Mededeling

Collapse
No announcement yet.

infectie via smartphone? / malwarebytes anti-expoit

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • infectie via smartphone? / malwarebytes anti-expoit

    eergisteren kreeg ik een melding voor een update voor mijn Huawei smartphone die toen aan de pc hing. Daarna deed mijn smartphone niets meer (enkel het logo van Huawei verschijnt nog op het scherm) maar ook de pc begon heel vreemd te doen: door pagina's scrollen verliep met schokken, pc bleef hangen, software startte niet meer op, verschillende sites verschenen tegelijkertijd (de ene achter de andere met een soort semi-transparantie)
    Malwarebytes gaf 3 keer riskware van Anti-exploit aan. Dat programma heb ik verwijderd.

    Ik deed daarover al een post maar zie nu dat die niet doorgekomen is. De logjes zijn dus van 28 maart maar ik gebruikte de pc niet vanaf toen tot nu.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 28/03/2017
    Scantijd: 16:27
    Logboekbestand: mbmam.txt
    Beheerder: Ja

    Versie: 2.2.1.1043
    Malware-database: v2017.03.28.04
    Rootkit-database: v2017.03.11.01
    Licentie: Gratis
    Malware-bescherming: Uitgeschakeld
    Bescherming tegen kwaadaardige websites: Uitgeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 10
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: Leo

    Scantype: Aangepaste scan
    Resultaat: Voltooid
    Objecten gescand: 679489
    Verstreken tijd: 4 u., 11 min, 45 sec

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaarden: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 3
    RiskWare.Agent.Keygen, C:\Users\Leo\Downloads\Malwarebytes anti-exploit\Keygen.exe, In quarantaine, [93d1874887210630c9fd039bc040b44c],
    RiskWare.Agent.Keygen, C:\Users\Leo\Downloads\Malwarebytes anti-exploit\MalwareBytes.Anti-Exploit.1.04.1.1012.READNFO_KEYGEN-FFF.zip, In quarantaine, [e480923df1b755e136906b3370905ea2],
    RiskWare.Agent.Keygen, C:\Users\Leo\Downloads\Malwarebytes anti-exploit\Malwarebytes.AntiExploit.Premium.1.09.1.1261.rar, In quarantaine, [cb9915ba9d0bdc5affc7d0ce9f612dd3],

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)

    # AdwCleaner v6.045 - Logbestand aangemaakt 28/03/2017 op 21:22:03
    # Bijgewerkt op 28/03/2017 door Malwarebytes
    # Database : 2017-03-28.2 [Server]
    # Besturingssysteem : Windows 10 Home (X64)
    # Gebruikersnaam : Leo - DESKTOP-H2G7JK4
    # Gestart vanuit : C:\Users\Leo\Downloads\adwcleaner_6.045.exe
    # Mode: Scannen
    # Ondersteuning : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    Geen kwaadaardige services gevonden.


    ***** [ Mappen ] *****

    Geen kwaadaardige mappen gevonden.


    ***** [ Bestanden ] *****

    Geen kwaadaardige bestanden gevonden.


    ***** [ DLL ] *****

    Geen kwaadaardige DLLs gevonden.


    ***** [ WMI ] *****

    Geen kwaadaardige sleutels gevonden.


    ***** [ Snelkoppelingen ] *****

    Geen geïnfecteerde snelkoppeling gevonden.


    ***** [ Geplande Taken ] *****

    Geen kwaadaardige taak gevonden.


    ***** [ Register ] *****

    Geen kwaadaardige register waardes gevonden.


    ***** [ Internetbrowsers ] *****

    Geen kwaadaardige op Firefox gebaseerde browser items gevonden.
    Geen kwaadaardige op Chromium gebaseerde browser items gevonden.

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [1749 bytes] - [18/03/2017 16:36:41]
    C:\AdwCleaner\AdwCleaner[S0].txt - [1293 bytes] - [24/01/2017 16:03:36]
    C:\AdwCleaner\AdwCleaner[S10].txt - [2104 bytes] - [26/03/2017 09:05:19]
    C:\AdwCleaner\AdwCleaner[S11].txt - [2178 bytes] - [27/03/2017 21:21:53]
    C:\AdwCleaner\AdwCleaner[S12].txt - [2252 bytes] - [28/03/2017 15:47:38]
    C:\AdwCleaner\AdwCleaner[S13].txt - [1515 bytes] - [28/03/2017 21:22:03]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1372 bytes] - [29/01/2017 16:24:31]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1445 bytes] - [06/02/2017 14:05:04]
    C:\AdwCleaner\AdwCleaner[S3].txt - [1518 bytes] - [16/02/2017 14:27:55]
    C:\AdwCleaner\AdwCleaner[S4].txt - [1591 bytes] - [22/02/2017 22:05:02]
    C:\AdwCleaner\AdwCleaner[S5].txt - [1664 bytes] - [24/02/2017 14:21:49]
    C:\AdwCleaner\AdwCleaner[S6].txt - [1737 bytes] - [14/03/2017 00:23:40]
    C:\AdwCleaner\AdwCleaner[S7].txt - [1948 bytes] - [18/03/2017 16:25:09]
    C:\AdwCleaner\AdwCleaner[S8].txt - [1956 bytes] - [21/03/2017 15:01:54]
    C:\AdwCleaner\AdwCleaner[S9].txt - [2029 bytes] - [25/03/2017 01:21:16]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S13].txt - [2246 bytes] ##########

