Tweet
Bij het openen van eerder welke browser , openen er steeds andere web paginas waaronder 18+
Malwarebytes Anti-Malware
Scandatum: 11/06/2017
Scantijd: 9:54
Logboekbestand: mwblog.txt
Beheerder: Ja
Versie: 2.2.0.1024
Malware-database: v2017.06.11.01
Rootkit-database: v2017.05.27.01
Licentie: Gratis
Malware-bescherming: Uitgeschakeld
Bescherming tegen kwaadaardige websites: Uitgeschakeld
Zelfbescherming: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Eigenaar
Scantype: Aangepaste scan
Resultaat: Voltooid
Objecten gescand: 519687
Verstreken tijd: 2 u., 38 min, 38 sec
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(Geen kwaadaardige items gedetecteerd)
Modules: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
Registerwaarden: 0
(Geen kwaadaardige items gedetecteerd)
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
Mappen: 0
(Geen kwaadaardige items gedetecteerd)
Bestanden: 6
Adware.ICLoader, D:\Users\Eigenaar\Downloads\Dallas_2012_Season_3_DVDRip.exe, In quarantaine, [6a83ab921d8cce6803167416c13ff20e],
PUP.Optional.InstallCore, D:\Users\Eigenaar\Downloads\mkvcodec_setup.msi, In quarantaine, [638a3409a2071620605a8b55cf3102fe],
PUP.Optional.FriedCookie, D:\Users\Eigenaar\Downloads\download.exe, In quarantaine, [965792ab941553e3da7c1615748fe21e],
Adware.InstallMonster, D:\Users\Eigenaar\Downloads\sara shepard true lies.exe, In quarantaine, [88657fbefcada3934a8bc9ef748cdd23],
PUP.Optional.Yontoo, D:\Users\Eigenaar\Downloads\YourDownload.exe, In quarantaine, [ea034fee1f8a73c357650f7e03fee917],
PUP.Optional.Amonetize, D:\Users\Eigenaar\Downloads\adele+25+mp3.ace, In quarantaine, [7a7373caf9b066d09e1812a5817f1ee2],
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
(end)
# AdwCleaner v6.047 - Logbestand aangemaakt 11/06/2017 op 13:00:26
# Bijgewerkt op 19/05/2017 door Malwarebytes
# Database : 2017-06-10.1 [Server]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (X64)
# Gebruikersnaam : Eigenaar - SYSARPC
# Gestart vanuit : D:\Users\Eigenaar\Desktop\adwcleaner_6.047.exe
# Mode: Verwijderen
# Ondersteuning : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Mappen ] *****
[-] Map verwijderd: C:\ProgramData\{361aa5ed-1c84-e885-361a-aa5ed1c897b4}
[-] Map verwijderd: C:\ProgramData\{a3644e60-a1d7-5ee8-a364-44e60a1d3982}
[-] Map verwijderd: C:\ProgramData\Allmyapps
[#] Map verwijderd tijdens herstart: C:\ProgramData\Application Data\Allmyapps
[-] Map verwijderd: C:\Program Files (x86)\myfree codec
[-] Map verwijderd: C:\Program Files (x86)\TerminusSubs
[-] Map verwijderd: C:\Program Files (x86)\Zebar
***** [ Bestanden ] *****
[-] Bestand verwijderd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
[-] Bestand verwijderd: C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bkbpfdkbpbckgkcelkfjjhepmdcdmahi_0.localstorage
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Snelkoppelingen ] *****
[-] Snelkoppeling gedesinfecteerd: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[-] Snelkoppeling gedesinfecteerd: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Snelkoppeling gedesinfecteerd: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Snelkoppeling gedesinfecteerd: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
***** [ Geplande Taken ] *****
***** [ Register ] *****
[-] Sleutel verwijderd: HKLM\SOFTWARE\ede07bd5-8aad-b539-3f6a-0305f288e91b
[-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}
[#] Sleutel verwijderd tijdens herstart: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}_is1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
[#] Sleutel verwijderd tijdens herstart: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}_is1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}
[#] Sleutel verwijderd tijdens herstart: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}_is1
[-] Sleutel verwijderd: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Registry Helper Service
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Registry Helper Service
[#] Sleutel verwijderd tijdens herstart: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\registry helper service
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\registry helper service
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Codejock.SkinFramework.12.1.1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Codejock.SkinFrameworkGlobalSettings.12.1.1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\speedupmypc
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\Codejock.SkinFramework.12.1.1
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\Codejock.SkinFrameworkGlobalSettings.12.1.1
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\speedupmypc
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Interface\{128507E0-C56F-43C0-BCF1-8193B35FE4C4}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Interface\{40217CB8-4463-4030-B324-AC6A8075FEC8}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Interface\{63C40CBE-DE43-4B56-BCEB-E14B825CF245}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Interface\{AFA0E6A1-28D7-4F2C-87A7-7266367B4655}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\TypeLib\{BD0C1912-66C3-49CC-8B12-7B347BF6C846}
[-] Sleutel verwijderd: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Sleutel verwijderd: HKU\S-1-5-21-3609329212-1892986672-2351453482-1000\Software\Conduit
[-] Sleutel verwijderd: HKU\S-1-5-21-3609329212-1892986672-2351453482-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Sleutel verwijderd: HKU\S-1-5-21-3609329212-1892986672-2351453482-1000\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[#] Sleutel verwijderd tijdens herstart: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Sleutel verwijderd tijdens herstart: HKCU\Software\Conduit
[#] Sleutel verwijderd tijdens herstart: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Sleutel verwijderd tijdens herstart: HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Sleutel verwijderd: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Sleutel verwijderd: HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Conduit
[-] Sleutel verwijderd: HKLM\SOFTWARE\Uniblue
[#] Sleutel verwijderd tijdens herstart: HKLM\SOFTWARE\Uniblue\DriverScanner
