• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

In Behandeling hallo.wie kan mij helpen,pc erg traag en loopt vast

Status
Niet open voor verdere reacties.
hallo,hier het logje
C:\Users\petra\Desktop\My Shared Folder\productcode office 2007.exe NSIS/Adware.Agent.S trojaans paard
C:\Users\petra\Downloads\spsetup132.exe Win32/Bundled.Toolbar.Google.D potentieel onveilige toepassing
C:\Windows\Installer\MSIB348.tmp een variant van Win32/Bundled.Toolbar.Ask.M potentieel onveilige toepassing
Autostartlocaties NSIS/Adware.Agent.S trojaans paard
 
Waarschuwing: onderstaande bewerking is enkel voor deze computer bedoeld, het toepassen hiervan in een andere computer kan tot schade in Windows leiden.


We gaan
51a5c8edc4692-icon1337952077.png


Farbar Recovery Scan Tool (FRST.exe) opnieuw gebruiken.

Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\Kladblok (of Notepad)".
Kopieer en plak de tekst in het code-venster vanaf het woord Code in het lege kladblokvenster.

Code:
start
CreateRestorePoint:

C:\Users\petra\Desktop\My Shared Folder\productcode office 2007.exe
C:\Users\petra\Downloads\spsetup132.exe
C:\Windows\Installer\MSIB348.tmp

EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: netsh winsock reset
end

Sla nu dit kladblokbestand in de dezelfde locatie waar ook FRST.exe aanwezig is op als Fixlist.txt

Farbar Recovery Scan Tool (FRST.exe) met de fixlist.txt gebruiken
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op FRST.exe en kies voor "Als Administrator uitvoeren".
  • Als het programma wordt gestart, klik dan op Ja in de popup.
  • Druk op de Fix knop.
  • Na de fix wordt een logbestand - Fixlog.txt - in dezelfde locatie aangemaakt van waaruit FRST.exe is gestart.
  • Post de inhoud van dit logbestand in jouw volgende bericht.
 
hier het logje
Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 20.06.2018
Gestart door petra (24-06-2018 18:08:42) Run:2
Gestart vanaf C:\Users\petra\Desktop
Geladen Profielen: petra (Beschikbare Profielen: petra)
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
start
CreateRestorePoint:

C:\Users\petra\Desktop\My Shared Folder\productcode office 2007.exe
C:\Users\petra\Downloads\spsetup132.exe
C:\Windows\Installer\MSIB348.tmp

EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: netsh winsock reset
end
*****************

Herstelpunt is succesvol gemaakt.
C:\Users\petra\Desktop\My Shared Folder\productcode office 2007.exe => is succesvol verplaatst
C:\Users\petra\Downloads\spsetup132.exe => is succesvol verplaatst
C:\Windows\Installer\MSIB348.tmp => is succesvol verplaatst
Proces succesvol afgesloten.

========= ipconfig /flushdns =========


Windows IP-configuratie

De DNS-omzettingscache is leeggemaakt.

========= Eind van CMD: =========


========= netsh winsock reset =========


De Winsock-catalogus is opnieuw ingesteld.
De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien.


========= Eind van CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1923552 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 8932 B
Edge => 0 B
Chrome => 29166100 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
petra => 13409 B
LogMeInRemoteUser => 0 B

RecycleBin => 82131 B
EmptyTemp: => 37.7 MB tijdelijke gegevens verwijderd.

================================


Het systeem moest herstart worden.

==== Eind van Fixlog 18:10:05 ====
 
Start
51a46ae42d560-malwarebytes_anti_malware.png
MalwareBytes Anti-Malware.

  • Windows 2000 en Windows XP: dubbelklik op de MBAM-snelkoppeling.
  • Windows Vista, Windows 7, Windows 8/8.1 en Windows 10: via rechtsklik op de MBAM-snelkoppeling en kies voor "Als Administrator uitvoeren".
  • Klik in het menu van Malwarebytes ANTI-MALWARE op Ïnstellingen" en daar op "Detectie en Bescherming" en zet vervolgens een vinkje bij "Scan naar rootkits".
  • Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
  • Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
  • De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.

  • Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
  • Klik vervolgens op de knop Exporteer en kies de optie "Tekstbestand (*.txt)".
  • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog.
  • Kies bijvoorbeeld het bureaublad als opslaglocatie en klik vervolgens op de knop Opslaan.

  • Wanneer er wel bedreigingen zijn gedetecteerd klikt u na de scan op Acties toepassen.
  • Bij de melding om de computer opnieuw op te starten klikt u op Ja / Yes.
  • Open na de herstart MalwareBytes Anti-Malware en klik bovenaan op Historie en selecteer Programmalogboeken.
  • Klik op de nieuwste Scan Log.
  • Klik op "Exporteer" en kies de optie "Tekstbestand (*.txt)".
    5557b93ba94ab-Malwarebytes_Exporteer_ScanLog.png
  • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog.
  • Kies bijvoorbeeld het bureaublad als opslaglocatie en klik vervolgens op de knop Opslaan.
    532aab157609a-MBAM-Scan.png

MBAM-Log posten:
  • Kopieer nu de inhoud van het zojuist opgeslagen log en plak dit in uw nieuwe antwoord erbij.
 
hallo abraham,hier mijn logje,en dank voor alle moeite.mvg wim
Malwarebytes
www.malwarebytes.com

-Logboekdetails-
Scandatum: 24-06-18
Scantijd: 20:21
Logbestand: 686cf368-77db-11e8-a527-000000000000.json
Beheerder: Ja

-Software-informatie-
Versie: 3.5.1.2522
Versie componenten: 1.0.374
Update pakketversie: 1.0.5613
Licentie: Proef

-Systeeminformatie-
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: petra-PC\petra

-Scansamenvatting-
Scantype: Bedreigingsscan
Scan geactiveerd door: Handmatig
Resultaat: Voltooid
Objecten gescand: 280114
Dreigingen herkend: 0
(Geen kwaadaardige items gedetecteerd)
Dreigingen in quarantaine: 0
(Geen kwaadaardige items gedetecteerd)
Verstreken tijd: 10 min, 21 sec

-Scanopties-
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Detectie
POA: Detectie

-Scandetails-
Proces: 0
(Geen kwaadaardige items gedetecteerd)

Module: 0
(Geen kwaadaardige items gedetecteerd)

Registersleutel: 0
(Geen kwaadaardige items gedetecteerd)

Registerwaarde: 0
(Geen kwaadaardige items gedetecteerd)

Registerdata: 0
(Geen kwaadaardige items gedetecteerd)

Gegevensstroom: 0
(Geen kwaadaardige items gedetecteerd)

Map: 0
(Geen kwaadaardige items gedetecteerd)

Bestand: 0
(Geen kwaadaardige items gedetecteerd)

Fysieke sector: 0
(Geen kwaadaardige items gedetecteerd)

WMI: 0
(Geen kwaadaardige items gedetecteerd)


(end)
 
Mooi zo.

Herhaal nu de scan met FRST en zet eerst een vinkje bij Additions.txt en doe dan een nieuwe scan.
Post wederom beide logs.
 
hier de logjes
Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 20.06.2018
Gestart door petra (Beheerder) op PETRA-PC (24-06-2018 20:58:09)
Gestart vanaf C:\Users\petra\Desktop
Geladen Profielen: petra (Beschikbare Profielen: petra)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Register (gefilterd) ===========================

(Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-19] (AVAST Software)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-24] (Easybits)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrictie <==== AANDACHT
HKU\S-1-5-21-3037185331-2861149877-865260356-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-06-19] (Piriform Ltd)
HKU\S-1-5-21-3037185331-2861149877-865260356-1001\...\Run: [AvastBrowserAutoLaunch_8B1768473B86749CB8ABB5CBD1C7484B] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808264 2018-06-12] (AVAST Software)
HKU\S-1-5-21-3037185331-2861149877-865260356-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ezScrSvr.scr
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-09-02] (EasyBits Software Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-01-22]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\Users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-11-22]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\petra\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - .lnk [2018-02-24]
ShortcutTarget: Inktwaarschuwingen controleren - .lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.)

