2015 00:05:53 ]
      => C:\Users\Bryan\AppData\Roaming\Origin\update.vbe

      C:\Windows\system32\Tasks\Steam-S-1-8-22-9865GUI 3060 bytes [ 4-9-2014 22:49:07 ]
      => "C:\Users\Bryan\AppData\Roaming\Steam\Reversed\steam.exe"

      C:\Windows\system32\Tasks\User_Feed_Synchronization-{F604A88D-AC35-4A9F-B9BA-090E1BA14420} 3958 bytes [ 30-8-2014 13:30:13 ]
      => C:\Windows\system32\msfeedssync.exe

      C:\Windows\system32\Tasks\YCMServiceAgent 3156 bytes [ 17-6-2014 06:52:25 ]
      => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe


      ==================== Job tasks at C:\Windows\SysWOW64\Tasks ====================

      There are no .job files found.

      ==================== End scanning at vr 6 feb 2015 15:46 (0 Min 16 Sec ) =======



      Ik hoop dat ik het zo goed heb gedaan,

      MVG Bryan

      Comment


      • #4
        Firefox terugzetten naar de standaardtoestand:
        .
        • Klik op de menuknop en klik daarna op Help .
        • Kies Probleemoplossingsinformatie vanuit het menu Help.
          • Als u het menu Help niet kunt benaderen, typ dan about:support in uw locatiebalk om de pagina Probleemoplossingsinformatie zichtbaar te maken.
        • Klik in de rechterbovenhoek van de pagina Probleemoplossingsinformatie op de knop Firefox herinitialiseren….
        • Klik in het bevestigingsvenster dat verschijnt op Firefox herinitialiseren om verder te gaan.
        • Firefox zal worden gesloten en opnieuw worden ingesteld. Zodra dit is gebeurd, zal een venster de geïmporteerde gegevens weergeven. Klik op Voltooien en Firefox zal worden geopend.

        .


        Download of Update Ccleaner

        Start CCleaner op.
        • Run Ccleaner en klik in de linkse kolom op Opties
        • Selecteer het tabblad Geavanceerd
        • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
        • Selecteer het tabblad Instellingen
        • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
        • Klik in de linkse kolom op Cleaner.
        • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
        • Klik vervolgens in de linkse kolom op Register
        • Klik op Scan naar problemen.
        • Op de vraag of je een backup wil maken van het register, klik je "Ja".
        • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

        .


        Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.
        • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
        • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"

        • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
        • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
        • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
        • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.


        • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"

        • Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
        • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
        • Herstart nu de computer.



        Zijn er nog problemen?
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Bij gebrek aan feedback zet ik dit topic op opgelost.

          Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
          Dit is gedaan om het forum netjes en overzichtelijk te houden.

          Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.


          Emphyrio
          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

          Comment

          Sorry, you are not authorized to view this page
          Working...
          X