Mededeling

Collapse
No announcement yet.

Mailaccount verstuurt spam

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Mailaccount verstuurt spam

    Een van mijn mailaccounts verstuurt spam aan mijn contactpersonen. Zelf merk ik hier niets van, maar ik heb mezelf ook spam gestuurd, ik kreeg een automatisch antwoord en iemand vroeg of 'dat gekke mailtje' van mij kwam. Want er stonden andere namen, maar bij beantwoorden komt mijn alledaagse mailadres tevoorschijn.

    I an not amused! Ik klik nooit op links, ik open geen bijlages met zips en andere rariteiten. Geen idee wat ik dan heb gedaan om dit mogelijk te maken.

    Khadidja heeft me via FB gevraagd hier wat logjes te plaatsen. Ik ben alleen zo ontzettend bang dat ik allerlei dingen koet doen, zoals opstarten in rare modussen, dingen in de computer wijzigen etc. Ik raak daar behoorlijk gestrest van.

    Voordat ik de scans hier uitvoerde heb ik AVG laten scannen en die vind 2 besmettingen, te weten 2 maal JS/Downloader Agent Summary
    En die schijnen dus idd voor dit soor gedoe te kunnen zorgen, o.a. Avg heeft ze verwijderd/in quarantaine gezet.

    MBAM had ik voor AVG gedraaid en die vind niets. Vervolgens heeft hij nog eens volgens de instructies hier een uur of 2 gescand en vond weer niets.

    In de onderstaande posts komen de logjes.
    Last edited by Pollepel; 18-05-16, 17:26.

  • #2
    Adware Cleaner:

    # AdwCleaner v5.117 - Logbestand aangemaakt 18/05/2016 op 15:34:30
    # Laatste update 15/05/2016 door Xplode
    # Database : 2016-05-15.2 [Server]
    # Besturingssysteem : Windows 10 Home (X64)
    # Gebruikersnaam : S - SANDRA-PC
    # Gestart vanuit : C:\Users\S\Downloads\adwcleaner_5.117.exe
    # Optie : Verwijderen
    # Ondersteuning : http://toolslib.net/forum

    ***** [ Services ] *****

    [-] Service verwijderd : WtuSystemSupport
    [-] Service verwijderd : vToolbarUpdater40.3.1

    ***** [ Mappen ] *****

    [-] Map verwijderd : C:\ProgramData\apn
    [-] Map verwijderd : C:\ProgramData\AVG Secure Search
    [-] Map verwijderd : C:\ProgramData\AVG Security Toolbar
    [-] Map verwijderd : C:\ProgramData\avg web tuneup
    [-] Map verwijderd : C:\ProgramData\Avg_Update_0116av
    [-] Map verwijderd : C:\ProgramData\Avg_Update_1015av
    [-] Map verwijderd : C:\ProgramData\Avg_Update_1215av
    [#] Map verwijderd : C:\ProgramData\Application Data\apn
    [#] Map verwijderd : C:\ProgramData\Application Data\AVG Secure Search
    [#] Map verwijderd : C:\ProgramData\Application Data\AVG Security Toolbar
    [#] Map verwijderd : C:\ProgramData\Application Data\avg web tuneup
    [#] Map verwijderd : C:\ProgramData\Application Data\Avg_Update_0116av
    [#] Map verwijderd : C:\ProgramData\Application Data\Avg_Update_1015av
    [#] Map verwijderd : C:\ProgramData\Application Data\Avg_Update_1215av
    [-] Map verwijderd : C:\Program Files (x86)\avg web tuneup
    [-] Map verwijderd : C:\Program Files (x86)\Common Files\AVG Secure Search
    [-] Map verwijderd : C:\USerS\S\AppData\Local\avg web tuneup
    [-] Map verwijderd : C:\USerS\S\AppData\LocalLow\avg web tuneup
    [-] Map verwijderd : C:\Program Files\avg web tuneup
    [-] Map verwijderd : C:\Program Files\Common Files\AVG Secure Search

    ***** [ Bestanden ] *****

    [-] Bestand verwijderd : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
    [-] Bestand verwijderd : C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\searchplugins\avg-secure-search.xml

    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ Geplande taken ] *****


    ***** [ Register ] *****

    [-] Sleutel verwijderd : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
    [-] Sleutel verwijderd : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\s
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Sleutel verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Sleutel verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Sleutel verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Sleutel verwijderd : HKCU\Software\Kromtech
    [-] Sleutel verwijderd : HKLM\SOFTWARE\AIM Toolbar
    [-] Sleutel verwijderd : HKLM\SOFTWARE\SpeedBit
    [-] Sleutel verwijderd : HKLM\SOFTWARE\AVG Tuneup
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\AVG Secure Search
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\Installer\Features\D2A425F405350054677A7A857BC02210
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC02210
    [-] Sleutel verwijderd : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC02210
    [-] Sleutel verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFF FF
    [-] Sleutel verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Gegevens hersteld : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
    [-] Gegevens hersteld : HKU\S-1-5-21-2000744146-3456631203-1606821962-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
    [-] Waarde verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

