Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Svchost.exe and trojan


  • This topic is locked This topic is locked
45 replies to this topic

#31 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 AM

Posted 16 December 2015 - 10:29 AM

Your next option if required is to check with the windows 8 experts.

BC AdBot (Login to Remove)

 


#32 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 16 December 2015 - 10:51 AM

Hello,

 

My boot-time is normal again! Thank you very much! Was there anything suspicious you detected or is it clean now?

I won't have to contact the windows 8 experts.


Edited by btoasty, 16 December 2015 - 10:57 AM.


#33 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 AM

Posted 16 December 2015 - 11:23 AM

Maybe all it needed was a few restart of the computer.

You are looking good.

I will leave this topic open for 6 days if you need to return please do.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#34 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 AM

Posted 22 December 2015 - 01:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#35 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 23 December 2015 - 12:56 PM

Hello,

 

Recently my laptop starting to slow down again. It was fine for 5-6 days, but now it's slow again.

I think that an infection that I removed with ESETcleaner has somehow infected me again. (I didn't download anything or did something stupid though).

I heard the trojan Stimilik.DT trojan or something like that causes slow boot-ups, and ESETCleaner quarantined that according to the log, so I don't know if something went wrong.

 

Thanks in advance if you could help me again.



#36 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 AM

Posted 23 December 2015 - 02:03 PM

You were correct about the Windows 10 upgrate date.
Recently I can accross this and did download and run the suggest program.
I did and do not get the popups to get Win 10.
The tool only stop the request, if you want to install it later just run the program again and set it on.
Read the instruction.

WINDOWS 10 UPDATE.
Your best bet right now, if you have Windows 7 or 8.1 and don't want to upgrade to Windows 10 just yet - remember, you have until July 28, 2016 to upgrade for free - is to cut KB 3035583 off at the knees. The easiest way to do that is by running GWX Control Panel**. Microsoft has provided no changelog, of course, and no indication what this version of Get Windows 10 does that's any different from the five previous versions..."

Read the instructions.
http://blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.html

Download site.
http://ultimateoutsider.com/downloads/
====

One you have stopped this activity and have restarted the computer let me know if the problem persists.

#37 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 24 December 2015 - 08:47 AM

Hello,

 

EDIT: I also have used the program you gave me to remove windows 10 popups and have restarted my pc, however, it's still as slow as it was before.

 

Here's the FRST.txt and Addition.txt you requested: 

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:23-12-2015
Gestart door Gebruiker (Beheerder) op HSUKANG (24-12-2015 14:42:43)
Gestart vanaf C:\Users\Gebruiker\Desktop\Utilities\Detectors of the Horse\FRST64
Geladen Profielen: Gebruiker (Beschikbare Profielen: Gebruiker)
Platform: Windows 8.1 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Register (gefilterd) ===========================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-02-17] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-02-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-06-18] (Razer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-10] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\...\Run: [Octoshape Streaming Services] => C:\Users\Gebruiker\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\...\MountPoints2: F - "F:\autorun.exe" 
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-10] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{980B7BF3-F747-411B-83AE-9CB2DA47CA5D}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON14/8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON14/8
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/8
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2293568898-1098462975-301995803-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {08F5DA91-7A56-4A1E-80EE-1909A2C4B38D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2293568898-1098462975-301995803-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-10] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-10] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-04] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-15] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2293568898-1098462975-301995803-1002: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Gebruiker\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1503240-0-npoctoshape.dll [2015-03-24] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Gebruiker\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-06-05] (Octoshape ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-10]
 
Chrome: 
=======
CHR Profile: C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (OkayFreedom) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckipplcmnfhblnpibpbehenelnkpecd [2015-07-13]
CHR Extension: (Adblock Plus) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (AdBlock) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-05]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-10]
 
