Mededeling

Collapse
No announcement yet.

cvhost.exe besmet of rootkit of iets anders DEEL 1

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • cvhost.exe besmet of rootkit of iets anders DEEL 1

    Ik ben net geupdate naar windows10 en mijn zoon heeft een programma KAOSBox geintstalleerd om films te bekijken.

    Ik krijg via HITMANPRO een melding C:\WINDOWS\system32\svchost.exe als suspicious.
    Heb tot dusver gekozen om de negeer optie hier te kiezen. File extra onderaan toegevoegd.

    Tevens heeft MBAM gigantisch tijd nodig gehad om de pc te controleren.

    Moest gezien de lengte de boel in delen bij jullie aanmelden. Excuses hiervoor.

    Gaarne hulp.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 7-8-2015
    Scantijd: 10:52
    Logboekbestand: MBAM log 7-8-2015.txt
    Beheerder: Ja

    Versie: 2.1.8.1057
    Malware-database: v2015.08.07.02
    Rootkit-database: v2015.08.06.01
    Licentie: Premium
    Malware-bescherming: Ingeschakeld
    Bescherming tegen kwaadaardige websites: Ingeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 10
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: Harma

    Scantype: Aangepaste scan
    Resultaat: Voltooid
    Objecten gescand: 782051
    Verstreken tijd: 11 u., 33 min, 32 sec

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaarden: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 0
    (Geen kwaadaardige items gedetecteerd)

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)

    # AdwCleaner v4.208 - Logbestand aangemaakt 08/08/2015 op 09:45:54
    # Laatste update 09/07/2015 door Xplode
    # Database : 2015-08-01.1 [Server]
    # Besturingssysteem : Windows 10 Home (x64)
    # Gebruikersnaam : Harma - HARMA-PC
    # Gestart vanuit : C:\Users\Harma\Desktop\Nucia\adwcleaner_4.208.exe
    # Optie : Verwijderen

    ***** [ Services ] *****


    ***** [ Bestanden / Mappen ] *****

    Map Verwijderd : C:\Users\Harma\AppData\Roaming\iWin

    ***** [ Geplande taken ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ Register ] *****


    ***** [ Webbrowsers ] *****

    -\\ Internet Explorer v11.0.10240.16384


    -\\ Mozilla Firefox v39.0.3 (x86 nl)


    -\\ Google Chrome v44.0.2403.130


    *************************

    AdwCleaner[R0].txt - [4303 bytes] - [02/01/2014 20:21:00]
    AdwCleaner[R10].txt - [2168 bytes] - [27/02/2015 14:36:38]
    AdwCleaner[R11].txt - [2035 bytes] - [27/02/2015 14:46:40]
    AdwCleaner[R12].txt - [2405 bytes] - [03/04/2015 09:06:15]
    AdwCleaner[R13].txt - [4319 bytes] - [22/07/2015 21:30:44]
    AdwCleaner[R14].txt - [2367 bytes] - [23/07/2015 13:12:09]
    AdwCleaner[R15].txt - [2429 bytes] - [26/07/2015 11:01:42]
    AdwCleaner[R16].txt - [2489 bytes] - [31/07/2015 09:43:30]
    AdwCleaner[R17].txt - [2589 bytes] - [08/08/2015 09:41:04]
    AdwCleaner[R1].txt - [1113 bytes] - [02/01/2014 21:04:59]
    AdwCleaner[R2].txt - [1360 bytes] - [08/01/2014 00:12:46]
    AdwCleaner[R3].txt - [1485 bytes] - [25/01/2014 11:07:30]
    AdwCleaner[R4].txt - [5895 bytes] - [26/06/2014 23:00:09]
    AdwCleaner[R5].txt - [1642 bytes] - [26/06/2014 23:06:07]
    AdwCleaner[R6].txt - [1776 bytes] - [27/06/2014 17:30:03]
    AdwCleaner[R7].txt - [4220 bytes] - [08/07/2014 18:25:31]
    AdwCleaner[R8].txt - [4614 bytes] - [01/02/2015 15:52:33]
    AdwCleaner[R9].txt - [4674 bytes] - [01/02/2015 15:59:34]
    AdwCleaner[S0].txt - [4028 bytes] - [02/01/2014 20:23:06]
    AdwCleaner[S10].txt - [2474 bytes] - [03/04/2015 09:10:27]
    AdwCleaner[S11].txt - [4382 bytes] - [22/07/2015 21:49:23]
    AdwCleaner[S12].txt - [1984 bytes] - [08/08/2015 09:45:54]
    AdwCleaner[S1].txt - [1175 bytes] - [02/01/2014 21:06:05]
    AdwCleaner[S2].txt - [1386 bytes] - [08/01/2014 00:14:10]
    AdwCleaner[S3].txt - [1511 bytes] - [25/01/2014 11:09:10]
    AdwCleaner[S4].txt - [4708 bytes] - [26/06/2014 23:01:45]
    AdwCleaner[S5].txt - [1706 bytes] - [26/06/2014 23:07:29]
    AdwCleaner[S6].txt - [1840 bytes] - [27/06/2014 17:31:24]
    AdwCleaner[S7].txt - [4036 bytes] - [08/07/2014 18:28:23]
    AdwCleaner[S8].txt - [4494 bytes] - [01/02/2015 16:02:21]
    AdwCleaner[S9].txt - [2195 bytes] - [27/02/2015 14:42:06]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S12].txt - [2575 bytes] ##########