    ***** [ Internetbrowsers ] *****

    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.BUTTON_STRUCTURE", "[{\"b\":221360012,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221360013,\"c\":\"mindspark.enter searchterms\",\"p\":\"L.0.0
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.browser.version.last", "37.0");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.firstKnownVersion", "6.85.5.64990");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=61BA92FA-0102-42DB-9559-20022A106571&n=781af714&p2=^AYY^xdm525^YYA^nl&si=flvrunner");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.initialized", true);
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.installKeysSource", "LocalStorage");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.installType", "XPI");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.contextKey", "");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.installDate", "2015033108");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerId", "^AYY^xdm525^YYA^nl");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerSubId", "flvrunner");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.pixelUrl", "hxxp://download.allin1convert.com/install_pixels.jhtml?partner=^AYY^xdm525^YYA^nl&sub_id=flvrunner&coId=ef5231dee16945ab903
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.success", true);
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.toolbarId", "61BA92FA-0102-42DB-9559-20022A106571");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.isCompliantUninstallImplementation", true);
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.lastActivePing", "1428825369406");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.lastKnownVersion", "6.85.5.64990");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.options.defaultSearch", false);
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.options.homePageEnabled", false);
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.options.keywordEnabled", false);
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.options.tabEnabled", false);
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.partnerPixelFired", true);
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.searchHistory", "kinkie");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.successUrl", "hxxp://flvrunner.com/thankyou.php");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.toolbar.versionChanged", false);
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.toolbarCollapsed", true);
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark._8hMembers_.weather.location", "10001");
    [-] [C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\prefs.js] verwijderd : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");

    *************************

    :: "Tracing" sleutels verwijderd
    :: Winsock instellingen gereset

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [14833 bytes] - [18/05/2016 15:34:30]
    C:\AdwCleaner\AdwCleaner[R0].txt - [4738 bytes] - [24/02/2015 19:39:39]
    C:\AdwCleaner\AdwCleaner[S0].txt - [4275 bytes] - [24/02/2015 19:41:24]
    C:\AdwCleaner\AdwCleaner[S1].txt - [14897 bytes] - [18/05/2016 15:32:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15127 bytes] ##########

    Comment


    • #3
      Attach

      .
      UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
      IF REQUESTED, ZIP IT UP & ATTACH IT
      .
      DDS (Ver_2012-11-20.01)
      .
      Microsoft Windows 10 Home
      Boot Device: \Device\HarddiskVolume2
      Install Date: 25-12-2015 12:41:53
      System Uptime: 18-5-2016 15:35:31 (1 hours ago)
      .
      Motherboard: Hewlett-Packard | | 2AF7
      Processor: Intel(R) Core(TM) i5-4460S CPU @ 2.90GHz | SOCKET 0 | 2901/100mhz
      .
      ==== Disk Partitions =========================
      .
      C: is FIXED (NTFS) - 916 GiB total, 850,842 GiB free.
      D: is FIXED (NTFS) - 13 GiB total, 1,642 GiB free.
      E: is CDROM ()
      .
      ==== Disabled Device Manager Items =============
      .
      ==== System Restore Points ===================
      .
      RP20: 13-4-2016 17:57:38 - HPSF Applying updates
      RP21: 5-5-2016 18:24:19 - Gepland controlepunt
      RP22: 11-5-2016 13:53:00 - Windows Update
      RP23: 11-5-2016 13:53:40 - Windows Update
      RP24: 14-5-2016 13:06:12 - HPSF Applying updates
      RP25: 18-5-2016 14:36:49 - F-Secure Ultralight updated
      .
      ==== Installed Programs ======================
      .
      7-Zip 9.20 (x64 edition)
      Adobe Flash Player 21 NPAPI
      AVG
      AVG 2016
      AVG Protection
      AVG Web TuneUp
      Bonjour
      BookWorm Deluxe
      BookWorm Deluxe 1.02
      calibre 64bit
      Canon Easy-WebPrint EX
      Canon IJ Scan Utility
      Canon Inkjet Printer/Scanner/Fax Extended Survey Program
      Canon MG4200 series MP Drivers
      Canon MG4200 series On-screen Manual
      Canon My Image Garden
      Canon My Image Garden Design Files
      Canon My Printer
      Canon Quick Menu
      CCleaner
      Chuzzle Deluxe
      Corel Paint Shop Pro X
      CyberLink Media Suite 10
      Cyberlink PhotoDirector
      CyberLink Power2Go 8
      CyberLink PowerDirector 12
      CyberLink PowerDVD 12
      DisableMSDefender
      Energy Star
      Evernote v. 5.8.8
      FMW 1
      Foxit PhantomPDF
      Free Notes & Office Ink
      Gebruikersregistratie voor Canon MG4200 series
      Google Drive
      Google Earth
      Google Update Helper
      Hewlett-Packard ACLM.NET v1.2.2.3
      HP Customer Experience Enhancements
      HP Documentation
      HP PC Hardware Diagnostics UEFI
      HP Registration Service
      HP SimplePass
      HP Support Assistant
      HP Support Information
      HP Support Solutions Framework
      IDT Audio
      Inst5675
      Inst5676
      Intel(R) Chipset Device Software
      Intel(R) Management Engine Components
      Intel(R) ME UninstallLegacy
      Intel(R) Processor Graphics
      Intel(R) Rapid Storage Technology
      Intel® Security Assist
      Intel® Trusted Connect Service Client
      Java 8 Update 77
      Java 8 Update 91
      Java Auto Updater
      Malwarebytes Anti-Malware versie 2.2.1.1043
      Microsoft Office
      Microsoft PowerPoint Viewer
      Microsoft Silverlight
      Microsoft Visual C++ 2005 Redistributable
      Microsoft Visual C++ 2005 Redistributable (x64)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
      Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
      Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
      Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
      Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
      Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
      Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
      Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
      Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
      Mozilla Firefox 46.0.1 (x86 nl)
      Mozilla Maintenance Service
      Mozilla Thunderbird 45.1.0 (x86 nl)
      OpenOffice 4.1.2
      PeaZip 5.5.3
      Picasa 3
      Power Presenter RE II
      Realtek Card Reader
      REALTEK Wireless LAN Driver
      Recovery Manager
      Software voor Intel® Chipset-apparaten
      Unity Web Player
      USB Tablet Manager
      Visual Studio 2012 x64 Redistributables
      Visual Studio 2012 x86 Redistributables
      VLC media player
      Zuma Deluxe RA
      Zylom Games Player Plugin
      .
      ==== End Of File ===========================