Tcpip\Parameters: [DhcpNameServer] 89.101.251.228 89.101.251.229
Tcpip\..\Interfaces\{0E4F863B-4878-4515-87D1-9B02BEA5C6AF}: [DhcpNameServer] 89.101.251.228 89.101.251.229
Tcpip\..\Interfaces\{24C558B0-D525-41D2-9A19-2B15CD0F207C}: [DhcpNameServer] 212.54.44.54 212.54.40.25
Tcpip\..\Interfaces\{33B1ED06-A44C-4924-AAB2-84F627EEA03B}: [DhcpNameServer] 89.101.251.228 89.101.251.229
Tcpip\..\Interfaces\{FC0F5693-B54F-4B2B-B7CC-25CF955C22FE}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3037185331-2861149877-865260356-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {2B674302-A1C7-47B1-B3E4-7757FF86CCDF} URL = hxxp://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {2B674302-A1C7-47B1-B3E4-7757FF86CCDF} URL = hxxp://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3037185331-2861149877-865260356-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3037185331-2861149877-865260356-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-06-19] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-06-19] (AVAST Software)
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Secrets%20of%20Olympus/Images/stg_drm.ocx
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Farmscapes/Images/armhelper.ocx
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF ProfilePath: C:\Users\petra\AppData\Roaming\TomTom\HOME\Profiles\atrvdw12.default [2013-01-21]
FF ProfilePath: C:\Users\petra\AppData\Roaming\Mozilla\Firefox\Profiles\b104e7ey.default [2018-06-24]
FF Homepage: Mozilla\Firefox\Profiles\b104e7ey.default -> about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [Geen bestand]
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\FantastiGames\npExentCtl.dll [Geen bestand]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [Geen bestand]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-19] (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default [2018-06-24]
CHR Extension: (YouTube) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-21]
CHR Extension: (Gmail) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <niet gevonden>

==================== Services (gefilterd) ====================

(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-06-19] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-19] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-06-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [428984 2018-06-19] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-19] (AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [8633072 2018-06-19] (AVAST Software)
S4 EMET_Service; C:\Program Files (x86)\EMET 5.1\EMET_Service.exe [31880 2014-11-09] (Microsoft Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [Bestand niet getekend]
S3 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [537520 2006-11-29] ( )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (gefilterd) ======================

(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== AANDACHT (geen ServiceDLL)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-06-19] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-06-19] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-06-19] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-06-19] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-06-19] (AVAST Software)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [79216 2016-08-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-06-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-06-19] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2018-01-22] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [640248 2018-06-19] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-06-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-06-19] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-06-19] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-06-19] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-06-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-06-19] (AVAST Software)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-03-05] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-03-05] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-05] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38456 2013-02-11] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-02] (GFI Software)
S4 LMIRfsClientNP; geen ImagePath
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-24] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112872 2018-06-24] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-24] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94840 2018-06-24] (Malwarebytes)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2012-11-29] (LogMeIn, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-03-04] (Duplex Secure Ltd.)
S1 A2DDA; \??\C:\Users\petra\Desktop\Run\a2ddax64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hmpalert; \??\C:\Windows\system32\drivers\hmpalert.sys [X]
S3 hmpnet; \??\C:\Windows\system32\drivers\hmpnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\C9FB.tmp [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.)

2018-06-24 20:58 - 2018-06-24 20:58 - 000019336 _____ C:\Users\petra\Desktop\FRST.txt
2018-06-24 20:32 - 2018-06-24 20:32 - 000001506 _____ C:\Users\petra\Desktop\mbam scan.txt
2018-06-24 20:19 - 2018-06-24 20:22 - 000094840 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-24 20:19 - 2018-06-24 20:19 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-24 20:19 - 2018-06-24 20:19 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-06-24 20:19 - 2018-06-24 20:19 - 000112872 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-06-24 20:18 - 2018-06-24 20:18 - 000001834 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-24 20:18 - 2018-06-24 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-24 20:18 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-24 14:18 - 2018-06-24 18:18 - 000000000 ____D C:\Users\petra\AppData\Local\ESET
2018-06-24 14:17 - 2018-06-24 14:18 - 006988408 _____ (ESET spol. s r.o.) C:\Users\petra\Downloads\esetonlinescanner_nld.exe
2018-06-23 22:14 - 2018-06-24 20:19 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-23 22:13 - 2018-06-23 22:13 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-23 22:11 - 2018-06-23 22:12 - 072874400 _____ (Malwarebytes ) C:\Users\petra\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5597.exe
2018-06-22 22:37 - 2018-06-22 22:37 - 000000000 ____D C:\Program Files\Speccy
2018-06-22 21:16 - 2018-06-24 20:58 - 000000000 ____D C:\FRST
2018-06-22 21:13 - 2018-06-22 21:13 - 002412544 _____ (Farbar) C:\Users\petra\Desktop\FRST64.exe
2018-06-22 00:01 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2018-06-21 23:55 - 2018-06-21 23:55 - 000003792 _____ C:\Windows\SysWOW64\BroomData.bit
2018-06-21 23:55 - 2013-04-08 15:30 - 000022752 _____ C:\Windows\system32\PCloudBroom64.exe
2018-06-21 23:22 - 2018-06-21 23:22 - 000000000 ____D C:\Program Files (x86)\Panda Security
2018-06-21 23:22 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2018-06-21 23:14 - 2018-06-21 23:14 - 038191600 _____ (Panda Security ) C:\Users\petra\Downloads\PandaCloudCleaner.exe
2018-06-21 21:56 - 2018-06-21 21:56 - 000000000 ____D C:\Users\petra\Desktop\afspraak id kaart
2018-06-19 22:10 - 2018-06-19 22:10 - 000004572 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-19 21:57 - 2018-06-19 21:57 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-06-19 21:56 - 2018-06-19 21:56 - 000003532 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
2018-06-19 21:56 - 2018-06-19 21:56 - 000003404 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
2018-06-19 21:55 - 2018-06-19 22:15 - 000000000 ____D C:\Users\petra\AppData\Local\AVAST Software
2018-06-19 21:53 - 2017-11-01 07:53 - 000346176 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-19 21:49 - 2018-06-19 21:48 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-06-19 21:35 - 2018-06-19 21:35 - 000000000 ____D C:\Users\petra\AppData\Local\BlueStacks
2018-06-19 20:44 - 2018-06-19 20:44 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-06-19 19:57 - 2018-06-19 19:57 - 020813312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.)