  • #2
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.10240.16412 BrowserJavaVersion: 11.45.2
    Run by Harma at 9:59:36 on 2015-08-08
    Microsoft Windows 10 Home 10.0.10240.0.1252.31.1043.18.4008.1726 [GMT 2:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
    .
    ============== Running Processes ===============
    .
    c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\system32\dwm.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
    C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\WINDOWS\system32\nvvsvc.exe
    C:\WINDOWS\system32\svchost.exe -k GPSvcGroup
    C:\WINDOWS\servicing\TrustedInstaller.exe
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\Program Files\HitmanPro\hmpsched.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\WINDOWS\System32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Elantech\ETDService.exe
    C:\WINDOWS\System32\svchost.exe -k utcsvc
    C:\WINDOWS\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Softland\FBackup 5\bService.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\svchost.exe -k iissvcs
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\dashost.exe
    C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k appmodel
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16384_none_115fd2f761f7c508\TiWorker.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\HitmanPro\HitmanPro.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\WINDOWS\system32\taskhostw.exe
    C:\WINDOWS\system32\sihost.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\WINDOWS\system32\taskeng.exe
    C:\WINDOWS\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\WINDOWS\Explorer.EXE
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    svchost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\Softland\FBackup 5\bTray.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Users\Harma\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
    C:\WINDOWS\system32\fontdrvhost.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files\CCleaner\CCleaner64.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\WINDOWS\SysWOW64\ctfmon.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://mysearch.avg.com/?cid={83B4D445-7FBC-4641-88D9-FF880BD9B744}&mid=1f7525ac08af4a458eea604510977eaa-4bf0387d762c6e84935e860d7d7444a0806415a4&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0715av&pr=fr&d=2015-07-20 17:09:36&v=4.1.4.948&pid=wtu&sg=&sap=hp
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
    uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    uRun: [FBackup 5 Tray Agent] "C:\Program Files (x86)\Softland\FBackup 5\bTray.exe"
    uRun: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [OneDrive] "C:\Users\Harma\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    StartupFolder: C:\Users\Harma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AVG201~1.LNK - C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    StartupFolder: C:\Users\Harma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
    StartupFolder: C:\Users\Harma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HITMAN~1.LNK - C:\Program Files\HitmanPro\HitmanPro.exe
    StartupFolder: C:\Users\Harma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MALWAR~1.LNK - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: DSCAutomationHostEnabled = dword:2
    mPolicies-System: SoftwareSASGeneration = dword:1
    IE: &Verzenden naar OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{2bb078be-fcd8-4af7-a8f2-717ec32fc9bc} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{45183cb3-1605-4919-bc62-f665b4ebbc1c} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{45183cb3-1605-4919-bc62-f665b4ebbc1c}\745756374773 : DHCPNameServer = 192.168.1.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\WINDOWS\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
    x64-mStart Page = www.google.com
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-mPolicies-Explorer: NoDrives = dword:0
    x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
    x64-mPolicies-System: SoftwareSASGeneration = dword:1
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
    x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Harma\AppData\Roaming\Mozilla\Firefox\Profiles\n0enn59j.default-1438973072569\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-8-11 9216]
    R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\drivers\avgidsha.sys [2015-5-12 253408]
    R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\drivers\avgloga.sys [2015-5-7 378336]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\drivers\avgmfx64.sys [2015-6-10 226784]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\drivers\avgrkx64.sys [2015-3-20 40928]
    R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
    R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
    R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-7-10 199008]
    R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
    R1 Avgdiska;AVG Disk Driver;C:\WINDOWS\System32\drivers\avgdiska.sys [2015-3-11 162784]
    R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\drivers\avgidsdrivera.sys [2015-6-26 293296]
    R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\drivers\avgldx64.sys [2015-6-16 259040]
    R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\drivers\avgwfpa.sys [2015-6-15 295400]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\WINDOWS\System32\drivers\ctxusbm.sys [2012-3-19 89536]
    R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
    R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
    R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-7-7 3518376]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-7-7 314304]
    R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
    R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
    R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
    R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2015-7-31 135352]
    R2 FBackup5Srv;FBackup 5 Service;C:\Program Files (x86)\Softland\FBackup 5\bService.exe [2014-11-21 4640312]
    R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-1-2 127752]
    R2 hmpalert;HitmanPro.Alert Support Driver;C:\WINDOWS\System32\drivers\hmpalert.sys [2014-12-4 93144]
    R2 hmpalertsvc;HitmanPro.Alert Service;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-12-4 1876816]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-14 1871160]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-14 1133880]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2014-12-16 487960]
    R2 SOHDms;Sony Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-1-16 495248]
    R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
    R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\WINDOWS\System32\drivers\TurboB.sys [2010-4-17 13832]
    R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
    R2 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
    R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2015-7-20 1195920]
    R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
    R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
    R3 ETD;ELAN Input Device;C:\WINDOWS\System32\drivers\ETD.sys [2015-7-31 428216]
    R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\WINDOWS\System32\drivers\hitmanpro37.sys [2015-8-8 43664]
    R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2010-10-14 317440]
    R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2013-7-14 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014-6-14 113880]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2014-6-14 63704]
    R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
    R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2014-6-22 40392]
    R3 rt640x64;Realtek RT640 NT-stuurprogramma;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
    R3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2015-7-31 410880]