      Comment


      • #4
        DDS

        DDS (Ver_2012-11-20.01) - NTFS_AMD64
        Internet Explorer: 11.0.10586.20 BrowserJavaVersion: 11.91.2
        Run by S at 16:20:24 on 2016-05-18
        Microsoft Windows 10 Home 10.0.10586.0.1252.31.1043.18.8097.5163 [GMT 2:00]
        .
        AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
        SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
        .
        ============== Running Processes ===============
        .
        C:\WINDOWS\system32\svchost.exe -k DcomLaunch
        C:\WINDOWS\system32\svchost.exe -k RPCSS
        C:\WINDOWS\system32\dwm.exe
        C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
        C:\WINDOWS\system32\svchost.exe -k LocalService
        C:\WINDOWS\system32\svchost.exe -k netsvcs
        C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
        C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
        C:\WINDOWS\system32\igfxCUIService.exe
        C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
        C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
        C:\Program Files\IDT\WDM\STacSV64.exe
        C:\WINDOWS\system32\svchost.exe -k NetworkService
        C:\WINDOWS\System32\spoolsv.exe
        C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
        C:\WINDOWS\system32\WLANExt.exe
        C:\WINDOWS\System32\svchost.exe -k utcsvc
        C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
        C:\WINDOWS\system32\svchost.exe -k apphost
        C:\Program Files\CyberLink\Shared files\RichVideo64.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\WINDOWS\system32\svchost.exe -k appmodel
        C:\WINDOWS\system32\svchost.exe -k imgsvc
        C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
        C:\windows\system32\atwtusb.exe
        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
        C:\WINDOWS\system32\dashost.exe
        C:\WINDOWS\system32\atwtusb.exe
        C:\Program Files (x86)\AVG\Av\avgcsrva.exe
        C:\Program Files (x86)\AVG\Av\avgnsa.exe
        C:\Program Files (x86)\AVG\Av\avgemca.exe
        C:\WINDOWS\system32\sihost.exe
        C:\Windows\System32\RuntimeBroker.exe
        C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
        C:\Program Files (x86)\AVG\Av\avgrsa.exe
        C:\WINDOWS\system32\taskhostw.exe
        C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
        C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
        C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
        C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
        C:\WINDOWS\system32\igfxEM.exe
        C:\WINDOWS\system32\igfxHK.exe
        C:\WINDOWS\system32\igfxTray.exe
        C:\WINDOWS\system32\SearchIndexer.exe
        C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
        C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
        C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
        C:\WINDOWS\system32\SettingSyncHost.exe
        C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
        C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
        C:\Program Files\Hewlett-Packard\SimplePass\opbhobrokerdsktop.exe
        C:\Windows\System32\AtwtusbIcon.exe
        C:\Program Files\IDT\WDM\sttray64.exe
        C:\Program Files\IDT\WDM\Beats64.exe
        C:\Program Files (x86)\Google\Drive\googledrivesync.exe
        C:\Users\S\AppData\Local\Microsoft\OneDrive\OneDrive.exe
        C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
        C:\Program Files\CCleaner\CCleaner64.exe
        C:\Program Files (x86)\Google\Drive\googledrivesync.exe
        C:\Program Files (x86)\AVG\Av\avgui.exe
        C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
        C:\WINDOWS\system32\fontdrvhost.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
        C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
        C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
        C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
        C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\WINDOWS\system32\SearchProtocolHost.exe
        C:\WINDOWS\system32\SearchFilterHost.exe
        C:\WINDOWS\System32\cscript.exe
        .
        ============== Pseudo HJT Report ===============
        .
        uStart Page = hxxp://zeelandnet.nl/
        uSearch Page = web/?type=dspp&q={searchTerms}
        uDefault_Page_URL = www.google.com
        uDefault_Search_URL = web/?type=dspp&q={searchTerms}
        BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
        BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
        BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
        TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
        EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
        uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
        uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
        uRun: [OneDrive] "C:\Users\S\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
        mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
        mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
        mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
        mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
        StartupFolder: C:\Users\S\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
        mPolicies-System: DSCAutomationHostEnabled = dword:2
        IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
        IE: Afbeelding knippen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
        IE: Afbeelding opnemen - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
        IE: Bladwijzer knippen - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
        IE: Kopieer selectie - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
        IE: Kopieer URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
        IE: Nieuwe notitie - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
        IE: Pagina opemen - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
        IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
        IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
        TCP: NameServer = 62.238.255.69 212.115.192.100
        TCP: Interfaces\{889f7409-e0e4-4e36-8180-7121c5d76b50} : DHCPNameServer = 62.238.255.69 212.115.192.100
        Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
        Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
        SSODL: WebCheck - <orphaned>
        LSA: Security Packages = ""
        CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
        x64-mStart Page = www.google.com
        x64-mSearch Page = hxxp://www.google.com
        x64-mDefault_Page_URL = www.google.com
        x64-mDefault_Search_URL = www.google.com
        x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
        x64-BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} -
        x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
        x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
        x64-Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui
        x64-Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