2018-06-24 20:18 - 2015-03-10 00:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-24 18:57 - 2009-07-14 06:45 - 000023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-24 18:57 - 2009-07-14 06:45 - 000023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-24 18:46 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-24 18:09 - 2015-05-15 20:14 - 000000000 ____D C:\Users\petra\Desktop\My Shared Folder
2018-06-24 13:28 - 2011-06-19 13:34 - 000000000 ____D C:\Users\petra\AppData\LocalLow\Temp
2018-06-23 23:39 - 2009-09-02 10:43 - 000732646 _____ C:\Windows\system32\perfh013.dat
2018-06-23 23:39 - 2009-09-02 10:43 - 000149874 _____ C:\Windows\system32\perfc013.dat
2018-06-23 23:39 - 2009-07-14 07:13 - 001672576 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-23 23:39 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-06-23 23:30 - 2015-03-08 14:32 - 000000000 ____D C:\AdwCleaner
2018-06-23 22:11 - 2011-06-01 14:36 - 000003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA22A8B7-AE17-4B29-AE85-E3DDDBA9A113}
2018-06-21 22:29 - 2016-03-05 09:30 - 000000000 ____D C:\Users\petra\AppData\Roaming\DAEMON Tools Lite
2018-06-21 21:44 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2018-06-19 22:10 - 2012-06-29 00:30 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-06-19 22:09 - 2012-06-29 00:30 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-19 22:09 - 2012-03-26 20:33 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-19 22:09 - 2011-06-19 23:30 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-19 22:09 - 2009-09-02 01:19 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-19 22:05 - 2017-04-23 14:55 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-06-19 22:05 - 2011-05-31 07:08 - 000000000 ____D C:\ProgramData\AVAST Software
2018-06-19 21:55 - 2018-01-22 13:46 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-06-19 21:53 - 2011-12-30 11:46 - 000000000 ____D C:\Program Files (x86)\WinRAR
2018-06-19 21:48 - 2018-01-22 13:41 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-06-19 21:48 - 2014-04-30 17:37 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-06-19 21:48 - 2013-12-28 12:37 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-06-19 21:48 - 2013-03-02 10:05 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-06-19 21:48 - 2013-03-02 10:05 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-06-19 21:48 - 2013-03-02 10:05 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-06-19 21:48 - 2013-03-02 10:05 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-06-19 21:48 - 2013-03-02 10:05 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-06-19 21:47 - 2017-04-23 14:55 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-06-19 21:47 - 2017-04-23 14:55 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-06-19 21:47 - 2017-04-23 14:55 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-06-19 21:47 - 2017-04-23 14:55 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-06-19 21:47 - 2016-02-13 01:44 - 000640248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2018-06-19 21:47 - 2013-03-02 10:05 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-06-19 21:41 - 2017-10-16 19:11 - 000000000 ____D C:\Users\petra\Desktop\pasjes
2018-06-19 21:35 - 2016-03-23 23:31 - 000000000 ____D C:\ProgramData\BlueStacksGameManager
2018-06-19 21:35 - 2009-07-14 05:20 - 000000000 ___RD C:\Users\Public\Libraries
2018-06-19 21:26 - 2011-06-19 23:30 - 000000000 ____D C:\Program Files (x86)\Google
2018-06-19 21:24 - 2014-08-23 20:46 - 000000000 ____D C:\Users\petra\AppData\Local\com.gamehouse.acid
2018-06-19 21:24 - 2012-09-01 16:41 - 000000000 ____D C:\Zylom Games
2018-06-19 21:20 - 2016-03-05 09:45 - 000000000 ____D C:\Users\petra\AppData\Roaming\SPORE
2018-06-19 21:19 - 2009-09-02 00:54 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-06-19 21:17 - 2015-03-15 14:27 - 000000000 ____D C:\Program Files (x86)\The Sims 4
2018-06-19 21:17 - 2013-05-29 04:10 - 000000000 ____D C:\Users\petra\AppData\Local\Unity
2018-06-19 20:51 - 2015-03-08 19:26 - 000002142 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-19 20:51 - 2013-01-04 00:08 - 000002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-19 20:49 - 2013-05-19 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2018-06-19 20:44 - 2015-06-28 12:30 - 000003622 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Photosmart 5520 series
2018-06-19 20:44 - 2013-03-02 10:15 - 000000000 ____D C:\Program Files\CCleaner
2018-06-19 20:42 - 2012-10-08 17:46 - 000003490 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-19 20:42 - 2012-10-08 17:46 - 000003362 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-19 20:40 - 2012-11-18 12:56 - 000000000 __HDC C:\ProgramData\{47E1B06E-0207-42C9-8315-F1E24834ED9E}
2018-06-19 20:40 - 2012-09-07 16:33 - 000000000 ____D C:\Users\petra\AppData\Roaming\Skype
2018-06-19 20:40 - 2012-01-09 10:48 - 000000000 ____D C:\Users\petra\Documents\Youcam
2018-06-19 20:40 - 2011-06-25 16:51 - 000000000 ____D C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2018-06-19 20:40 - 2011-05-30 23:37 - 000000000 ____D C:\Users\petra\AppData\Roaming\HpUpdate
2018-06-19 20:40 - 2011-05-30 23:31 - 000000000 ____D C:\Users\petra\AppData\Roaming\hpqlog
2018-06-19 20:40 - 2011-05-30 18:53 - 000000000 ____D C:\Users\petra\AppData\Local\Microsoft Help
2018-06-19 20:40 - 2011-05-30 18:25 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2018-06-19 20:40 - 2009-09-02 02:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
2018-06-19 20:40 - 2009-07-25 08:11 - 000000000 ____D C:\Windows\Panther
2018-06-19 20:40 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-06-19 20:35 - 2011-05-30 23:32 - 000000274 _____ C:\ProgramData\HPWALog.txt
2018-06-19 20:31 - 2015-12-03 22:39 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-06-19 19:55 - 2018-01-22 13:50 - 000004194 _____ C:\Windows\System32\Tasks\Avast TUNEUP Update

==================== Bestanden in de root van sommige mappen =======

2015-03-02 20:37 - 2015-03-02 20:37 - 006103040 _____ () C:\Program Files (x86)\GUT5013.tmp
2012-05-13 06:51 - 2012-09-01 02:10 - 000000011 _____ () C:\Users\petra\AppData\Roaming\log.txt
2011-07-01 05:49 - 2011-07-01 06:22 - 000000140 _____ () C:\Users\petra\AppData\Roaming\wklnhst.dat
2011-05-30 23:32 - 2011-05-30 23:32 - 000000000 _____ () C:\Users\petra\AppData\Local\AtStart.txt
2011-05-30 23:32 - 2011-05-30 23:32 - 000000000 _____ () C:\Users\petra\AppData\Local\DSwitch.txt
2011-05-30 23:32 - 2011-05-30 23:32 - 000000000 _____ () C:\Users\petra\AppData\Local\QSwitch.txt
2011-07-21 23:19 - 2013-03-20 06:25 - 000007666 _____ () C:\Users\petra\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\Windows\system32\winlogon.exe => Bestand is getekend
C:\Windows\system32\wininit.exe => Bestand is getekend
C:\Windows\SysWOW64\wininit.exe => Bestand is getekend
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
C:\Windows\system32\svchost.exe => Bestand is getekend
C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
C:\Windows\system32\services.exe => Bestand is getekend
C:\Windows\system32\User32.dll => Bestand is getekend
C:\Windows\SysWOW64\User32.dll => Bestand is getekend
C:\Windows\system32\userinit.exe => Bestand is getekend
C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
C:\Windows\system32\rpcss.dll => Bestand is getekend
C:\Windows\system32\dnsapi.dll => Bestand is getekend
C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend
C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend

LastRegBack: 2018-01-22 14:44

==================== Eind van FRST.txt ============================
Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 20.06.2018
Gestart door petra (Beheerder) op PETRA-PC (24-06-2018 20:58:09)
Gestart vanaf C:\Users\petra\Desktop
Geladen Profielen: petra (Beschikbare Profielen: petra)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, zal het proces worden gesloten. Het bestand zal niet worden verplaatst.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Register (gefilterd) ===========================

(Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-19] (AVAST Software)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-24] (Easybits)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrictie <==== AANDACHT
HKU\S-1-5-21-3037185331-2861149877-865260356-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-06-19] (Piriform Ltd)
HKU\S-1-5-21-3037185331-2861149877-865260356-1001\...\Run: [AvastBrowserAutoLaunch_8B1768473B86749CB8ABB5CBD1C7484B] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808264 2018-06-12] (AVAST Software)
HKU\S-1-5-21-3037185331-2861149877-865260356-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ezScrSvr.scr
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-09-02] (EasyBits Software Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-01-22]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\Users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-11-22]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\petra\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - .lnk [2018-02-24]
ShortcutTarget: Inktwaarschuwingen controleren - .lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.)

Tcpip\Parameters: [DhcpNameServer] 89.101.251.228 89.101.251.229
Tcpip\..\Interfaces\{0E4F863B-4878-4515-87D1-9B02BEA5C6AF}: [DhcpNameServer] 89.101.251.228 89.101.251.229
Tcpip\..\Interfaces\{24C558B0-D525-41D2-9A19-2B15CD0F207C}: [DhcpNameServer] 212.54.44.54 212.54.40.25
Tcpip\..\Interfaces\{33B1ED06-A44C-4924-AAB2-84F627EEA03B}: [DhcpNameServer] 89.101.251.228 89.101.251.229
Tcpip\..\Interfaces\{FC0F5693-B54F-4B2B-B7CC-25CF955C22FE}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3037185331-2861149877-865260356-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {2B674302-A1C7-47B1-B3E4-7757FF86CCDF} URL = hxxp://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {2B674302-A1C7-47B1-B3E4-7757FF86CCDF} URL = hxxp://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3037185331-2861149877-865260356-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3037185331-2861149877-865260356-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-06-19] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-06-19] (AVAST Software)
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Secrets%20of%20Olympus/Images/stg_drm.ocx
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Farmscapes/Images/armhelper.ocx
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF ProfilePath: C:\Users\petra\AppData\Roaming\TomTom\HOME\Profiles\atrvdw12.default [2013-01-21]
FF ProfilePath: C:\Users\petra\AppData\Roaming\Mozilla\Firefox\Profiles\b104e7ey.default [2018-06-24]
FF Homepage: Mozilla\Firefox\Profiles\b104e7ey.default -> about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [Geen bestand]
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\FantastiGames\npExentCtl.dll [Geen bestand]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [Geen bestand]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-19] (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default [2018-06-24]
CHR Extension: (YouTube) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-21]
CHR Extension: (Gmail) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <niet gevonden>

==================== Services (gefilterd) ====================

(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-06-19] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-19] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-06-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [428984 2018-06-19] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-19] (AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [8633072 2018-06-19] (AVAST Software)
S4 EMET_Service; C:\Program Files (x86)\EMET 5.1\EMET_Service.exe [31880 2014-11-09] (Microsoft Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [Bestand niet getekend]
S3 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [537520 2006-11-29] ( )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (gefilterd) ======================

(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== AANDACHT (geen ServiceDLL)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-06-19] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-06-19] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-06-19] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-06-19] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-06-19] (AVAST Software)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [79216 2016-08-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-06-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-06-19] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2018-01-22] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [640248 2018-06-19] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-06-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-06-19] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-06-19] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-06-19] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-06-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-06-19] (AVAST Software)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-03-05] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-03-05] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-05] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [38456 2013-02-11] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-02] (GFI Software)
S4 LMIRfsClientNP; geen ImagePath
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-24] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112872 2018-06-24] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-24] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94840 2018-06-24] (Malwarebytes)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2012-11-29] (LogMeIn, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-03-04] (Duplex Secure Ltd.)
S1 A2DDA; \??\C:\Users\petra\Desktop\Run\a2ddax64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hmpalert; \??\C:\Windows\system32\drivers\hmpalert.sys [X]
S3 hmpnet; \??\C:\Windows\system32\drivers\hmpnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\C9FB.tmp [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.)