    R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
    R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
    R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
    S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\drivers\avgboota.sys [2015-3-27 21152]
    S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
    S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
    S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
    S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
    S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
    S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
    S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
    S3 buttonconverter;Service voor Portable Device Control-apparaten;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-7-10 32256]
    S3 CapImg;HID-stuurprogramma voor CapImg-touchscreen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
    S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
    S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
    S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
    S3 diagnosticshub.standardcollector.service;Microsoft(R) Diagnostics Hub Standard Collector-service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
    S3 DmEnrollmentSvc;Registratieservice voor Apparaatbeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
    S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
    S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
    S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
    S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
    S3 fssfltr;fssfltr;C:\WINDOWS\System32\drivers\fssfltr.sys [2011-4-9 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 genericusbfn;Algemene USB-functieklasse;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
    S3 hidinterrupt;Algemeen stuurprogramma voor HID-knoppen waarvoor interrupts zijn geïmplementeerd;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
    S3 HTCAND64;HTC Device Driver;C:\WINDOWS\System32\drivers\ANDROIDUSB.sys [2013-8-17 38424]
    S3 iaLPSSi_GPIO;Stuurprogramma van Intel(R) Serial IO GPIO-controller;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
    S3 iaLPSSi_I2C;Stuurprogramma voor Intel(R) Serial IO I2C-controller;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
    S3 iaStorAV;Intel(R) SATA RAID-controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
    S3 ibbus;Mellanox InfiniBand Bus/AL (filterstuurprogramma);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
    S3 icssvc;Windows Mobiele hotspotservice;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
    S3 intelpep;Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing ;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
    S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
    S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
    S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
    S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
    S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
    S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\WINDOWS\System32\drivers\massfilter_hs.sys [2015-1-19 18456]
    S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
    S3 ndfltr;NetworkDirect-service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
    S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
    S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
    S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
    S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
    S3 nvpciflt;nvpciflt;C:\WINDOWS\System32\drivers\nvpciflt.sys [2015-7-13 31560]
    S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-22 20256]
    S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
    S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
    S3 PSI;PSI;C:\WINDOWS\System32\drivers\psi_mf.sys [2011-12-16 17976]
    S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-7-31 934752]
    S3 RetailDemo;Retaildemoservice;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
    S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUVStor.sys [2011-4-9 290920]
    S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
    S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
    S3 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
    S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-7-31 1031680]
    S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
    S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
    S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
    S3 SmsRouter;Microsoft Windows SMS Router-service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
    S3 SOHDs;Sony Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2013-12-3 79000]
    S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-7-10 78688]
    S3 storufs;Microsoft Universal Flash Storage (UFS)-stuurprogramma;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
    S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
    S3 UcmUcsi;UCSI-client van USB-connectorbeheer;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-7-31 46080]
    S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
    S3 UEFI;Microsoft UEFI-stuurprogramma;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
    S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
    S3 UfxChipidea;Chipidea USB-controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
    S3 ufxsynopsys;Synopsys USB-controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
    S3 UrsChipidea;Stuurprogramma voor Chipidea USB Role-Switch;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
    S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
    S3 UrsSynopsys;Stuurprogramma voor Synopsys USB Role-Switch;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
    S3 vhf;Virtual HID Framework (VHF)-stuurprogramma;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
    S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
    S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
    S3 w3logsvc;W3C-logboekregistratieservice;C:\WINDOWS\System32\svchost.exe -k apphost [2015-7-10 39856]
    S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
    S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-7-10 685056]
    S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
    S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
    S3 WinMad;WinMad-service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
    S3 WinVerbs;WinVerbs-service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
    S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
    S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
    S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-7-10 214016]
    S3 XblAuthManager;Xbox Live-verificatiebeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
    S3 XblGameSave;Games opslaan op Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
    S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
    S3 XboxNetApiSvc;Netwerkservice van Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
    S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
    S4 AFBAgent;AFBAgent;C:\WINDOWS\System32\FBAgent.exe [2011-4-9 379520]
    S4 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
    S4 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
    S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-6 1631008]
    S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-14 21055432]
    S4 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .inf: inffile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2015-08-08 08:00:45 1190000 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\gapaengine.dll
    2015-08-08 07:55:54 16148 ----a-w- C:\WINDOWS\System32\HARMA-PC_Harma_HistoryPrediction.bin
    2015-08-08 07:55:53 43664 ----a-w- C:\WINDOWS\System32\drivers\hitmanpro37.sys