==================== Services (gefilterd) ========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-10] (AVAST Software)
S4 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [Bestand niet getekend]
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123608 2015-06-05] (altPUG LLC)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-10-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-10-18] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-07] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [Bestand niet getekend]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [Bestand niet getekend]
S4 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-03] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-02-17] (Realtek Semiconductor)
S4 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [Bestand niet getekend]
S4 Survarium Update Service; C:\Program Files (x86)\Survarium\game\binaries\x86\survarium_service.exe [76408 2014-07-09] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2015-02-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-30] (Microsoft Corporation)
 
===================== Drivers (gefilterd) ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-10] (AVAST Software)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
S3 EagleX64; geen ImagePath
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-02-17] (LogMeIn Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-16] (REALiX™)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-02-17] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [40664 2014-03-10] (The OpenVPN Project)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205448 2015-02-17] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [788696 2015-02-17] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows ® Win 7 DDK provider)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2015-02-17] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-03-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-03-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2015-12-23 17:19 - 2015-12-23 17:19 - 00000295 _____ C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prullenbak.lnk
2015-12-23 15:21 - 2015-12-23 15:21 - 00000000 ____D C:\Windows\pss
2015-12-19 18:04 - 2015-12-19 20:24 - 00000000 ____D C:\Users\Gebruiker\Documents\Witcher 2
2015-12-19 18:04 - 2015-12-19 18:04 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\The Witcher 2
2015-12-18 21:25 - 2015-12-18 21:25 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-12-18 21:25 - 2015-12-18 21:25 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-12-18 14:01 - 2015-12-18 14:01 - 00281927 _____ C:\Users\Gebruiker\Downloads\kerstkaart.pdf
2015-12-15 19:30 - 2015-12-15 19:30 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-14 22:46 - 2015-12-14 22:46 - 00575167 _____ C:\Users\Gebruiker\Downloads\Nieuwsbrief 5 en 6 vwo december 2015-d.pdf
2015-12-13 12:42 - 2015-12-13 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-10 20:25 - 2015-12-10 20:25 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-10 20:25 - 2015-12-10 20:22 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-10 20:25 - 2015-12-10 20:22 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-10 20:25 - 2015-12-10 20:22 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-10 20:25 - 2015-12-10 20:22 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-10 20:25 - 2015-12-10 20:22 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-10 20:25 - 2015-12-10 20:22 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-10 20:25 - 2015-12-10 20:22 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-10 20:22 - 2015-12-10 20:22 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-10 20:22 - 2015-12-10 20:22 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\AVAST Software
2015-12-10 20:22 - 2015-12-10 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-10 20:22 - 2015-12-10 20:22 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-10 20:20 - 2015-12-10 20:20 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-10 20:19 - 2015-12-10 20:19 - 05066096 _____ (AVAST Software) C:\Users\Gebruiker\Downloads\avast_free_antivirus_setup_online.exe
2015-12-10 20:19 - 2015-12-10 20:19 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-08 21:44 - 2015-12-08 21:44 - 00163693 _____ C:\Users\Gebruiker\Downloads\080 Brief ouders informatie laatste week kerst3552458883424265716.pdf
2015-12-07 17:07 - 2015-12-07 17:07 - 00229775 _____ C:\Users\Gebruiker\Downloads\MHIYH_43g.7z-64106-.7z
2015-12-05 15:09 - 2015-12-05 15:09 - 00000000 ____D C:\zoek_backup
2015-12-04 16:30 - 2015-12-04 16:30 - 05198336 _____ (AVAST Software) C:\Users\Gebruiker\Downloads\aswMBR.exe
2015-12-04 16:28 - 2015-12-04 16:29 - 00254960 _____ C:\TDSSKiller.3.1.0.7_04.12.2015_16.28.10_log.txt