2018-06-24 20:58 - 2018-06-24 20:58 - 000019336 _____ C:\Users\petra\Desktop\FRST.txt
2018-06-24 20:32 - 2018-06-24 20:32 - 000001506 _____ C:\Users\petra\Desktop\mbam scan.txt
2018-06-24 20:19 - 2018-06-24 20:22 - 000094840 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-24 20:19 - 2018-06-24 20:19 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-24 20:19 - 2018-06-24 20:19 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-06-24 20:19 - 2018-06-24 20:19 - 000112872 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-06-24 20:18 - 2018-06-24 20:18 - 000001834 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-24 20:18 - 2018-06-24 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-24 20:18 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-24 14:18 - 2018-06-24 18:18 - 000000000 ____D C:\Users\petra\AppData\Local\ESET
2018-06-24 14:17 - 2018-06-24 14:18 - 006988408 _____ (ESET spol. s r.o.) C:\Users\petra\Downloads\esetonlinescanner_nld.exe
2018-06-23 22:14 - 2018-06-24 20:19 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-23 22:13 - 2018-06-23 22:13 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-23 22:11 - 2018-06-23 22:12 - 072874400 _____ (Malwarebytes ) C:\Users\petra\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5597.exe
2018-06-22 22:37 - 2018-06-22 22:37 - 000000000 ____D C:\Program Files\Speccy
2018-06-22 21:16 - 2018-06-24 20:58 - 000000000 ____D C:\FRST
2018-06-22 21:13 - 2018-06-22 21:13 - 002412544 _____ (Farbar) C:\Users\petra\Desktop\FRST64.exe
2018-06-22 00:01 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2018-06-21 23:55 - 2018-06-21 23:55 - 000003792 _____ C:\Windows\SysWOW64\BroomData.bit
2018-06-21 23:55 - 2013-04-08 15:30 - 000022752 _____ C:\Windows\system32\PCloudBroom64.exe
2018-06-21 23:22 - 2018-06-21 23:22 - 000000000 ____D C:\Program Files (x86)\Panda Security
2018-06-21 23:22 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2018-06-21 23:14 - 2018-06-21 23:14 - 038191600 _____ (Panda Security ) C:\Users\petra\Downloads\PandaCloudCleaner.exe
2018-06-21 21:56 - 2018-06-21 21:56 - 000000000 ____D C:\Users\petra\Desktop\afspraak id kaart
2018-06-19 22:10 - 2018-06-19 22:10 - 000004572 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-19 21:57 - 2018-06-19 21:57 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-06-19 21:56 - 2018-06-19 21:56 - 000003532 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
2018-06-19 21:56 - 2018-06-19 21:56 - 000003404 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
2018-06-19 21:55 - 2018-06-19 22:15 - 000000000 ____D C:\Users\petra\AppData\Local\AVAST Software
2018-06-19 21:53 - 2017-11-01 07:53 - 000346176 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-19 21:49 - 2018-06-19 21:48 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-06-19 21:35 - 2018-06-19 21:35 - 000000000 ____D C:\Users\petra\AppData\Local\BlueStacks
2018-06-19 20:44 - 2018-06-19 20:44 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-06-19 19:57 - 2018-06-19 19:57 - 020813312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.)

2018-06-24 20:18 - 2015-03-10 00:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-24 18:57 - 2009-07-14 06:45 - 000023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-24 18:57 - 2009-07-14 06:45 - 000023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-24 18:46 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-24 18:09 - 2015-05-15 20:14 - 000000000 ____D C:\Users\petra\Desktop\My Shared Folder
2018-06-24 13:28 - 2011-06-19 13:34 - 000000000 ____D C:\Users\petra\AppData\LocalLow\Temp
2018-06-23 23:39 - 2009-09-02 10:43 - 000732646 _____ C:\Windows\system32\perfh013.dat
2018-06-23 23:39 - 2009-09-02 10:43 - 000149874 _____ C:\Windows\system32\perfc013.dat
2018-06-23 23:39 - 2009-07-14 07:13 - 001672576 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-23 23:39 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-06-23 23:30 - 2015-03-08 14:32 - 000000000 ____D C:\AdwCleaner
2018-06-23 22:11 - 2011-06-01 14:36 - 000003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA22A8B7-AE17-4B29-AE85-E3DDDBA9A113}
2018-06-21 22:29 - 2016-03-05 09:30 - 000000000 ____D C:\Users\petra\AppData\Roaming\DAEMON Tools Lite
2018-06-21 21:44 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2018-06-19 22:10 - 2012-06-29 00:30 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-06-19 22:09 - 2012-06-29 00:30 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-19 22:09 - 2012-03-26 20:33 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-19 22:09 - 2011-06-19 23:30 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-19 22:09 - 2009-09-02 01:19 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-19 22:05 - 2017-04-23 14:55 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-06-19 22:05 - 2011-05-31 07:08 - 000000000 ____D C:\ProgramData\AVAST Software
2018-06-19 21:55 - 2018-01-22 13:46 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-06-19 21:53 - 2011-12-30 11:46 - 000000000 ____D C:\Program Files (x86)\WinRAR
2018-06-19 21:48 - 2018-01-22 13:41 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-06-19 21:48 - 2014-04-30 17:37 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-06-19 21:48 - 2013-12-28 12:37 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-06-19 21:48 - 2013-03-02 10:05 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-06-19 21:48 - 2013-03-02 10:05 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-06-19 21:48 - 2013-03-02 10:05 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-06-19 21:48 - 2013-03-02 10:05 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-06-19 21:48 - 2013-03-02 10:05 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-06-19 21:47 - 2017-04-23 14:55 - 000343752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-06-19 21:47 - 2017-04-23 14:55 - 000227504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-06-19 21:47 - 2017-04-23 14:55 - 000199440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-06-19 21:47 - 2017-04-23 14:55 - 000057680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-06-19 21:47 - 2016-02-13 01:44 - 000640248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2018-06-19 21:47 - 2013-03-02 10:05 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-06-19 21:41 - 2017-10-16 19:11 - 000000000 ____D C:\Users\petra\Desktop\pasjes
2018-06-19 21:35 - 2016-03-23 23:31 - 000000000 ____D C:\ProgramData\BlueStacksGameManager
2018-06-19 21:35 - 2009-07-14 05:20 - 000000000 ___RD C:\Users\Public\Libraries
2018-06-19 21:26 - 2011-06-19 23:30 - 000000000 ____D C:\Program Files (x86)\Google
2018-06-19 21:24 - 2014-08-23 20:46 - 000000000 ____D C:\Users\petra\AppData\Local\com.gamehouse.acid
2018-06-19 21:24 - 2012-09-01 16:41 - 000000000 ____D C:\Zylom Games
2018-06-19 21:20 - 2016-03-05 09:45 - 000000000 ____D C:\Users\petra\AppData\Roaming\SPORE
2018-06-19 21:19 - 2009-09-02 00:54 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-06-19 21:17 - 2015-03-15 14:27 - 000000000 ____D C:\Program Files (x86)\The Sims 4
2018-06-19 21:17 - 2013-05-29 04:10 - 000000000 ____D C:\Users\petra\AppData\Local\Unity
2018-06-19 20:51 - 2015-03-08 19:26 - 000002142 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-19 20:51 - 2013-01-04 00:08 - 000002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-19 20:49 - 2013-05-19 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2018-06-19 20:44 - 2015-06-28 12:30 - 000003622 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Photosmart 5520 series
2018-06-19 20:44 - 2013-03-02 10:15 - 000000000 ____D C:\Program Files\CCleaner
2018-06-19 20:42 - 2012-10-08 17:46 - 000003490 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-19 20:42 - 2012-10-08 17:46 - 000003362 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-19 20:40 - 2012-11-18 12:56 - 000000000 __HDC C:\ProgramData\{47E1B06E-0207-42C9-8315-F1E24834ED9E}
2018-06-19 20:40 - 2012-09-07 16:33 - 000000000 ____D C:\Users\petra\AppData\Roaming\Skype
2018-06-19 20:40 - 2012-01-09 10:48 - 000000000 ____D C:\Users\petra\Documents\Youcam
2018-06-19 20:40 - 2011-06-25 16:51 - 000000000 ____D C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2018-06-19 20:40 - 2011-05-30 23:37 - 000000000 ____D C:\Users\petra\AppData\Roaming\HpUpdate
2018-06-19 20:40 - 2011-05-30 23:31 - 000000000 ____D C:\Users\petra\AppData\Roaming\hpqlog
2018-06-19 20:40 - 2011-05-30 18:53 - 000000000 ____D C:\Users\petra\AppData\Local\Microsoft Help
2018-06-19 20:40 - 2011-05-30 18:25 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2018-06-19 20:40 - 2009-09-02 02:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
2018-06-19 20:40 - 2009-07-25 08:11 - 000000000 ____D C:\Windows\Panther
2018-06-19 20:40 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-06-19 20:35 - 2011-05-30 23:32 - 000000274 _____ C:\ProgramData\HPWALog.txt
2018-06-19 20:31 - 2015-12-03 22:39 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-06-19 19:55 - 2018-01-22 13:50 - 000004194 _____ C:\Windows\System32\Tasks\Avast TUNEUP Update