    2015-08-07 08:45:05 12222168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DE65A3FC-716E-477B-86CA-41B1358B27BF}\mpengine.dll
    2015-08-06 08:14:31 21873664 ----a-w- C:\WINDOWS\System32\edgehtml.dll
    2015-08-06 08:14:09 16707072 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
    2015-08-06 08:14:00 13024256 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
    2015-08-06 08:12:59 521216 ----a-w- C:\WINDOWS\System32\PsmServiceExtHost.dll
    2015-08-04 11:34:20 239960 ----a-w- C:\WINDOWS\SysWow64\xactengine3_7.dll
    2015-08-04 11:33:59 5425496 ----a-w- C:\WINDOWS\System32\D3DX9_41.dll
    2015-08-04 11:32:58 409960 ----a-w- C:\WINDOWS\System32\xactengine2_8.dll
    2015-08-04 11:26:34 -------- d--h--w- C:\WINDOWS\msdownld.tmp
    2015-08-04 11:26:19 -------- d-----w- C:\WINDOWS\SysWow64\directx
    2015-08-01 17:19:05 -------- d-----w- C:\WINDOWS\System32\SleepStudy
    2015-07-31 20:58:30 -------- d-----w- C:\WINDOWS\SysWow64\sda
    2015-07-31 20:58:30 -------- d-----w- C:\Users\Harma\AppData\Local\NetworkTiles
    2015-07-31 18:56:28 9898752 ----a-w- C:\WINDOWS\SysWow64\RsCRIcon.dll
    2015-07-31 18:56:28 91904 ----a-w- C:\WINDOWS\System32\RtCRX64.dll
    2015-07-31 18:56:28 410880 ----a-w- C:\WINDOWS\System32\drivers\RtsUer.sys
    2015-07-31 17:28:28 -------- d-----r- C:\Users\Harma\OneDrive
    2015-07-31 17:19:44 -------- d-----w- C:\Users\Harma\AppData\Local\MicrosoftEdge
    2015-07-31 17:02:01 -------- d-----w- C:\Program Files\Elantech
    2015-07-31 17:01:06 -------- d-----w- C:\ProgramData\Microsoft OneDrive
    2015-07-31 17:00:48 47288 ----a-w- C:\WINDOWS\System32\ETDCoInstaller01000.dll
    2015-07-31 17:00:47 428216 ----a-w- C:\WINDOWS\System32\drivers\ETD.sys
    2015-07-31 16:57:26 -------- d-----w- C:\Users\Harma\AppData\Local\Publishers
    2015-07-31 16:55:39 -------- dc----w- C:\WINDOWS\Panther
    2015-07-31 16:55:20 -------- d-----w- C:\Users\Harma\AppData\Local\Packages
    2015-07-31 16:55:18 -------- d-sh--w- C:\Recovery
    2015-07-31 16:54:45 -------- d-----w- C:\Users\Harma\AppData\Local\TileDataLayer
    2015-07-31 16:52:26 -------- d-----w- C:\Windows.old
    2015-07-31 16:44:56 -------- d-sh--we C:\ProgramData\Sjablonen
    2015-07-31 16:44:56 -------- d-sh--we C:\ProgramData\Menu Start
    2015-07-31 16:44:56 -------- d-sh--we C:\ProgramData\Favorieten
    2015-07-31 16:44:56 -------- d-sh--we C:\ProgramData\Documenten
    2015-07-31 16:44:56 -------- d-sh--we C:\ProgramData\Bureaublad
    2015-07-31 16:39:05 -------- d-----w- C:\WINDOWS\SysWow64\XPSViewer
    2015-07-31 16:39:05 -------- d-----w- C:\WINDOWS\SysWow64\BestPractices
    2015-07-31 16:39:05 -------- d-----w- C:\WINDOWS\System32\msmq
    2015-07-31 16:39:04 -------- d-----w- C:\WINDOWS\System32\BestPractices
    2015-07-31 16:39:01 -------- d-----w- C:\inetpub
    2015-07-31 16:38:22 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
    2015-07-31 16:38:22 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
    2015-07-31 16:38:22 102608 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-07-31 16:38:13 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
    2015-07-31 16:38:13 124112 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
    2015-07-31 16:38:13 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
    2015-07-31 16:31:09 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
    2015-07-31 16:28:56 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
    2015-07-31 16:25:56 -------- d--h--w- C:\ProgramData\Common Files
    2015-07-31 16:12:27 -------- d-----w- C:\Program Files (x86)\Common Files\SpeechEngines
    2015-07-31 16:12:24 -------- d-----w- C:\Program Files\Common Files\SpeechEngines
    2015-07-31 16:03:24 -------- d-----w- C:\ProgramData\SonicFocus
    2015-07-31 16:03:16 -------- d-----w- C:\Program Files\Realtek
    2015-07-31 16:03:15 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
    2015-07-31 16:03:04 -------- d-----w- C:\Intel
    2015-07-31 16:01:51 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2015-07-31 16:01:51 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2015-07-30 21:39:29 12872 ----a-w- C:\WINDOWS\System32\bootdelete.exe
    2015-07-22 16:04:42 -------- d-----w- C:\WINDOWS\SysWow64\vbox
    2015-07-22 16:04:42 -------- d-----w- C:\WINDOWS\System32\vbox
    2015-07-22 16:00:15 -------- d-----w- C:\Program Files\AVAST Software
    2015-07-22 15:58:29 -------- d-----w- C:\ProgramData\AVAST Software
    2015-07-21 14:42:02 -------- d-----w- C:\Users\Harma\AppData\Local\CEF
    2015-07-20 15:10:06 -------- d-----w- C:\Users\Harma\AppData\Local\AVG Web TuneUp
    2015-07-20 15:08:56 -------- d-----w- C:\ProgramData\AVG Web TuneUp
    2015-07-20 15:08:50 -------- d-----w- C:\Program Files (x86)\AVG Web TuneUp
    2015-07-20 13:38:24 12288 ----a-w- C:\WINDOWS\System32\wu.upgrade.ps.dll
    2015-07-20 13:37:59 16384 ----a-w- C:\WINDOWS\System32\RdpGroupPolicyExtension.dll
    2015-07-20 13:37:24 968704 ----a-w- C:\WINDOWS\System32\MsSpellCheckingFacility.exe
    2015-07-20 13:37:21 1155072 ----a-w- C:\WINDOWS\SysWow64\mshtmlmedia.dll
    2015-07-20 13:37:18 1359360 ----a-w- C:\WINDOWS\System32\mshtmlmedia.dll
    2015-07-11 08:11:52 244416 ----a-w- C:\WINDOWS\SysWow64\MsFlxGrd.ocx
    2015-07-11 08:11:46 -------- d-----w- C:\Loss Record
    2015-07-10 16:32:02 -------- d--h--w- C:\$Windows.~BT
    2015-07-10 16:11:44 -------- d-----w- C:\WINDOWS\ShellNew
    2015-07-10 16:11:44 -------- d-----w- C:\Program Files\Windows Journal
    2015-07-10 16:09:22 -------- d-----w- C:\WINDOWS\OCR
    2015-07-10 16:09:17 -------- d-----w- C:\WINDOWS\SKB
    2015-07-10 16:09:00 -------- d-----w- C:\WINDOWS\SysWow64\winrm
    2015-07-10 16:09:00 -------- d-----w- C:\WINDOWS\SysWow64\WCN
    2015-07-10 16:09:00 -------- d-----w- C:\WINDOWS\SysWow64\wbem\nl-NL
    2015-07-10 16:09:00 -------- d-----w- C:\WINDOWS\SysWow64\wbem\en-US
    2015-07-10 16:09:00 -------- d-----w- C:\WINDOWS\SysWow64\sysprep
    2015-07-10 16:09:00 -------- d-----w- C:\WINDOWS\SysWow64\slmgr
    2015-07-10 16:09:00 -------- d-----w- C:\WINDOWS\SysWow64\Printing_Admin_Scripts
    2015-07-10 13:19:33 -------- d-----w- C:\WINDOWS\en-US
    2015-07-10 13:19:33 -------- d-----w- C:\WINDOWS\DigitalLocker
    2015-07-10 12:22:52 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-M7P1NB6_Administrator_HistoryPrediction.bin
    2015-07-10 12:22:45 -------- d-----w- C:\ProgramData\USOShared
    2015-07-10 12:21:43 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
    2015-07-10 12:21:43 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
    2015-07-10 12:21:43 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
    2015-07-10 12:21:38 -------- d-sh--we C:\ProgramData\Documents
    2015-07-10 12:21:38 -------- d-sh--we C:\Documents and Settings
    2015-07-10 12:20:42 -------- d-----w- C:\WINDOWS\ServiceProfiles
    2015-07-10 12:20:38 -------- d-s---w- C:\WINDOWS\System32\Microsoft
    2015-07-10 11:06:25 -------- d-----w- C:\WINDOWS\Setup
    2015-07-10 11:06:01 792568 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
    2015-07-10 11:06:01 178168 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
    2015-07-10 11:03:58 -------- d-----w- C:\WINDOWS\System32\drivers
    2015-07-10 11:02:54 -------- d-----w- C:\WINDOWS\INF
    2015-07-10 11:00:42 567296 ----a-w- C:\WINDOWS\System32\msTextPrediction.dll
    2015-07-10 10:59:59 9728 ----a-w- C:\WINDOWS\System32\RpcNs4.dll
    2015-07-10 10:55:34 -------- d-----w- C:\WINDOWS\CbsTemp
    .
    ==================== Find3M ====================
    .
    2015-08-08 07:55:47 113880 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    2015-07-31 16:54:51 45056 ----a-w- C:\WINDOWS\System32\acovcnt.exe
    2015-07-31 16:38:56 96768 ----a-w- C:\WINDOWS\SysWow64\mqoa.tlb
    2015-07-30 06:24:56 1561872 ----a-w- C:\WINDOWS\System32\winmde.dll
    2015-07-30 06:23:20 527952 ----a-w- C:\WINDOWS\System32\AudioSes.dll
