Vervuilers en constant openende pagina's

[Karl D]

Beste,

De laptop van de kinderen loopt niet best meer.

Graag bijstand om de boel opnieuw vlot te laten lopen.

In bijlage wat logjes

log _1.txt

Alvast bedankt

AdwCleaner[S0] _1.txt

[Gast Emphyrio]

Hoi Karl D en welkom op PC Helpforum,

Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:

.

• Log enkel in als beheerder met alle rechten.
  
• Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
  
• Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
  
• Als je iets niet weet of verstaat, vraag het dan even aub.
  
• Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
  
• Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons.

.

Opmerking: Alle tools steeds uitvoeren als admin.

De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

Stap 1:

Malware scannen en verwijderen....

Installeer MBAM 2.0 (info & download link)

Start MBAM.

Klik bovenin het scherm van Malwarebytes Anti-Malware op Scan.

Kies in het scherm voor de bedreigingsscan en klik vervolgens op de knop Scan nu.

Voor het scannen wordt er altijd eerst automatisch gecontroleerd of er updates van de virusdefinities beschikbaar zijn,

indien er een update beschikbaar is, moet je deze eerst laten installeren.

Wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijg je hier een overzicht van.

Selecteer om allen in quarantaine te plaatsen.

Bij de melding dat uw computer opnieuw opgestart moet worden klik je op Ja.

Na herstart van de PC, indien Malwarebytes heeft gevraagd om de PC opnieuw op te starten, open Malwarebytes opnieuw.

Klik op de Historie knop bovenaan in het menu.

Klik vervolgens op de optie programmalogboeken en selecteer het Scanlogboek dat je wilt exporteren.

Dit is de laatste scan die je hebt gedaan (kan je zien aan de datum en tijd).

Selecteer deze om te bekijken.

In een nieuw venster dat zal openen zal je de resultaten van je scan zien.

Onderaan, selecteer ofwel om te exporteren als tekstbestand en geef het tekstbestand een naam, bijvoorbeeld mbamlog.

Ofwel kan je selecteren om te kopieren naar het klembord, zodat de inhoud van de log naar je klembord wordt gekopieerd en je die zo in je volgende post kan plakken.

---

Stap 2:

Controle op slechte toolbars...

Download AdwCleaner by Xplode naar je Bureaublad.

• Sluit alle openstaande vensters
  
• Start AdwCleaner
  
• Klik op Scannen
  
• Klik op Verwijderen
  

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal

Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt

Post deze inhoud hier op het Forum.

Enkel de log na de "Verwijderen" optie heb ik nodig.

Vergeet niet om je "smileys" uit te schakelen.

Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.

Deze word standaard door AdwCleaner terug gezet naar Google.com

---

Stap 3:

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het installeren en gebruik van E-Peek.

Dit omdat deze scanners bepaalde componenten die E-Peek gebruikt, onterecht zien als geïnfecteerd en E-Peek zullen blokkeren.

Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Download E-PeekSetup.exe naar je bureaublad.

Dubbelklik erop en volg de instructies.

Op het einde van de installatie, zal E-Peek opstarten.

Klik OK op het eerste scherm en vervolgens "Scan".

Post de log.

---

In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:

.

• MBAM
  
• AdwCleaner
  
• E-Peek

.

Hang ze als bijlage aan een volgend bericht. .

Emphyrio

[Karl D]

In bijlage de 3 logbestanden.

Verder is geregeld een melding te van Malwarebytes (bestand - knipsel in bijlage)

Karl

mbamlog_1.txt

AdwCleaner[S0] _1.txt

EPeek_1.txt

[Gast Emphyrio]

De log van MBAM die je gepost hebt is niet diegene die ik moest hebben.

Graag had ik de scan log gehad. Hoe je deze kan bekomen staat in mijn instructies uitgelegd.

[Karl D]

Sorry maar ik krijg telkens hetzelfde resultaat.

Er is maar 1 logboek beschikbaar. Zie bijlage

[Gast Emphyrio]

Dit betekend dat je instellingen niet juist staan.

