Hallo.
Sinds gisteren groot probleem met laptop. Ik kan programma's openen maar dan blijven ze hangen, afsluiten gaat niet, dan na een tijdje wel. Klikken op bureaublad icoon, er gebeurt niets. Mbam kon ik niet starten, gmer log kon ik niet opslaan, waar ik ook klik er gebeurt niets. Taakbeheer opent maar daar kan ik niets doen, mag aanklikken wat ik wil.
Adwcleaner vindt niets, Avast scan ook niet (dit alles is alleen gelukt na meerdere keren hard afsluiten).
Eset online scanner heeft 4 potentieel verdachte bestanden verwijdert, waarvan twee uit de quarantaine map van Adwcleaner. Dacht dat het daarna wat beter ging maar neen. Gmer en DDS gedownload met desktop naar usb-stick, gekopieerd naar laptop en uitgevoerd, Malwarebytes Chameleon uitgevoerd. Hier volgen de logs.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scandatum: 19/12/2018
Scantijd: 5:08
Logboekbestand: mbam.txt
Beheerder: Ja
Versie: 2.2.1.1043
Malware-database: v2018.12.19.02
Rootkit-database: v2018.12.19.02
Licentie: Gratis
Malware-bescherming: Uitgeschakeld
Bescherming tegen kwaadaardige websites: Uitgeschakeld
Zelfbescherming: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: ronne
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 238783
Verstreken tijd: 25 min, 38 sec
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(Geen kwaadaardige items gedetecteerd)
Modules: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
Registerwaarden: 0
(Geen kwaadaardige items gedetecteerd)
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
Mappen: 0
(Geen kwaadaardige items gedetecteerd)
Bestanden: 0
(Geen kwaadaardige items gedetecteerd)
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
(end)
-------------------------------------------------------------
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2018-12-19 04:57:38
Windows 6.1.7601 Service Pack 1 x64
Running: 4gd2kv04.exe
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@08ef3b805feb 0xBA 0x27 0x5D 0x9D ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@9c65b0337bee 0xED 0x9D 0xA8 0xFD ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@4844f72deca1 0xC4 0x13 0x5C 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15318051933442342@SetupOperations ????????????????ALLVIEW?????????????? ????????????@????????0????????????????????6-21-2006???? ?????????????????????0???????????????????????????? ?t???????s??????????????????????2.6.2.1608???????? ??????? ?????????????????????0??????????????????????@????? ????????????? ??????P??????????????0????????^??????????????????? ??????????????8??????i??2???@input.inf,%hid_device %;HID-apparaat????????????????????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ????????????????) ???????????9???????9??????????????? ?????????????????????0???????????????????????????? ????????????????.NT?f???? ?????????????????????0????????????????????? ???????T?????s3????????????r??????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????{745a17a 0-74d3-11d0-b6fe-00a0c90f57da}\0077??m??????????? ?????????????????????0????????????????????? ?????????????????????0????????8?????????????N????? ???????D???????????????????s?????????????????????? ?????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15356531685952349@SetupOperations ???? D????????????????????????????????????N???????????? ??x??????? ???????@?????????????,?????? ?0???????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????{4d36e96 f-e325-11ce-bfc1-08002be10318}\0001?????? ?????????????????????0???????????????????????????? ????????????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ? ???????? ????????????0????????????&????????????????????m??? ???????????????????? ?????????????????????0???????????????????????????? ? ?????????????????????0???????????????????????????? ????????????????????????????????????????? ?????????????????????0????????????????????.NT?os?? ????? ?????????????????????0????????????????????? ????????????????????????????????????????????s????? ????????? ?????????????????????0???????????????????????????? ???????s????? ?????????????????????0????????&???????????? ?????????????????????0????????????????????mouhid?? bl??????????? ?????????????????????0????????????????????? ?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15356532913522349@SetupOperations ????????? ?????????????????????0????????????&??????????????? ?????l??????????????????????Microsoft???\\?\storag e#volume#_??_usbstor#disk&ven_vodafone&prod_storag e_(huawei)&rev_2.31#8&99786fd&0&0&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???? j??????????????????????????????l??ht?????????????? ????? ???????????????e??????????????????????????6.1.7601 .18199??Lo???????????e??il??usbcdcacm\VID_12D1&PID _14AE&MI_02\7&17617be4&d&0002_00??????SMI USB DISK USB Device?????????????????? ??????????????????HID_Raw_Inst????????????usbcdcac m\VID_12D1&PID_14AE&MI_02\7&17617be4&d&0002_00???? ??????????????????????????????????????????? ?????????????????????0???????????????????????????? ????????????6-21-2006???usbcdcacm\VID_12D1&PID_14AE&MI_00\7&17617be 4&d&0000_00??????Performance Counters for Windows Driver?????@input.inf,%hid_device%;HID-apparaat?????????????#??????6.1.7601.18199??????@m achine.inf,%*pnp0200.devicedesc%;Direct memory access controller??????? ??????????????????CDROM???? ?