==================== Bestanden in de root van sommige mappen =======

2015-03-02 20:37 - 2015-03-02 20:37 - 006103040 _____ () C:\Program Files (x86)\GUT5013.tmp
2012-05-13 06:51 - 2012-09-01 02:10 - 000000011 _____ () C:\Users\petra\AppData\Roaming\log.txt
2011-07-01 05:49 - 2011-07-01 06:22 - 000000140 _____ () C:\Users\petra\AppData\Roaming\wklnhst.dat
2011-05-30 23:32 - 2011-05-30 23:32 - 000000000 _____ () C:\Users\petra\AppData\Local\AtStart.txt
2011-05-30 23:32 - 2011-05-30 23:32 - 000000000 _____ () C:\Users\petra\AppData\Local\DSwitch.txt
2011-05-30 23:32 - 2011-05-30 23:32 - 000000000 _____ () C:\Users\petra\AppData\Local\QSwitch.txt
2011-07-21 23:19 - 2013-03-20 06:25 - 000007666 _____ () C:\Users\petra\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\Windows\system32\winlogon.exe => Bestand is getekend
C:\Windows\system32\wininit.exe => Bestand is getekend
C:\Windows\SysWOW64\wininit.exe => Bestand is getekend
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
C:\Windows\system32\svchost.exe => Bestand is getekend
C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
C:\Windows\system32\services.exe => Bestand is getekend
C:\Windows\system32\User32.dll => Bestand is getekend
C:\Windows\SysWOW64\User32.dll => Bestand is getekend
C:\Windows\system32\userinit.exe => Bestand is getekend
C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
C:\Windows\system32\rpcss.dll => Bestand is getekend
C:\Windows\system32\dnsapi.dll => Bestand is getekend
C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend
C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend

LastRegBack: 2018-01-22 14:44

==================== Eind van FRST.txt ============================
 
Waarschuwing: onderstaande bewerking is enkel voor deze computer bedoeld, het toepassen hiervan in een andere computer kan tot schade in Windows leiden.


We gaan
51a5c8edc4692-icon1337952077.png


Farbar Recovery Scan Tool (FRST.exe) opnieuw gebruiken.

Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\Kladblok (of Notepad)".
Kopieer en plak de tekst in het code-venster vanaf het woord Code in het lege kladblokvenster.

Code:
start
CreateRestorePoint:

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== AANDACHT (geen ServiceDLL)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
2015-03-02 20:37 - 2015-03-02 20:37 - 006103040 _____ () C:\Program Files (x86)\GUT5013.tmp
2012-05-13 06:51 - 2012-09-01 02:10 - 000000011 _____ () C:\Users\petra\AppData\Roaming\log.txt
2011-07-01 05:49 - 2011-07-01 06:22 - 000000140 _____ () C:\Users\petra\AppData\Roaming\wklnhst.dat
2011-05-30 23:32 - 2011-05-30 23:32 - 000000000 _____ () C:\Users\petra\AppData\Local\AtStart.txt
2011-05-30 23:32 - 2011-05-30 23:32 - 000000000 _____ () C:\Users\petra\AppData\Local\DSwitch.txt
2011-05-30 23:32 - 2011-05-30 23:32 - 000000000 _____ () C:\Users\petra\AppData\Local\QSwitch.txt
2011-07-21 23:19 - 2013-03-20 06:25 - 000007666 _____ () C:\Users\petra\AppData\Local\Resmon.ResmonCfg
KLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrictie <==== AANDACHT
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
Task: {07CEA4F6-F2AA-4908-BF4E-52379E67DAF8} - System32\Tasks\{F0428A47-7272-45DC-804B-2E244DDA9028} => C:\Windows\system32\pcalua.exe -a C:\Users\petra\Downloads\sp42810.exe -d C:\Users\petra\Downloads
Task: {116B3D52-C46F-46A9-8FF1-6A7628A5312D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {3DE21C29-35BB-45CB-8467-090B7D2168AB} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe


EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: netsh winsock reset
end

Sla nu dit kladblokbestand in de dezelfde locatie waar ook FRST.exe aanwezig is op als Fixlist.txt

Farbar Recovery Scan Tool (FRST.exe) met de fixlist.txt gebruiken
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op FRST.exe en kies voor "Als Administrator uitvoeren".
  • Als het programma wordt gestart, klik dan op Ja in de popup.
  • Druk op de Fix knop.
  • Na de fix wordt een logbestand - Fixlog.txt - in dezelfde locatie aangemaakt van waaruit FRST.exe is gestart.
  • Post de inhoud van dit logbestand in jouw volgende bericht.
 
hallo abraham,hier het logje
Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 20.06.2018
Gestart door petra (24-06-2018 22:09:03) Run:3
Gestart vanaf C:\Users\petra\Desktop
Geladen Profielen: petra (Beschikbare Profielen: petra)
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
start
CreateRestorePoint:

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== AANDACHT (geen ServiceDLL)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
2015-03-02 20:37 - 2015-03-02 20:37 - 006103040 _____ () C:\Program Files (x86)\GUT5013.tmp
2012-05-13 06:51 - 2012-09-01 02:10 - 000000011 _____ () C:\Users\petra\AppData\Roaming\log.txt
2011-07-01 05:49 - 2011-07-01 06:22 - 000000140 _____ () C:\Users\petra\AppData\Roaming\wklnhst.dat
2011-05-30 23:32 - 2011-05-30 23:32 - 000000000 _____ () C:\Users\petra\AppData\Local\AtStart.txt
2011-05-30 23:32 - 2011-05-30 23:32 - 000000000 _____ () C:\Users\petra\AppData\Local\DSwitch.txt
2011-05-30 23:32 - 2011-05-30 23:32 - 000000000 _____ () C:\Users\petra\AppData\Local\QSwitch.txt
2011-07-21 23:19 - 2013-03-20 06:25 - 000007666 _____ () C:\Users\petra\AppData\Local\Resmon.ResmonCfg
KLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrictie <==== AANDACHT
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
Task: {07CEA4F6-F2AA-4908-BF4E-52379E67DAF8} - System32\Tasks\{F0428A47-7272-45DC-804B-2E244DDA9028} => C:\Windows\system32\pcalua.exe -a C:\Users\petra\Downloads\sp42810.exe -d C:\Users\petra\Downloads
Task: {116B3D52-C46F-46A9-8FF1-6A7628A5312D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {3DE21C29-35BB-45CB-8467-090B7D2168AB} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe


EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: netsh winsock reset
end
*****************