Zet de instellingen zoals ze hier staan.

Doe dan opnieuw een scan met MBAM en post deze log.

Post eveneens een verse E-Peek log.

[Karl D]

De instellingen stonden zoals in uw voorbeeld.

Bij de eerste MBAM scan werden er wel geen bestanden in quarantaine geplaatst.

Bij deze scan zijn er een paar honderd in quarantaine gezet.

De computer is zowel bij MBAM als Epeek opnieuw opgestart.

Ik hoop dat de logs in bijlage de correcte zijn.

mbamlog_5.txt

- - - Updated - - -

Ter info

Ondertussen openen volgende vensters

Ik neem aan dat ik hierop niet mag ingaan

hxxp://betweensoftware.net/YAC/BE/ZP/CC/Warningos/inde.php?s=2451403677

hxxp://offers.bycontext.com/topbar/ctxjs/index.php?tracker=http%3A%2F%2Fcn.tatami-solutions.com%2Feas%3Fcu%3D29607%26ptrack%3DJMC1152%26cat2%3Dcjs%26kw2%3D70632d68656c70666f72756d2e6265&numberBounceDone=1&ussegmnt=100&distribution=new&affid=1152&subaffid=3239544&intformat=roll&nextpage=http%3A%2F%2Fwww.pc-helpforum.be%2Fforum%2F&ch=6801&sbrand=qualitink&folder=v2.14

EPeek_2.txt

9 november 2014 aangepast door Emphyrio
url links onklaar gemaakt.

[Gast Emphyrio]

Dit is niet de MBAM log, Karl.

Volg je de handleiding van deze instructies: Anti Malware Help | MBAM Installeren. ?

[Karl D]

Volgende poging..

Ik heb de 3 stappen opnieuw doorlopen (MBAM, ADW en E-Peek)

Opnieuw geïnstalleerd enz..

Enkel bij E_peek was het niet mogelijk om via de Uninstall het vorige programma te verwijderen zoals in de beschrijving.

Resultaat hieronder. Bestanden bijvoegen is niet meer mogelijk zoals voorheen

Alvast bedankt voor de hulp

Malwarebytes Anti-Malware

Malwarebytes | Free Anti-Malware & Internet Security Software

Scandatum: 11/11/2014

Scantijd: 10:49:36

Logbestand: mbamlog_6.txt

Beheerder: Ja

Versie: 2.00.3.1025

Malwaredatabase: v2014.11.11.03

Rootkitdatabase: v2014.11.10.01

Licentie: Proef

Malwarebescherming: Ingeschakeld

Kwaadaardige Website Bescherming: Ingeschakeld

Zelfbescherming: Uitgeschakeld

Besturingssysteem: Windows 7 Service Pack 1

Processor: x64

Bestandssysteem: NTFS

Gebruiker: Wout

Scantype: Bedreigingsscan

Resultaat: Voltooid

Objecten Gescand: 365832

Verstreken Tijd: 29 m, 25 s

Geheugen: Ingeschakeld

Opstarten: Ingeschakeld

Bestandssysteem: Ingeschakeld

Archieven: Ingeschakeld

Rootkits: Uitgeschakeld

Heuristiek: Ingeschakeld

POP: Ingeschakeld

POA: Ingeschakeld

Processen: 0

(Geen kwaadaardige items gedetecteerd)

Modules: 0

(Geen kwaadaardige items gedetecteerd)

Registersleutels: 1

PUP.Optional.Qualitink.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update qualitink, In Quarantaine, [c3bc49f199e384b2315ea3f69c680df3],

Registerwaardes: 0

(Geen kwaadaardige items gedetecteerd)

Registerdata: 0

(Geen kwaadaardige items gedetecteerd)

Mappen: 0

(Geen kwaadaardige items gedetecteerd)

Bestanden: 0

(Geen kwaadaardige items gedetecteerd)

Fysieke Sectoren: 0

(Geen kwaadaardige items gedetecteerd)

(end)