        x64-Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
        x64-Run: [AtwtusbIcon] AtwtusbIcon.exe
        x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
        x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
        x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
        x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
        x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
        x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
        x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
        x64-SSODL: WebCheck - <orphaned>
        x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
        x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
        x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
        .
        ================= FIREFOX ===================
        .
        FF - ProfilePath - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665\
        FF - prefs.js: browser.startup.homepage - hxxp://www.zeelandnet.nl/|about:[email protected]
        FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
        FF - plugin: C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
        FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
        FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
        FF - plugin: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll
        FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
        FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
        FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
        FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
        FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll
        FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
        FF - plugin: C:\Users\S\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
        FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll
        .
        ============= SERVICES / DRIVERS ===============
        .
        R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\drivers\avgidsha.sys [2015-5-12 272304]
        R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\drivers\avgloga.sys [2016-2-16 360736]
        R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\drivers\avgmfx64.sys [2016-3-29 248576]
        R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\drivers\avgrkx64.sys [2015-3-20 51968]
        R0 Avguniva;AVG Universal Driver;C:\WINDOWS\System32\drivers\avguniva.sys [2016-1-8 71936]
        R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-6-23 670056]
        R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
        R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
        R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
        R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
        R1 Avgdiska;AVG Disk Driver;C:\WINDOWS\System32\drivers\avgdiska.sys [2016-2-16 162592]
        R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\drivers\avgidsdrivera.sys [2015-9-11 307456]
        R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\drivers\avgldx64.sys [2015-10-21 284080]
        R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\drivers\avgwfpa.sys [2015-12-16 315840]
        R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2014-11-29 91912]
        R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-5-11 87552]
        R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
        R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [2016-5-4 5155904]
        R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-4-22 1078544]
        R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [2016-5-4 710232]
        R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
        R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
        R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-9-28 28552]
        R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-7-18 359848]
        R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-7-10 223520]
        R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-11-29 389896]
        R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
        R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
        R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
        R2 WTService;WTService;C:\WINDOWS\System32\atwtusb.exe -s --> C:\WINDOWS\System32\atwtusb.exe -s [?]
        R3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
        R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2014-11-17 30512]
        R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
        R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2015-2-24 192216]
        R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
        R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
        R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-8-7 896768]
        R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\WINDOWS\System32\drivers\rtwlane.sys [2015-10-30 4641536]
        R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
        R3 UEFI;Microsoft UEFI-stuurprogramma;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
        R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-4-13 694784]
        S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\drivers\avgboota.sys [2016-1-7 21632]
        S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
        S2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
        S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
        S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
        S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
        S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
        S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
        S3 AvgAMPS;AvgAMPS;C:\Program Files (x86)\AVG\Av\avgamps.exe [2016-5-4 638968]
        S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
        S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
        S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
        S3 buttonconverter;Service voor Portable Device Control-apparaten;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
        S3 CapImg;HID-stuurprogramma voor CapImg-touchscreen;C:\WINDOWS\System32\drivers\capimg.sys [2015-12-25 117248]
        S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
        S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
        S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
        S3 diagnosticshub.standardcollector.service;Microsoft(R) Diagnostics Hub Standard Collector-service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
        S3 DmEnrollmentSvc;Registratieservice voor Apparaatbeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
        S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
        S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
        S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
        S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
        S3 genericusbfn;Algemene USB-functieklasse;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
        S3 hidinterrupt;Algemeen stuurprogramma voor HID-knoppen waarvoor interrupts zijn geïmplementeerd;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