2015-12-04 16:26 - 2015-12-04 16:24 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-12-04 16:24 - 2015-12-04 16:25 - 04376463 _____ C:\Users\Gebruiker\Downloads\tdsskiller (1).zip
2015-12-04 16:24 - 2015-12-04 16:24 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\Sun
2015-12-04 16:24 - 2015-12-04 16:24 - 00000000 ____D C:\Users\Gebruiker\.oracle_jre_usage
2015-12-04 16:24 - 2015-06-07 15:01 - 00111016 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2015-12-04 16:23 - 2015-12-04 16:23 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\Oracle
2015-12-04 15:12 - 2015-12-04 15:12 - 07480112 _____ (McAfee, Inc.) C:\Users\Gebruiker\Downloads\MCPR.exe
2015-12-03 19:51 - 2015-12-23 19:51 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGebruiker
2015-12-03 19:51 - 2015-12-23 19:51 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForGebruiker.job
2015-12-03 15:03 - 2015-12-03 15:03 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-02 15:04 - 2015-12-24 14:42 - 00000000 ____D C:\FRST
2015-12-02 15:01 - 2015-12-02 15:01 - 02350080 _____ (Farbar) C:\Users\Gebruiker\Downloads\FRST64 (1).exe
2015-12-02 14:59 - 2015-12-02 14:59 - 02350080 _____ (Farbar) C:\Users\Gebruiker\Downloads\FRST64.exe
2015-12-01 15:33 - 2015-12-24 14:38 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-01 15:33 - 2015-12-24 14:36 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 14:59 - 2015-12-01 14:59 - 00000123 _____ C:\Windows\ZAM_Guard.krnl.trace
2015-11-29 14:21 - 2015-11-29 14:21 - 00000000 ____D C:\EEK
2015-11-29 14:16 - 2015-11-29 14:21 - 170275104 _____ C:\Users\Gebruiker\Downloads\EmsisoftEmergencyKit (1).exe
2015-11-29 14:01 - 2015-11-29 14:03 - 00260772 _____ C:\TDSSKiller.3.1.0.6_29.11.2015_14.01.49_log.txt
2015-11-29 14:01 - 2015-11-29 14:01 - 04376066 _____ C:\Users\Gebruiker\Downloads\tdsskiller.zip
2015-11-29 13:41 - 2015-11-29 13:41 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-29 13:40 - 2015-11-29 13:40 - 00224968 _____ (ESET) C:\Users\Gebruiker\Downloads\ESETPoweliksCleaner (1).exe
2015-11-29 13:40 - 2015-11-29 13:40 - 00000022 _____ C:\Users\Gebruiker\Downloads\ESETPoweliksCleaner (1).exe_20151129.134022.8760.zip
2015-11-29 13:26 - 2015-12-20 19:28 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\CrashDumps
2015-11-29 13:21 - 2015-11-29 13:22 - 00606643 _____ C:\Users\Gebruiker\Downloads\Autoruns.zip
2015-11-29 12:52 - 2015-11-29 12:53 - 11230592 _____ (Enigma Software Group USA, LLC.) C:\Users\Gebruiker\Downloads\RegHunter-Installer.exe
2015-11-29 12:46 - 2015-11-29 12:46 - 00000000 _____ C:\autoexec.bat
2015-11-29 12:43 - 2015-11-29 12:43 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Gebruiker\Downloads\SpyHunter-Installer.exe
2015-11-29 01:19 - 2015-11-29 01:19 - 00991232 _____ C:\Users\Gebruiker\Downloads\MicrosoftFixit50267.msi
2015-11-29 00:13 - 2015-12-03 15:54 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-11-29 00:13 - 2015-11-29 12:42 - 00146981 _____ C:\Windows\ZAM.krnl.trace
2015-11-29 00:12 - 2015-11-29 00:13 - 05708792 _____ ( ) C:\Users\Gebruiker\Downloads\Zemana.AntiMalware.Setup (1).exe
2015-11-29 00:07 - 2015-11-29 14:35 - 00000000 ____D C:\AdwCleaner
2015-11-29 00:07 - 2015-11-29 00:07 - 05708792 _____ ( ) C:\Users\Gebruiker\Downloads\Zemana.AntiMalware.Setup.exe
2015-11-29 00:06 - 2015-11-29 00:06 - 01733632 _____ C:\Users\Gebruiker\Downloads\AdwCleaner.exe
2015-11-28 23:38 - 2015-11-29 13:34 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2015-11-28 23:25 - 2015-11-28 23:26 - 11320518 _____ C:\Users\Gebruiker\Downloads\EmsisoftEmergencyKit.exe
2015-11-28 23:15 - 2015-12-01 14:59 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2015-11-28 23:15 - 2015-11-29 00:13 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\Zemana
2015-11-28 23:15 - 2014-12-30 13:31 - 07039960 _____ (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll
2015-11-28 23:12 - 2015-11-28 23:13 - 14739888 _____ (Zemana Ltd. ) C:\Users\Gebruiker\Downloads\Zemana_AntiLogger_1.9.3.602.exe
2015-11-28 22:35 - 2015-11-28 22:35 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-28 22:34 - 2015-11-28 22:35 - 23719496 _____ C:\Users\Gebruiker\Downloads\RogueKillerX64.exe
2015-11-28 22:30 - 2015-11-28 22:30 - 00008602 _____ C:\Windows\system32\.crusader
2015-11-28 21:43 - 2015-11-28 22:31 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-28 21:43 - 2015-11-28 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-11-28 21:43 - 2015-11-28 21:43 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-28 21:42 - 2015-11-28 21:42 - 11337112 _____ (SurfRight B.V.) C:\Users\Gebruiker\Downloads\HitmanPro_x64.exe
2015-11-28 21:39 - 2015-11-28 21:39 - 00224968 _____ (ESET) C:\Users\Gebruiker\Downloads\ESETPoweliksCleaner.exe