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15399842357232354@SetupOperations ????ev??oem50.inf???????????? ???????????????? ???????"???&?????????????????v2.10|Action=Allow|Ac tive=FALSE|Dir=In|Protocol=17|Profile=Public|LPort =2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemR oot%\system32\svchost.exe|Svc=Qwave|Name=@Firewall API.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|?API.dll,-31252|???? ?????????????????????0????????????&??????????????? ?????_??? ?????????????????????0???????????????????????????? ? ???????? ????????????0????????????&????????????????????O??? ????????i??????ALLVIEW?????? ???????? ????????????0????????????&???????????????????????? ???????? ?????????????????????0????????????????????? ????????????????????????????0????????????????????? ?????????????????v??????????????????????????@volsn ap.inf,%msft%;Microsoft???Vodafone CD ROM (Huawei) USB Device?????????????????????????????????????? ????????????????????????????0???????????????s????? ? ?????????????????????0????????????????????????? ?????????????????????????????????????????????????? ????? ?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15426629766962356@SetupOperations ?????????????=??????????????????????????????? ????????????????????????????(???????????????s????? ?????????B??????????A6??? ?????????????????????????????????????????????????? ????? ?????????????????????0??L????????? ???????????????????????????????? ?????????????????????0????????????&??????????????? ????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????{745a17a 0-74d3-11d0-b6fe-00a0c90f57da}??????????????????? ?????????????????????0????????????&??????????????? ????????????????????? ?????????????????????0????????????????????? ?????????????????????0??????????????????????`????? ????????Microsoft????????????????????????????????? ??????????? ?????????????????????0????????????????????Microsof t???? ?????????????????????0???????????????????????????? ????????????????????????.NT?????????????? ?????????????????????0???????????????????????????? ????????????? ?????????????????????0????????????????????HID_Raw_ Inst????? ??????????????????????????????? ?????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\5cf3706d02d9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\5cf3706d02d9@08ef3b805feb 0xBA 0x27 0x5D 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\5cf3706d02d9@9c65b0337bee 0xED 0x9D 0xA8 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\5cf3706d02d9@4844f72deca1 0xC4 0x13 0x5C 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\5cf3706d02d9@04fea13a0778 0xD1 0x71 0xEC 0xC3 ...
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Paramet ers\Instup_15318051933442342@SetupOperations ?????????????????.??????????????????????????????? ???????.???????y???????????i??????@input.inf,%hid_ device%;HID-apparaat??????H?????????????????????????? ?????????????????????0??????????????????????J????? ?????????????????S???)????@??????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????\\?\USB# VID_04E8&PID_6860#3300b0634543b293#{a5dcbf10-6530-11d2-901f-00c04fb951ed}?????*??????s???????r???????????????? ??????? ?????????????????????0???????????????????????????? ????? ?????????????????????0???????????????????????????? ????????????? ??????????????????????????? ?????????????????????0???????????????????????????? ????????????? ?????????????????????0????????????????????cdrom_in stall???????????????????????????????????? ?????????????????????0???????????
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Paramet ers\Instup_15356531685952349@SetupOperations ????????????????? ?????????????????????0????????????????????tunnel?? t???? ?????????????????????0????????????????????@hidserv .inf,%mfgname%;Microsoft????????????????? ?????????????????????0???????????????????????????? ????????????????????????????????? ?????????????????????0???????????????????????????? ????????????????????????????????????????? ?????????????????????0????????????&??????????????? ????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????X??????????????????? ????? ?????????????????????0???????????????????????????? ????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ????????? ?????????????????????0????????????????????? ??????????????????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????4??????????????
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Paramet ers\Instup_15356532913522349@SetupOperations ????????? ?????????????????????????????????????????????????? usbcdcecm\vid_12d1&pid_14ae&mi_01&wwan?:2.??? ?????????????????????0???????????????????????????? ????????????????????????????????6.1.7600.16385???? ???????????T???????e??????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ??????????????????????????????????????????? ?????????????????????0??L????????? ???????????? ?????????????????????0????????????&??????????????? ?????e??? ?????????????????????0????????????????????WpdFs??f t ??? ?????????????????????0????????????????????? ?????????????????????0??????????????????????R????? ??????h?????r???? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ????????????????? ?????????????????????0????????6???????????? ?????????????????????0????????????????????????? ?????????????????????0????????????&??????????????? ?????p??? ?????????????????????0???????????????????????????? ????????????? ?????????