        S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
        S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
        S3 iaLPSSi_GPIO;Stuurprogramma van Intel(R) Serial IO GPIO-controller;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
        S3 iaLPSSi_I2C;Stuurprogramma voor Intel(R) Serial IO I2C-controller;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
        S3 iaStorAV;Intel(R) SATA RAID-controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
        S3 ibbus;Mellanox InfiniBand Bus/AL (filterstuurprogramma);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
        S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-11-29 169752]
        S3 icssvc;Windows Mobiele hotspotservice;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
        S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
        S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2014-5-7 42288]
        S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
        S3 intelpep;Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing ;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
        S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
        S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
        S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
        S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
        S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
        S3 ndfltr;NetworkDirect-service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
        S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
        S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
        S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
        S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
        S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
        S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
        S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
        S3 RetailDemo;Retaildemoservice;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
        S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUStor.sys [2013-7-9 263896]
        S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
        S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
        S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
        S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
        S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
        S3 SmsRouter;Microsoft Windows SMS Router-service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
        S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
        S3 storufs;Microsoft Universal Flash Storage (UFS)-stuurprogramma;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
        S3 TabletFilter;Tablet Driver;C:\WINDOWS\System32\drivers\TabletFilter.sys [2015-4-13 7680]
        S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
        S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-5-11 63488]
        S3 UcmUcsi;UCSI-client van USB-connectorbeheer;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
        S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
        S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-4-13 258912]
        S3 UfxChipidea;Chipidea USB-controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
        S3 ufxsynopsys;Synopsys USB-controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-5-11 131424]
        S3 UrsChipidea;Stuurprogramma voor Chipidea USB Role-Switch;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
        S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
        S3 UrsSynopsys;Stuurprogramma voor Synopsys USB Role-Switch;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
        S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
        S3 vhf;Virtual HID Framework (VHF)-stuurprogramma;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
        S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
        S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
        S3 w3logsvc;W3C-logboekregistratieservice;C:\WINDOWS\System32\svchost.exe -k apphost [2015-10-30 43944]
        S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
        S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
        S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
        S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
        S3 WinMad;WinMad-service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
        S3 WinVerbs;WinVerbs-service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
        S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
        S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
        S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
        S3 XblAuthManager;Xbox Live-verificatiebeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
        S3 XblGameSave;Games opslaan op Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
        S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-2 238592]
        S3 XboxNetApiSvc;Netwerkservice van Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
        S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-4-13 26112]
        S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
        S4 tzautoupdate;Updater van automatische tijdzone;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
        .
        =============== Created Last 30 ================
        .
        2016-05-18 12:36:09 -------- d-----w- C:\Users\S\AppData\Local\FSDART
        2016-05-18 12:36:01 -------- d-----w- C:\Users\S\AppData\Local\F-Secure
        2016-05-18 12:36:01 -------- d-----w- C:\ProgramData\F-Secure
        2016-05-18 04:53:38 -------- d--h--w- C:\OneDriveTemp
        2016-05-11 10:37:59 5240960 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
        2016-05-05 08:32:18 970912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr120.dll
        .
        ==================== Find3M ====================
        .
        2016-05-18 13:45:11 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
        2016-05-18 13:36:42 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
        2016-05-14 11:09:05 4641536 ----a-w- C:\WINDOWS\System32\drivers\rtwlane.sys
        2016-05-14 11:09:05 1139416 ----a-w- C:\WINDOWS\System32\Rtlihvs.dll
        2016-05-14 11:07:13 4641536 ----a-w- C:\WINDOWS\System32\drivers\SET5A1E.tmp
        2016-05-11 19:57:14 829944 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
        2016-05-11 19:57:14 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
        2016-05-06 04:53:48 95072 ----a-w- C:\WINDOWS\System32\drivers\sdport.sys
        2016-05-06 04:05:35 241664 ----a-w- C:\WINDOWS\SysWow64\cryptngc.dll
        2016-05-06 04:03:20 649216 ----a-w- C:\WINDOWS\System32\ngcsvc.dll
        2016-05-06 03:53:21 351232 ----a-w- C:\WINDOWS\System32\NgcCtnr.dll
        2016-05-06 03:49:14 289792 ----a-w- C:\WINDOWS\System32\NgcCtnrSvc.dll
        2016-05-06 03:44:10 582656 ----a-w- C:\WINDOWS\System32\ngccredprov.dll
        2016-05-06 03:43:46 320000 ----a-w- C:\WINDOWS\System32\cryptngc.dll