# AdwCleaner v4.101 - Rapport aangemaakt 11/11/2014 op 11:42:03

# Laatste Update 09/11/2014 door Xplode

# Database : 2014-11-10.9 [Live]

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruikersnaam : Wout - WOUT-PC

# Gestart vanuit : C:\Users\Wout\Downloads\adwcleaner_4.101.exe

# Optie : Verwijderen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

Bestand Verwijderd : C:\Users\Wout\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

Bestand Verwijderd : C:\Users\Wout\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Taken ] *****

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Google Chrome v38.0.2125.111

*************************

AdwCleaner[R0].txt - [38434 octets] - [09/11/2014 11:29:03]

AdwCleaner[R1].txt - [3118 octets] - [09/11/2014 16:11:03]

AdwCleaner[R2].txt - [1289 octets] - [11/11/2014 11:40:10]

AdwCleaner[s0].txt - [35669 octets] - [09/11/2014 11:32:23]

AdwCleaner[s1].txt - [3203 octets] - [09/11/2014 16:12:51]

AdwCleaner[s2].txt - [1217 octets] - [11/11/2014 11:42:03]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1277 octets] ##########

E-Peek v 1.0.5.5 © Emphyrio/Onsia Patrick 2013-2014

Downloaded @ E Dev

Run at di 11 nov 2014 11:58

.

Windows 7 Home Premium SP 1 (64 bits)

C:\Windows [NTFS - Fixed]

Default Browser: Google Chrome

Boot mode: Normal boot

User logged in: Wout

.

Java x86: 1.6.0_26

Java x64: 1.6.0_22

.

AV : Norton Internet Security [updated - Not Running]

AV : BullGuard Antivirus [updated - Not Running]

AS : Norton Internet Security [updated - Running]

AS : BullGuard Antispyware [updated - Not Running]

AS : Windows Defender [updated - Not Running]

FW : FW : Norton Internet Security [updated - Not Running]

.

==================== Files and Folders history =================================

Folders Created Last 7 days :

09/11/2014 ##### r-h-s-d+a- C:\rsit

09/11/2014 ##### r-h-s-d+a- C:\ProgramData\Malwarebytes

09/11/2014 ##### r-h-s-d+a- C:\Program Files\trend micro

09/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware

09/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev

09/11/2014 ##### r-h-s-d+a- C:\AdwCleaner

Files Modified Last 7 days :

11/11/2014 00018928 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

11/11/2014 00018928 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

11/11/2014 00000018 r-h-s-d-a+ C:\Windows\SysWOW64\log.txt

05/11/2014 01672576 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI

05/11/2014 00746466 r-h-s-d-a+ C:\Windows\system32\perfh013.dat

05/11/2014 00654932 r-h-s-d-a+ C:\Windows\system32\perfh009.dat

05/11/2014 00154128 r-h-s-d-a+ C:\Windows\system32\perfc013.dat

05/11/2014 00122546 r-h-s-d-a+ C:\Windows\system32\perfc009.dat

Files Created Last 7 days :

09/11/2014 00000109 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== RUNNING PROCESSES =========================================

[chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)

[chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)

[chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.)

[csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation)

[csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation)

[CVHSVC] -SYSTEM- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE - (Microsoft Corporation)

[Dropbox] -Wout- C:\Users\Wout\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)

[dwm] -Wout- C:\Windows\system32\Dwm.exe - (Microsoft Corporation)

[E-Peek 1.0.5] -Wout- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.0.5.exe - (E Dev)

[explorer] -Wout- C:\Windows\Explorer.EXE - (Microsoft Corporation)

[iAStorDataMgrSvc] -SYSTEM- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation)

[igfxpers] -Wout- C:\Windows\System32\igfxpers.exe - (Intel Corporation)

[igfxtray] -Wout- C:\Windows\System32\igfxtray.exe - (Intel Corporation)

[iPodService] -SYSTEM- C:\Program Files\iPod\bin\iPodService.exe - (Apple Inc.)