Herstelpunt is succesvol gemaakt.
"HKLM\System\CurrentControlSet\Services\AppMgmt" => is succesvol verwijderd
AppMgmt => dienst is succesvol verwijderd
"HKLM\System\CurrentControlSet\Services\LMIInfo" => is succesvol verwijderd
LMIInfo => dienst is succesvol verwijderd
C:\Program Files (x86)\GUT5013.tmp => is succesvol verplaatst
C:\Users\petra\AppData\Roaming\log.txt => is succesvol verplaatst
C:\Users\petra\AppData\Roaming\wklnhst.dat => is succesvol verplaatst
C:\Users\petra\AppData\Local\AtStart.txt => is succesvol verplaatst
C:\Users\petra\AppData\Local\DSwitch.txt => is succesvol verplaatst
C:\Users\petra\AppData\Local\QSwitch.txt => is succesvol verplaatst
C:\Users\petra\AppData\Local\Resmon.ResmonCfg => is succesvol verplaatst
"HKU\KLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrictie <==== AANDACHT\SOFTWARE\Policies\Microsoft\Internet Explorer" => niet gevonden
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => waarde met succes hersteld
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07CEA4F6-F2AA-4908-BF4E-52379E67DAF8}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07CEA4F6-F2AA-4908-BF4E-52379E67DAF8}" => is succesvol verwijderd
C:\Windows\System32\Tasks\{F0428A47-7272-45DC-804B-2E244DDA9028} => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F0428A47-7272-45DC-804B-2E244DDA9028}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{116B3D52-C46F-46A9-8FF1-6A7628A5312D}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{116B3D52-C46F-46A9-8FF1-6A7628A5312D}" => is succesvol verwijderd
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DE21C29-35BB-45CB-8467-090B7D2168AB}" => is succesvol verwijderd
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DE21C29-35BB-45CB-8467-090B7D2168AB}" => is succesvol verwijderd
C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => is succesvol verplaatst
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => is succesvol verwijderd
Proces succesvol afgesloten.

========= ipconfig /flushdns =========


Windows IP-configuratie

De DNS-omzettingscache is leeggemaakt.

========= Eind van CMD: =========


========= netsh winsock reset =========


De Winsock-catalogus is opnieuw ingesteld.
De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien.


========= Eind van CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 941082 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 9698 B
Edge => 0 B
Chrome => 54301880 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
petra => 991149 B
LogMeInRemoteUser => 0 B

RecycleBin => 7503059 B
EmptyTemp: => 68.8 MB tijdelijke gegevens verwijderd.

================================


Het systeem moest herstart worden.

==== Eind van Fixlog 22:10:27 ====
 
Download
51c590ce361e7-ComboFix_resized_2.png
ComboFix via één van deze locaties:
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
ComboFix opstarten:
  • Windows Vista, Windows 7 en Windows 8: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".
ComboFix is opgestart:
  • Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
  • Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
  • Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
  • Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
  • Post de inhoud van dit logbestand in je volgende bericht.
  • Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt
Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Start dan de computer opnieuw op.
 
hier is combo fix logje
ComboFix 18-06-17.01 - petra 24-06-2018 22:58:20.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3003.183 [GMT 2:00]
Gestart vanuit: c:\users\petra\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Avast Antivirus *Disabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - .lnk
c:\windows\security\logs\scecomp.log
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2018-05-24 to 2018-06-24 ))))))))))))))))))))))))))))))
.
.
2018-06-24 21:21 . 2018-06-24 21:21 94840 ----a-w- c:\windows\system32\drivers\mwac.sys
2018-06-24 21:17 . 2018-06-24 21:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2018-06-24 21:17 . 2018-06-24 21:17 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2018-06-24 21:17 . 2018-06-24 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-06-24 20:16 . 2018-06-24 21:21 253664 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-06-24 18:19 . 2018-06-24 18:19 190696 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2018-06-24 18:19 . 2018-06-24 21:21 112872 ----a-w- c:\windows\system32\drivers\farflt.sys
2018-06-24 18:18 . 2018-05-24 04:55 152184 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-06-24 12:18 . 2018-06-24 16:18 -------- d-----w- c:\users\petra\AppData\Local\ESET
2018-06-23 20:14 . 2018-06-24 21:22 44768 ----a-w- c:\windows\system32\drivers\mbam.sys
2018-06-23 20:13 . 2018-06-23 20:13 -------- d-----w- c:\program files\Malwarebytes
2018-06-22 20:37 . 2018-06-22 20:37 -------- d-----w- c:\program files\Speccy
2018-06-22 19:16 . 2018-06-24 20:15 -------- d-----w- C:\FRST
2018-06-21 22:01 . 2015-09-14 11:03 39672 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2018-06-21 21:55 . 2013-04-08 13:30 22752 ----a-w- c:\windows\system32\PCloudBroom64.exe
2018-06-21 21:22 . 2015-01-29 16:21 50320 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2018-06-21 21:22 . 2018-06-21 21:22 -------- d-----w- c:\program files (x86)\Panda Security
2018-06-19 19:55 . 2018-06-19 20:15 -------- d-----w- c:\users\petra\AppData\Local\AVAST Software
2018-06-19 19:49 . 2018-06-19 19:48 376536 ----a-w- c:\windows\system32\aswBoot.exe
2018-06-19 19:35 . 2018-06-19 19:35 -------- d-----w- c:\users\petra\AppData\Local\BlueStacks
2018-06-19 17:57 . 2018-06-19 17:57 20813312 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-06-19 20:09 . 2012-06-28 22:30 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-06-19 20:09 . 2011-06-19 21:30 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-06-19 19:48 . 2013-12-28 10:37 205976 ----a-w- c:\windows\system32\drivers\aswStm.sys
2018-06-19 19:48 . 2014-04-30 15:37 46968 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2018-06-19 19:48 . 2013-03-02 08:05 460520 ----a-w- c:\windows\system32\drivers\aswSP.sys
2018-06-19 19:48 . 2013-03-02 08:05 381552 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2018-06-19 19:48 . 2013-03-02 08:05 85968 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2018-06-19 19:48 . 2013-03-02 08:05 159120 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2018-06-19 19:48 . 2018-01-22 11:41 196640 ----a-w- c:\windows\system32\drivers\aswArPot.sys
2018-06-19 19:48 . 2013-03-02 08:05 111360 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2018-06-19 19:47 . 2013-03-02 08:05 1027720 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2018-06-19 19:47 . 2016-02-12 23:44 640248 ----a-w- c:\windows\system32\drivers\aswNetSec.sys
2018-06-19 19:47 . 2017-04-23 12:55 57680 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2018-06-19 19:47 . 2017-04-23 12:55 343752 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2018-06-19 19:47 . 2017-04-23 12:55 227504 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2018-06-19 19:47 . 2017-04-23 12:55 199440 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2018-06-19 17074688]
"AvastBrowserAutoLaunch_8B1768473B86749CB8ABB5CBD1C7484B"="c:\program files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" [2018-06-12 1808264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2015-11-24 1444880]
.
c:\users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Gameroom.lnk - c:\users\petra\AppData\Local\Facebook\Games\FacebookGameroom.exe fbgames://windows_startup/ [2017-11-2 571256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Avast Cleanup Premium.lnk - c:\program files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe /nogui [2018-1-22 1645664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\petra\Desktop\Run\a2ddax64.sys;c:\users\petra\Desktop\Run\a2ddax64.sys [x]
R2 avast;%1!s! Update-service (avast);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 avastm;%1!s! Update-service (avastm);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x]
R3 hmpnet;HitmanPro.Alert Network Driver;c:\windows\system32\drivers\hmpnet.sys;c:\windows\SYSNATIVE\drivers\hmpnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe;c:\windows\SYSNATIVE\lxcycoms.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C9FB.tmp;c:\windows\SYSNATIVE\C9FB.tmp [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R4 EMET_Service;Microsoft EMET Service;c:\program files (x86)\EMET 5.1\EMET_Service.exe;c:\program files (x86)\EMET 5.1\EMET_Service.exe [x]
R4 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R4 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys;c:\windows\SYSNATIVE\drivers\aswNetSec.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall Service;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 CleanupPSvc;Avast Cleanup Premium;c:\program files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe;c:\program files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drivers\MbamChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys;c:\windows\SYSNATIVE\DRIVERS\aswNetNd6.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x]
S3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\DRIVERS\mwac.sys;c:\windows\SYSNATIVE\DRIVERS\mwac.sys [x]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys;c:\windows\SYSNATIVE\DRIVERS\radpms.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMWEBPROTECTION
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}]
2018-06-19 19:56 1958392 ----a-w- c:\program files (x86)\AVAST Software\Browser\Application\66.2.567.182\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2018-06-19 18:50 1648472 ----a-w- c:\program files (x86)\Google\Chrome\Application\67.0.3396.87\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2018-04-23 06:38 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2018-04-23 06:38 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2018-04-23 06:38 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-06-19 19:48 1773784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-06-19 19:48 1773784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-06-19 242904]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mDefault_Page_URL = hxxp://www.google.com
mSearchAssistant = www.google.com
mCustomizeSearch = www.google.com
TCP: DhcpNameServer = 89.101.251.228 89.101.251.229
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C9FB.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
.
**************************************************************************
.
Voltooingstijd: 2018-06-24 23:36:21 - machine werd herstart
ComboFix-quarantined-files.txt 2018-06-24 21:36
.
Pre-Run: 171.645.161.472 bytes beschikbaar
Post-Run: 171.048.894.464 bytes beschikbaar
.
- - End Of File - - D6BF18774154DF3C4B9830CBD73FF321
FF437E52C48495B5AD9121C3DFF8CE4A
 
Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\Kladblok (of Notepad)".