    2015-07-30 06:22:35 8020832 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
    2015-07-30 06:21:21 816576 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
    2015-07-30 06:17:53 393568 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
    2015-07-30 06:17:22 1025840 ----a-w- C:\WINDOWS\System32\mfsrcsnk.dll
    2015-07-30 06:17:00 1200400 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
    2015-07-30 06:16:38 2147080 ----a-w- C:\WINDOWS\System32\d3d9.dll
    2015-07-30 06:16:14 505696 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
    2015-07-30 06:15:59 632168 ----a-w- C:\WINDOWS\System32\dxgi.dll
    2015-07-30 06:14:50 333168 ----a-w- C:\WINDOWS\System32\MFPlay.dll
    2015-07-30 06:09:51 1562968 ----a-w- C:\WINDOWS\System32\wmpmde.dll
    2015-07-30 06:06:54 1043872 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
    2015-07-30 06:05:27 501008 ----a-w- C:\WINDOWS\System32\AudioEng.dll
    2015-07-30 06:05:18 2498808 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
    2015-07-30 06:04:44 1396064 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
    2015-07-30 06:03:30 2116448 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
    2015-07-30 06:03:02 1983328 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
    2015-07-30 05:24:44 252768 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
    2015-07-30 04:42:34 1643872 ----a-w- C:\WINDOWS\System32\diagtrack.dll
    2015-07-30 04:29:14 705520 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
    2015-07-30 04:26:32 877016 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
    2015-07-30 04:26:17 1867160 ----a-w- C:\WINDOWS\SysWow64\d3d9.dll
    2015-07-30 04:25:27 1356368 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
    2015-07-30 04:25:04 713312 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
    2015-07-30 04:24:59 285632 ----a-w- C:\WINDOWS\SysWow64\MFPlay.dll
    2015-07-30 04:24:08 407616 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
    2015-07-30 04:24:07 1769056 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
    2015-07-30 04:24:04 445240 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
    2015-07-30 04:22:31 507696 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
    2015-07-30 04:22:17 896144 ----a-w- C:\WINDOWS\SysWow64\mfsrcsnk.dll
    2015-07-30 04:21:21 962400 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
    2015-07-30 04:12:48 287744 ----a-w- C:\WINDOWS\System32\provhandlers.dll
    2015-07-30 04:12:45 268800 ----a-w- C:\WINDOWS\System32\provengine.dll
    2015-07-30 04:09:07 24576 ----a-w- C:\WINDOWS\System32\LicenseManagerShellext.exe
    2015-07-30 04:08:55 494592 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
    2015-07-30 04:08:36 55296 ----a-w- C:\WINDOWS\System32\MusNotificationUx.exe
    2015-07-30 04:08:34 168960 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
    2015-07-30 04:02:21 253952 ----a-w- C:\WINDOWS\System32\SettingsHandlers_UserAccount.dll
    2015-07-30 03:59:39 187904 ----a-w- C:\WINDOWS\System32\provisioningcsp.dll
    2015-07-30 03:54:05 2415616 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
    2015-07-30 03:53:46 503808 ----a-w- C:\WINDOWS\System32\tileobjserver.dll
    2015-07-30 03:53:40 282112 ----a-w- C:\WINDOWS\System32\VEEventDispatcher.dll
    2015-07-30 03:53:34 122880 ----a-w- C:\WINDOWS\System32\VEDataLayerHelpers.dll
    2015-07-30 03:52:44 859136 ----a-w- C:\WINDOWS\System32\modernexecserver.dll
    2015-07-30 03:52:26 75264 ----a-w- C:\WINDOWS\System32\ACPBackgroundManagerPolicy.dll
    2015-07-30 03:49:34 11557888 ----a-w- C:\WINDOWS\System32\twinui.dll
    2015-07-30 03:49:08 777728 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
    2015-07-30 03:49:07 324096 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-07-30 03:46:28 593920 ----a-w- C:\WINDOWS\System32\wcmsvc.dll
    2015-07-30 03:46:16 204288 ----a-w- C:\WINDOWS\System32\wcmcsp.dll
    2015-07-30 03:46:10 2125312 ----a-w- C:\WINDOWS\System32\twinui.appcore.dll
    2015-07-30 03:46:09 487424 ----a-w- C:\WINDOWS\System32\mfmkvsrcsnk.dll
    2015-07-30 03:45:54 155136 ----a-w- C:\WINDOWS\System32\drivers\tunnel.sys
    2015-07-30 03:45:48 195584 ----a-w- C:\WINDOWS\System32\fwpolicyiomgr.dll
    2015-07-30 03:44:49 280064 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
    2015-07-30 03:44:39 41984 ----a-w- C:\WINDOWS\System32\VoiceActivationManager.dll
    2015-07-30 03:44:29 144896 ----a-w- C:\WINDOWS\System32\drivers\UMDF\SensorsCx.dll
    2015-07-30 03:44:28 229376 ----a-w- C:\WINDOWS\System32\SensorService.dll
    2015-07-30 03:44:26 65536 ----a-w- C:\WINDOWS\System32\drivers\bthhfenum.sys
    2015-07-30 03:44:21 91648 ----a-w- C:\WINDOWS\System32\SensorsNativeApi.V2.dll
    2015-07-30 03:44:05 2662400 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
    2015-07-30 03:42:45 518144 ----a-w- C:\WINDOWS\System32\NotificationController.dll
    2015-07-30 03:42:06 596992 ----a-w- C:\WINDOWS\System32\LogonController.dll
    2015-07-30 03:41:58 988672 ----a-w- C:\WINDOWS\System32\RDXService.dll
    2015-07-30 03:41:52 407040 ----a-w- C:\WINDOWS\System32\CredProvDataModel.dll
    2015-07-30 03:41:26 28672 ----a-w- C:\WINDOWS\System32\NotificationControllerPS.dll
    2015-07-30 03:40:37 2178560 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
    2015-07-30 03:40:17 846336 ----a-w- C:\WINDOWS\System32\wpncore.dll
    2015-07-30 03:38:30 80384 ----a-w- C:\WINDOWS\System32\AppxSysprep.dll
    2015-07-30 03:38:27 1420288 ----a-w- C:\WINDOWS\System32\UserDataService.dll
    2015-07-30 03:34:36 599552 ----a-w- C:\WINDOWS\System32\wpnapps.dll
    2015-07-30 03:32:52 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
    2015-07-30 03:32:37 1212928 ----a-w- C:\WINDOWS\System32\RemoteNaturalLanguage.dll
    2015-07-30 03:29:50 654848 ----a-w- C:\WINDOWS\System32\PlayToManager.dll
    2015-07-30 03:15:22 9889792 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
    2015-07-30 03:13:30 217088 ----a-w- C:\WINDOWS\SysWow64\VEEventDispatcher.dll
    2015-07-30 03:13:19 81920 ----a-w- C:\WINDOWS\SysWow64\VEDataLayerHelpers.dll
    2015-07-30 03:12:53 1914880 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
    2015-07-30 03:11:04 18803712 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
    2015-07-30 03:10:41 585728 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
    2015-07-30 03:10:28 247808 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-07-30 03:07:39 163328 ----a-w- C:\WINDOWS\SysWow64\fwpolicyiomgr.dll
    2015-07-30 03:06:54 373248 ----a-w- C:\WINDOWS\SysWow64\mfmkvsrcsnk.dll
    2015-07-30 03:06:51 1820160 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Logon.dll
    2015-07-30 03:06:27 34816 ----a-w- C:\WINDOWS\SysWow64\VoiceActivationManager.dll
    2015-07-30 03:06:07 78336 ----a-w- C:\WINDOWS\SysWow64\SensorsNativeApi.V2.dll
    2015-07-30 03:04:45 1714176 ----a-w- C:\WINDOWS\SysWow64\twinui.appcore.dll
    2015-07-30 03:04:41 495616 ----a-w- C:\WINDOWS\SysWow64\LogonController.dll
    2015-07-30 03:04:16 335360 ----a-w- C:\WINDOWS\SysWow64\CredProvDataModel.dll
    2015-07-30 02:59:38 473088 ----a-w- C:\WINDOWS\SysWow64\wpnapps.dll
    2015-07-30 02:58:28 497152 ----a-w- C:\WINDOWS\SysWow64\PlayToManager.dll
    2015-07-30 02:58:02 898560 ----a-w- C:\WINDOWS\SysWow64\RemoteNaturalLanguage.dll
    2015-07-13 17:37:03 937616 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
    2015-07-13 17:37:03 75080 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
    2015-07-13 17:37:03 62792 ----a-w- C:\WINDOWS\System32\nvshext.dll
    2015-07-13 17:37:03 385168 ----a-w- C:\WINDOWS\System32\nvmctray.dll
    2005-07-14 10:31:20 32256 --sha-w- C:\WINDOWS\SysWOW64\AVSredirect.dll
    2004-01-24 22:00:00 70656 --sha-w- C:\WINDOWS\SysWOW64\i420vfw.dll
    2004-01-24 22:00:00 70656 --sha-w- C:\WINDOWS\SysWOW64\yv12vfw.dll
    .
    ============= FINISH: 10:10:11,26 ===============