[iTunesHelper] -Wout- C:\Program Files (x86)\iTunes\iTunesHelper.exe - (Apple Inc.)

[LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe - (Intel Corporation)

[lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation)

[lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (Microsoft Corporation)

[lxeacoms] -SYSTEM- C:\Windows\system32\lxeacoms.exe - ( )

[lxeaserv] -SYSTEM- C:\Windows\system32\spool\DRIVERS\x64\3\lxeaserv.exe - (Lexmark International, Inc.)

[mbam] -Wout- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe - (Malwarebytes Corporation)

[mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation)

[mbamservice] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe - (Malwarebytes Corporation)

[mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.)

[nis] -SYSTEM- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe - (Symantec Corporation)

[nis] -Wout- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe - (Symantec Corporation)

[nvSCPAPISvr] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - (NVIDIA Corporation)

[nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)

[nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation)

[officeclicktorun] -SYSTEM- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe - (Microsoft Corporation)

[PsiService_2] -SYSTEM- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe - (Protexis Inc.)

[searchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation)

[searchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation)

[searchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation)

[services] -SYSTEM- C:\Windows\system32\services.exe - (Microsoft Corporation)

[sftvsa] -SYSTEM- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe - (Microsoft Corporation)

[sidebar] -Wout- C:\Program Files\Windows Sidebar\sidebar.exe - (Microsoft Corporation)

[smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation)

[spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation)

[taskhost] -Wout- C:\Windows\system32\taskhost.exe - (Microsoft Corporation)

[wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation)

[winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation)

[WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)

[wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation)

==================== IE PAGES ==================================================

IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.com

IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm

IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.aldi.com

IE04 - HKCU\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444

IE04 - HKCU\..\SearchScopes {902821CA-6D75-4626-92F4-EFF8276E55FA} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444

IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll

IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141

IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm

IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141

IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE10 - HKLM\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE12 - HKLM\..\Toolbar{1017A80C-6F09-4548-A84D-EDD6AC9525F0} @ Default = C:\Program Files\Lexmark Toolbar\toolband.dll

IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

IE12 - HKLM\..\Toolbar{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll

IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.com

IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm

IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.aldi.com

IE04 x64 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

IE04 x64 - HKCU\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444

IE04 x64 - HKCU\..\SearchScopes {902821CA-6D75-4626-92F4-EFF8276E55FA} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444

IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll

IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141

IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm

IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141

IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE10 x64 - HKLM\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

IE12 - HKLM\..\Toolbar{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll

==================== Auto Load =================================================

AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe,

AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe

AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe,

AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe

==================== Google Chrome =============================================

GC - Prefpath: C:\Users\Wout\AppData\Local\Google\Chrome\User Data\Default\Preferences

GC - Profile Name: Eerste gebruiker

GC - Homepage:

GC - Default Search Provider:

= Known Disabled Extensions =

==================== Windows Host File =========================================

==================== BHO =======================================================

BHO - [MSS+ Identifier] - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} @ Default = C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll

BHO - [Lexmark Werkbalk] - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} @ Default = C:\Program Files\Lexmark Toolbar\toolband.dll

BHO - [Adobe PDF Link Helper] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} @ Default = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll

BHO - [Norton Identity Protection] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll

BHO - [Norton Vulnerability Protection] - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL

BHO - [Aanmeldhulp voor Windows Live ID] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO - [Windows Live Messenger Companion Helper] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} @ Default = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL

BHO - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL

BHO - [Lexmark ] - {D2C5E510-BE6D-42CC-9F61-E4F939078474} @ Default = C:\Program Files\Lexmark Printable Web\bho.dll

BHO - [Java Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO - [bGAntiphishingBHO Class] - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} @ Default = C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll

BHO x64 - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

BHO x64 - [Norton Identity Protection] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll

BHO x64 - [Windows Live ID Sign-in Helper] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO x64 - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO x64 - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL

BHO x64 - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

BHO x64 - [Java Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files\Java\jre6\bin\jp2ssv.dll