        2016-05-06 03:23:53 76288 ----a-w- C:\WINDOWS\System32\ngcpopkeysrv.dll
        2016-05-04 14:58:32 71936 ----a-w- C:\WINDOWS\System32\drivers\avguniva.sys
        2016-04-30 06:42:19 1387520 ----a-w- C:\WINDOWS\System32\win32kbase.sys
        2016-04-30 06:31:37 3591168 ----a-w- C:\WINDOWS\System32\win32kfull.sys
        2016-04-23 06:12:45 294592 ----a-w- C:\WINDOWS\System32\invagent.dll
        2016-04-23 06:12:45 190144 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
        2016-04-23 06:12:45 1401024 ----a-w- C:\WINDOWS\System32\appraiser.dll
        2016-04-23 06:12:45 1184960 ----a-w- C:\WINDOWS\System32\aeinv.dll
        2016-04-23 06:12:44 92352 ----a-w- C:\WINDOWS\System32\acmigration.dll
        2016-04-23 06:12:44 713920 ----a-w- C:\WINDOWS\System32\generaltel.dll
        2016-04-23 06:12:44 514752 ----a-w- C:\WINDOWS\System32\devinv.dll
        2016-04-23 06:12:44 46784 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
        2016-04-23 05:28:43 1542816 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
        2016-04-23 05:28:40 1557768 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
        2016-04-23 05:26:12 707608 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
        2016-04-23 05:24:45 7474528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
        2016-04-23 05:24:41 1997328 ----a-w- C:\WINDOWS\System32\KernelBase.dll
        2016-04-23 05:24:37 99680 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
        2016-04-23 05:24:37 638816 ----a-w- C:\WINDOWS\System32\drivers\fvevol.sys
        2016-04-23 05:24:28 1819208 ----a-w- C:\WINDOWS\System32\ntdll.dll
        2016-04-23 05:24:16 335712 ----a-w- C:\WINDOWS\System32\drivers\fastfat.sys
        2016-04-23 05:24:13 754664 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
        2016-04-23 05:22:15 1161120 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
        2016-04-23 05:13:12 306832 ----a-w- C:\WINDOWS\SysWow64\wlanapi.dll
        2016-04-23 05:13:01 84832 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
        2016-04-23 05:13:01 502104 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
        2016-04-23 05:12:48 413536 ----a-w- C:\WINDOWS\System32\wifitask.exe
        2016-04-23 05:12:42 451928 ----a-w- C:\WINDOWS\SysWow64\MFCaptureEngine.dll
        2016-04-23 05:12:33 925064 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
        2016-04-23 05:11:52 390496 ----a-w- C:\WINDOWS\System32\wlanapi.dll
        2016-04-23 05:11:44 696672 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
        2016-04-23 05:11:43 115040 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
        2016-04-23 05:11:30 1092464 ----a-w- C:\WINDOWS\System32\mfplat.dll
        2016-04-23 05:11:27 498960 ----a-w- C:\WINDOWS\System32\MFCaptureEngine.dll
        2016-04-23 05:11:14 131424 ----a-w- C:\WINDOWS\System32\drivers\ufxsynopsys.sys
        2016-04-23 05:10:41 330072 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
        2016-04-23 05:09:39 255168 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
        2016-04-23 05:09:36 465760 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
        2016-04-23 05:09:18 569744 ----a-w- C:\WINDOWS\SysWow64\SHCore.dll
        2016-04-23 05:09:18 4074160 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
        2016-04-23 05:09:00 565600 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
        2016-04-23 05:09:00 303216 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
        2016-04-23 05:08:45 6605504 ----a-w- C:\WINDOWS\System32\windows.storage.dll
        2016-04-23 05:08:41 725776 ----a-w- C:\WINDOWS\System32\SHCore.dll
        2016-04-23 05:08:40 4515256 ----a-w- C:\WINDOWS\explorer.exe
        2016-04-23 05:07:38 183904 ----a-w- C:\WINDOWS\SysWow64\rsaenh.dll
        2016-04-23 05:07:34 1536088 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
        2016-04-23 05:07:26 204048 ----a-w- C:\WINDOWS\System32\rsaenh.dll
        2016-04-23 05:07:19 1848072 ----a-w- C:\WINDOWS\System32\crypt32.dll
        2016-04-23 05:06:57 291360 ----a-w- C:\WINDOWS\System32\wininit.exe
        2016-04-23 05:02:02 188256 ----a-w- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
        2016-04-23 05:01:54 217440 ----a-w- C:\WINDOWS\System32\AppxAllUserStore.dll
        2016-04-23 05:01:25 619296 ----a-w- C:\WINDOWS\System32\d3d10level9.dll
        2016-04-23 05:01:25 1996640 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
        2016-04-23 05:01:17 650304 ----a-w- C:\WINDOWS\System32\dxgi.dll
        2016-04-23 05:01:15 393568 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
        2016-04-23 05:01:13 513368 ----a-w- C:\WINDOWS\SysWow64\d3d10level9.dll
        2016-04-23 05:01:11 577368 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
        2016-04-23 05:01:10 522176 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
        2016-04-23 05:00:52 1776768 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
        2016-04-23 05:00:45 550656 ----a-w- C:\WINDOWS\System32\directmanipulation.dll
        2016-04-23 05:00:45 1399224 ----a-w- C:\WINDOWS\System32\user32.dll
        2016-04-23 05:00:43 1594920 ----a-w- C:\WINDOWS\System32\gdi32.dll
        2016-04-23 05:00:43 1522152 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
        2016-04-23 05:00:40 453472 ----a-w- C:\WINDOWS\SysWow64\directmanipulation.dll
        2016-04-23 05:00:35 1337240 ----a-w- C:\WINDOWS\SysWow64\user32.dll
        2016-04-23 05:00:29 58208 ----a-w- C:\WINDOWS\System32\dwminit.dll
        2016-04-23 05:00:29 1372304 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
        2016-04-23 04:56:52 534872 ----a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
        2016-04-23 04:39:37 89088 ----a-w- C:\WINDOWS\System32\MapsCSP.dll
        2016-04-23 04:35:38 66560 ----a-w- C:\WINDOWS\System32\MosHostClient.dll
        2016-04-23 04:34:30 59392 ----a-w- C:\WINDOWS\System32\hmkd.dll
        2016-04-23 04:34:19 67072 ----a-w- C:\WINDOWS\System32\drivers\usbser.sys
        2016-04-23 04:33:59 63488 ----a-w- C:\WINDOWS\System32\drivers\UcmCx.sys
        2016-04-23 04:33:58 65536 ----a-w- C:\WINDOWS\System32\drivers\UMDF\UcmCx.dll
        2016-04-23 04:33:47 38400 ----a-w- C:\WINDOWS\System32\ByteCodeGenerator.exe
        2016-04-23 04:33:36 89600 ----a-w- C:\WINDOWS\System32\NFCProvisioningPlugin.dll
        2016-04-23 04:33:16 63488 ----a-w- C:\WINDOWS\System32\wshbth.dll
        2016-04-23 04:32:22 134656 ----a-w- C:\WINDOWS\System32\wificonnapi.dll
        2016-04-23 04:32:11 28672 ----a-w- C:\WINDOWS\System32\mapsupdatetask.dll
        2016-04-23 04:32:01 69632 ----a-w- C:\WINDOWS\System32\EnterpriseDesktopAppMgmtCSP.dll
        2016-04-23 04:31:17 50176 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
        2016-04-23 04:31:08 74752 ----a-w- C:\WINDOWS\System32\MosStorage.dll
        2016-04-23 04:31:00 13018112 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
        2016-04-23 04:30:51 50176 ----a-w- C:\WINDOWS\SysWow64\MosHostClient.dll
        2016-04-23 04:30:35 120320 ----a-w- C:\WINDOWS\System32\MapsBtSvc.dll
        .
        ============= FINISH: 16:22:39,46 ===============