Kopieer en plak de volgende (blauwe tekst in het code-venster) in het lege kladblokvenster.


Code:
[B][color=#0000FF]ClearJavaCache::

File::
c:\users\petra\Desktop\Run\a2ddax64.sys
c:\windows\SYSNATIVE\drivers\gfiark.sys
c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys

Folder::


Driver::
gfiark
PSKMAD.sys

Registry::


[/COLOR][/B]

Sla dit kladblokbestand op je bureaublad op als CFScript.txt.

Nu eerst de antivirus en eventuele spywarescanners deaktiveren!
Zorg ook ervoor dat alle andere openstaande vensters gesloten zijn, ook de webbrowser.


Sleep CFScript.txt in ComboFix.exe


CFScript.gif


Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!
Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in C:\Combofix.txt

Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Start dan de computer opnieuw op.
 
goedenavond abraham,bedankt voor tijd en moeite,alles is al beduidend sneller,
bij deze mijn fix logje
ComboFix 18-06-17.01 - petra 25-06-2018 19:53:11.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3003.911 [GMT 2:00]
Gestart vanuit: c:\users\petra\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\users\petra\Desktop\CFScript.txt
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Avast Antivirus *Enabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\petra\Desktop\Run\a2ddax64.sys"
"c:\windows\system32\drivers\gfiark.sys"
"c:\windows\system32\DRIVERS\PSKMAD.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\logs\scecomp.log
c:\windows\system32\drivers\gfiark.sys
c:\windows\system32\DRIVERS\PSKMAD.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gfiark
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2018-05-25 to 2018-06-25 ))))))))))))))))))))))))))))))
.
.
2018-06-25 18:15 . 2018-06-25 18:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2018-06-25 18:15 . 2018-06-25 18:15 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2018-06-25 18:15 . 2018-06-25 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-06-24 21:36 . 2018-06-24 21:36 -------- d-----w- C:\$AV_ASW
2018-06-24 18:18 . 2018-05-24 04:55 152184 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-06-24 12:18 . 2018-06-24 16:18 -------- d-----w- c:\users\petra\AppData\Local\ESET
2018-06-23 20:13 . 2018-06-23 20:13 -------- d-----w- c:\program files\Malwarebytes
2018-06-22 20:37 . 2018-06-22 20:37 -------- d-----w- c:\program files\Speccy
2018-06-22 19:16 . 2018-06-24 20:15 -------- d-----w- C:\FRST
2018-06-21 22:01 . 2015-09-14 11:03 39672 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2018-06-21 21:55 . 2013-04-08 13:30 22752 ----a-w- c:\windows\system32\PCloudBroom64.exe
2018-06-21 21:22 . 2015-01-29 16:21 50320 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2018-06-21 21:22 . 2018-06-21 21:22 -------- d-----w- c:\program files (x86)\Panda Security
2018-06-19 19:55 . 2018-06-19 20:15 -------- d-----w- c:\users\petra\AppData\Local\AVAST Software
2018-06-19 19:49 . 2018-06-19 19:48 376536 ----a-w- c:\windows\system32\aswBoot.exe
2018-06-19 19:35 . 2018-06-19 19:35 -------- d-----w- c:\users\petra\AppData\Local\BlueStacks
2018-06-19 17:57 . 2018-06-19 17:57 20813312 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-06-21 20:49 . 2011-07-04 11:29 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2018-06-21 20:49 . 2011-06-19 18:35 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2018-06-19 20:09 . 2012-06-28 22:30 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-06-19 20:09 . 2011-06-19 21:30 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-06-19 19:48 . 2013-12-28 10:37 205976 ----a-w- c:\windows\system32\drivers\aswStm.sys
2018-06-19 19:48 . 2014-04-30 15:37 46968 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2018-06-19 19:48 . 2013-03-02 08:05 460520 ----a-w- c:\windows\system32\drivers\aswSP.sys
2018-06-19 19:48 . 2013-03-02 08:05 381552 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2018-06-19 19:48 . 2013-03-02 08:05 85968 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2018-06-19 19:48 . 2013-03-02 08:05 159120 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2018-06-19 19:48 . 2018-01-22 11:41 196640 ----a-w- c:\windows\system32\drivers\aswArPot.sys
2018-06-19 19:48 . 2013-03-02 08:05 111360 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2018-06-19 19:47 . 2013-03-02 08:05 1027720 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2018-06-19 19:47 . 2016-02-12 23:44 640248 ----a-w- c:\windows\system32\drivers\aswNetSec.sys
2018-06-19 19:47 . 2017-04-23 12:55 57680 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2018-06-19 19:47 . 2017-04-23 12:55 343752 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2018-06-19 19:47 . 2017-04-23 12:55 227504 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2018-06-19 19:47 . 2017-04-23 12:55 199440 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2018-06-19 18:57 . 2011-06-19 18:35 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2018-06-19 18:57 . 2011-07-04 11:29 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2018-06-19 17074688]
"AvastBrowserAutoLaunch_8B1768473B86749CB8ABB5CBD1C7484B"="c:\program files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" [2018-06-12 1808264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2015-11-24 1444880]
.
c:\users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Gameroom.lnk - c:\users\petra\AppData\Local\Facebook\Games\FacebookGameroom.exe fbgames://windows_startup/ [2017-11-2 571256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Avast Cleanup Premium.lnk - c:\program files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe /nogui [2018-1-22 1645664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\petra\Desktop\Run\a2ddax64.sys;c:\users\petra\Desktop\Run\a2ddax64.sys [x]
R2 avast;%1!s! Update-service (avast);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 avastm;%1!s! Update-service (avastm);c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe;c:\program files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x]
R3 hmpnet;HitmanPro.Alert Network Driver;c:\windows\system32\drivers\hmpnet.sys;c:\windows\SYSNATIVE\drivers\hmpnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe;c:\windows\SYSNATIVE\lxcycoms.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C9FB.tmp;c:\windows\SYSNATIVE\C9FB.tmp [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R4 EMET_Service;Microsoft EMET Service;c:\program files (x86)\EMET 5.1\EMET_Service.exe;c:\program files (x86)\EMET 5.1\EMET_Service.exe [x]
R4 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R4 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys;c:\windows\SYSNATIVE\drivers\aswNetSec.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall Service;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 CleanupPSvc;Avast Cleanup Premium;c:\program files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe;c:\program files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys;c:\windows\SYSNATIVE\DRIVERS\aswNetNd6.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys;c:\windows\SYSNATIVE\DRIVERS\radpms.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}]
2018-06-19 19:56 1958392 ----a-w- c:\program files (x86)\AVAST Software\Browser\Application\66.2.567.182\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2018-06-19 18:50 1648472 ----a-w- c:\program files (x86)\Google\Chrome\Application\67.0.3396.87\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2018-04-23 06:38 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2018-04-23 06:38 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2018-04-23 06:38 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-06-19 19:48 1773784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-06-19 19:48 1773784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-06-19 242904]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mDefault_Page_URL = hxxp://www.google.com
mSearchAssistant = www.google.com
mCustomizeSearch = www.google.com
TCP: DhcpNameServer = 89.101.251.228 89.101.251.229
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
SafeBoot-MBAMService
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C9FB.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_30_0_0_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_30_0_0_113.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Voltooingstijd: 2018-06-25 21:13:35 - machine werd herstart
ComboFix-quarantined-files.txt 2018-06-25 19:13
ComboFix2.txt 2018-06-24 21:36
.
Pre-Run: 170.655.395.840 bytes beschikbaar
Post-Run: 170.468.372.480 bytes beschikbaar
.
- - End Of File - - 07583F07AFBE168A0A3CB87FFE192390
FF437E52C48495B5AD9121C3DFF8CE4A
 
Fijn dat alle nu weer sneller gaat.
Het waren niet alleen adware bestanden maar ook achtergebleven drivers van verwijderde antivirusprogramma's en daarvan heb ik een en ander nog over het hoofd gezien!