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Paramet ers\Instup_15399842357232354@SetupOperations ????????? ??????????????????? ?????????????n????????s???@machine.inf,%gendev_mfg %;(Standard system devices)?????????????????? ?????????????????????0??L????????? ????????=??????????????USB\VID_046D&PID_C52B&REV_1 203&MI_02?USB\VID_046D&PID_C52B&MI_02????@input.in f,%hid_device%;HID-apparaat????*isatap?t????????????????????????????? ??tunnel?ft???????????#???? ?????????????????????0????????????????????@input.i nf,%stdmfg%;(standaardsysteemapparaten)??????????? ???????????????e??7???? ?????????????????????,????????n???a??????????????? ??????????????????????????????????}-20??????? ?????????????????????0????????????????????????? ?????????????????????,????????????????????Commited ?B??Vodafone Mobile Broadband Modem (Huawei)::HUAWEI Technologies Co.,LTD::HUAWEI Technologies Co.,LTD??????? ?????????????????????,????????????s??????????????? ???????????????????????????????????????????}????? $?????????????????Stuurprogramma voor muis-HID????????????????????@machine.inf,%*pnp0c0e.devi cedesc%;ACPI Sleep Button????????6.1.7601.17
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Paramet ers\Instup_15426629766962356@SetupOperations ????????????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ? ?????????????????????0???????????????????????????? ?m?????t????? ?????????????????????0????????^???????????This is a web services printer???????????????????????????????????|??????? ????m??????????????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ????????????????BluetoothVirtual?????????????????? ??? ?????????????????????0???????????????????????????? ????????????????????????? ?????????????????????0???????????????????????????? ????????????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????{4d36e97 2-e325-11ce-bfc1-08002be10318}??????????????????? ?????????????????????0????????????????????? ?????????????????????0????????8??????????????????? ?????????????????????????????????????b???????????? ??????????????????????? ?????????????????????0???????????????????????????? ???????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@08ef3b805feb 0xBA 0x27 0x5D 0x9D ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@9c65b0337bee 0xED 0x9D 0xA8 0xFD ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@4844f72deca1 0xC4 0x13 0x5C 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@04fea13a0778 0xD1 0x71 0xEC 0xC3 ...
---- EOF - GMER 2.2 ----
------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by ronne at 4:58:46 on 2018-12-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3949.2368 [GMT 1:00]
.
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus *Disabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.e xe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Users\ronne\AppData\Roaming\PT\updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\ronne\AppData\Local\VASCO\NativeBridge\di gipass-nativebridge-monitor.exe
C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCr ashHandler.exe
C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCr ashHandler64.exe
C:\Program Files\Eraser\Eraser.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\ronne\AppData\Local\VASCO\NativeBridge\di gipass-nativebridge.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uSearch Page = www.google.com
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Aimersoft Video Converter Ultimate 6.1.0: {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} - C:\ProgramData\Aimersoft\Video Converter Ultimate\WSBrowserAppMgr.dll
BHO: IplexToALLPlayer: {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [DigipassNativeBridge] "C:\Users\ronne\AppData\Local\VASCO\NativeBridge\d igipass-nativebridge-monitor.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3083CD54-126E-46BD-B15A-9934EEE588C6} : NameServer = 46.97.158.7 46.97.158.169
TCP: Interfaces\{6177D70A-41AC-4C59-B79F-025CFF2231F3} : NameServer = 46.97.158.74 46.97.158.7
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\2626F68723D253463353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\46566727564656 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\46566727564656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\64F4E4F52454C4741434F4D4 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\64F4E4F52454C4741434F4D4 : DHCPNameServer = 195.238.2.21 195.238.2.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C4964747C656F5359637475627 : DHCPNameServer = 195.130.131.2 195.130.130.2
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C4964747C656F5359637475627D276163747 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C4964747C656F5359637475627D276163747 : DHCPNameServer = 195.130.130.130 195.130.131.130
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C696E6B6379737 : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C696E6B6379737 : DHCPNameServer = 195.130.130.130 195.130.131.130
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - <orphaned>
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {30C521FB-255B-46C8-9F0D-EE5AE371C9AA} - "C:\Program Files (x86)\AVAST Software\Browser\Application\70.0.917.102\Installe r\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: WSAMVCUchrome - {086BD280-4613-43B5 - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ronne\AppData\Roaming\Mozilla\Firefox\Pro files\sjb3dxbn.default-1488462509883-1545137294773\
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrlui.dll
FF - plugin: C:\Users\ronne\AppData\Roaming\VASCO\VascoCardRead erPlugin\3.2.3.4\npVascoCardReaderPlugin.dll
FF - plugin: C:\Users\ronne\AppData\Roaming\VASCO\VascoCardRead erPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_32_0_0_ 101.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswbidsh;aswbidsh;C:\Windows\System32\drivers\aswb idsha.sys [2017-3-10 201768]
R0 aswblog;aswblog;C:\Windows\System32\drivers\aswblo ga.sys [2017-3-10 346592]
R0 aswbuniv;aswbuniv;C:\Windows\System32\drivers\aswb univa.sys [2017-3-10 59496]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvr t.sys [2013-3-4 87432]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.s ys [2013-3-4 380464]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-8-4 1263200]