        Comment


        • #5
          GMER 2.2.19882 - http://www.gmer.net
          Rootkit scan 2016-05-18 18:09:44
          Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e ST1000DM003-1ER162 rev.HP51 931,51GB
          Running: h3zwdkjp.exe; Driver: C:\Users\S\AppData\Local\Temp\kwryqpog.sys


          ---- Threads - GMER 2.2 ----

          Thread C:\WINDOWS\system32\csrss.exe [632:692] fffff96198794060
          Thread C:\WINDOWS\system32\SettingSyncHost.exe [2244:2284] 00007ff8af08c040

          ---- Registry - GMER 2.2 ----

          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\[email protected] 311853129
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 3184
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 224185656
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 224185060
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 224185386
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 224185607
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 3446
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 44
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 3
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 6053
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 194
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 478820
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 0x3F 0x7C 0x02 0x00 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 33890
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 0x53 0x45 0x00 0x00 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 55
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 77
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 12
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 342
          Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] 0x0C 0x79 0x2C 0x20 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{D96F50EF-41F8-4AAA-9564-FE1F7C554961}@DefunctTimestamp 0xAE 0x5C 0x3C 0x57 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] MBAMSwissArmy
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] FSFilter Activity Monitor
          Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\[email protected] MBAMSwissArmy Instance
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances\MBAMSwissArmy Instance
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances\MBAMSwissArmy [email protected] 0
          Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy
          Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 6598
          Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 3332
          Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{889f7409-e0e4-4e36-8180-7121c5d76b50}@LeaseObtainedTime 1463585762
          Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{889f7409-e0e4-4e36-8180-7121c5d76b50}@T1 1463587562
          Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{889f7409-e0e4-4e36-8180-7121c5d76b50}@T2 1463588912
          Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{889f7409-e0e4-4e36-8180-7121c5d76b50}@LeaseTerminatesTime 1463589362
          Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x7E 0x09 0xFB 0x7F ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x00 0x8B 0xC3 0x60 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x00 0xF3 0x87 0xC2 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x00 0x23 0xFF 0xFE ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\[email protected] 0x2C 0xCE 0x70 0x00 ...
          Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\[email protected] time.windows.com,7d0096b???????????
          Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\[email protected] 0x64 0x62 0x03 0x00 ...
          Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\[email protected] 0x64 0x62 0x03 0x00 ...
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] ings-notifications-9e2f88e3.twitter_wgeqdkkx372wm 1
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] 0x7C 0x1C 0x79 0x3D ...
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] Time 0x60 0x4D 0xBF 0x41 ...
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] DrainTime 0x60 0x4D 0xBF 0x41 ...
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] 0
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] 0
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] me 0x60 0x4D 0xBF 0x41 ...
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] 0
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] 0
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] ime 0x60 0x4D 0xBF 0x41 ...
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] 0xC5 0x15 0x90 0xCF ...
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\[email protected] st 0x65 0x56 0xA6 0xFF ...
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\[email protected] 1
          Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\remotesyncdumm [email protected] 0

          ---- Disk sectors - GMER 2.2 ----

          Disk \Device\Harddisk0\DR0 unknown MBR code

          ---- EOF - GMER 2.2 ----

          Comment


          • #6
            Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
            Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
            (hier en hier) kan je lezen hoe je dat doet.

            en download Zoek.exe naar het bureaublad.
            klik hier voor meer informatie over hoe zoek.exe te gebruiken)
            • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
            • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
            • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
            • Kopieer nu onderstaande code en plak die in het grote invulvenster:
            • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
              Code:
              emptyfolderscheck;delete
              firefoxlook; 
              Chromelook; 
              autoclean; 
              iedefaults;
            • Klik nu op de knop "Run script".
            • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
            • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
            • Post het geopende logje in het volgende bericht als bijlage.

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Scan gedaan, hij staat nu al een poos stil, ik weet niet of hij nog verdergaat of niet. Er is niet opnieuw opgestart en AVG ging intussen eventjes aan.

              Zoek.exe v5.0.0.1 Updated 31-December-2015
              Tool run by S on wo 18-05-2016 at 19:00:20,25.
              Microsoft Windows 10 Home 10.0.10586 x64
              Running in: Normal Mode Internet Access Detected
              Launched: C:\Users\S\Downloads\zoek.exe [Scan all users] [Script inserted]