    Comment


    • #3
      GMER is te groot maar ik zie knop voor bij bijlage voor tekst bericht?

      Comment


      • #4
        Code:
        HitmanPro 3.7.9.242
        www.hitmanpro.com
        
           Computer name . . . . : HARMA-PC
           Windows . . . . . . . : 6.3.0.9600.X64/4
           User name . . . . . . : Harma-PC\Harma
           UAC . . . . . . . . . : Enabled
           License . . . . . . . : Paid (145 days left)
        
           Scan date . . . . . . : 2015-08-08 08:33:51
           Scan mode . . . . . . : Quick
           Scan duration . . . . : 21m 25s
           Disk access mode  . . : Direct disk access (SRB)
           Cloud . . . . . . . . : Internet
           Reboot  . . . . . . . : No
        
           Threats . . . . . . . : 0
           Traces  . . . . . . . : 205
        
           Objects scanned . . . : 4.589
           Files scanned . . . . : 4.589
           Remnants scanned  . . : 0 files / 0 keys
        
        Suspicious files ____________________________________________________________
        
           C:\WINDOWS\system32\svchost.exe
              Size . . . . . . . : 39.856 bytes
              Age  . . . . . . . : 7.6 days (2015-07-31 18:27:34)
              Entropy  . . . . . : 6.0
              SHA-256  . . . . . : 8A88E067E89D1DCFCAFD842C0CB7DE5DC7E6754447F2064A2BDF8496B088BD52
              Product  . . . . . : Microsoft® Windows® Operating System
              Publisher  . . . . : Microsoft Corporation
              Description  . . . : Host Process for Windows Services
              Version  . . . . . : 10.0.10240.16384
              Copyright  . . . . : © Microsoft Corporation. All rights reserved.
              RSA Key Size . . . : 2048
              Service  . . . . . : UserDataSvc_Session2
              Process Type . . . : Critical
              LanguageID . . . . : 1033
              Authenticode . . . : Valid
              Running processes  : 1120, 1184, 1388, 1436, 1596, 1604, 1720, 1780, 2300, 2460, 2476, 2760, 2936, 2952, 3652, 8416, 10408, 21496
              Fuzzy  . . . . . . : 23.0
                 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
                 This program is actively listening for inbound network connections.
                 The file is in use by one or more active processes.
                 The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
                 Starts automatically as a service during system bootup.
                 Time indicates that the file appeared recently on this computer.
                 This file's process is marked as system critical.
                 The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
                 Program is code signed with a valid Authenticode certificate.
              Startup
                 HKLM\SYSTEM\ControlSet001\Services\OneSyncSvc_Session2\
                 HKLM\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_Session2\
                 HKLM\SYSTEM\ControlSet001\Services\UnistoreSvc_Session2\
                 HKLM\SYSTEM\ControlSet001\Services\UserDataSvc_Session2\
                 HKLM\SYSTEM\CurrentControlSet\Services\AJRouter\
                 HKLM\SYSTEM\CurrentControlSet\Services\AppHostSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\Appinfo\
                 HKLM\SYSTEM\CurrentControlSet\Services\AppReadiness\
                 HKLM\SYSTEM\CurrentControlSet\Services\AppXSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\
                 HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv\
                 HKLM\SYSTEM\CurrentControlSet\Services\AxInstSV\
                 HKLM\SYSTEM\CurrentControlSet\Services\BDESVC\
                 HKLM\SYSTEM\CurrentControlSet\Services\BFE\
                 HKLM\SYSTEM\CurrentControlSet\Services\BITS\
                 HKLM\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\
                 HKLM\SYSTEM\CurrentControlSet\Services\Browser\
                 HKLM\SYSTEM\CurrentControlSet\Services\BthHFSrv\
                 HKLM\SYSTEM\CurrentControlSet\Services\bthserv\
                 HKLM\SYSTEM\CurrentControlSet\Services\CDPSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC\
                 HKLM\SYSTEM\CurrentControlSet\Services\CoreMessagingRegistrar\
                 HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch\
                 HKLM\SYSTEM\CurrentControlSet\Services\DcpSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\defragsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\
                 HKLM\SYSTEM\CurrentControlSet\Services\DeviceInstall\
                 HKLM\SYSTEM\CurrentControlSet\Services\DevQueryBroker\
                 HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\
                 HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack\
                 HKLM\SYSTEM\CurrentControlSet\Services\DmEnrollmentSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\dmwappushservice\
                 HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\
                 HKLM\SYSTEM\CurrentControlSet\Services\DoSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\dot3svc\
                 HKLM\SYSTEM\CurrentControlSet\Services\DPS\
                 HKLM\SYSTEM\CurrentControlSet\Services\DsmSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\DsSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\
                 HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode\
                 HKLM\SYSTEM\CurrentControlSet\Services\EntAppSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\EventLog\
                 HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\
                 HKLM\SYSTEM\CurrentControlSet\Services\fdPHost\
                 HKLM\SYSTEM\CurrentControlSet\Services\FDResPub\
                 HKLM\SYSTEM\CurrentControlSet\Services\fhsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\FontCache\
                 HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\hidserv\
                 HKLM\SYSTEM\CurrentControlSet\Services\HomeGroupListener\
                 HKLM\SYSTEM\CurrentControlSet\Services\HomeGroupProvider\
                 HKLM\SYSTEM\CurrentControlSet\Services\icssvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT\
                 HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\KtmRm\
                 HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\
                 HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\
                 HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager\
                 HKLM\SYSTEM\CurrentControlSet\Services\lltdsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\lmhosts\
                 HKLM\SYSTEM\CurrentControlSet\Services\LSM\
                 HKLM\SYSTEM\CurrentControlSet\Services\MapsBroker\
                 HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\MSiSCSI\
                 HKLM\SYSTEM\CurrentControlSet\Services\NcaSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\NcbService\
                 HKLM\SYSTEM\CurrentControlSet\Services\NcdAutoSetup\
                 HKLM\SYSTEM\CurrentControlSet\Services\Netman\
                 HKLM\SYSTEM\CurrentControlSet\Services\netprofm\
                 HKLM\SYSTEM\CurrentControlSet\Services\NetSetupSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\NgcCtnrSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\nsi\
                 HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_Session3\
                 HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\p2psvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\PcaSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_Session3\
                 HKLM\SYSTEM\CurrentControlSet\Services\pla\
                 HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\
                 HKLM\SYSTEM\CurrentControlSet\Services\PNRPAutoReg\
                 HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\
                 HKLM\SYSTEM\CurrentControlSet\Services\Power\
                 HKLM\SYSTEM\CurrentControlSet\Services\PrintNotify\
                 HKLM\SYSTEM\CurrentControlSet\Services\ProfSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\QWAVE\
                 HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\
                 HKLM\SYSTEM\CurrentControlSet\Services\RasMan\
                 HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\
                 HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\
                 HKLM\SYSTEM\CurrentControlSet\Services\RetailDemo\
                 HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper\
                 HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\
                 HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\
                 HKLM\SYSTEM\CurrentControlSet\Services\ScDeviceEnum\
                 HKLM\SYSTEM\CurrentControlSet\Services\Schedule\
                 HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\SDRSVC\
                 HKLM\SYSTEM\CurrentControlSet\Services\seclogon\
                 HKLM\SYSTEM\CurrentControlSet\Services\SENS\
                 HKLM\SYSTEM\CurrentControlSet\Services\SensorService\
                 HKLM\SYSTEM\CurrentControlSet\Services\SensrSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv\
                 HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\
                 HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\
                 HKLM\SYSTEM\CurrentControlSet\Services\smphost\
                 HKLM\SYSTEM\CurrentControlSet\Services\SmsRouter\
                 HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\
                 HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\StateRepository\
                 HKLM\SYSTEM\CurrentControlSet\Services\stisvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\StorSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\svsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\swprv\
                 HKLM\SYSTEM\CurrentControlSet\Services\SysMain\
                 HKLM\SYSTEM\CurrentControlSet\Services\SystemEventsBroker\
                 HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService\
                 HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\
                 HKLM\SYSTEM\CurrentControlSet\Services\TermService\
                 HKLM\SYSTEM\CurrentControlSet\Services\Themes\
                 HKLM\SYSTEM\CurrentControlSet\Services\tiledatamodelsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\TimeBroker\
                 HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\
                 HKLM\SYSTEM\CurrentControlSet\Services\UmRdpService\
                 HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_Session3\
                 HKLM\SYSTEM\CurrentControlSet\Services\upnphost\
                 HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_Session3\
                 HKLM\SYSTEM\CurrentControlSet\Services\UserManager\
                 HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\vmicguestinterface\
                 HKLM\SYSTEM\CurrentControlSet\Services\vmicheartbeat\
                 HKLM\SYSTEM\CurrentControlSet\Services\vmickvpexchange\
                 HKLM\SYSTEM\CurrentControlSet\Services\vmicrdv\
                 HKLM\SYSTEM\CurrentControlSet\Services\vmicshutdown\
                 HKLM\SYSTEM\CurrentControlSet\Services\vmictimesync\
                 HKLM\SYSTEM\CurrentControlSet\Services\vmicvmsession\
                 HKLM\SYSTEM\CurrentControlSet\Services\vmicvss\
                 HKLM\SYSTEM\CurrentControlSet\Services\W32Time\
                 HKLM\SYSTEM\CurrentControlSet\Services\w3logsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\
                 HKLM\SYSTEM\CurrentControlSet\Services\WalletService\
                 HKLM\SYSTEM\CurrentControlSet\Services\WAS\
                 HKLM\SYSTEM\CurrentControlSet\Services\WbioSrvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\Wcmsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\wcncsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\WcsPlugInService\
                 HKLM\SYSTEM\CurrentControlSet\Services\WdiServiceHost\
                 HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost\
                 HKLM\SYSTEM\CurrentControlSet\Services\WebClient\
                 HKLM\SYSTEM\CurrentControlSet\Services\Wecsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\
                 HKLM\SYSTEM\CurrentControlSet\Services\wercplsupport\
                 HKLM\SYSTEM\CurrentControlSet\Services\WerSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\WiaRpc\
                 HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\
                 HKLM\SYSTEM\CurrentControlSet\Services\WinRM\
                 HKLM\SYSTEM\CurrentControlSet\Services\WlanSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\workfolderssvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\WPDBusEnum\
                 HKLM\SYSTEM\CurrentControlSet\Services\WpnService\
                 HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\WSService\
                 HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\
                 HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\WwanSvc\
                 HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager\
                 HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave\
                 HKLM\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc\
              Network Ports
                 0.0.0.0:135	
                 0.0.0.0:49409	
                 0.0.0.0:49410	
                 192.168.1.16:65281	23.52.59.27:80
                 192.168.1.16:65283	95.100.97.17:80
                 192.168.1.16:65284	95.100.163.11:80
                 192.168.1.16:65285	95.100.97.41:80

        Comment


        • #5
          knop gevonden GMER

          GMER log.txt

          Comment


          • #6
            Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
            Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
            (hier en hier) kan je lezen hoe je dat doet.