R1 aswArPot;aswArPot;C:\Windows\System32\drivers\aswA rPot.sys [2017-11-14 201240]
R1 aswbidsdriver;aswbidsdriver;C:\Windows\System32\dr ivers\aswbidsdrivera.sys [2017-3-10 230344]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.s ys [2018-10-19 42288]
R1 aswNetSec;aswNetSec;C:\Windows\System32\drivers\as wNetSec.sys [2016-3-1 512072]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.s ys [2012-1-7 1028680]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-7 469272]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-6 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-11 202752]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\as wMonFlt.sys [2012-1-7 163208]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-11-19 324000]
R2 avast! Firewall;Avast Firewall Service;C:\Program Files\AVAST Software\Avast\afwServ.exe [2018-11-19 338632]
R2 PornTime Updater;PornTime Updater;C:\Users\ronne\AppData\Roaming\PT\updater. exe [2015-7-26 165888]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-28 2314240]
R3 aswNetNd6;Avast Firewall NDIS6 Helper;C:\Windows\System32\drivers\aswNetNd6.sys [2017-7-4 38152]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-28 56344]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\Sys tem32\drivers\ew_jubusenum.sys [2016-7-6 86016]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sy s [2009-11-13 67072]
R3 WsAudio_Device;WsAudio_Device;C:\Windows\System32\ drivers\VirtualAudio.sys [2014-9-13 31080]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.s ys [2013-12-18 208472]
S2 avast;%1!s! Update-service (avast);C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-5-31 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-9-28 285280]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-21 44032]
S3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-11-19 8188768]
S3 aswHwid;aswHwid;C:\Windows\System32\drivers\aswHwi d.sys [2014-9-12 46384]
S3 avastm;%1!s! Update-service (avastm);C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-5-31 164984]
S3 AvastVBoxSvc;AvastVBox COM Service;"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" --> C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [?]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2016-1-16 163368]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2016-1-21 594472]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2016-8-3 39976]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-6-21 117248]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2013-11-29 415744]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssflt r.sys [2011-6-21 61792]
S3 GoogleChromeElevationService;Google Chrome Elevation Service;C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\eleva tion_service.exe [2018-12-13 443872]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\dr ivers\ew_jucdcacm.sys [2013-11-29 98816]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System3 2\drivers\ew_juextctrl.sys [2013-11-29 28672]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\ drivers\ew_juwwanecm.sys [2013-11-29 213504]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2011-7-1 114304]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-28 29720]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2015-6-18 87696]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\dr ivers\mbamchameleon.sys [2018-12-18 140672]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\dr ivers\mbam.sys [2018-12-18 27008]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windo ws\System32\drivers\mwac.sys [2018-12-18 64896]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revofl t.sys [2012-9-12 31800]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUs bFlt.sys [2011-6-23 59392]
S3 WsDrvInst;Wondershare Driver Install Service;C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\Transfer\DriverInstall.exe [2018-11-25 107640]
S4 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-10-28 379520]
S4 afcdpsrv;Acronis Nonstop Backup-service ;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-9-28 3246040]
S4 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2018-12-18 14:17:38 -------- d-----w- C:\Users\ronne\AppData\Local\ESET
2018-12-18 14:10:39 -------- d-sh--w- C:\found.005
2018-12-18 14:01:49 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
2018-12-18 14:01:49 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2018-12-18 14:01:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-12-18 13:48:57 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2018-12-18 13:45:06 152688 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2018-12-18 13:44:35 -------- d-----w- C:\ProgramData\MB2Migration
.
==================== Find3M ====================
.
2018-12-06 13:15:08 842240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2018-12-06 13:15:08 175104 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2018-11-26 19:26:22 512072 ----a-w- C:\Windows\System32\drivers\aswNetSec.sys
2018-11-19 21:30:00 87432 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2018-11-19 21:30:00 46384 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2018-11-19 21:30:00 380464 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2018-11-19 21:30:00 208472 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2018-11-19 21:30:00 201240 ----a-w- C:\Windows\System32\drivers\aswArPot.sys
2018-11-19 21:30:00 163208 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2018-11-19 21:30:00 111800 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2018-11-19 21:29:51 42288 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2018-11-19 21:29:45 1028680 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2018-11-19 21:29:39 59496 ----a-w- C:\Windows\System32\drivers\aswbuniva.sys
2018-11-19 21:29:39 346592 ----a-w- C:\Windows\System32\drivers\aswbloga.sys
2018-11-19 21:29:39 230344 ----a-w- C:\Windows\System32\drivers\aswbidsdrivera.sys
2018-11-19 21:29:39 201768 ----a-w- C:\Windows\System32\drivers\aswbidsha.sys
2014-09-12 07:33:07 6010880 ----a-w- C:\Program Files (x86)\GUTBE6F.tmp
.
============= FINISH: 4:59:55,45 ===============
Bedankt bij voorbaat.