[#] Sleutel verwijderd tijdens herstart: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Conduit
[#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Sleutel verwijderd: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3609329212-1892986672-2351453482-1000\Products\7A4217FD08507B642834C8BF29F458A1
[-] Sleutel verwijderd: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Sleutel verwijderd: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38D D4
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Sleutel verwijderd: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[#] Sleutel verwijderd tijdens herstart: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
***** [ Browsers ] *****
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: askwebsearch
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: dts.search.ask.com
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: search.conduit.com
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: conduit.search
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: dts.search-results.com
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: eu.ask.com
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: ask.com
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: isearch.avg.com
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default] [extension] Verwijderd: bkbpfdkbpbckgkcelkfjjhepmdcdmahi
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default] [extension] Verwijderd: dmocchgkijnbjdjkmlglaemjhhdiobbp
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default] [extension] Verwijderd: lmnbobhffedhdhfpcjkjphcfpeeiocdn
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default] [homepage] Verwijderd: hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MEAEDF735-9382-462B-B3DF-27E714746DB3&SearchSource=55&CUI=&UM=5&UP=SP62F905E9-BC51-4BF4-8F87-56F6ED39F4BA&SSPV=
*************************
:: "Tracing" sleutels verwijderd
:: Winsock instellingen gereset
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [12293 bytes] - [11/06/2017 13:00:26]
C:\AdwCleaner\AdwCleaner[S0].txt - [13066 bytes] - [11/06/2017 13:00:05]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12441 bytes] ##########
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18666 BrowserJavaVersion: 11.91.2
Run by Eigenaar at 13:04:50 on 2017-06-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8145.5350 [GMT 2:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
D:\games\maffia\Steam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\games\maffia\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nieuws.vtm.be/stadion/poll-wie-heeft-de-beste-supporters
uSearch Bar = hxxp://www.bing.com/search?q={searchTerms}
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}
mStart Page = www.google.com
uSearchAssistant = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [HP ENVY 5530 series (NET)] "C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN4BL460NZ067B:NW" -scfn "HP ENVY 5530 series (NET)" -AutoStart 1
uRun: [Dropbox Update] "C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [GameShadow] C:\Program Files (x86)\GameShadow\GameShadow.exe /q
uRun: [Steam] "D:\games\maffia\steam.exe" -silent
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Eigenaar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 195.130.130.4 195.130.131.4
TCP: Interfaces\{47A844C4-0FB4-40B7-BFB5-283980FE8E4A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BDF70A13-7FFF-4148-928A-37AF21225D35} : DHCPNameServer = 195.130.130.4 195.130.131.4
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\w0c4r2qm.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/?ref=tn_tnmn
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-5-20 632168]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-5-20 28008]
R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2014-5-20 20464]
R1 aswbidsdriver;aswbidsdriver;C:\Windows\System32\drivers\aswbidsdrivera.sys [2017-3-18 311808]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2016-7-12 32600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-5-20 1007160]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-5-20 569192]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-20 128648]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-5-20 158880]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-5-10 263304]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-5-20 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-2 1513784]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2014-7-15 786256]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-5-10 7346208]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2016-3-1 104976]
R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2014-5-20 370672]
R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2014-5-20 791024]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-2 25816]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-5-7 901848]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Device Service;C:\Windows\System32\drivers\XtuAcpiDriver.sys [2016-11-22 54344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-3-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-3-26 125064]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-2 1135416]
S3 A38CCID;CCID USB Smart Card Reader;C:\Windows\System32\drivers\a38ccid.sys [2016-11-28 77832]
S3 aswHwid;aswHwid;C:\Windows\System32\drivers\aswHwid.sys [2014-5-20 38296]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2014-12-27 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-5-12 116224]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-2 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-7 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-7 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-7 30208]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-7 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-06-11 11:04:24 -------- d-----w- C:\ProgramData\SWCUTemp
2017-06-11 10:58:25 -------- d-----w- C:\AdwCleaner
2017-05-12 19:12:39 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Skype
.
==================== Find3M ====================
.
2017-06-11 11:03:51 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2017-05-12 18:37:54 158880 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2017-05-10 06:37:47 75704 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2017-05-10 06:37:47 38296 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2017-05-10 06:37:47 339696 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2017-05-10 06:37:47 128648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2017-05-10 06:37:47 101152 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2017-05-10 06:37:43 32600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2017-05-10 06:37:43 1007160 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2017-05-10 06:37:42 49016 ----a-w- C:\Windows\System32\drivers\aswbuniva.sys
2017-05-10 06:37:42 334576 ----a-w- C:\Windows\System32\drivers\aswbloga.sys
2017-05-10 06:37:42 311808 ----a-w- C:\Windows\System32\drivers\aswbidsdrivera.sys
2017-05-10 06:37:42 190256 ----a-w- C:\Windows\System32\drivers\aswbidsha.sys
2017-05-09 09:14:02 803320 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-05-09 09:14:02 144888 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-04-28 01:14:59 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-04-28 01:14:09 706792 ----a-w- C:\Windows\System32\winload.efi
2017-04-28 01:14:08 5547240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-04-28 01:14:05 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-04-28 01:14:05 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-04-28 01:11:49 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-04-28 01:09:59 44032 ----a-w- C:\Windows\System32\csrsrv.dll
2017-04-28 00:36:36 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-04-28 00:36:36 3945192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-04-28 00:34:21 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-04-28 00:19:29 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-04-28 00:19:26 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-04-28 00:19:25 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-04-28 00:18:44 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-04-28 00:15:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-04-28 00:14:54 296960 ----a-w- C:\Windows\System32\rstrui.exe
2017-04-28 00:12:14 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-04-28 00:11:40 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-04-28 00:11:38 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-04-28 00:11:35 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-04-28 00:10:56 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-04-28 00:10:53 112640 ----a-w- C:\Windows\System32\smss.exe
2017-04-28 00:08:07 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2017-04-28 00:08:06 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2017-04-28 00:08:06 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2017-04-28 00:08:05 2048 ----a-w- C:\Windows\SysWow64\user.exe
2017-04-28 00:07:21 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2017-04-28 00:07:13 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2017-04-28 00:07:13 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-28 00:07:13 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-28 00:07:13 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2017-04-26 14:59:15 3220992 ----a-w- C:\Windows\System32\win32k.sys
2017-04-21 15:34:00 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2017-04-21 15:15:28 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2017-04-17 15:37:31 512000 ----a-w- C:\Windows\System32\rpcss.dll
2017-04-17 15:37:29 876544 ----a-w- C:\Windows\System32\oleaut32.dll
2017-04-17 15:37:29 26112 ----a-w- C:\Windows\System32\oleres.dll
2017-04-17 15:37:29 2065408 ----a-w- C:\Windows\System32\ole32.dll
2017-04-17 15:37:20 8704 ----a-w- C:\Windows\System32\comcat.dll
2017-04-17 15:12:24 581632 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2017-04-17 15:12:24 26112 ----a-w- C:\Windows\SysWow64\oleres.dll
2017-04-17 15:12:24 1417728 ----a-w- C:\Windows\SysWow64\ole32.dll
2017-04-17 14:54:48 7168 ----a-w- C:\Windows\SysWow64\comcat.dll
2017-04-16 09:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-04-16 09:16:46 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-04-16 08:57:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-04-16 08:55:41 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-04-16 08:55:24 417792 ----a-w- C:\Windows\System32\html.iec
2017-04-16 08:54:52 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-04-16 08:54:39 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-04-16 08:37:33 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-04-16 08:37:32 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-04-16 08:36:53 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-04-16 08:25:51 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-04-16 08:19:51 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-04-16 08:18:59 5977600 ----a-w- C:\Windows\System32\jscript9.dll
2017-04-16 08:11:22 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-04-16 08:10:56 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-04-16 08:02:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-04-16 08:01:42 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-04-16 08:01:40 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-04-16 08:01:20 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-04-16 08:00:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-04-16 07:47:30 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-04-16 07:46:56 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-04-16 07:37:51 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-04-16 07:37:40 2132992 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-04-16 07:30:01 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-04-16 07:29:28 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-04-16 07:08:57 2057216 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-04-16 07:08:30 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-04-16 07:08:11 4548608 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-04-16 07:04:52 3241472 ----a-w- C:\Windows\System32\wininet.dll
2017-04-16 06:37:47 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-04-12 15:32:24 229376 ----a-w- C:\Windows\System32\wintrust.dll
2017-04-12 15:32:10 190976 ----a-w- C:\Windows\System32\cryptsvc.dll
2017-04-12 15:32:10 1483776 ----a-w- C:\Windows\System32\crypt32.dll
2017-04-12 15:32:10 141824 ----a-w- C:\Windows\System32\cryptnet.dll
2017-04-12 15:26:12 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
2017-04-12 15:25:04 145920 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2017-04-12 15:25:04 1176064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2017-04-12 15:25:04 106496 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2017-04-07 15:34:43 986856 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2017-04-07 15:34:43 265448 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2017-04-07 15:30:55 405504 ----a-w- C:\Windows\System32\gdi32.dll
.
============= FINISH: 13:05:02,51 ===============
Malwarebytes Anti-Malware
Scandatum: 11/06/2017
Scantijd: 9:54
Logboekbestand: mwblog.txt
Beheerder: Ja
Versie: 2.2.0.1024
Malware-database: v2017.06.11.01
Rootkit-database: v2017.05.27.01
Licentie: Gratis
Malware-bescherming: Uitgeschakeld
Bescherming tegen kwaadaardige websites: Uitgeschakeld
Zelfbescherming: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Eigenaar
Scantype: Aangepaste scan
Resultaat: Voltooid
Objecten gescand: 519687
Verstreken tijd: 2 u., 38 min, 38 sec
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(Geen kwaadaardige items gedetecteerd)
Modules: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
Registerwaarden: 0
(Geen kwaadaardige items gedetecteerd)
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
Mappen: 0
(Geen kwaadaardige items gedetecteerd)
Bestanden: 6
Adware.ICLoader, D:\Users\Eigenaar\Downloads\Dallas_2012_Season_3_DVDRip.exe, In quarantaine, [6a83ab921d8cce6803167416c13ff20e],
PUP.Optional.InstallCore, D:\Users\Eigenaar\Downloads\mkvcodec_setup.msi, In quarantaine, [638a3409a2071620605a8b55cf3102fe],
PUP.Optional.FriedCookie, D:\Users\Eigenaar\Downloads\download.exe, In quarantaine, [965792ab941553e3da7c1615748fe21e],
Adware.InstallMonster, D:\Users\Eigenaar\Downloads\sara shepard true lies.exe, In quarantaine, [88657fbefcada3934a8bc9ef748cdd23],
PUP.Optional.Yontoo, D:\Users\Eigenaar\Downloads\YourDownload.exe, In quarantaine, [ea034fee1f8a73c357650f7e03fee917],
PUP.Optional.Amonetize, D:\Users\Eigenaar\Downloads\adele+25+mp3.ace, In quarantaine, [7a7373caf9b066d09e1812a5817f1ee2],
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
(end)
# AdwCleaner v6.047 - Logbestand aangemaakt 11/06/2017 op 13:00:26
# Bijgewerkt op 19/05/2017 door Malwarebytes
# Database : 2017-06-10.1 [Server]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (X64)
# Gebruikersnaam : Eigenaar - SYSARPC
# Gestart vanuit : D:\Users\Eigenaar\Desktop\adwcleaner_6.047.exe
# Mode: Verwijderen
# Ondersteuning : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Mappen ] *****
[-] Map verwijderd: C:\ProgramData\{361aa5ed-1c84-e885-361a-aa5ed1c897b4}
[-] Map verwijderd: C:\ProgramData\{a3644e60-a1d7-5ee8-a364-44e60a1d3982}
[-] Map verwijderd: C:\ProgramData\Allmyapps
[#] Map verwijderd tijdens herstart: C:\ProgramData\Application Data\Allmyapps
[-] Map verwijderd: C:\Program Files (x86)\myfree codec
[-] Map verwijderd: C:\Program Files (x86)\TerminusSubs
[-] Map verwijderd: C:\Program Files (x86)\Zebar
***** [ Bestanden ] *****
[-] Bestand verwijderd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
[-] Bestand verwijderd: C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bkbpfdkbpbckgkcelkfjjhepmdcdmahi_0.localstorage
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Snelkoppelingen ] *****
[-] Snelkoppeling gedesinfecteerd: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[-] Snelkoppeling gedesinfecteerd: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Snelkoppeling gedesinfecteerd: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Snelkoppeling gedesinfecteerd: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk
[-] Snelkoppeling gedesinfecteerd: C:\Users\Eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
***** [ Geplande Taken ] *****
***** [ Register ] *****
[-] Sleutel verwijderd: HKLM\SOFTWARE\ede07bd5-8aad-b539-3f6a-0305f288e91b
[-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}
[#] Sleutel verwijderd tijdens herstart: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}_is1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
[#] Sleutel verwijderd tijdens herstart: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}_is1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}
[#] Sleutel verwijderd tijdens herstart: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}_is1
[-] Sleutel verwijderd: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Registry Helper Service
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Registry Helper Service
[#] Sleutel verwijderd tijdens herstart: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\registry helper service
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\registry helper service
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Codejock.SkinFramework.12.1.1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Codejock.SkinFrameworkGlobalSettings.12.1.1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\speedupmypc
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\Codejock.SkinFramework.12.1.1
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\Codejock.SkinFrameworkGlobalSettings.12.1.1
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Sleutel verwijderd tijdens herstart: [x64] HKLM\SOFTWARE\Classes\speedupmypc
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Interface\{128507E0-C56F-43C0-BCF1-8193B35FE4C4}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Interface\{40217CB8-4463-4030-B324-AC6A8075FEC8}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Interface\{63C40CBE-DE43-4B56-BCEB-E14B825CF245}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Interface\{AFA0E6A1-28D7-4F2C-87A7-7266367B4655}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\TypeLib\{BD0C1912-66C3-49CC-8B12-7B347BF6C846}
[-] Sleutel verwijderd: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Sleutel verwijderd: HKU\S-1-5-21-3609329212-1892986672-2351453482-1000\Software\Conduit
[-] Sleutel verwijderd: HKU\S-1-5-21-3609329212-1892986672-2351453482-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Sleutel verwijderd: HKU\S-1-5-21-3609329212-1892986672-2351453482-1000\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[#] Sleutel verwijderd tijdens herstart: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Sleutel verwijderd tijdens herstart: HKCU\Software\Conduit
[#] Sleutel verwijderd tijdens herstart: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Sleutel verwijderd tijdens herstart: HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Sleutel verwijderd: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Sleutel verwijderd: HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Conduit
[-] Sleutel verwijderd: HKLM\SOFTWARE\Uniblue
[#] Sleutel verwijderd tijdens herstart: HKLM\SOFTWARE\Uniblue\DriverScanner
[#] Sleutel verwijderd tijdens herstart: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\Conduit
[#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Sleutel verwijderd tijdens herstart: [x64] HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Sleutel verwijderd: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3609329212-1892986672-2351453482-1000\Products\7A4217FD08507B642834C8BF29F458A1
[-] Sleutel verwijderd: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Sleutel verwijderd: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38D D4
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Sleutel verwijderd: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[#] Sleutel verwijderd tijdens herstart: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
[-] Sleutel verwijderd: HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
***** [ Browsers ] *****
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: askwebsearch
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: dts.search.ask.com
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: search.conduit.com
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: conduit.search
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: dts.search-results.com
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: eu.ask.com
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: ask.com
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Verwijderd: isearch.avg.com
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default] [extension] Verwijderd: bkbpfdkbpbckgkcelkfjjhepmdcdmahi
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default] [extension] Verwijderd: dmocchgkijnbjdjkmlglaemjhhdiobbp
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default] [extension] Verwijderd: lmnbobhffedhdhfpcjkjphcfpeeiocdn
[-] [C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default] [homepage] Verwijderd: hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MEAEDF735-9382-462B-B3DF-27E714746DB3&SearchSource=55&CUI=&UM=5&UP=SP62F905E9-BC51-4BF4-8F87-56F6ED39F4BA&SSPV=
*************************
:: "Tracing" sleutels verwijderd
:: Winsock instellingen gereset
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [12293 bytes] - [11/06/2017 13:00:26]
C:\AdwCleaner\AdwCleaner[S0].txt - [13066 bytes] - [11/06/2017 13:00:05]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12441 bytes] ##########
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18666 BrowserJavaVersion: 11.91.2
Run by Eigenaar at 13:04:50 on 2017-06-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8145.5350 [GMT 2:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
D:\games\maffia\Steam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\games\maffia\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nieuws.vtm.be/stadion/poll-wie-heeft-de-beste-supporters
uSearch Bar = hxxp://www.bing.com/search?q={searchTerms}
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}
mStart Page = www.google.com
uSearchAssistant = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [HP ENVY 5530 series (NET)] "C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN4BL460NZ067B:NW" -scfn "HP ENVY 5530 series (NET)" -AutoStart 1
uRun: [Dropbox Update] "C:\Users\Eigenaar\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [GameShadow] C:\Program Files (x86)\GameShadow\GameShadow.exe /q
uRun: [Steam] "D:\games\maffia\steam.exe" -silent
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Eigenaar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 195.130.130.4 195.130.131.4
TCP: Interfaces\{47A844C4-0FB4-40B7-BFB5-283980FE8E4A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BDF70A13-7FFF-4148-928A-37AF21225D35} : DHCPNameServer = 195.130.130.4 195.130.131.4
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\w0c4r2qm.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/?ref=tn_tnmn
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-5-20 632168]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-5-20 28008]
R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2014-5-20 20464]
R1 aswbidsdriver;aswbidsdriver;C:\Windows\System32\drivers\aswbidsdrivera.sys [2017-3-18 311808]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2016-7-12 32600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-5-20 1007160]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-5-20 569192]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-20 128648]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-5-20 158880]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-5-10 263304]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-5-20 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-2 1513784]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2014-7-15 786256]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-5-10 7346208]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2016-3-1 104976]
R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2014-5-20 370672]
R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2014-5-20 791024]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-2 25816]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-5-7 901848]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Device Service;C:\Windows\System32\drivers\XtuAcpiDriver.sys [2016-11-22 54344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-3-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-3-26 125064]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-2 1135416]
S3 A38CCID;CCID USB Smart Card Reader;C:\Windows\System32\drivers\a38ccid.sys [2016-11-28 77832]
S3 aswHwid;aswHwid;C:\Windows\System32\drivers\aswHwid.sys [2014-5-20 38296]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2014-12-27 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-5-12 116224]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-2 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-7 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-7 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-7 30208]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-7 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-06-11 11:04:24 -------- d-----w- C:\ProgramData\SWCUTemp
2017-06-11 10:58:25 -------- d-----w- C:\AdwCleaner
2017-05-12 19:12:39 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Skype
.
==================== Find3M ====================
.
2017-06-11 11:03:51 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2017-05-12 18:37:54 158880 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2017-05-10 06:37:47 75704 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2017-05-10 06:37:47 38296 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2017-05-10 06:37:47 339696 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2017-05-10 06:37:47 128648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2017-05-10 06:37:47 101152 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2017-05-10 06:37:43 32600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2017-05-10 06:37:43 1007160 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2017-05-10 06:37:42 49016 ----a-w- C:\Windows\System32\drivers\aswbuniva.sys
2017-05-10 06:37:42 334576 ----a-w- C:\Windows\System32\drivers\aswbloga.sys
2017-05-10 06:37:42 311808 ----a-w- C:\Windows\System32\drivers\aswbidsdrivera.sys
2017-05-10 06:37:42 190256 ----a-w- C:\Windows\System32\drivers\aswbidsha.sys
2017-05-09 09:14:02 803320 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-05-09 09:14:02 144888 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-04-28 01:14:59 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-04-28 01:14:09 706792 ----a-w- C:\Windows\System32\winload.efi
2017-04-28 01:14:08 5547240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-04-28 01:14:05 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-04-28 01:14:05 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-04-28 01:11:49 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-04-28 01:09:59 44032 ----a-w- C:\Windows\System32\csrsrv.dll
2017-04-28 00:36:36 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-04-28 00:36:36 3945192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-04-28 00:34:21 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-04-28 00:19:29 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-04-28 00:19:26 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-04-28 00:19:25 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-04-28 00:18:44 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-04-28 00:15:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-04-28 00:14:54 296960 ----a-w- C:\Windows\System32\rstrui.exe
2017-04-28 00:12:14 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-04-28 00:11:40 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-04-28 00:11:38 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-04-28 00:11:35 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-04-28 00:10:56 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-04-28 00:10:53 112640 ----a-w- C:\Windows\System32\smss.exe
2017-04-28 00:08:07 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2017-04-28 00:08:06 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2017-04-28 00:08:06 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2017-04-28 00:08:05 2048 ----a-w- C:\Windows\SysWow64\user.exe
2017-04-28 00:07:21 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2017-04-28 00:07:13 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2017-04-28 00:07:13 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-28 00:07:13 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-28 00:07:13 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2017-04-26 14:59:15 3220992 ----a-w- C:\Windows\System32\win32k.sys
2017-04-21 15:34:00 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2017-04-21 15:15:28 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2017-04-17 15:37:31 512000 ----a-w- C:\Windows\System32\rpcss.dll
2017-04-17 15:37:29 876544 ----a-w- C:\Windows\System32\oleaut32.dll
2017-04-17 15:37:29 26112 ----a-w- C:\Windows\System32\oleres.dll
2017-04-17 15:37:29 2065408 ----a-w- C:\Windows\System32\ole32.dll
2017-04-17 15:37:20 8704 ----a-w- C:\Windows\System32\comcat.dll
2017-04-17 15:12:24 581632 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2017-04-17 15:12:24 26112 ----a-w- C:\Windows\SysWow64\oleres.dll
2017-04-17 15:12:24 1417728 ----a-w- C:\Windows\SysWow64\ole32.dll
2017-04-17 14:54:48 7168 ----a-w- C:\Windows\SysWow64\comcat.dll
2017-04-16 09:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-04-16 09:16:46 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-04-16 08:57:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-04-16 08:55:41 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-04-16 08:55:24 417792 ----a-w- C:\Windows\System32\html.iec
2017-04-16 08:54:52 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-04-16 08:54:39 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-04-16 08:37:33 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-04-16 08:37:32 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-04-16 08:36:53 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-04-16 08:25:51 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-04-16 08:19:51 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-04-16 08:18:59 5977600 ----a-w- C:\Windows\System32\jscript9.dll
2017-04-16 08:11:22 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-04-16 08:10:56 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-04-16 08:02:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-04-16 08:01:42 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-04-16 08:01:40 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-04-16 08:01:20 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-04-16 08:00:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-04-16 07:47:30 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-04-16 07:46:56 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-04-16 07:37:51 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-04-16 07:37:40 2132992 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-04-16 07:30:01 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-04-16 07:29:28 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-04-16 07:08:57 2057216 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-04-16 07:08:30 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-04-16 07:08:11 4548608 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-04-16 07:04:52 3241472 ----a-w- C:\Windows\System32\wininet.dll
2017-04-16 06:37:47 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-04-12 15:32:24 229376 ----a-w- C:\Windows\System32\wintrust.dll
2017-04-12 15:32:10 190976 ----a-w- C:\Windows\System32\cryptsvc.dll
2017-04-12 15:32:10 1483776 ----a-w- C:\Windows\System32\crypt32.dll
2017-04-12 15:32:10 141824 ----a-w- C:\Windows\System32\cryptnet.dll
2017-04-12 15:26:12 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
2017-04-12 15:25:04 145920 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2017-04-12 15:25:04 1176064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2017-04-12 15:25:04 106496 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2017-04-07 15:34:43 986856 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2017-04-07 15:34:43 265448 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2017-04-07 15:30:55 405504 ----a-w- C:\Windows\System32\gdi32.dll
.
============= FINISH: 13:05:02,51 ===============
Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links
=> [X]
"Delfix by Xplode" 
Comment