            Download Zoek.exe naar het bureaublad (klik hier voor meer informatie over hoe zoek.exe te gebruiken)
            • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
            • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
            • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
            • Kopieer nu onderstaande code en plak die in het grote invulvenster:
            • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
              Code:
               
              emptyfolderscheck;delete 
              firefoxlook; 
              Chromelook; 
              CHRdefaults;
              autoclean; 
              iedefaults;  
              resetieproxy;
            • Klik nu op de knop "Run script".
            • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
            • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
            • Post het geopende logje in het volgende bericht als bijlage.

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Zoek.exe v5.0.0.0 Updated 04-May-2015
              Tool run by Harma on za 08-08-2015 at 13:46:20,81.
              Microsoft Windows 10 Home 10.0.10240 x64
              Running in: Normal Mode Internet Access Detected
              Launched: C:\Users\Harma\Desktop\zoek.exe [Scan all users] [Script inserted]

              ===== Runcheck 13:48:38,00 =====

              --- Create Environment Variables 13:48:46,96
              --- Create System Restore Point 13:49:32,70
              --- Checking Input 13:49:49,75
              --- AU AppData Check 13:50:47,88
              --- Remove From Windows Installer 13:51:28,66


              nu 14.17
              gaat schijnbaar niet verder?
              Lopen laten

              Comment


              • #8
                Te vroeg gestopt !

                Geduldig wachten aub.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Zoek output.txt

                  Comment


                  • #10
                    Download AdwCleaner by Xplode naar het bureaublad.
                    • Sluit alle openstaande vensters.
                    • Dubbelklik op AdwCleaner om hem te starten.
                    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
                    • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                    • Klik vervolgens op Scannen.
                    • Klik vervolgens op Verwijderen als er items zijn gevonden.
                    • Klik bij Herstarten Noodzakelijk op OK.


                    Nadat de PC opnieuw is opgestart, opent meestal een logfile.
                    Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[S0].txt.

                    Logbestand plaatsen
                    • Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[S0].txt als bijlage toe aan het volgende bericht. .

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      AdwCleaner[S13].txt

                      Comment


                      • #12
                        Hitmanpro starte vanmorgen zelf op en gaf nog steeds dat de C:\WINDOWS\system32\svchost.exe suspicious was.
                        Weet niet of je deze info nodig heb?


                        totale file

                        Code:
                        HitmanPro 3.7.9.242
                        www.hitmanpro.com
                        
                           Computer name . . . . : HARMA-PC
                           Windows . . . . . . . : 6.3.0.9600.X64/4
                           User name . . . . . . : Harma-PC\Harma
                           UAC . . . . . . . . . : Enabled
                           License . . . . . . . : Paid (144 days left)
                        
                           Scan date . . . . . . : 2015-08-09 08:55:45
                           Scan mode . . . . . . : Quick
                           Scan duration . . . . : 11m 11s
                           Disk access mode  . . : Direct disk access (SRB)
                           Cloud . . . . . . . . : Internet
                           Reboot  . . . . . . . : No
                        
                           Threats . . . . . . . : 0
                           Traces  . . . . . . . : 200
                        
                           Objects scanned . . . : 4.611
                           Files scanned . . . . : 4.611
                           Remnants scanned  . . : 0 files / 0 keys
                        