  • #2
    infectie via smartphone? / malwarebytes anti-expoit

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.14393.953
    Run by Leo at 21:24:15 on 2017-03-28
    Microsoft Windows 10 Home 10.0.14393.0.1252.32.1043.18.12245.9206 [GMT 2:00]
    .
    AV: Kaspersky Total Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Total Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Total Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\system32\dwm.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\WINDOWS\system32\atiesrxx.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\atieclxx.exe
    C:\Windows\System32\WUDFHost.exe
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    C:\Program Files\HitmanPro\hmpsched.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\WINDOWS\System32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe -k utcsvc
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
    C:\Users\Leo\AppData\Roaming\PT\updater.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
    C:\WINDOWS\system32\svchost.exe -k appmodel
    C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\ksm.exe
    C:\WINDOWS\system32\dashost.exe
    C:\WINDOWS\system32\WLANExt.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\WINDOWS\system32\sihost.exe
    C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
    C:\WINDOWS\system32\taskhostw.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\smui.exe
    C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
    C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    C:\Program Files\Tablet\Wacom\WacomHost.exe
    C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
    C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\WINDOWS\system32\SettingSyncHost.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    C:\WINDOWS\system32\fontdrvhost.exe
    C:\PROGRAM FILES (X86)\WESTERN DIGITAL\WD APP MANAGER\PLUGINS\WD BACKUP\App\WDBackupService.exe
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
    C:\WINDOWS\system32\AUDIODG.EXE
    C:\WINDOWS\System32\svchost.exe -k swprv
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.standaard.be/
    uLocal Page = %11%\blank.htm
    BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
    BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
    BHO: Virtual Keyboard Plugin: {6E11DD15-E054-4F89-840D-CD04499407A3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\IEExt\ie_plugin.dll
    BHO: Safe Money Plugin: {CE5452FA-F4B3-4422-BE64-D4B1093F6DFF} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\IEExt\ie_plugin.dll
    BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL
    BHO: Content Blocker Plugin: {D48EC204-5CFE-43FD-8CC9-B4BC8645CD46} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\IEExt\ie_plugin.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    BHO: Kaspersky Password Manager: {F710F7E5-A520-471D-989C-F653AC328FB2} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\ie_engine.dll
    TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
    uRun: [Spotify Web Helper] "C:\Users\Leo\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    uRun: [Spotify] "C:\Users\Leo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    uRun: [kpm.exe] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe" -autoStart
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
    mRun: [WDAppManager] C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe
    mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
    mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    StartupFolder: C:\Users\Leo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INKTWA~1.LNK - C:\WINDOWS\System32\RunDll32.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\KASPER~1.LNK - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    mPolicies-System: DSCAutomationHostEnabled = dword:2
    mPolicies-Windows\System: EnableSmartScreen = dword:0
    IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
    IE: {40AE684B-A1EA-4FF4-8E05-5BCADC4D4DB2} - {270F8CD9-C976-42FD-8F73-608C4A532638} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\ie_toolbar_button.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    TCP: NameServer = 195.130.131.5 195.130.130.5
    TCP: Interfaces\{6e7498c5-e31e-46ad-ba34-0e38fb70c6d0} : DHCPNameServer = 195.130.131.133 195.130.130.5
    TCP: Interfaces\{9baca6b7-3204-469b-ac24-9ff09734e086} : DHCPNameServer = 195.130.131.5 195.130.130.5
    TCP: Interfaces\{ce096b84-6f7a-49cf-9a8e-3133359ce9b3} : DHCPNameServer = 195.130.130.134 195.130.131.134
    TCP: Interfaces\{e0a51f1b-3216-429b-834d-ca444e8d10f2} : DHCPNameServer = 8.8.8.8 8.8.4.4
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
    Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
    Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = ""
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
    x64-BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll
    x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
    x64-BHO: Virtual Keyboard Plugin: {6E11DD15-E054-4F89-840D-CD04499407A3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\x64\IEExt\ie_plugin.dll
    x64-BHO: Safe Money Plugin: {CE5452FA-F4B3-4422-BE64-D4B1093F6DFF} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\x64\IEExt\ie_plugin.dll
    x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL
    x64-BHO: Content Blocker Plugin: {D48EC204-5CFE-43FD-8CC9-B4BC8645CD46} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\x64\IEExt\ie_plugin.dll
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-BHO: Kaspersky Password Manager: {F710F7E5-A520-471D-989C-F653AC328FB2} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\x64\ie_engine.dll
    x64-TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll
    x64-Run: [RtHDVBg_SOUNDEDGE] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SOUNDEDGE
    x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
    x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
    x64-IE: {40AE684B-A1EA-4FF4-8E05-5BCADC4D4DB2} - {270F8CD9-C976-42FD-8F73-608C4A532638} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\x64\ie_toolbar_button.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
    x64-Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
    x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
    x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
    x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
    x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
    x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\3txact8e.default-1476091533538\
    FF - prefs.js: browser.startup.homepage - www.destandaard.be
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office16\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\FFExt\[email protected]\npContentBlocker.dll
    FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\FFExt\[email protected]\npOnlineBanking.dll
    FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\FFExt\[email protected]\npVKPlugin.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
    FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll
    .
    ---- FIREFOX POLICIES ----
    .
    FF - user.js: plugin.state.npcontentblocker - 2
    .
    FF - user.js: plugin.state.nponlinebanking - 2
    .
    FF - user.js: plugin.state.npvkplugin - 2
    .
    FF - user.js: plugin.state.npcontentblocker - 2
    .
    FF - user.js: plugin.state.nponlinebanking - 2
    .
    FF - user.js: plugin.state.npvkplugin - 2
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);C:\WINDOWS\System32\drivers\cm_km.sys [2016-6-10 238936]
    R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-7-29 1462720]
    R0 intelpep;Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing ;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
    R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-9 48992]
    R0 kl1sm;kl1sm;C:\WINDOWS\System32\drivers\kl1sm.sys [2015-10-8 478392]
    R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\WINDOWS\System32\drivers\klbackupdisk.sys [2016-6-8 63920]
    R0 klupd_klif_arkmon;klupd_klif_arkmon;C:\WINDOWS\System32\drivers\klupd_klif_arkmon.sys [2016-12-8 218920]
    R0 klupd_klif_klbg;klupd_klif_klbg;C:\WINDOWS\System32\drivers\klupd_klif_klbg.sys [2016-12-8 104720]
    R0 volume;Volumestuurprogramma;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
    R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
    R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
    R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-8-24 199008]
    R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
    R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
    R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
    R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2016-5-20 27552]
    R1 klbackupflt;Kaspersky Lab klbackupflt;C:\WINDOWS\System32\drivers\klbackupflt.sys [2015-6-27 86352]
    R1 klhk;Kaspersky Lab service driver;C:\WINDOWS\System32\drivers\klhk.sys [2015-11-16 509728]
    R1 KLIFSM;Kaspersky Lab SafeMoney Driver;C:\WINDOWS\System32\drivers\klifsm.sys [2015-12-13 809384]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\WINDOWS\System32\drivers\klim6.sys [2016-6-21 57424]
    R1 klpd;Kaspersky Lab format recognizer driver;C:\WINDOWS\System32\drivers\klpd.sys [2015-6-8 45488]