Sinds gisteren groot probleem met laptop. Ik kan programma's openen maar dan blijven ze hangen, afsluiten gaat niet, dan na een tijdje wel. Klikken op bureaublad icoon, er gebeurt niets. Mbam kon ik niet starten, gmer log kon ik niet opslaan, waar ik ook klik er gebeurt niets. Taakbeheer opent maar daar kan ik niets doen, mag aanklikken wat ik wil.
Adwcleaner vindt niets, Avast scan ook niet (dit alles is alleen gelukt na meerdere keren hard afsluiten).
Eset online scanner heeft 4 potentieel verdachte bestanden verwijdert, waarvan twee uit de quarantaine map van Adwcleaner. Dacht dat het daarna wat beter ging maar neen. Gmer en DDS gedownload met desktop naar usb-stick, gekopieerd naar laptop en uitgevoerd, Malwarebytes Chameleon uitgevoerd. Hier volgen de logs.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scandatum: 19/12/2018
Scantijd: 5:08
Logboekbestand: mbam.txt
Beheerder: Ja
Versie: 2.2.1.1043
Malware-database: v2018.12.19.02
Rootkit-database: v2018.12.19.02
Licentie: Gratis
Malware-bescherming: Uitgeschakeld
Bescherming tegen kwaadaardige websites: Uitgeschakeld
Zelfbescherming: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: ronne
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 238783
Verstreken tijd: 25 min, 38 sec
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(Geen kwaadaardige items gedetecteerd)
Modules: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
Registerwaarden: 0
(Geen kwaadaardige items gedetecteerd)
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
Mappen: 0
(Geen kwaadaardige items gedetecteerd)
Bestanden: 0
(Geen kwaadaardige items gedetecteerd)
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
(end)
-------------------------------------------------------------
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2018-12-19 04:57:38
Windows 6.1.7601 Service Pack 1 x64
Running: 4gd2kv04.exe
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@08ef3b805feb 0xBA 0x27 0x5D 0x9D ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@9c65b0337bee 0xED 0x9D 0xA8 0xFD ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@4844f72deca1 0xC4 0x13 0x5C 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15318051933442342@SetupOperations ????????????????ALLVIEW?????????????? ????????????@????????0????????????????????6-21-2006???? ?????????????????????0???????????????????????????? ?t???????s??????????????????????2.6.2.1608???????? ??????? ?????????????????????0??????????????????????@????? ????????????? ??????P??????????????0????????^??????????????????? ??????????????8??????i??2???@input.inf,%hid_device %;HID-apparaat????????????????????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ????????????????) ???????????9???????9??????????????? ?????????????????????0???????????????????????????? ????????????????.NT?f???? ?????????????????????0????????????????????? ???????T?????s3????????????r??????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????{745a17a 0-74d3-11d0-b6fe-00a0c90f57da}\0077??m??????????? ?????????????????????0????????????????????? ?????????????????????0????????8?????????????N????? ???????D???????????????????s?????????????????????? ?????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15356531685952349@SetupOperations ???? D????????????????????????????????????N???????????? ??x??????? ???????@?????????????,?????? ?0???????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????{4d36e96 f-e325-11ce-bfc1-08002be10318}\0001?????? ?????????????????????0???????????????????????????? ????????????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ? ???????? ????????????0????????????&????????????????????m??? ???????????????????? ?????????????????????0???????????????????????????? ? ?????????????????????0???????????????????????????? ????????????????????????????????????????? ?????????????????????0????????????????????.NT?os?? ????? ?????????????????????0????????????????????? ????????????????????????????????????????????s????? ????????? ?????????????????????0???????????????????????????? ???????s????? ?????????????????????0????????&???????????? ?????????????????????0????????????????????mouhid?? bl??????????? ?????????????????????0????????????????????? ?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15356532913522349@SetupOperations ????????? ?????????????????????0????????????&??????????????? ?????l??????????????????????Microsoft???\\?\storag e#volume#_??_usbstor#disk&ven_vodafone&prod_storag e_(huawei)&rev_2.31#8&99786fd&0&0&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???? j??????????????????????????????l??ht?????????????? ????? ???????????????e??????????????????????????6.1.7601 .18199??Lo???????????e??il??usbcdcacm\VID_12D1&PID _14AE&MI_02\7&17617be4&d&0002_00??????SMI USB DISK USB Device?????????????????? ??????????????????HID_Raw_Inst????????????usbcdcac m\VID_12D1&PID_14AE&MI_02\7&17617be4&d&0002_00???? ??????????????????????????????????????????? ?????????????????????0???????????????????????????? ????????????6-21-2006???usbcdcacm\VID_12D1&PID_14AE&MI_00\7&17617be 4&d&0000_00??????Performance Counters for Windows Driver?????@input.inf,%hid_device%;HID-apparaat?????????????#??????6.1.7601.18199??????@m achine.inf,%*pnp0200.devicedesc%;Direct memory access controller??????? ??????????????????CDROM???? ?