                        Suspicious files ____________________________________________________________
                        
                           C:\WINDOWS\system32\svchost.exe
                              Size . . . . . . . : 39.856 bytes
                              Age  . . . . . . . : 8.6 days (2015-07-31 18:27:34)
                              Entropy  . . . . . : 6.0
                              SHA-256  . . . . . : 8A88E067E89D1DCFCAFD842C0CB7DE5DC7E6754447F2064A2BDF8496B088BD52
                              Product  . . . . . : Microsoft® Windows® Operating System
                              Publisher  . . . . : Microsoft Corporation
                              Description  . . . : Host Process for Windows Services
                              Version  . . . . . : 10.0.10240.16384
                              Copyright  . . . . : © Microsoft Corporation. All rights reserved.
                              RSA Key Size . . . : 2048
                              Service  . . . . . : UserDataSvc_Session2
                              Process Type . . . : Critical
                              LanguageID . . . . : 1033
                              Authenticode . . . : Valid
                              Running processes  : 1136, 1196, 1292, 1328, 1368, 1412, 1504, 1664, 2316, 2428, 2436, 2880, 3240, 3436, 3716, 4724
                              Fuzzy  . . . . . . : 23.0
                                 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
                                 This program is actively listening for inbound network connections.
                                 The file is in use by one or more active processes.
                                 The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
                                 Starts automatically as a service during system bootup.
                                 Time indicates that the file appeared recently on this computer.
                                 This file's process is marked as system critical.
                                 The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
                                 Program is code signed with a valid Authenticode certificate.
                              Startup
                                 HKLM\SYSTEM\ControlSet001\Services\OneSyncSvc_Session2\
                                 HKLM\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_Session2\
                                 HKLM\SYSTEM\ControlSet001\Services\UnistoreSvc_Session2\
                                 HKLM\SYSTEM\ControlSet001\Services\UserDataSvc_Session2\
                                 HKLM\SYSTEM\CurrentControlSet\Services\AJRouter\
                                 HKLM\SYSTEM\CurrentControlSet\Services\AppHostSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\Appinfo\
                                 HKLM\SYSTEM\CurrentControlSet\Services\AppReadiness\
                                 HKLM\SYSTEM\CurrentControlSet\Services\AppXSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\
                                 HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv\
                                 HKLM\SYSTEM\CurrentControlSet\Services\AxInstSV\
                                 HKLM\SYSTEM\CurrentControlSet\Services\BDESVC\
                                 HKLM\SYSTEM\CurrentControlSet\Services\BFE\
                                 HKLM\SYSTEM\CurrentControlSet\Services\BITS\
                                 HKLM\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\
                                 HKLM\SYSTEM\CurrentControlSet\Services\Browser\
                                 HKLM\SYSTEM\CurrentControlSet\Services\BthHFSrv\
                                 HKLM\SYSTEM\CurrentControlSet\Services\bthserv\
                                 HKLM\SYSTEM\CurrentControlSet\Services\CDPSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC\
                                 HKLM\SYSTEM\CurrentControlSet\Services\CoreMessagingRegistrar\
                                 HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch\
                                 HKLM\SYSTEM\CurrentControlSet\Services\DcpSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\defragsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService\
                                 HKLM\SYSTEM\CurrentControlSet\Services\DeviceInstall\
                                 HKLM\SYSTEM\CurrentControlSet\Services\DevQueryBroker\
                                 HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\
                                 HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack\
                                 HKLM\SYSTEM\CurrentControlSet\Services\DmEnrollmentSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\dmwappushservice\
                                 HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\
                                 HKLM\SYSTEM\CurrentControlSet\Services\DoSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\dot3svc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\DPS\
                                 HKLM\SYSTEM\CurrentControlSet\Services\DsmSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\DsSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\Eaphost\
                                 HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode\
                                 HKLM\SYSTEM\CurrentControlSet\Services\EntAppSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\EventLog\
                                 HKLM\SYSTEM\CurrentControlSet\Services\EventSystem\
                                 HKLM\SYSTEM\CurrentControlSet\Services\fdPHost\
                                 HKLM\SYSTEM\CurrentControlSet\Services\FDResPub\
                                 HKLM\SYSTEM\CurrentControlSet\Services\fhsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\FontCache\
                                 HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\hidserv\
                                 HKLM\SYSTEM\CurrentControlSet\Services\HomeGroupListener\
                                 HKLM\SYSTEM\CurrentControlSet\Services\HomeGroupProvider\
                                 HKLM\SYSTEM\CurrentControlSet\Services\icssvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT\
                                 HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\KtmRm\
                                 HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\
                                 HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\
                                 HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager\
                                 HKLM\SYSTEM\CurrentControlSet\Services\lltdsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\lmhosts\
                                 HKLM\SYSTEM\CurrentControlSet\Services\LSM\
                                 HKLM\SYSTEM\CurrentControlSet\Services\MapsBroker\
                                 HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\MSiSCSI\
                                 HKLM\SYSTEM\CurrentControlSet\Services\NcaSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\NcbService\
                                 HKLM\SYSTEM\CurrentControlSet\Services\NcdAutoSetup\
                                 HKLM\SYSTEM\CurrentControlSet\Services\Netman\
                                 HKLM\SYSTEM\CurrentControlSet\Services\netprofm\
                                 HKLM\SYSTEM\CurrentControlSet\Services\NetSetupSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\NgcCtnrSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\nsi\
                                 HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_Session3\
                                 HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\p2psvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\PcaSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_Session3\
                                 HKLM\SYSTEM\CurrentControlSet\Services\pla\
                                 HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay\
                                 HKLM\SYSTEM\CurrentControlSet\Services\PNRPAutoReg\
                                 HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\
                                 HKLM\SYSTEM\CurrentControlSet\Services\Power\
                                 HKLM\SYSTEM\CurrentControlSet\Services\PrintNotify\
                                 HKLM\SYSTEM\CurrentControlSet\Services\ProfSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\QWAVE\
                                 HKLM\SYSTEM\CurrentControlSet\Services\RasAuto\
                                 HKLM\SYSTEM\CurrentControlSet\Services\RasMan\
                                 HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\
                                 HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\
                                 HKLM\SYSTEM\CurrentControlSet\Services\RetailDemo\
                                 HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper\
                                 HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\
                                 HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr\
                                 HKLM\SYSTEM\CurrentControlSet\Services\ScDeviceEnum\
                                 HKLM\SYSTEM\CurrentControlSet\Services\Schedule\
                                 HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\SDRSVC\
                                 HKLM\SYSTEM\CurrentControlSet\Services\seclogon\
                                 HKLM\SYSTEM\CurrentControlSet\Services\SENS\
                                 HKLM\SYSTEM\CurrentControlSet\Services\SensorService\
                                 HKLM\SYSTEM\CurrentControlSet\Services\SensrSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv\
                                 HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\
                                 HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection\
                                 HKLM\SYSTEM\CurrentControlSet\Services\smphost\
                                 HKLM\SYSTEM\CurrentControlSet\Services\SmsRouter\
                                 HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\
                                 HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\StateRepository\
                                 HKLM\SYSTEM\CurrentControlSet\Services\stisvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\StorSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\svsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\swprv\
                                 HKLM\SYSTEM\CurrentControlSet\Services\SysMain\
                                 HKLM\SYSTEM\CurrentControlSet\Services\SystemEventsBroker\
                                 HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService\
                                 HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv\
                                 HKLM\SYSTEM\CurrentControlSet\Services\TermService\
                                 HKLM\SYSTEM\CurrentControlSet\Services\Themes\
                                 HKLM\SYSTEM\CurrentControlSet\Services\tiledatamodelsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\TimeBroker\
                                 HKLM\SYSTEM\CurrentControlSet\Services\TrkWks\
                                 HKLM\SYSTEM\CurrentControlSet\Services\UmRdpService\
                                 HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_Session3\
                                 HKLM\SYSTEM\CurrentControlSet\Services\upnphost\
                                 HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_Session3\
                                 HKLM\SYSTEM\CurrentControlSet\Services\UserManager\
                                 HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\vmicguestinterface\
                                 HKLM\SYSTEM\CurrentControlSet\Services\vmicheartbeat\
                                 HKLM\SYSTEM\CurrentControlSet\Services\vmickvpexchange\
                                 HKLM\SYSTEM\CurrentControlSet\Services\vmicrdv\
                                 HKLM\SYSTEM\CurrentControlSet\Services\vmicshutdown\
                                 HKLM\SYSTEM\CurrentControlSet\Services\vmictimesync\
                                 HKLM\SYSTEM\CurrentControlSet\Services\vmicvmsession\
                                 HKLM\SYSTEM\CurrentControlSet\Services\vmicvss\
                                 HKLM\SYSTEM\CurrentControlSet\Services\W32Time\
                                 HKLM\SYSTEM\CurrentControlSet\Services\w3logsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WalletService\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WAS\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WbioSrvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\Wcmsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\wcncsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WcsPlugInService\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WdiServiceHost\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WebClient\
                                 HKLM\SYSTEM\CurrentControlSet\Services\Wecsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\
                                 HKLM\SYSTEM\CurrentControlSet\Services\wercplsupport\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WerSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WiaRpc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WinRM\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WlanSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\workfolderssvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WPDBusEnum\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WpnService\
                                 HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WSService\
                                 HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\
                                 HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\WwanSvc\
                                 HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager\
                                 HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave\
                                 HKLM\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc\
                              Network Ports
                                 0.0.0.0:135	
                                 0.0.0.0:49409	
                                 0.0.0.0:49410	
                                 192.168.1.16:50884	191.232.139.253:443
                        Last edited by Kram; 09-08-15, 10:06.

                        Comment


                        • #13
                          Wil je zoek.exe nog eens starten en gebruik nu alleen deze code aub.
                          Code:
                          autoclean;

                          Windows 10 opstarten in Veilige Modus

                          Comment


                          • #14
                            zoek verzoek deel 2

                            Hierbij het logje van verzoek voor een 2e ronde retour.
                            PC sloot niet vanzelf af en Zoek kwam steeds weer terug.
                            Na opstarten (2 keer) blijft het uppoppen van het zoek programma achterwege
                            Weet niet of dit waardevolle informatie is of niet.

                            Zoek verzoek 2.txt

                            Comment


                            • #15
                              Download MalwareBytes Anti-Malware bij voorkeur naar het bureaublad.
                              • Dubbelklik op mbam-setup-2.0.exe om de installatie van Malwarebytes Anti-Malware te starten.
                              • Volg de verdere aanwijzingen, de volledige installatieprocedure kunt u nalezen op de volgende link - Malwarebytes Anti-Malware installeren.

                              • Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
                              • Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
                              • De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.
                              • Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
                                • Klik vervolgens op de knop Acties toepassen, bij de melding dat uw computer opnieuw opgestart moet worden klikt u op Nee.
                                • Klik vervolgens op de knop Bekijk gedetailleerd logboek en klik op de knop exporteer en kies de optie tekstbestand (*.txt).
                                • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog en klik vervolgens op de knop Opslaan.
                                • Dit bestand zal standaard op uw bureaublad worden opgeslagen.



                              MalwareBytes' Anti-Malware logbestand plaatsen
                              • Voeg het logbestand wat u zojuist heeft opgeslagen als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in Malwarebytes Anti-Malware bij Historie > Programmalogboeken )

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X