Waarschuwing: onderstaande bewerking is enkel voor deze computer bedoeld, het toepassen hiervan in een andere computer kan tot schade in Windows leiden.


We gaan
51a5c8edc4692-icon1337952077.png


Farbar Recovery Scan Tool (FRST.exe) opnieuw gebruiken.

Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\Kladblok (of Notepad)".
Kopieer en plak de tekst in het code-venster vanaf het woord Code in het lege kladblokvenster.

Code:
start
CreateRestorePoint:

S3 hmpalert; \??\C:\Windows\system32\drivers\hmpalert.sys [X]
S3 hmpnet; \??\C:\Windows\system32\drivers\hmpnet.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\C9FB.tmp [X

EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: netsh winsock reset
end

Sla nu dit kladblokbestand in de dezelfde locatie waar ook FRST.exe aanwezig is op als Fixlist.txt

Farbar Recovery Scan Tool (FRST.exe) met de fixlist.txt gebruiken
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op FRST.exe en kies voor "Als Administrator uitvoeren".
  • Als het programma wordt gestart, klik dan op Ja in de popup.
  • Druk op de Fix knop.
  • Na de fix wordt een logbestand - Fixlog.txt - in dezelfde locatie aangemaakt van waaruit FRST.exe is gestart.
  • Post de inhoud van dit logbestand in jouw volgende bericht.
 
hier het fix logje
Fix resultaat van Farbar Recovery Scan Tool (x64) Versie: 20.06.2018
Gestart door petra (25-06-2018 21:45:21) Run:4
Gestart vanaf C:\Users\petra\Desktop
Geladen Profielen: petra (Beschikbare Profielen: petra)
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
start
CreateRestorePoint:

S3 hmpalert; \??\C:\Windows\system32\drivers\hmpalert.sys [X]
S3 hmpnet; \??\C:\Windows\system32\drivers\hmpnet.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\C9FB.tmp [X

EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: netsh winsock reset
end
*****************

Herstelpunt is succesvol gemaakt.
"HKLM\System\CurrentControlSet\Services\hmpalert" => is succesvol verwijderd
hmpalert => dienst is succesvol verwijderd
"HKLM\System\CurrentControlSet\Services\hmpnet" => is succesvol verwijderd
hmpnet => dienst is succesvol verwijderd
"HKLM\System\CurrentControlSet\Services\MEMSWEEP2" => is succesvol verwijderd
MEMSWEEP2 => dienst is succesvol verwijderd
Proces succesvol afgesloten.

========= ipconfig /flushdns =========


Windows IP-configuratie

De DNS-omzettingscache is leeggemaakt.

========= Eind van CMD: =========


========= netsh winsock reset =========


De Winsock-catalogus is opnieuw ingesteld.
De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien.


========= Eind van CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1019597 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 190 B
Edge => 0 B
Chrome => 54271739 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
petra => 354019 B
LogMeInRemoteUser => 0 B

RecycleBin => 6312 B
EmptyTemp: => 53.1 MB tijdelijke gegevens verwijderd.

================================


Het systeem moest herstart worden.

==== Eind van Fixlog 21:46:59 ====
 
Download
522adc2487fb5-SecurityCheck_cannednieuw.jpg
Security Check
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
SecurityCheck.exe opstarten:
  • Windows 2000 en Windows XP: dubbelklik op SecurityCheck.exe.
  • Windows Vista, Windows 7, Windows 8: en Windows 10: rechtsklik op SecurityCheck.exe en kies "Als Administrator uitvoeren".
  • Let op de instrukties in het zwarte venster.
  • Een Kladblok document genaamd checkup.txt dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
  • Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.
Post de inhoud van checkup.txt in jouw volgende post
 
hier het logje
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avast Antivirus
Malwarebytes
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 30.0.0.113
Google Chrome (67.0.3396.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Browser Update AvastBrowserUpdate.exe
AVAST Software Browser Update 1.4.141.333\AvastBrowserCrashHandler.exe
AVAST Software Browser Update 1.4.141.333\AvastBrowserCrashHandler64.exe
AVAST Software Avast Cleanup TuneupSvc.exe
AVAST Software Avast x64 aswidsagenta.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast Cleanup TuneupUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 
Even een tip: Google Chrome en ook Firefox hebben geen Adobe Flashplayer meer nodig.
De browsers hebben zelf alles aan boord om webvideo's te bekijken.

Verder denk ik, dat jouw computer eigenlijk meer werkgeheugen nodig heeft.
3 GB is tegenwoordig te weinig - liever 8 GB is de huidige standaard.

Wat betreft jouw Windows - weer tevreden of heb jij nog vragen?
Als jij alles in orde vind en weer tevreden bent, gaan we opruimen.
 
abraham bedankt voor alles,dik tevreden,ga wel even kijken voor vergroten werkgeheugen.
verder geen vragen
 
Goedemorgen:

we gaan eerst opruimen:

Stap •1•
ComboFix verwijderen:

  • ga daarvoor naar Start - Uitvoeren:
  • kopieer en plak hierin het volgende: Combofix /Uninstall
  • klik daarna op OK.
  • ComboFix start op en het lijkt erop dat het tool zich installeert, maar dat is niet zo;
  • indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.

Voorbeeld:

SMUninstall_combofix.png


Uitvoeren kan ook gestart worden door gelijktijdig de "Windowstoets + R-toets" in te drukken.

Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden,
herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
gaat verborgen bestanden en systeembestanden terug verbergen
en reset Systeemherstel opnieuw.


Stap •2•
Tip: hou MBAM als ondemand scanner in jouw Windows erbij voor een wekelijkse scan ermee.
Mocht je onverhoopt in de toekomst via een van de scans weer een virus vinden, meld je dan terug in een nieuw topic.


Download
51a5ce45263de-delfix.png
Delfix by Xplode naar het bureaublad.

gHIvRKWR.png


Delfix by Xplode opstarten:
  • Windows 2000 en Windows XP: dubbelklik op delfix.exe.
  • Windows Vista, Windows 7, Windows 8 en Windows 10 rechtsklik op delfix.exe en kies "Als Administrator uitvoeren".
Zet nu vinkjes voor de volgende items:
  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer het tool gereed is wordt er een logbestand aangemaakt. Dit hoeft jij echter niet te plaatsen.
Start jouw computer hierna opnieuw op, indien er daarna nog programma's of log bestanden aanwezig zijn, mag je die handmatig verwijderen.

Maak daarna desgewenst een nieuw herstelpunt aan.
Overigens zal Windows normaal gesproken dit na de herstart ook gedaan hebben.


Stap •3•
Om te bekijken of uitbreiding van werkgeheugen mogelijk is, dan onderstaande, waardoor wij inzage in de technische gegevens van jouw computer krijgen.

Post enkel de link, die je via onderstaand tool verkrijgt.

Download
51ec442687372-sp_64_Canned.png
Speccy van Piriform


Bij de installatie van "Speccy" wordt gevraagd om de Google Chrome webbrowser mee te installeren.
Indien je dit niet wenst, verwijder dan de vinkjes.

Speccy van Piriform opstarten:
  • Windows 2000 en Windows XP: start "Speccy" middels dubbelklikken.
  • Windows Vista, Windows 7, Windows 8/8.1 en Windows 10: start "Speccy" middels rechtsklik en dan kiezen voor Als Administrator uitvoeren.

Speccy van Piriform gebruiken:
  • nadat de analyse van Windows klaar is, plaatst "Speccy" de uitkomst daarvan in een nieuw venster.
  • Klik nu in de menubalk op Bestand (File) en kies voor Publiceren (Publish Snapshot)
  • Bevestig het publiceren door JA (Yes) te klikken.
  • Nu zal een pop-upvenster openen met daarin de vraag voor wel of niet publiceren.
  • Bevestig dat eerste dus.
  • Kopieer nu de link in het nieuw geopende webvenster en plak die link in jouw volgende bericht.
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan