Mededeling

Collapse
No announcement yet.

hoe los ik problemen met ransomware CBT op?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • hoe los ik problemen met ransomware CBT op?

    Ransomware CBT encrypeetrde aantal files. Hoe los ik dit op?

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 12/06/2015
    Scantijd: 12:08:04
    Logbestand: MWB.txt
    Beheerder: Ja

    Versie: 2.01.6.1022
    Malware Gegevensbestand: v2015.06.12.02
    Rootkit Gegevensbestand: v2015.06.02.01
    Licentie: Gratis
    Malwarebescherming: Uitgeschakeld
    Kwaadaardige Website Bescherming: Uitgeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: Van Impe

    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten Gescand: 365266
    Verstreken Tijd: 12 m, 54 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Heuristiek: Ingeschakeld
    POP: Waarschuwen
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaardes: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 1
    Trojan.Agent.AI, C:\Users\Van Impe\AppData\Local\Temp\Quarantine.exe, , [1fb358613258bf770cbfbab36d958080],

    # AdwCleaner v4.203 - Logbestand aangemaakt 09/06/2015 op 11:49:45
    # Laatste update 30/04/2015 door Xplode
    # Database : 2015-06-08.1 [Server]
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
    # Gebruikersnaam : Van Impe - TOS-C850
    # Gestart vanuit : F:\adwcleaner_4.203.exe
    # Optie : Verwijderen

    ***** [ Services ] *****


    ***** [ Bestanden / Mappen ] *****

    Map Verwijderd : C:\ProgramData\apn
    Map Verwijderd : C:\ProgramData\Babylon
    Map Verwijderd : C:\ProgramData\FileCure
    Map Verwijderd : C:\Program Files (x86)\Delta
    Map Verwijderd : C:\Users\Van Impe\AppData\Roaming\BabSolution
    Map Verwijderd : C:\Users\Van Impe\AppData\Roaming\eCyber
    Bestand Verwijderd : C:\Users\Van Impe\AppData\Roaming\Mozilla\Firefox\Profiles\j5yjksme.default\searchplugins\Askcom.xml
    Bestand Verwijderd : C:\Users\Van Impe\AppData\Roaming\Mozilla\Firefox\Profiles\j5yjksme.default\searchplugins\ask-search.xml

    ***** [ Geplande taken ] *****

    Taak Verwijderd : EPUpdater

    ***** [ Snelkoppelingen ] *****


    ***** [ Register ] *****

    Sleutel Verwijderd : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHost.Tool
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\uus3url-pl
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    Sleutel Verwijderd : HKCU\Software\ParetoLogic
    Sleutel Verwijderd : HKLM\SOFTWARE\Babylon
    Sleutel Verwijderd : HKLM\SOFTWARE\ParetoLogic
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFF FF

    ***** [ Webbrowsers ] *****

    -\\ Internet Explorer v11.0.9600.17801


    -\\ Mozilla Firefox v39.0 (x86 en-US)

    [j5yjksme.default\prefs.js] - Regel Verwijderd : user_pref("browser.search.order.1", "Ask.com");

    -\\ Google Chrome v43.0.2357.81


    *************************

    AdwCleaner[R0].txt - [5450 bytes] - [09/06/2015 11:49:06]
    AdwCleaner[S0].txt - [5406 bytes] - [09/06/2015 11:49:45]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5465 bytes] ##########
    # AdwCleaner v4.206 - Logbestand aangemaakt 12/06/2015 op 11:58:08
    # Laatste update 01/06/2015 door Xplode
    # Database : 2015-06-09.1 [Server]
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
    # Gebruikersnaam : Van Impe - TOS-C850
    # Gestart vanuit : C:\Users\Van Impe\Downloads\adwcleaner_4.206.exe
    # Optie : Verwijderen

    ***** [ Services ] *****

    [#] Service Verwijderd : APNMCP

    ***** [ Bestanden / Mappen ] *****

    Map Verwijderd : C:\Program Files (x86)\AskPartnerNetwork
    Map Verwijderd : C:\Users\Van Impe\AppData\Local\AskPartnerNetwork
    Bestand Verwijderd : C:\Users\Van Impe\AppData\Roaming\Mozilla\Firefox\Profiles\j5yjksme.default\user.js

    ***** [ Geplande taken ] *****

    Taak Verwijderd : EPUpdater

    ***** [ Snelkoppelingen ] *****


    ***** [ Register ] *****

    Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Sleutel Verwijderd : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHost.Tool
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
    Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\uus3url-pl
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Sleutel Verwijderd : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    Sleutel Verwijderd : HKCU\Software\AskPartnerNetwork
    Sleutel Verwijderd : HKCU\Software\ParetoLogic
    Sleutel Verwijderd : HKLM\SOFTWARE\Babylon
    Sleutel Verwijderd : HKLM\SOFTWARE\ParetoLogic
    Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFF FF

    ***** [ Webbrowsers ] *****

    -\\ Internet Explorer v11.0.9600.17801


    -\\ Mozilla Firefox v39.0 (x86 en-US)

    [j5yjksme.default\prefs.js] - Regel Verwijderd : user_pref("browser.search.order.1", "Ask.com");
    [j5yjksme.default\prefs.js] - Regel Verwijderd : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11409&pf=V7&trgb=FF&p2=%5EBBH%5EOSJ000%5EYY%5EBE&gct=hp&apn_ptnrs=BBH&apn_dtid=%5EOSJ000%5E YY%5EBE&apn_dbr=ff_38.0.0

    -\\ Google Chrome v43.0.2357.124


    *************************

    AdwCleaner[R0].txt - [11036 bytes] - [09/06/2015 11:49:06]
    AdwCleaner[S0].txt - [10766 bytes] - [09/06/2015 11:49:45]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10826 bytes] ##########

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.45.2
    Run by Van Impe at 12:01:58 on 2015-06-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3977.622 [GMT 2:00]
    .
    AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\svchost.exe -k utcsvc
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
    C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
    C:\Users\Van Impe\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
    c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
    C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Users\Van Impe\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\IMnet\IMnet.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
    C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\CCleaner\CCleaner64.exe
    C:\Windows\system32\GWX\GWX.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
    BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [ZoomInfo Contact Contributor] C:\Users\Van Impe\AppData\Local\ZoomInfoCEUtility\launch.bat
    uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
    uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe" /background
    uRun: [BingSvc] C:\Users\Van Impe\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
    StartupFolder: C:\Users\VANIMP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Van Impe\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\VANIMP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMnet.lnk - C:\Program Files (x86)\IMnet\IMnet.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{9EE4BE3A-188E-4B6A-AE2B-103292DCA8DB} : NameServer = 80.201.237.239 80.201.237.238
    TCP: Interfaces\{A1C3DA34-F917-42C5-8255-40180154B625} : DHCPNameServer = 192.168.10.252 195.130.130.11 195.130.130.139
    TCP: Interfaces\{E0D29594-75EA-44D4-8017-F0FA874A63E8} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{E0D29594-75EA-44D4-8017-F0FA874A63E8}\24F45425B45402E494A43502B4C414E44554E4 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{E0D29594-75EA-44D4-8017-F0FA874A63E8}\341627C6F637F565F5054514F54314F51303 : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{E0D29594-75EA-44D4-8017-F0FA874A63E8}\341627C6F637F565F5054514F54314F573 : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{E0D29594-75EA-44D4-8017-F0FA874A63E8}\341627C6F637F565F5054514F54324 : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{E0D29594-75EA-44D4-8017-F0FA874A63E8}\341627C6F637F565F52554345405F513 : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{E0D29594-75EA-44D4-8017-F0FA874A63E8}\354702A416D656370234F6572747 : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{E0D29594-75EA-44D4-8017-F0FA874A63E8}\66275656D2E65647 : DHCPNameServer = 192.168.31.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
    x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Eraser] "C:\Program Files\Eraser\Eraser.exe" -atRestart
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
    x64-DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Van Impe\AppData\Roaming\Mozilla\Firefox\Profiles\j5yjksme.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-6-9 17600]
    R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-4-23 28600]
    R1 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2014-5-19 20160]
    R2 AntiVirSchedulerService;Avira Planner;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-4-23 434424]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-4-23 434424]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-4-23 152744]
    R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2015-2-12 184056]
    R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2014-4-23 44088]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
    R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-4-10 128280]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-4-10 161560]
    R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-5-17 2079520]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-10-26 39568]
    R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-6-22 1141848]
    R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-10-30 31856]
    R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-4-27 5448976]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-4-10 363800]
    R2 VmbService;Vodafone Mobile Broadband-service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-12-31 9216]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-4-12 85504]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
    R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
    R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-19 25816]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-4-10 251496]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-10 565352]
    R3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\System32\drivers\TotRec8.sys [2013-12-20 125640]
    S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2014-4-23 827640]
    S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-4-23 1185584]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-3-2 1080120]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-2-18 315488]
    S3 APG8201Z;APG8201Z Smart Card Reader;C:\Windows\System32\drivers\apg8201z.sys [2013-3-20 50688]
    S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\drivers\btfilter.sys [2011-8-8 45168]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-4-12 117248]
    S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2013-4-12 94208]
    S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2013-4-12 28672]
    S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2013-4-12 196096]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-13 114688]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-3-2 63704]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
    S3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2013-4-10 38096]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-10 19456]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-10 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-10 30208]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-10 1255736]
    .
    =============== Created Last 30 ================
    .
    2015-06-11 20:09:13 17583280 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2015-06-09 20:20:08 -------- d-----w- C:\sh4ldr
    2015-06-09 20:18:50 -------- d-----w- C:\Program Files\Enigma Software Group
    2015-06-09 09:49:04 -------- d-----w- C:\AdwCleaner
    2015-06-02 11:51:43 -------- d-----w- C:\Users\Van Impe\AppData\Local\GWX
    2015-05-23 19:31:13 -------- d-----w- C:\Program Files\McAfee Security Scan
    2015-05-22 17:16:46 18645184 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
    2015-05-17 10:16:58 -------- d-----w- C:\ProgramData\McAfee Security Scan
    2015-05-16 01:24:01 460800 ----a-w- C:\Windows\System32\certcli.dll
    2015-05-16 01:24:01 342016 ----a-w- C:\Windows\System32\schannel.dll
    2015-05-16 01:24:00 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
    2015-05-16 01:24:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
    2015-05-14 07:31:51 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-14 07:31:51 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    .
    ==================== Find3M ====================
    .
    2015-06-11 20:09:19 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2015-06-11 20:09:19 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-05-19 18:54:15 152744 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2015-05-06 08:48:00 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2015-05-02 06:55:08 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2015-05-02 06:54:24 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2015-04-29 09:43:25 20160 ----a-w- C:\Windows\System32\drivers\GUBootStartup.sys
    2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
    2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe
    2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe
    2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe
    2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe
    2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe
    2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe
    2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe
    2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe
    2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe
    2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll
    2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
    2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
    2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll
    2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
    2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
    2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe
    2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe
    2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
    2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
    2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
    2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
    2015-04-27 18:06:48 36864 ----a-w- C:\Windows\System32\UtcResources.dll
    2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll
    2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec
    2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll
    2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec
    2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
    2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll
    2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll
    2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
    2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
    2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
    2015-04-14 07:37:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2015-04-14 07:37:46 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2015-04-14 07:37:42 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2015-04-14 01:38:52 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
    2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe
    2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
    2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
    2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
    2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll
    .
    ============= FINISH: 12:02:14,09 ===============

  • #2
    Hoi newcasters,

    Op het moment is er geen oplossing om die files terug te krijgen.
    Indien je een backup hebt van je files, zet deze dan terug.

    Meer info over deze infectie: http://www.bleepingcomputer.com/viru...re-information
    Last edited by Emphyrio; 14-06-15, 19:42.
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Ik zet het topic op opgelost.

      Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
      naar de sectie "Afgesloten topics virusinfecties en is een reactie niet meer mogelijk
      Dit is gedaan om het forum netjes en overzichtelijk te houden.

      Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



      Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

      Emphyrio
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment

      Sorry, you are not authorized to view this page
      Working...
      X