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15399842357232354@SetupOperations ????ev??oem50.inf???????????? ???????????????? ???????"???&?????????????????v2.10|Action=Allow|Ac tive=FALSE|Dir=In|Protocol=17|Profile=Public|LPort =2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemR oot%\system32\svchost.exe|Svc=Qwave|Name=@Firewall API.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|?API.dll,-31252|???? ?????????????????????0????????????&??????????????? ?????_??? ?????????????????????0???????????????????????????? ? ???????? ????????????0????????????&????????????????????O??? ????????i??????ALLVIEW?????? ???????? ????????????0????????????&???????????????????????? ???????? ?????????????????????0????????????????????? ????????????????????????????0????????????????????? ?????????????????v??????????????????????????@volsn ap.inf,%msft%;Microsoft???Vodafone CD ROM (Huawei) USB Device?????????????????????????????????????? ????????????????????????????0???????????????s????? ? ?????????????????????0????????????????????????? ?????????????????????????????????????????????????? ????? ?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15426629766962356@SetupOperations ?????????????=??????????????????????????????? ????????????????????????????(???????????????s????? ?????????B??????????A6??? ?????????????????????????????????????????????????? ????? ?????????????????????0??L????????? ???????????????????????????????? ?????????????????????0????????????&??????????????? ????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????{745a17a 0-74d3-11d0-b6fe-00a0c90f57da}??????????????????? ?????????????????????0????????????&??????????????? ????????????????????? ?????????????????????0????????????????????? ?????????????????????0??????????????????????`????? ????????Microsoft????????????????????????????????? ??????????? ?????????????????????0????????????????????Microsof t???? ?????????????????????0???????????????????????????? ????????????????????????.NT?????????????? ?????????????????????0???????????????????????????? ????????????? ?????????????????????0????????????????????HID_Raw_ Inst????? ??????????????????????????????? ?????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\5cf3706d02d9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\5cf3706d02d9@08ef3b805feb 0xBA 0x27 0x5D 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\5cf3706d02d9@9c65b0337bee 0xED 0x9D 0xA8 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\5cf3706d02d9@4844f72deca1 0xC4 0x13 0x5C 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\5cf3706d02d9@04fea13a0778 0xD1 0x71 0xEC 0xC3 ...
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Paramet ers\Instup_15318051933442342@SetupOperations ?????????????????.??????????????????????????????? ???????.???????y???????????i??????@input.inf,%hid_ device%;HID-apparaat??????H?????????????????????????? ?????????????????????0??????????????????????J????? ?????????????????S???)????@??????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????\\?\USB# VID_04E8&PID_6860#3300b0634543b293#{a5dcbf10-6530-11d2-901f-00c04fb951ed}?????*??????s???????r???????????????? ??????? ?????????????????????0???????????????????????????? ????? ?????????????????????0???????????????????????????? ????????????? ??????????????????????????? ?????????????????????0???????????????????????????? ????????????? ?????????????????????0????????????????????cdrom_in stall???????????????????????????????????? ?????????????????????0???????????
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Paramet ers\Instup_15356531685952349@SetupOperations ????????????????? ?????????????????????0????????????????????tunnel?? t???? ?????????????????????0????????????????????@hidserv .inf,%mfgname%;Microsoft????????????????? ?????????????????????0???????????????????????????? ????????????????????????????????? ?????????????????????0???????????????????????????? ????????????????????????????????????????? ?????????????????????0????????????&??????????????? ????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????X??????????????????? ????? ?????????????????????0???????????????????????????? ????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ????????? ?????????????????????0????????????????????? ??????????????????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????4??????????????
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Paramet ers\Instup_15356532913522349@SetupOperations ????????? ?????????????????????????????????????????????????? usbcdcecm\vid_12d1&pid_14ae&mi_01&wwan?:2.??? ?????????????????????0???????????????????????????? ????????????????????????????????6.1.7600.16385???? ???????????T???????e??????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ??????????????????????????????????????????? ?????????????????????0??L????????? ???????????? ?????????????????????0????????????&??????????????? ?????e??? ?????????????????????0????????????????????WpdFs??f t ??? ?????????????????????0????????????????????? ?????????????????????0??????????????????????R????? ??????h?????r???? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ????????????????? ?????????????????????0????????6???????????? ?????????????????????0????????????????????????? ?????????????????????0????????????&??????????????? ?????p??? ?????????????????????0???????????????????????????? ????????????? ?????????