              ===== Runcheck 19:01:26,46 =====

              --- Create Environment Variables 19:01:27,26
              --- Create System Restore Point 19:01:31,73
              --- Checking Input 19:01:32,60
              --- AU AppData Check 19:01:47,47
              --- Remove From Windows Installer 19:01:49,91
              --- Empty Folders Check 19:02:28,76
              --- Registry HKLM Software Check 19:02:28,84
              --- Quick Launch Shortcut Check 19:02:39,90
              --- IE Startpage Check 19:02:42,74
              --- Program Files DB Check 19:02:57,28
              --- C:\Users\Default\AppData DB Check 19:03:33,53
              --- C:\Users\Default.migrated\AppData DB Check 19:03:33,53
              --- C:\Users\S\AppData DB Check 19:03:33,53
              --- C:\WINDOWS\SysNative\config\systemprofile\AppData DB Check 19:03:33,53
              --- C:\WINDOWS\sysWoW64\config\systemprofile\AppData DB Check 19:03:33,53
              --- C:\WINDOWS\serviceprofiles\networkservice\AppData DB Check 19:03:33,53
              --- C:\WINDOWS\serviceprofiles\Localservice\AppData DB Check 19:03:33,53
              --- C:\Users\S DB Check 19:05:20,79
              --- C:\PROGRA~3 DB Check 19:05:34,35
              --- C:\Users\Default\AppData\Local DB Check 19:05:43,89
              --- C:\Users\Default User\AppData\Local DB Check 19:05:43,89
              --- C:\Users\Default.migrated\AppData\Local DB Check 19:05:43,89
              --- C:\Users\S\AppData\Local DB Check 19:05:43,89
              --- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check 19:05:43,89
              --- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check 19:05:43,89
              --- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check 19:05:43,89
              --- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check 19:05:43,89
              --- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 19:07:07,06
              --- C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 19:07:15,06
              --- Tasks DB Check 19:07:20,09
              --- C:\Users\S\AppData\LocalLow DB Check 19:07:23,59
              --- C:\WINDOWS\SysNative\config\systemprofile\AppData\LocalLow DB Check 19:07:23,59
              --- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 19:07:23,59
              --- C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow DB Check 19:07:23,59
              --- C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow DB Check 19:07:23,59
              --- Tasks2 DB Check 19:07:59,90
              --- Documents DB Check 19:08:25,86
              --- Documents2 DB Check 19:08:32,67
              --- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665 DB Check 19:08:33,92
              --- C:\Users\S\AppData\Roaming\Thunderbird\Profiles\46znurnw.default DB Check 19:08:33,92
              --- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\u53yi8bg.default-1456233608599 DB Check 19:08:33,92
              --- C:\Users\Public\Desktop DB Check 19:08:39,63
              --- C:\Users\S\Desktop DB Check 19:08:44,08
              --- Services DB Check 19:08:50,72
              --- FF prefs.js DB Check 19:09:09,73
              --- Del by CLSID 19:10:43,70
              --- Delete Services 19:11:11,96
              --- Delete files\folders 19:11:13,92
              --- Create Backups 19:11:14,02
              --- Firefox Extensions 19:11:33,95

              Comment


              • #8
                Sorry, het moest als bijlage en dat wil ik best alsnog doen, maar ik zie niet hoe dat werkt.

                Comment


                • #9
                  Moet je wel de code invullen hoor.

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Die had ik in dat venster geplakt. is er iets niet goed gegaan?

                    Comment


                    • #11
                      Ik krijg het niet geuoload, ik krijg de melding dat het een ongeldig bestand is.
                      Daarom plak ik de resultaten uit het Zoekprogje maar weer even zo in het tekstveld.

                      Hopelijk is het nu goed.


                      Zoek.exe v5.0.0.1 Updated 31-December-2015
                      Tool run by S on wo 18-05-2016 at 21:56:45,12.
                      Microsoft Windows 10 Home 10.0.10586 x64
                      Running in: Normal Mode Internet Access Detected
                      Launched: C:\Users\S\Downloads\zoek(2).exe [Scan all users] [Script inserted]

                      ==== Older Logs ======================

                      C:\zoek-results2016-05-18-171133.log 2113 bytes
                      C:\zoek-results2016-05-18-194946.log 605 bytes

                      ==== Empty Folders Check ======================

                      C:\PROGRA~3\CanonIJPLM deleted successfully
                      C:\Users\S\AppData\Local\ActiveSync deleted successfully
                      C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

                      ==== Deleting CLSID Registry Keys ======================


                      ==== Deleting CLSID Registry Values ======================


                      ==== Deleting Services ======================


                      ==== Firefox Start and Search pages ======================

                      ProfilePath: C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\nz4kgukk.default-1424773305665
                      user_pref("browser.startup.homepage", "http://www.zeelandnet.nl/|about:[email protected]");

                      Comment


                      • #12
                        Dit is beter maar je hebt niet alles geplaatst, vertel even of je al verbetering merkt?

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          O jee, wat heb ik niet geplaatst? Ik dacht namelijk dat ik het hele logje had gekopieerd.

                          Ik geloof niet dat ik nog spam verstuur, in elk geval. Mijn wachtwoord heb ik aangepast voor de zekerheid. En omdat het een paar dagen geleden was heb ik vanmiddag weer met AVG en mbam gescand en die vonden niets.

                          Comment


                          • #14
                            Ik heb Zoek nog even geopend en opnieuw het rapportje bekeken. Dit was echt wat er staat, meer was er niet.

                            Comment


                            • #15
                              In dat geval ben je te vroeg gestopt

                              Download ZHPDiag via onderstaande link:
                              - ZHPDiag (klik op de blauwe knop 'TÉLÉCHARGER !')
                              Bewaar het op je bureaublad.

                              Antivirussoftware uitschakelen
                              Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPDiag.

                              ZHPDiag uitvoeren
                              • Rechtsklik op ZHPDiag3.exe en klik op Als Administrator uitvoeren.
                              • Klik op "I agree" in het openingsscherm "TERMS OF USE".
                              • Klik op "Scanner" en wacht geduldig tot dit klaar is.
                              • Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op je bureaublad, post deze als bijlage in je volgende bericht.
                                (Het logbestand kan je ook terugvinden in de map %AppData%\ZHP.)

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X