    R1 klwfp;klwfp;C:\WINDOWS\System32\drivers\klwfp.sys [2015-6-27 85320]
    R1 Klwtp;KLwtp - WFP callout traffic inspector;C:\WINDOWS\System32\drivers\klwtp.sys [2015-6-16 136416]
    R1 Klwtpsm;Klwtpsm;C:\WINDOWS\System32\drivers\klwtpsm.sys [2015-10-8 99720]
    R1 kneps;kneps;C:\WINDOWS\System32\drivers\kneps.sys [2015-6-23 199392]
    R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-10-25 744640]
    R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-8-20 2227312]
    R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2017-1-27 299544]
    R2 AVP17.0.0;Kaspersky Anti-Virus-service 17.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [2016-6-28 241544]
    R2 CDPUserSvc_43ab7;CDPUserSvc_43ab7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
    R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
    R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
    R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
    R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2016-9-29 135496]
    R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-9-28 31776]
    R2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-7-11 223520]
    R2 kldisk;kldisk;C:\WINDOWS\System32\drivers\kldisk.sys [2015-6-6 78216]
    R2 KSDE1.0.0;Kaspersky Secure Connection Service 1.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [2016-6-28 241544]
    R2 KSM3.5.0;Kaspersky Fraud Prevention for Endpoint Service 3.5.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\ksm.exe [2015-10-8 194000]
    R2 OneSyncSvc_43ab7;Host synchroniseren_43ab7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
    R2 PornTime Updater;PornTime Updater;C:\Users\Leo\AppData\Roaming\PT\updater.exe [2016-9-17 165888]
    R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2016-5-20 310016]
    R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
    R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
    R2 Unchecky;Unchecky;C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [2016-4-30 304408]
    R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
    R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-30 119648]
    R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
    R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2016-1-14 308088]
    R2 WpnService;Systeemservice voor Windows Push Notifications;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
    R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2015-11-21 730304]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2016-3-1 101376]
    R3 klflt;Kaspersky Lab Kernel DLL;C:\WINDOWS\System32\drivers\klflt.sys [2015-11-16 196376]
    R3 klfltsm;Kaspersky Lab SafeMoney Kernel DLL;C:\WINDOWS\System32\drivers\klfltsm.sys [2015-12-13 159960]
    R3 klids;klids;C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [2016-11-14 182360]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\WINDOWS\System32\drivers\klkbdflt.sys [2015-6-6 52136]
    R3 klkbdfltsm;Kaspersky Lab KLKBDFLTSM;C:\WINDOWS\System32\drivers\klkbdfltsm.sys [2015-10-8 40304]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\System32\drivers\klmouflt.sys [2015-6-7 41656]
    R3 kltap;Kaspersky Security Data Escort Adapter;C:\WINDOWS\System32\drivers\kltap.sys [2016-6-7 52152]
    R3 klupd_klif_klark;klupd_klif_klark;C:\WINDOWS\System32\drivers\klupd_klif_klark.sys [2016-12-8 245512]
    R3 klupd_klif_mark;klupd_klif_mark;C:\WINDOWS\System32\drivers\klupd_klif_mark.sys [2016-12-8 164888]
    R3 LicenseManager;Service voor Windows-licentiebeheer ;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
    R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
    R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
    R3 PimIndexMaintenanceSvc_43ab7;Contact Data_43ab7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
    R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-5-20 936192]
    R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\WINDOWS\System32\drivers\rtwlane.sys [2017-2-1 6294016]
    R3 SmsRouter;Microsoft Windows SMS Router-service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
    R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
    R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
    R3 UEFI;Microsoft UEFI-stuurprogramma;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
    R3 UnistoreSvc_43ab7;User Data Storage_43ab7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
    R3 UserDataSvc_43ab7;User Data Access_43ab7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
    R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-14 719872]
    R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
    S0 klelam;klelam;C:\WINDOWS\System32\drivers\klelam.sys [2016-3-31 28792]
    S2 CDPSvc;Service Platform voor verbonden apparaten;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
    S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
    S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
    S3 AcpiDev;Stuurprogramma voor ACPI-apparaten;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
    S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
    S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
    S3 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmafd.sys [2016-8-18 49448]
    S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
    S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
    S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
    S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
    S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
    S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
    S3 buttonconverter;Service voor Portable Device Control-apparaten;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
    S3 CapImg;HID-stuurprogramma voor CapImg-touchscreen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
    S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
    S3 cht4vbd;Chelsio virtuele-busstuurprogramma;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
    S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
    S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
    S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
    S3 diagnosticshub.standardcollector.service;Microsoft(R) Diagnostics Hub Standard Collector-service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
    S3 DmEnrollmentSvc;Registratieservice voor Apparaatbeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
    S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
    S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
    S3 embeddedmode;Ingesloten modus;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
    S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
    S3 EyeOneDisplay;EyeOneDisplay;C:\WINDOWS\System32\drivers\i1display_x64.sys [2016-4-11 7808]
    S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
    S3 genericusbfn;Algemene USB-functieklasse;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
    S3 hidinterrupt;Algemeen stuurprogramma voor HID-knoppen waarvoor interrupts zijn geïmplementeerd;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
    S3 hidkmdf;KMDF Driver;C:\WINDOWS\System32\drivers\hidkmdf.sys [2015-11-21 14016]
    S3 HvHost;HV-hostservice;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
    S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
    S3 iai2c;Intel(R) Serial IO I2C-hostcontroller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
    S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
    S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C-stuurprogramma v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
    S3 iaLPSSi_GPIO;Stuurprogramma van Intel(R) Serial IO GPIO-controller;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
    S3 iaLPSSi_I2C;Stuurprogramma voor Intel(R) Serial IO I2C-controller;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
    S3 iaStorAV;Intel(R) SATA RAID-controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
    S3 ibbus;Mellanox InfiniBand Bus/AL (filterstuurprogramma);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
    S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
    S3 IndirectKmd;Indirecte weergave kernelmodusstuurprogramma;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
    S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
    S3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
    S3 klupd_klif_kimul;klupd_klif_kimul;C:\WINDOWS\System32\drivers\klupd_klif_kimul.sys [2017-3-14 87584]
    S3 klvssbrigde64;klvssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [2016-6-28 77328]
    S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
    S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
    S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
    S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
    S3 MessagingService_43ab7;MessagingService_43ab7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
    S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
    S3 ndfltr;NetworkDirect-service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
    S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
    S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
    S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
    S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2015-7-31 242864]
    S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]

    Comment


    • #3
      infectie vai smartphone?

      S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
      S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
      S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
      S3 RetailDemo;Retaildemoservice;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 Revoflt;Revoflt;C:\WINDOWS\System32\drivers\revoflt.sys [2016-5-15 40240]
      S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUStor.sys [2015-1-7 263896]
      S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      S3 scmbus;Microsoft-stuurprogramma voor geheugenbus opslagklasse;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
      S3 scmdisk0101;Microsoft-stuurprogramma voor NVDIMM-N-schijven;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
      S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-14 1312768]
      S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
      S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
      S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-30 81760]
      S3 storufs;Microsoft Universal Flash Storage (UFS)-stuurprogramma;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
      S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
      S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
      S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
      S3 UcmUcsi;UCSI-client van USB-connectorbeheer;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
      S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
      S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
      S3 UfxChipidea;Chipidea USB-controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
      S3 ufxsynopsys;Synopsys USB-controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
      S3 UrsChipidea;Stuurprogramma voor Chipidea USB Role-Switch;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
      S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
      S3 UrsSynopsys;Stuurprogramma voor Synopsys USB Role-Switch;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
      S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 vhf;Virtual HID Framework (VHF)-stuurprogramma;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
      S3 vmgid;Microsoft Hyper-V-stuurprogramma voor de gastinfrastructuur;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
      S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
      S3 WacHidRouter;Wacom Hid Router;C:\WINDOWS\System32\drivers\wachidrouter.sys [2015-11-21 103616]
      S3 wacomrouterfilter;Wacom Router Filter Driver;C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [2015-11-21 15040]
      S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
      S3 WD Backup Drive Helper;WD Backup Drive Helper;C:\Windows\SysWOW64\dllhost.exe [2016-7-16 19808]
      S3 WD Backup Snapshot;WD Backup Snapshot;C:\Windows\SysWOW64\dllhost.exe [2016-7-16 19808]
      S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2015-11-12 26880]
      S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
      S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
      S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
      S3 WinMad;WinMad-service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
      S3 WinVerbs;WinVerbs-service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
      S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
      S3 WpnUserService_43ab7;Windows Push Notification-gebruikersservice_43ab7;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
      S3 XblAuthManager;Xbox Live-verificatiebeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 XblGameSave;Games opslaan op Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-14 258560]
      S3 XboxNetApiSvc;Netwerkservice van Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-1 43520]
      S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
      S4 tzautoupdate;Updater van automatische tijdzone;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
      .
      =============== Created Last 30 ================
      .
      2017-03-23 21:36:20 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsignd9e2754a37032bd3
      2017-03-23 21:33:06 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign0a0aa2a70e3d55ed
      2017-03-23 21:32:50 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign4dd4986a90836359
      2017-03-23 21:31:59 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsigna75e0b98a7b34deb
      2017-03-21 19:07:16 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsignfa0ac6b65aa5978a
      2017-03-21 19:04:34 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign1b8bd9c24ff8163e
      2017-03-20 20:37:23 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign2a609dc0e4e6d562
      2017-03-20 20:36:56 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign33ea695c930f434c
      2017-03-20 20:36:42 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign064a0e89683dc03b
      2017-03-20 09:55:14 -------- d-----w- C:\WINDOWS\LastGood.Tmp
      2017-03-19 20:56:42 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign3edcf288e60641ea
      2017-03-19 20:27:59 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign6d949dbb625f627a
      2017-03-19 19:24:46 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign401f13d8e2aa3be9
      2017-03-19 19:24:26 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsigneba0b6ff30bac72d
      2017-03-18 22:59:22 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign0c0fd2feab25375d
      2017-03-18 22:33:42 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign6335addff0e1b1a7
      2017-03-18 22:31:00 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign040912d9ee217a3c
      2017-03-15 18:37:18 547352 ----a-w- C:\WINDOWS\System32\Rapidfire64.dll
      2017-03-15 18:37:18 478744 ----a-w- C:\WINDOWS\SysWow64\Rapidfire.dll
      2017-03-15 18:37:18 45584 ----a-w- C:\WINDOWS\System32\RapidFireServer64.dll
      2017-03-15 18:37:18 43032 ----a-w- C:\WINDOWS\SysWow64\RapidFireServer.dll
      2017-03-15 18:37:16 29720 ----a-w- C:\WINDOWS\SysWow64\detoured.dll
      2017-03-15 18:37:16 29720 ----a-w- C:\WINDOWS\System32\detoured.dll
      2017-03-15 18:37:12 951824 ----a-w- C:\WINDOWS\SysWow64\atiadlxx.dll
      2017-03-15 18:37:12 121880 ----a-w- C:\WINDOWS\System32\OpenCL.dll
      2017-03-15 18:37:12 112664 ----a-w- C:\WINDOWS\SysWow64\OpenCL.dll
      2017-03-15 11:22:12 527816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\minidump-analyzer.exe
      2017-03-14 21:59:44 -------- d-----w- C:\ProgramData\Comms
      2017-03-14 20:48:59 497152 ----a-w- C:\WINDOWS\SysWow64\LogonController.dll
      2017-03-14 20:42:20 903680 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
      2017-03-14 20:41:54 8169536 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
      2017-03-14 20:40:59 583680 ----a-w- C:\WINDOWS\System32\PrintDialogs.dll
      2017-03-14 20:39:58 730624 ----a-w- C:\WINDOWS\System32\clusapi.dll
      2017-03-14 20:38:45 557400 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
      2017-03-14 20:38:45 258560 ----a-w- C:\WINDOWS\System32\drivers\xboxgip.sys
      2017-03-14 10:38:04 87584 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_kimul.sys
      2017-03-11 21:00:43 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign9405a68241c152c8
      2017-03-11 20:59:40 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign05b83c1807a6814e
      2017-03-11 20:55:37 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign2e500de59b2d6949
      2017-03-08 22:12:18 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsignfebe77708083e531
      2017-03-08 22:01:13 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign806a14c0343618e6
      2017-03-06 21:47:25 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsigndd92ea7db6137cfc
      2017-03-06 21:21:28 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign6fb521fb5661ddcf
      2017-03-04 22:20:58 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign51cc3c4a7bb66c29
      2017-03-04 22:12:50 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign1f16dcc9f2c726ca
      2017-03-04 22:12:26 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign7f48bd4555053c6e
      2017-03-04 22:11:20 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign9e7b0f8d27ffe468
      2017-03-04 22:01:07 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsigne5d4198d288a8184
      2017-03-04 22:00:04 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign493733c7a7434bed
      2017-03-04 22:00:02 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign8041c02271a8f7d5
      2017-03-04 21:59:54 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsignab6ad7b93de40a20
      2017-03-04 21:59:50 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign899f922c7c7d860b
      2017-03-04 21:59:46 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign23dc0d59edf4f686
      2017-03-04 21:59:43 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign62c3476d659a02a5
      2017-03-04 21:58:36 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsignfea9dbd9180688bf
      2017-03-04 16:57:56 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsignf82edbe396cd53c8
      2017-03-04 16:57:38 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign6a9413c71528469c
      2017-03-03 22:26:30 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsignc78ba797c892b30a
      2017-03-03 22:17:48 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsigna1cc59617cd2f262
      2017-03-03 21:27:46 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign2d246334eac3532a
      2017-03-03 21:25:21 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign01fc8717e6604217
      2017-03-02 20:28:33 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsigne88b78b0caf55e7b
      2017-03-02 20:28:25 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsignaa01c51804fa7e2f
      2017-03-02 19:22:00 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign49c648db5ed66930
      2017-03-01 19:36:18 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsignf5a7c3b396d45c3f
      2017-03-01 16:12:19 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsigna42897606b54ab6b
      2017-03-01 16:08:18 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign54bdb9af483d8e2b
      2017-02-28 19:49:39 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsigndf040938f8744e3e
      2017-02-28 19:44:58 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign23edc6dc8262f90e
      2017-02-28 19:43:10 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign6fb14304c5beb074
      2017-02-27 20:16:51 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign3a94e59bab118d73
      2017-02-27 20:12:38 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign536fb1d6c98c3960
      2017-02-26 20:48:38 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign9b580c23bdfdd90e
      2017-02-26 20:48:18 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsignba2f9f5a6d4a4141
      2017-02-26 20:16:37 -------- d-----w- C:\Users\Leo\AppData\Local\Tempzxpsign0d4b72f0e0dc0e57
      .
      ==================== Find3M ====================
      .
      2017-03-28 19:17:56 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
      2017-03-28 19:10:09 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
      2017-03-15 11:26:52 199392 ----a-w- C:\WINDOWS\System32\drivers\kneps.sys
      2017-03-15 11:26:52 196376 ----a-w- C:\WINDOWS\System32\drivers\klflt.sys
      2017-03-15 11:26:52 136416 ----a-w- C:\WINDOWS\System32\drivers\klwtp.sys
      2017-03-15 11:26:33 509728 ----a-w- C:\WINDOWS\System32\drivers\klhk.sys
      2017-03-10 05:17:56 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
      2017-03-10 05:17:56 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
      2017-03-04 07:57:44 192352 ----a-w- C:\WINDOWS\SysWow64\aepic.dll
      2017-03-04 07:57:43 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
      2017-03-04 07:57:40 484584 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
      2017-03-04 07:40:53 965472 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
      2017-03-04 07:35:25 142176 ----a-w- C:\WINDOWS\System32\acmigration.dll
      2017-03-04 07:35:25 1294688 ----a-w- C:\WINDOWS\System32\aeinv.dll
      2017-03-04 07:35:22 86368 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
      2017-03-04 07:35:22 655200 ----a-w- C:\WINDOWS\System32\generaltel.dll
      2017-03-04 07:35:22 565088 ----a-w- C:\WINDOWS\System32\devinv.dll
      2017-03-04 07:35:22 343904 ----a-w- C:\WINDOWS\System32\invagent.dll
      2017-03-04 07:35:22 1617760 ----a-w- C:\WINDOWS\System32\appraiser.dll
      2017-03-04 07:35:21 378720 ----a-w- C:\WINDOWS\System32\atmfd.dll
      2017-03-04 07:35:21 242528 ----a-w- C:\WINDOWS\System32\aepic.dll
      2017-03-04 07:35:15 590952 ----a-w- C:\WINDOWS\System32\AudioSes.dll
      2017-03-04 07:35:09 38240 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
      2017-03-04 07:35:09 315232 ----a-w- C:\WINDOWS\System32\dcntel.dll
      2017-03-04 07:27:09 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
      2017-03-04 07:26:53 794416 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
      2017-03-04 07:25:44 1117024 ----a-w- C:\WINDOWS\System32\ReAgent.dll
      2017-03-04 07:24:33 90976 ----a-w- C:\WINDOWS\System32\drivers\IPMIDrv.sys
      2017-03-04 07:24:33 354264 ----a-w- C:\WINDOWS\System32\systemreset.exe
      2017-03-04 07:24:27 108384 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
      2017-03-04 07:24:23 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
      2017-03-04 07:24:20 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
      2017-03-04 07:24:05 2186896 ----a-w- C:\WINDOWS\System32\hevcdecoder.dll
      2017-03-04 07:24:04 2482280 ----a-w- C:\WINDOWS\System32\msmpeg2vdec.dll
      2017-03-04 07:23:13 2512304 ----a-w- C:\WINDOWS\System32\WMVDECOD.DLL
      2017-03-04 07:22:41 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll
      2017-03-04 07:22:22 1354312 ----a-w- C:\WINDOWS\System32\winload.efi
      2017-03-04 07:22:22 1172984 ----a-w- C:\WINDOWS\System32\winload.exe
      2017-03-04 07:22:21 7786336 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
      2017-03-04 07:21:04 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
      2017-03-04 07:20:52 379744 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
      2017-03-04 07:20:50 128352 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
      2017-03-04 07:19:11 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
      2017-03-04 07:19:02 2049480 ----a-w- C:\WINDOWS\System32\wmpmde.dll
      2017-03-04 07:18:48 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
      2017-03-04 07:18:47 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
      2017-03-04 07:18:27 118624 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
      2017-03-04 07:17:22 409952 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
      2017-03-04 07:15:25 63328 ----a-w- C:\WINDOWS\System32\drivers\dam.sys
      2017-03-04 07:15:14 404320 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
      2017-03-04 07:15:08 1000280 ----a-w- C:\WINDOWS\System32\SecConfig.efi
      2017-03-04 07:13:27 635456 ----a-w- C:\WINDOWS\System32\ci.dll
      2017-03-04 07:11:48 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
      2017-03-04 07:11:41 266544 ----a-w- C:\WINDOWS\System32\policymanager.dll
      2017-03-04 07:10:08 360040 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
      2017-03-04 07:10:08 2828384 ----a-w- C:\WINDOWS\System32\d3d11.dll
      2017-03-04 07:10:01 2189664 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
      2017-03-04 07:08:59 130912 ----a-w- C:\WINDOWS\System32\drivers\storahci.sys
      2017-03-04 07:08:20 342456 ----a-w- C:\WINDOWS\System32\wintrust.dll
      2017-03-04 07:08:18 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
      2017-03-04 07:08:17 509280 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
      2017-03-04 07:08:07 450400 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys
      2017-03-04 07:08:02 223584 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys
      2017-03-04 07:07:58 682808 ----a-w- C:\WINDOWS\System32\wer.dll
      2017-03-04 07:07:57 2446704 ----a-w- C:\WINDOWS\System32\msxml6.dll
      2017-03-04 07:07:56 80224 ----a-w- C:\WINDOWS\System32\drivers\vmbkmcl.sys
      2017-03-04 07:07:54 110944 ----a-w- C:\WINDOWS\System32\drivers\hvsocket.sys
      2017-03-04 07:07:30 432992 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
      2017-03-04 07:07:28 1267512 ----a-w- C:\WINDOWS\System32\WinTypes.dll
      2017-03-04 07:07:24 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
      2017-03-04 07:07:22 116064 ----a-w- C:\WINDOWS\System32\icfupgd.dll
      2017-03-04 07:07:21 947552 ----a-w- C:\WINDOWS\System32\hvloader.efi
      2017-03-04 07:07:19 989016 ----a-w- C:\WINDOWS\System32\hvax64.exe
      2017-03-04 07:07:18 811872 ----a-w- C:\WINDOWS\System32\hvloader.exe
      2017-03-04 07:07:14 2913144 ----a-w- C:\WINDOWS\System32\combase.dll
      2017-03-04 07:06:36 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
      2017-03-04 07:04:33 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
      2017-03-04 07:04:24 1362512 ----a-w- C:\WINDOWS\SysWow64\wmpmde.dll
      2017-03-04 07:04:03 1063472 ----a-w- C:\WINDOWS\System32\mfds.dll
      2017-03-04 07:01:57 137936 ----a-w- C:\WINDOWS\System32\AuthHost.exe
      2017-03-04 07:01:53 128648 ----a-w- C:\WINDOWS\System32\gpapi.dll
      2017-03-04 07:01:52 201568 ----a-w- C:\WINDOWS\System32\basecsp.dll
      2017-03-04 06:59:01 1570208 ----a-w- C:\WINDOWS\System32\gdi32full.dll
      2017-03-04 06:58:58 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
      2017-03-04 06:58:58 322912 ----a-w- C:\WINDOWS\System32\input.dll
      2017-03-04 06:58:49 1416224 ----a-w- C:\WINDOWS\System32\msctf.dll
      2017-03-04 06:57:36 2536288 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
      2017-03-04 06:57:26 372432 ----a-w- C:\WINDOWS\System32\Windows.Media.MediaControl.dll
      2017-03-04 06:57:17 387872 ----a-w- C:\WINDOWS\System32\wmpps.dll
      2017-03-04 06:56:04 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
      2017-03-04 06:56:03 248992 ----a-w- C:\WINDOWS\SysWow64\policymanager.dll
      2017-03-04 06:54:12 2277288 ----a-w- C:\WINDOWS\SysWow64\d3d11.dll
      2017-03-04 06:54:03 524776 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
      2017-03-04 06:53:38 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
      2017-03-04 06:53:33 136032 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostUser.dll
      2017-03-04 06:53:19 781152 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
      2017-03-04 06:53:19 5722320 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
      2017-03-04 06:53:11 493912 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
      2017-03-04 06:53:08 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
      2017-03-04 06:53:07 313568 ----a-w- C:\WINDOWS\SysWow64\wlanapi.dll
      .
      ============= FINISH: 21:24:53,59 ===============

      Comment


      • #4
        infectie via smartphone?

        GMER 2.2.19882 - http://www.gmer.net
        Rootkit scan 2017-03-28 21:50:48
        Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 ST1000DM003-1ER162 rev.HP51 931,51GB
        Running: 2y5gfj6r.exe; Driver: C:\Users\Leo\AppData\Local\Temp\kfndaaow.sys


        ---- Threads - GMER 2.2 ----

        Thread C:\WINDOWS\system32\csrss.exe [732:996] ffffaf661a136c20
        Thread C:\WINDOWS\system32\svchost.exe [1596:3788] 00007ffd1c6e1240
        Thread C:\WINDOWS\system32\svchost.exe [1596:3792] 00007ffd1a86a3b0
        Thread C:\WINDOWS\system32\svchost.exe [1596:3812] 00007ffd1a4125e0
        Thread C:\WINDOWS\system32\svchost.exe [1596:5876] 00007ffd17b43bc0
        Thread C:\WINDOWS\system32\backgroundTaskHost.exe [10188:11072] 00007ffcfedec320
        Thread C:\WINDOWS\system32\backgroundTaskHost.exe [10188:10796] 00007ffd278ccc60
        Thread C:\WINDOWS\system32\backgroundTaskHost.exe [10188:7496] 00007ffd1e39e010
        Thread C:\WINDOWS\system32\backgroundTaskHost.exe [10188:828] 00007ffd28412a50

        ---- Services - GMER 2.2 ----

        Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] CDPUserSvc_43ab7 <-- ROOTKIT !!!
        Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] MessagingService_43ab7 <-- ROOTKIT !!!
        Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] OneSyncSvc_43ab7 <-- ROOTKIT !!!
        Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] PimIndexMaintenanceSvc_43ab7 <-- ROOTKIT !!!
        Service C:\WINDOWS\System32\svchost.exe (*** hidden *** ) [MANUAL] UnistoreSvc_43ab7 <-- ROOTKIT !!!
        Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] UserDataSvc_43ab7 <-- ROOTKIT !!!
        Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [MANUAL] WpnUserService_43ab7 <-- ROOTKIT !!!

        ---- Registry - GMER 2.2 ----

        Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\[email protected] 0xF5 0xBE 0x4D 0xFC ...
        Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\[email protected] 0xC3 0x3E 0x3B 0xA2 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\[email protected] 0xF5 0xBE 0x4D 0xFC ...
        Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\[email protected] 0xC3 0x3E 0x3B 0xA2 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\[email protected] 60
        Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\DELF011H735H9CA0L7L_32_07D9_E3^B [email protected] 0xDB 0xE0 0x56 0xFD ...
        Reg HKLM\SYSTEM\CurrentControlSet\Control\[email protected] 1052
        Reg HKLM\SYSTEM\CurrentControlSet\Control\Session [email protected] \??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\cleanup.old??\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware??\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.old??\??\C:\Users\Leo\AppData\Local\Temp\_iu14D2N.tmp??
        Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\[email protected] -1490998393
        Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal [email protected] 1f256792-cd5b-4edf-82d7-9c426b9
        Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\[email protected] \BaseNamedObjects\WDI_{035043c3-0893-40bb-bd35-7f2fb96a86e0}
        Reg HKLM\SYSTEM\CurrentControlSet\Services\ASP.NET_4.0.30319\[email protected] eKORL1NH9RbtApI9TEJnPSxySDkT0XHlBGWYqaLGoJBTOJUZODAETnCoDtILCBRQ98ne0utRgJPykHT5J 1408
        Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 224
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] CDPUserSvc_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\cdpusersvc.dll,-101
        Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_43ab7\Security
        Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_43ab7\[email protected] 0x01 0x00 0x14 0x80 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{0e5cf8d9-3d4f-43d9-b303-07ee8464a1e8}@LastProbeTime 1490735444
        Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\Messagin[email protected] 224
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] MessagingService_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\MessagingService.dll,-101
        Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_43ab7\Security
        Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_43ab7\[email protected] 0x01 0x00 0x14 0x80 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_43ab7\TriggerInfo
        Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_43ab7\TriggerInfo\0
        Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_43ab7\TriggerInfo\[email protected] 7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_43ab7\TriggerInfo\[email protected] 1
        Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_43ab7\TriggerInfo\[email protected] 0x16 0x28 0x7A 0x2D ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_43ab7\TriggerInfo\[email protected] 0x75 0x18 0xBC 0xA3 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_43ab7\TriggerInfo\[email protected] 1
        Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 224
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Host synchroniseren_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\APHostRes.dll,-10001
        Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_43ab7\Security
        Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_43ab7\[email protected] 0x01 0x00 0x04 0x80 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 224
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Contact Data_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\UserDataAccessRes.dll,-15000
        Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_43ab7\Security
        Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_43ab7\[email protected] 0x01 0x00 0x04 0x80 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\[email protected] 6
        Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\[email protected] 1
        Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\[email protected] ?di?, ?mrt ?28 ?17, 09:17:29???????????????????????????????????
        Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\[email protected] 0
        Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 9814
        Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 1404
        Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\[email protected] 59
        Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9baca6b7-3204-469b-ac24-9ff09734e086}@LeaseObtainedTime 1490728243
        Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9baca6b7-3204-469b-ac24-9ff09734e086}@T1 1490730043
        Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9baca6b7-3204-469b-ac24-9ff09734e086}@T2 1490731393
        Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9baca6b7-3204-469b-ac24-9ff09734e086}@LeaseTerminatesTime 1490731843
        Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9baca6b7-3204-469b-ac24-9ff09734e086}@Dhcpv6InformationObtainedTime 1490728243
        Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 224
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] User Data Storage_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\UserDataAccessRes.dll,-10002
        Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_43ab7\Security
        Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_43ab7\[email protected] 0x01 0x00 0x04 0x80 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 224
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] User Data Access_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\UserDataAccessRes.dll,-14000
        Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_43ab7\Security
        Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_43ab7\[email protected] 0x01 0x00 0x04 0x80 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x60 0x4B 0xD9 0xDC ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x60 0xB3 0x9D 0x3E ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x60 0xE3 0x14 0x7B ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] List 19374 19380 19390 19400 19420 19464 19474 19512 19518 19534
        Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Counter 19540
        Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Help 19541
        Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Counter 19374
        Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\[email protected] Help 19375
        Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 224
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Windows Push Notification-gebruikersservice_43ab7
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0x80 0x51 0x01 0x00 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] @%SystemRoot%\system32\WpnUserService.dll,-2
        Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_43ab7\Security
        Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_43ab7\[email protected] 0x01 0x00 0x04 0x80 ...
        Reg HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_43ab7
        Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\[email protected] 0x64 0x62 0x03 0x00 ...
        Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\[email protected] 0x64 0x62 0x03 0x00 ...
        Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\ UUID:0BEBC200-00C8-1000-87C7-5085697AAA05\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\[email protected] 0x64 0x62 0x04 0x00 ...
        Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\ UUID:0BEBC200-00C8-1000-87C7-5085697AAA05\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\[email protected] 0x64 0x62 0x04 0x00 ...
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 1085
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{5fdc6b2f-be82-11e5-9191-2c337a5e1b68}
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{5fdc6b2f-be82-11e5-9191-2c337a5e1b68}@Drive Type 1
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{5fdc6b2f-be82-11e5-9191-2c337a5e1b68}@IsImapiDataBurnSupported 0
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{5fdc6b2f-be82-11e5-9191-2c337a5e1b68}@Active 1
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\[email protected] 13
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] Time 0xD4 0x63 0xB4 0x19 ...
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] DrainTime 0xD4 0x63 0xB4 0x19 ...
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] me 0xD4 0x63 0xB4 0x19 ...
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] ime 0xD4 0x63 0xB4 0x19 ...
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] st 0xEE 0x66 0xEC 0xC2 ...
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\windows.immersivecontr olpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\windows.immersivecontr [email protected]ckageMoniker windows.immersivecontrolpanel_cw5n1h2txyewy
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\windows.immersivecontr [email protected]pabilities 1536
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\windows.immersivecontr [email protected]plicationType 268435456
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\windows.immersivecontr [email protected]gistrationType 0
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\[email protected] 0x6C 0xA8 0x87 0xB5 ...
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{737653C2-2072-442B-A669-740DB15F8F39}@LastAccessedTime 0x70 0xC1 0x1A 0x4E ...
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{737653C2-2072-442B-A669-740DB15F8F39}@LaunchCount 52
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{956D4661-04B9-44DF-90F5-370DBD1BA155}
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{956D4661-04B9-44DF-90F5-370DBD1BA155}@LastAccessedTime 0x40 0xA7 0xBC 0x83 ...
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{956D4661-04B9-44DF-90F5-370DBD1BA155}@AppId {6D809377-6AF0-444B-8957-A3773F02200E}\Microsoft Office\Office16\POWERPNT.EXE
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{956D4661-04B9-44DF-90F5-370DBD1BA155}@LaunchCount 1
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{D89167D0-F310-4601-8189-51C1CE136AD9}@LastAccessedTime 0x80 0x0F 0x01 0x38 ...
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{D89167D0-F310-4601-8189-51C1CE136AD9}@LaunchCount 14
        Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\[email protected] 0

        ---- Disk sectors - GMER 2.2 ----

        Disk \Device\Harddisk0\DR0 unknown MBR code

        ---- EOF - GMER 2.2 ----

        Comment


        • #5
          Download de 32 of 64 bit versie van HitmanPro naar het bureaublad.
          Klik hier voor een uitgebreide handleiding van HitmanPro.
          • Houd de linker CTRL toets ingedrukt en dubbelklik op "HitmanPro36.exe" om de "Force Breach" te starten en klik op "volgende" als HitmanPro de processen heeft geblokkeerd.
          • Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
          • Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
          • Als de scan klaar is klik je op "volgende"
          • Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
          • Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
          • Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
            Post dit logje.
          • Klik nu op de knop "Herstarten".

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Code:
            HitmanPro 3.7.12.253
            www.hitmanpro.com
            
               Computer name . . . . : DESKTOP-H2G7JK4
               Windows . . . . . . . : 10.0.0.14393.X64/8
               User name . . . . . . : DESKTOP-H2G7JK4\Leo
               UAC . . . . . . . . . : Enabled
               License . . . . . . . : Paid (255 days left)
            
               Scan date . . . . . . : 2017-03-31 11:29:01
               Scan mode . . . . . . : Normal
               Scan duration . . . . : 5m 51s
               Disk access mode  . . : Direct disk access (SRB)
               Cloud . . . . . . . . : Internet
               Reboot  . . . . . . . : No
            
               Threats . . . . . . . : 0
               Traces  . . . . . . . : 0
            
               Objects scanned . . . : 2*293*211
               Files scanned . . . . : 78*602
               Remnants scanned  . . : 577*452 files / 1*637*157 keys

            Comment


            • #7
              Ziet er niet naar uit dat uw pc besmet is ?

              Download de Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links
              Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

              Farbar Recovery Scan Tool uitvoeren
              • Dubbelklik op FRST.exe om de tool te starten.
              • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
              • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
              • Druk vervolgens op de Scan knop, er zal nu eerst een back-up van het register worden gemaakt.
              • Wanneer de scan gereed is worden er twee logbestanden aangemaakt met de naam (FRST.txt) & (Addition.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
              • Voeg beide logbestanden als bijlage toe aan het volgende bericht.

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Geen infectie?
                De pc loopt nu wel vlotter alhoewel hij terug bleef hangen na de scan met Farbar Recovery. Misschien deels opgelost door het verwijderen van de riskware van Malwarebytes anti-exploit?

                In bijlage toch de logjes van Farbar Recovery
                Bijgevoegde Bestanden

                Comment


                • #9
                  Start de Farbar Recovery Scan Tool nogmaals.
                  • Download fixlist.txt uit de bijlage naar het bureaublad, waar ook FRST.exe aanwezig is.
                  • Dubbelklik op FRST.exe om de tool te starten.
                  • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
                  • Druk op de Fix knop
                  • Er zal u een logbestand aangemaakt worden (fixlog.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
                  • Voeg dit logbestand als bijlage toe aan het volgende bericht..
                  Bijgevoegde Bestanden

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    fixlog zit in bijlage.

                    tussenstand: smartphone nog steeds dood (enkel hawei logo te zien) / surfen gaat vlotter / prullenbak legen; downloads en documenten mappen openen duurt 2 tot 3 minuten (groene inladende vooruitgangsbalk).
                    Bijgevoegde Bestanden

                    Comment


                    • #11
                      Voor die telefoon van huawei zal je even naar een dealer moeten gaan denk ik.

                      of even hiermee contact maken? http://consumer.huawei.com/nl/contact-us/index.htm

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        Voor die smartphone ga ik naar de dealer, ik vermeldde het nog even omdat ik vermoed dat de problemen ontstaan zijn via een update van de phone.

                        Nu zijn ook de mappen 'downloads' en documenten' vlot te openen.
                        Ik denk dat ik dit topic mag afsluiten tenzij u nog opmerkingen heeft ?

                        Comment


                        • #13
                          Als er verder geen problemen zijn gaan we afronden.

                          * De gebruikte tools en logbestanden opruimen.
                          Download "Delfix by Xplode" hier of hier.

                          Start de tool middels dubbelklik.
                          Zet nu vinkjes voor de volgende items:
                          • Remove disinfection tools
                          • Create registry backup

                          Klik op Run en wacht geduldig tot de tool gereed is.
                          De tool maakt een logbestand. Dit hoeft u niet te plaatsen.

                          * Pas op bij het downloaden en installeren van programma's.
                          Bestanden downloaden via de website 'softonic.com' en 'cnet.com' kan je beter vermijden aangezien deze vaak voorzien zijn van extra ongewenste software.
                          Tijdens het installeren van programma's goed opletten of er extra, onnodige software meegeïnstalleerd wordt, zoals toolbars, extensies, plug-ins of browsers.
                          Deze extra software staat standaard aangevinkt en kan je zonder problemen uitvinken.

                          Bescherming tegen ongewenste software.

                          Unchecky voorkomt installatie van ongewenste software

                          Dubbelklik op het installatiebestand unchecky_setup.exe om de installatie te starten.
                          In het scherm wat nu verschijnt kunt u voor meer opties kiezen, op deze manier kunt u zelf de locatie instellen waar Unchecky geïnstalleerd dien te worden.
                          Klik vervolgens op de knop Install om Unchecky te installeren.
                          Wanneer de installatie van Unchecky gereed is klikt u op Finish.
                          Start na de installatie wel even de computer opnieuw op, dit om de wijzigingen in het hostsbestand van Windows door te voeren.



                          Misschien ook beter om Hitmanproalert te installeren. Alert
                          Uitleg hieronder.
                          Uitleg

                          Windows 10 opstarten in Veilige Modus

                          Comment


                          • #14
                            Ik denk dat alles weer vlot draait.
                            Hitmanproalert: gaat dit niet interfereren met Kapersky ?

                            U bent stevig bedankt voor de hulp !

                            Comment


                            • #15
                              Nee hoor, dat is een stand- allone

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X