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Paramet ers\Instup_15399842357232354@SetupOperations ????????? ??????????????????? ?????????????n????????s???@machine.inf,%gendev_mfg %;(Standard system devices)?????????????????? ?????????????????????0??L????????? ????????=??????????????USB\VID_046D&PID_C52B&REV_1 203&MI_02?USB\VID_046D&PID_C52B&MI_02????@input.in f,%hid_device%;HID-apparaat????*isatap?t????????????????????????????? ??tunnel?ft???????????#???? ?????????????????????0????????????????????@input.i nf,%stdmfg%;(standaardsysteemapparaten)??????????? ???????????????e??7???? ?????????????????????,????????n???a??????????????? ??????????????????????????????????}-20??????? ?????????????????????0????????????????????????? ?????????????????????,????????????????????Commited ?B??Vodafone Mobile Broadband Modem (Huawei)::HUAWEI Technologies Co.,LTD::HUAWEI Technologies Co.,LTD??????? ?????????????????????,????????????s??????????????? ???????????????????????????????????????????}????? $?????????????????Stuurprogramma voor muis-HID????????????????????@machine.inf,%*pnp0c0e.devi cedesc%;ACPI Sleep Button????????6.1.7601.17
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Paramet ers\Instup_15426629766962356@SetupOperations ????????????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ? ?????????????????????0???????????????????????????? ?m?????t????? ?????????????????????0????????^???????????This is a web services printer???????????????????????????????????|??????? ????m??????????????? ?????????????????????0????????????????????? ?????????????????????0???????????????????????????? ????????????????BluetoothVirtual?????????????????? ??? ?????????????????????0???????????????????????????? ????????????????????????? ?????????????????????0???????????????????????????? ????????????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????{4d36e97 2-e325-11ce-bfc1-08002be10318}??????????????????? ?????????????????????0????????????????????? ?????????????????????0????????8??????????????????? ?????????????????????????????????????b???????????? ??????????????????????? ?????????????????????0???????????????????????????? ???????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@08ef3b805feb 0xBA 0x27 0x5D 0x9D ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@9c65b0337bee 0xED 0x9D 0xA8 0xFD ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@4844f72deca1 0xC4 0x13 0x5C 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\5cf3706d02d9@04fea13a0778 0xD1 0x71 0xEC 0xC3 ...
---- EOF - GMER 2.2 ----
------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by ronne at 4:58:46 on 2018-12-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3949.2368 [GMT 1:00]
.
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus *Disabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.e xe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Users\ronne\AppData\Roaming\PT\updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\ronne\AppData\Local\VASCO\NativeBridge\di gipass-nativebridge-monitor.exe
C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCr ashHandler.exe
C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCr ashHandler64.exe
C:\Program Files\Eraser\Eraser.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\ronne\AppData\Local\VASCO\NativeBridge\di gipass-nativebridge.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uSearch Page = www.google.com
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Aimersoft Video Converter Ultimate 6.1.0: {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} - C:\ProgramData\Aimersoft\Video Converter Ultimate\WSBrowserAppMgr.dll
BHO: IplexToALLPlayer: {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [DigipassNativeBridge] "C:\Users\ronne\AppData\Local\VASCO\NativeBridge\d igipass-nativebridge-monitor.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3083CD54-126E-46BD-B15A-9934EEE588C6} : NameServer = 46.97.158.7 46.97.158.169
TCP: Interfaces\{6177D70A-41AC-4C59-B79F-025CFF2231F3} : NameServer = 46.97.158.74 46.97.158.7
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\2626F68723D253463353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\46566727564656 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\46566727564656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\64F4E4F52454C4741434F4D4 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\64F4E4F52454C4741434F4D4 : DHCPNameServer = 195.238.2.21 195.238.2.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C4964747C656F5359637475627 : DHCPNameServer = 195.130.131.2 195.130.130.2
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C4964747C656F5359637475627D276163747 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C4964747C656F5359637475627D276163747 : DHCPNameServer = 195.130.130.130 195.130.131.130
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C696E6B6379737 : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{D3F9A47B-D02F-4981-9648-D7291E9DE250}\C696E6B6379737 : DHCPNameServer = 195.130.130.130 195.130.131.130
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - <orphaned>
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {30C521FB-255B-46C8-9F0D-EE5AE371C9AA} - "C:\Program Files (x86)\AVAST Software\Browser\Application\70.0.917.102\Installe r\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: WSAMVCUchrome - {086BD280-4613-43B5 - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ronne\AppData\Roaming\Mozilla\Firefox\Pro files\sjb3dxbn.default-1488462509883-1545137294773\
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrlui.dll
FF - plugin: C:\Users\ronne\AppData\Roaming\VASCO\VascoCardRead erPlugin\3.2.3.4\npVascoCardReaderPlugin.dll
FF - plugin: C:\Users\ronne\AppData\Roaming\VASCO\VascoCardRead erPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_32_0_0_ 101.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswbidsh;aswbidsh;C:\Windows\System32\drivers\aswb idsha.sys [2017-3-10 201768]
R0 aswblog;aswblog;C:\Windows\System32\drivers\aswblo ga.sys [2017-3-10 346592]
R0 aswbuniv;aswbuniv;C:\Windows\System32\drivers\aswb univa.sys [2017-3-10 59496]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvr t.sys [2013-3-4 87432]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.s ys [2013-3-4 380464]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-8-4 1263200]