BHO x64 - [bGAntiphishingBHO Class] - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} @ Default = C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll

==================== Auto Start Programs =======================================

ASP01 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

ASP04 - HKCU\..\Run @ ccleaner = "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

ASP04 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

ASP04 - HKCU\..\Run @ Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

ASP01 x64 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

ASP04 x64 - HKCU\..\Run @ ccleaner = "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

ASP04 x64 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

ASP04 x64 - HKCU\..\Run @ Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

ASP - Startup - C:\Users\Wout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

ASP - Startup - C:\Users\Wout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

==================== Extra Items IE ============================================

EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics

EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility

EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing

EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security

EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings

EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International

EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

EI04 - App Ext - HKCU\..\Approved Extensions @ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics

EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility

EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing

EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security

EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings

EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International

EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia

EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {11111111-1111-1111-1111-110511131190} =

EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {30F9B915-B755-4826-820B-08FBA6BD249D} =

EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {A40DC6C5-79D0-4CA8-A185-8FF989AF1115} =

==================== Internet Default Prefix ===================================

IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://

IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://

IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://

IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://

==================== Default Settings IE - DSIE ================================

DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId

DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId

==================== Downloaded Program Files - DPF ============================

DPF - HKLM - {8AD9C840-044E-11D1-B3E9-00805F499D93} @ CODEBASE = hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF - HKLM - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} @ CODEBASE = hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF - HKLM - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} @ CODEBASE = hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF x64 - {8AD9C840-044E-11D1-B3E9-00805F499D93} @ CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF x64 - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} @ CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF x64 - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} @ CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

==================== Protocol Hijackers - PH ===================================

PH00 - Handler:osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL # MD5 [405251ed82d69e5893f1e7e923b7f38b]

PH00 - Handler:wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} @ = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [31d70e22e0e929e2a1279f51245624cc]

==================== ShellServiceObjectDelayLoad - SSODL =======================

SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =

SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =

==================== Extra items - EXT (Torpig/ConduitSearch) ==================

EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Avg

EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft

EXT02 - HKCR\Directory\shellex\CopyHookHandlers\BackupCopyHook @ {9458E603-FF43-4134-9036-04B4C71791E3}

EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll

EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll

EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Avg

EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft

EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\BackupCopyHook @ {9458E603-FF43-4134-9036-04B4C71791E3}= C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll

EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll

EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll

==================== DRIVERS and SERVICES ======================================

*** Win32OwnProcess ***

SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe

SERV - R2 - [bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe

SERV - R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe

SERV - R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe

SERV - R2 - [iAStorDataMgrSvc] - Intel® Rapid Storage Technology - c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe

SERV - R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe

SERV - R2 - [lxeaCATSCustConnectService] - lxeaCATSCustConnectService - c:\windows\system32\spool\drivers\x64\3\\lxeaserv.exe

SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe

SERV - R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe

SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe

SERV - R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe

SERV - R2 - [PSI_SVC_2] - Protexis Licensing V2 - c:\program files (x86)\common files\protexis\license service\psiservice_2.exe

SERV - R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe

SERV - R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe

SERV - R2 - [stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe

SERV - R2 - [uNS] - Intel® Management & Security Application User Notification Service - c:\program files (x86)\intel\intel® management engine components\uns\uns.exe

SERV - R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe

SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe

SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe

SERV - R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe

SERV - R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe

SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe

SERV - S2 - [gupdate] - Google Updateservice (gupdate) - c:\program files (x86)\google\update\googleupdate.exe

SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe

SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe

SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe

SERV - S3 - [bgRaSvc] - BgRaSvc - c:\program files\bullguard ltd\bullguard\support\bgrasvc.exe

SERV - S3 - [bsBhvScan] - BullGuard behavioural detection service - c:\program files\bullguard ltd\bullguard\bullguardbhvscanner.exe

SERV - S3 - [bsScanner] - BullGuard scanning service - c:\program files\bullguard ltd\bullguard\bullguardscanner.exe

SERV - S3 - [bsUpdate] - BullGuard update service - c:\program files\bullguard ltd\bullguard\bullguardupdate.exe

SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe

SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe

SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe

SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe

SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe

SERV - S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe

SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe

SERV - S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe

SERV - S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe

SERV - S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - c:\program files\mcafee security scan\3.8.150\mcchsvc.exe

SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe

SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe

SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe

SERV - S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe

SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe

SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe

SERV - S3 - [sNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe

SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe

SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe

SERV - S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe

SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe

SERV - S3 - [WisLMSvc] - WisLMSvc - c:\program files (x86)\launch manager\wislmsvc.exe

SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

SERV - S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe

SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

SERV - S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

*** Win32ShareProcess ***

SERV - R2 - [samSs] - Security Accounts Manager - c:\windows\system32\lsass.exe

SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe

SERV - S3 - [bsBrowser] - BullGuard antiphishing service - c:\windows\system32\svchost.exe

SERV - S3 - [bsFileScan] - BullGuard on-access service - c:\windows\system32\svchost.exe

SERV - S3 - [bsMailProxy] - BullGuard e-mail monitoring service - c:\windows\system32\svchost.exe

SERV - S3 - [bsMain] - BullGuard main service - c:\windows\system32\svchost.exe

SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe

SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe

SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe

SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe

SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe

SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

*** Others ***

SERV - R2 - [lxea_device] - lxea_device - c:\windows\system32\lxeacoms.exe

SERV - R2 - [spooler] - Print Spooler - c:\windows\system32\spoolsv.exe

SERV - S3 - [uI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

*** File System Driver ***

DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys

DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys

DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys

DRV - R0 - [symEFA] - Symantec Extended File Attributes - C:\Windows\system32\Drivers\SymEFA.sys [x]

DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys

DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys

DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys

*** Kernel Driver ***

DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys

DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys

DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]

DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys

DRV - R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys

DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys

DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys

DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys

DRV - R0 - [iaStor] - Intel AHCI Controller - C:\Windows\system32\Drivers\iaStor.sys

DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys

DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys

DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys

DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys

DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys

DRV - R0 - [nvpciflt] - nvpciflt - C:\Windows\system32\Drivers\nvpciflt.sys

DRV - R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys

DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys

DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys

DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys

DRV - R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys

DRV - R0 - [symDS] - Symantec Data Store - C:\Windows\system32\Drivers\SymDS.sys [x]

DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys

DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys

DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys

DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys

DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys

DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys

DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys

DRV - R1 - [beep] - Beep - C:\Windows\system32\Drivers\Beep.sys

DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys

DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys

==================== SvcHost - White Listed ====================================

All Ok

WOW - All Ok

==================== SigCheck x86 Fast =========================================

Fast Scan All ok

==================== SigCheck x64 Fast =========================================

Fast Scan All ok

==================== Job tasks =================================================

There are no .job files found.

==================== End scanning at di 11 nov 2014 11:59 (0 Min 40 Sec ) ======

[Gast Emphyrio]

Dit was de goede MBAM log

Je hebt twee actieve antivirus runnen, nl: BullGuard en Norton

Verwijder één van die twee via Software.

---

Verwijder tevens Java via Software

---

Herstart je pc.

---

Download of Update Ccleaner

Start CCleaner op.

• Run Ccleaner en klik in de linkse kolom op Opties
  
• Selecteer het tabblad Geavanceerd
  
• Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
  
• Selecteer het tabblad Instellingen
  
• Haal het vinkje weg bij "Computer automatisch schoonmaken...."
  
• Klik in de linkse kolom op Cleaner.
  
• Klik dan achtereenvolgens op Analyseer en Schoonmaken.
  
• Klik vervolgens in de linkse kolom op Register
  
• Klik op Scan naar problemen.
  
• Op de vraag of je een backup wil maken van het register, klik je "Ja".
  
• Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK
  

.

---

Post een verse E-Peek log.