2015-11-28 21:39 - 2015-11-28 21:39 - 00000022 _____ C:\Users\Gebruiker\Downloads\ESETPoweliksCleaner.exe_20151128.213930.200628.zip
2015-11-28 21:06 - 2015-11-28 21:06 - 01686759 _____ C:\Users\Gebruiker\Downloads\PSTools.zip
2015-11-28 20:45 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-28 20:45 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-28 20:44 - 2015-11-28 20:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\2E2C72DC.sys
2015-11-27 19:07 - 2015-11-27 19:07 - 00000006 ____S C:\ProgramData\9efb7a7a9a24c0af0afd85cc8f3dd601aff66bcb
2015-11-27 18:46 - 2015-11-27 19:06 - 00000000 ____D C:\Program Files (x86)\RaidCall.RU
2015-11-27 18:46 - 2015-11-27 18:59 - 00000000 ____D C:\Users\Gebruiker\AppData\LocalLow\RCTW
2015-11-27 18:46 - 2015-11-27 18:46 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\RCTW
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2015-12-24 14:40 - 2015-06-07 18:29 - 00001036 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-24 14:36 - 2015-06-07 18:29 - 00001032 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-24 14:36 - 2014-04-23 14:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-24 14:36 - 2014-04-23 13:47 - 00000000 __RDO C:\Users\Gebruiker\SkyDrive
2015-12-23 23:55 - 2014-04-24 16:11 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-23 21:44 - 2014-04-23 12:58 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\TS3Client
2015-12-23 19:01 - 2014-04-18 16:21 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2293568898-1098462975-301995803-1002
2015-12-23 15:49 - 2014-01-21 23:26 - 00842236 _____ C:\Windows\system32\perfh013.dat
2015-12-23 15:49 - 2014-01-21 23:26 - 00178516 _____ C:\Windows\system32\perfc013.dat
2015-12-23 15:49 - 2013-08-26 07:09 - 01970564 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-23 15:49 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2015-12-23 15:42 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-23 15:21 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-23 15:21 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-12-22 20:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-12-22 20:31 - 2014-04-23 12:58 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\Overwolf
2015-12-21 15:19 - 2015-11-18 20:23 - 00000000 ____D C:\Users\Gebruiker\Documents\Euro Truck Simulator 2
2015-12-19 23:03 - 2014-04-23 13:55 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\uTorrent
2015-12-19 14:41 - 2014-04-24 18:21 - 00000000 ____D C:\Users\Gebruiker\Desktop\Games
2015-12-16 16:49 - 2014-05-12 18:06 - 00000000 ____D C:\Users\Gebruiker\Desktop\Utilities
2015-12-15 18:33 - 2014-04-23 13:08 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\Akamai
2015-12-15 16:38 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-15 16:36 - 2014-05-25 15:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-13 12:42 - 2015-06-07 18:29 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-13 12:19 - 2015-10-17 15:16 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\LOOT
2015-12-10 20:23 - 2015-06-07 14:35 - 00000000 ____D C:\Users\Gebruiker\Desktop\Avast Antivirus
2015-12-09 17:11 - 2014-04-26 15:39 - 00000000 ____D C:\Users\Gebruiker\Desktop\Gaming Data
2015-12-08 18:36 - 2014-04-24 16:12 - 00000000 ____D C:\Users\Gebruiker\Desktop\Game Utilities
2015-12-05 00:47 - 2014-04-18 16:15 - 00000000 ____D C:\Users\Gebruiker
2015-12-05 00:46 - 2015-01-18 14:20 - 00000000 ____D C:\Users\Gebruiker\Desktop\Overige bestanden
2015-12-04 16:38 - 2014-06-21 15:20 - 00260388 ____N C:\Windows\Minidump\120415-26625-01.dmp
2015-12-04 16:38 - 2014-05-06 18:38 - 00000000 ____D C:\Windows\Minidump
2015-12-04 16:27 - 2014-07-22 17:46 - 00000000 ____D C:\ProgramData\Oracle
2015-12-04 16:26 - 2014-04-24 16:09 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-04 16:25 - 2014-04-24 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-04 15:15 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-12-03 22:09 - 2014-04-18 16:16 - 00000000 ____D C:\Users\Gebruiker\AppData\Local\Packages
2015-12-02 14:23 - 2015-07-29 19:37 - 00000000 ____D C:\Users\Gebruiker\Documents\Registry Backup (CCleaner)
2015-12-01 15:33 - 2014-04-23 11:41 - 00004052 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-01 15:33 - 2014-04-23 11:41 - 00003816 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-28 23:44 - 2014-04-23 11:57 - 00000000 ____D C:\Users\Gebruiker\AppData\Roaming\IObit
2015-11-28 23:44 - 2014-04-23 11:57 - 00000000 ____D C:\ProgramData\IObit
2015-11-28 21:56 - 2014-04-23 14:18 - 00000000 ____D C:\Users\Gebruiker\Desktop\Malwarebytes Anti-Malware
2015-11-28 20:45 - 2014-04-23 14:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-27 18:46 - 2014-07-24 13:25 - 00000000 ____D C:\Users\Gebruiker\AppData\LocalLow\raidcall
 
==================== Bestanden in de root van sommige mappen =======
 
2015-09-08 15:46 - 2015-10-26 19:09 - 0000117 _____ () C:\Users\Gebruiker\AppData\Roaming\D2Info0
2015-09-08 15:46 - 2015-10-26 20:25 - 0000008 _____ () C:\Users\Gebruiker\AppData\Roaming\DofusAppId0_1
2015-09-08 19:28 - 2015-10-25 20:37 - 0000008 _____ () C:\Users\Gebruiker\AppData\Roaming\DofusAppId0_2
2015-09-11 21:00 - 2015-10-22 17:19 - 0000008 _____ () C:\Users\Gebruiker\AppData\Roaming\DofusAppId0_3
2015-09-13 19:09 - 2015-09-13 21:13 - 0000008 _____ () C:\Users\Gebruiker\AppData\Roaming\DofusAppId0_4
2015-09-19 21:58 - 2015-09-19 21:58 - 0000000 ____H () C:\Users\Gebruiker\AppData\Local\BIT4F2D.tmp
2015-08-14 19:38 - 2015-08-14 19:39 - 0000000 _____ () C:\Users\Gebruiker\AppData\Local\{A9A747EE-8229-4998-85AA-9C97EE010815}
2015-09-19 21:57 - 2015-09-19 21:57 - 0000000 _____ () C:\Users\Gebruiker\AppData\Local\{F15A769B-C1CE-47CF-9280-AFA5483CC4FF}
2015-11-27 19:07 - 2015-11-27 19:07 - 0000006 ____S () C:\ProgramData\9efb7a7a9a24c0af0afd85cc8f3dd601aff66bcb
 
Sommige bestanden in TEMP:
====================
C:\Users\Gebruiker\AppData\Local\Temp\05a45b6182ee976b11c5322202733102.dll
C:\Users\Gebruiker\AppData\Local\Temp\4c2459bebc146bfd821d90e28a2411ab.dll
C:\Users\Gebruiker\AppData\Local\Temp\drm_dyndata_7380014.dll
 
 
==================== Bamital & volsnap =================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\Windows\system32\winlogon.exe => Bestand is getekend
C:\Windows\system32\wininit.exe => Bestand is getekend
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
C:\Windows\system32\svchost.exe => Bestand is getekend
C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
C:\Windows\system32\services.exe => Bestand is getekend
C:\Windows\system32\User32.dll => Bestand is getekend
C:\Windows\SysWOW64\User32.dll => Bestand is getekend
C:\Windows\system32\userinit.exe => Bestand is getekend
C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
C:\Windows\system32\rpcss.dll => Bestand is getekend
C:\Windows\system32\dnsapi.dll => Bestand is getekend
C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend
C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend
 
 
LastRegBack: 2015-12-23 19:01
 
==================== Eind van FRST.txt ============================

Attached Files


Edited by btoasty, 24 December 2015 - 08:58 AM.


#38 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 AM

Posted 25 December 2015 - 09:00 AM

Your logs are clean.

Try this.

Restore your Windows 8, 8.1 to the Last good configuration
Follow the instructions on this page
http://winaero.com/blog/how-to-restore-the-last-known-good-configuration-feature-in-windows-8-1/

If you decide to do it make sure you have a good restore point to return to should something goes wrong.
<<<>

#39 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 25 December 2015 - 07:02 PM

Hello,

 

I just did what you asked and is it normal that most (but not all) of my programs are gone? I also lost Avast and have Mcafee back.

Is there a way to get my stuff back or do I have to re-download everything? (Including my Steam library of 300 GB)

 

EDIT: Also, my laptop is a lot (and I mean a LOOOOOT) faster now. (Could be because I"m still installing Malwarebytes and avast though)


Edited by btoasty, 25 December 2015 - 07:08 PM.


#40 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 AM

Posted 26 December 2015 - 09:10 AM


You have lost what was done since your last good configuration that was restored.

I know if was a drastic measure but had some good results. We would have probably found was was wrong with your computer.

Reinstall lost programs slowly.


(Could be because I"m still installing Malwarebytes and avast though)

No. However when Avast is installed I suggest you remove McAfee using their installer.

Downloac it from this sire and run the application. Restart the computer after.
https://service.mcafee.com/webcenter/portal/cp/home/articleview;jsessionid=wIbeoBMG-28OXgFg7avM9JVaprOsNErEqxblP8RPv9dWyV2ioBEh!-1745577616!-297249396?articleId=TS101331&_afrLoop=224028393969399

===

#41 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 26 December 2015 - 09:52 AM

Hello,

 

I have removed McAfee. I am currently reinstalling everything slowly and everything seems to be working.

Should I update my graphics driver and install the windows updates?



#42 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 AM

Posted 27 December 2015 - 07:41 AM

The Windows updates yes.

Your Graphics card if you have video problems.

#43 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 27 December 2015 - 08:16 AM

Hello,

 

Thanks for your help, hopefully it isn't going to slow down.

I currently am using Windows Firewall and Avast (free) anti-virus. Is this enough or do I need to install extra security programs? I have Malwarebytes, but it's the free version so I don't have real time protection of it.



#44 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 AM

Posted 27 December 2015 - 10:42 AM

Your protection is good.

Make sure you keep it up to date.

#45 btoasty

btoasty
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 27 December 2015 - 11:47 AM

Hello,

 

Ok, thanks. You can close this thread, I will pm you when it starts to slow down again (hopefully never).






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users