R1 aswArPot;aswArPot;C:\Windows\System32\drivers\aswA rPot.sys [2017-11-14 201240]
R1 aswbidsdriver;aswbidsdriver;C:\Windows\System32\dr ivers\aswbidsdrivera.sys [2017-3-10 230344]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.s ys [2018-10-19 42288]
R1 aswNetSec;aswNetSec;C:\Windows\System32\drivers\as wNetSec.sys [2016-3-1 512072]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.s ys [2012-1-7 1028680]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-7 469272]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-6 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-11 202752]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\as wMonFlt.sys [2012-1-7 163208]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-11-19 324000]
R2 avast! Firewall;Avast Firewall Service;C:\Program Files\AVAST Software\Avast\afwServ.exe [2018-11-19 338632]
R2 PornTime Updater;PornTime Updater;C:\Users\ronne\AppData\Roaming\PT\updater. exe [2015-7-26 165888]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-28 2314240]
R3 aswNetNd6;Avast Firewall NDIS6 Helper;C:\Windows\System32\drivers\aswNetNd6.sys [2017-7-4 38152]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-28 56344]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\Sys tem32\drivers\ew_jubusenum.sys [2016-7-6 86016]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sy s [2009-11-13 67072]
R3 WsAudio_Device;WsAudio_Device;C:\Windows\System32\ drivers\VirtualAudio.sys [2014-9-13 31080]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.s ys [2013-12-18 208472]
S2 avast;%1!s! Update-service (avast);C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-5-31 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 317408]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-9-28 285280]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-21 44032]
S3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-11-19 8188768]
S3 aswHwid;aswHwid;C:\Windows\System32\drivers\aswHwi d.sys [2014-9-12 46384]
S3 avastm;%1!s! Update-service (avastm);C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-5-31 164984]
S3 AvastVBoxSvc;AvastVBox COM Service;"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" --> C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [?]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2016-1-16 163368]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2016-1-21 594472]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2016-8-3 39976]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-6-21 117248]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2013-11-29 415744]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssflt r.sys [2011-6-21 61792]
S3 GoogleChromeElevationService;Google Chrome Elevation Service;C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\eleva tion_service.exe [2018-12-13 443872]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\dr ivers\ew_jucdcacm.sys [2013-11-29 98816]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System3 2\drivers\ew_juextctrl.sys [2013-11-29 28672]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\ drivers\ew_juwwanecm.sys [2013-11-29 213504]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2011-7-1 114304]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-28 29720]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2015-6-18 87696]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\dr ivers\mbamchameleon.sys [2018-12-18 140672]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\dr ivers\mbam.sys [2018-12-18 27008]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windo ws\System32\drivers\mwac.sys [2018-12-18 64896]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revofl t.sys [2012-9-12 31800]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUs bFlt.sys [2011-6-23 59392]
S3 WsDrvInst;Wondershare Driver Install Service;C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\Transfer\DriverInstall.exe [2018-11-25 107640]
S4 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-10-28 379520]
S4 afcdpsrv;Acronis Nonstop Backup-service ;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-9-28 3246040]
S4 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2018-12-18 14:17:38 -------- d-----w- C:\Users\ronne\AppData\Local\ESET
2018-12-18 14:10:39 -------- d-sh--w- C:\found.005
2018-12-18 14:01:49 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
2018-12-18 14:01:49 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2018-12-18 14:01:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-12-18 13:48:57 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2018-12-18 13:45:06 152688 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2018-12-18 13:44:35 -------- d-----w- C:\ProgramData\MB2Migration
.
==================== Find3M ====================
.
2018-12-06 13:15:08 842240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2018-12-06 13:15:08 175104 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2018-11-26 19:26:22 512072 ----a-w- C:\Windows\System32\drivers\aswNetSec.sys
2018-11-19 21:30:00 87432 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2018-11-19 21:30:00 46384 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2018-11-19 21:30:00 380464 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2018-11-19 21:30:00 208472 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2018-11-19 21:30:00 201240 ----a-w- C:\Windows\System32\drivers\aswArPot.sys
2018-11-19 21:30:00 163208 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2018-11-19 21:30:00 111800 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2018-11-19 21:29:51 42288 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2018-11-19 21:29:45 1028680 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2018-11-19 21:29:39 59496 ----a-w- C:\Windows\System32\drivers\aswbuniva.sys
2018-11-19 21:29:39 346592 ----a-w- C:\Windows\System32\drivers\aswbloga.sys
2018-11-19 21:29:39 230344 ----a-w- C:\Windows\System32\drivers\aswbidsdrivera.sys
2018-11-19 21:29:39 201768 ----a-w- C:\Windows\System32\drivers\aswbidsha.sys
2014-09-12 07:33:07 6010880 ----a-w- C:\Program Files (x86)\GUTBE6F.tmp
.
============= FINISH: 4:59:55,45 ===============
Bedankt bij voorbaat.
Laptop is onhandelbaar.
شارك عبر الماسنجر
