Mededeling

Collapse
No announcement yet.

ransomware - nog 40 u rest alvorens encryptie van alle bestanden

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • ransomware - nog 40 u rest alvorens encryptie van alle bestanden

    Hallo,

    Ik zit met een dreiging om al mijn bestanden te versleutelen indien ik geen 'boete' betaal. Het ziet er uit als een document van de federale politie mazar is doorspekt met reclamelogo's van diverse bedrijven (fnac, carrefour,q8..)

    Kapersky pure heeft de besmetting niet kunnen tegenhouden en wanneer ik Kapersky een volledige scan liet doen, vond ie ook niets.MBAM vind ook niets.. Hierna post ik achtereenvolgens MBAM; DDS.txt en GMER log:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2014.01.20.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    leo :: LEO-PC [administrator]

    20/01/2014 19:46:55
    mbam-log-2014-01-20 (19-46-55).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 208398
    Verstreken tijd: 7 minuut/minuten, 26 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
    Run by leo at 19:59:25 on 2014-01-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6071.3445 [GMT 1:00]
    .
    AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    C:\Windows\SysWOW64\nlssrv32.exe
    C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe
    C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\IDimager Products\IDimager\IDimagerMonitor.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
    C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe
    C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\notepad.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://telenet.be/nl
    uDefault_Page_URL = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mDefault_Page_URL = hxxp://www.google.com
    BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    uRun: [IDimager Monitor] C:\Program Files (x86)\IDimager Products\IDimager\IDimagerMonitor.exe -PWD
    uRun: [AdobeBridge] <no file>
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
    mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
    mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    mRun: [PC MaticRT] C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
    dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
    IE: Kaspersky PURE - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll/616
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
    IE: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    TCP: NameServer = 195.130.131.133 195.130.130.5
    TCP: Interfaces\{D7A5EE61-9E34-4DA0-B336-BE175D9F47DE} : DHCPNameServer = 195.130.131.133 195.130.130.5
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://www.google.com
    x64-mDefault_Page_URL = hxxp://www.google.com
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\a5ihbfby.default\
    FF - prefs.js: browser.startup.homepage - www.standaard.be
    FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll
    FF - plugin: C:\Users\leo\AppData\Local\Citrix\Plugins\104\npappdetector.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-7-7 84536]
    R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-7-7 66616]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
    R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54368]
    R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
    R2 AVP;Kaspersky Anti-Virus-service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356128]
    R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-14 13336]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2013-12-24 70768]
    R2 PCPitstop Realtime;PCPitstop Realtime;C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe [2013-11-12 3874928]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2013-7-7 86216]
    R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2014-1-15 82872]
    R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2014-1-17 1909032]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
    R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\System32\drivers\AVer888RC_64.sys [2013-7-8 543616]
    R3 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
    R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\System32\drivers\AVer888RCIR_64.sys [2010-1-14 39936]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-14 56344]
    R3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29280]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29280]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-7-8 2350176]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-8 726160]
    R3 SeqCal;SeqCal;C:\Windows\System32\drivers\SeqCal.sys [2013-7-8 7808]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-7-13 57840]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
    S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-11-12 41032]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-9 19456]
    S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-1-5 31800]
    S3 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-10-24 288472]
    S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-9 57856]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-8 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-01-20 11:31:51 -------- d-----w- C:\Program Files (x86)\Belarc
    2014-01-17 19:19:08 -------- d-----w- C:\Users\leo\AppData\Roaming\WTablet
    2014-01-17 19:18:59 3095848 ------w- C:\Windows\System32\PenTablet.cpl
    2014-01-17 19:18:52 12976 ----a-w- C:\Windows\System32\drivers\WacomVKHid.sys
    2014-01-17 19:18:39 14640 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys
    2014-01-17 19:18:39 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys
    2014-01-17 19:18:34 -------- d-----w- C:\Windows\System32\WTablet
    2014-01-17 19:18:31 181544 ------w- C:\Windows\SysWow64\Wintab32.dll
    2014-01-17 19:18:29 164648 ------w- C:\Windows\System32\Pen_Tablet.dll
    2014-01-17 19:18:29 128296 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll
    2014-01-17 19:18:27 1909032 ------w- C:\Windows\System32\Pen_Tablet.exe
    2014-01-17 19:18:18 -------- d-----w- C:\Program Files (x86)\Tablet
    2014-01-17 07:30:42 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8016B351-6F03-4589-AD6A-8C8FC06048E2}\mpengine.dll
    2014-01-16 12:06:46 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-01-16 12:05:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-01-15 13:47:03 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
    2014-01-15 11:51:14 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2014-01-15 11:51:14 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2014-01-15 11:51:14 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2014-01-15 11:51:14 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2014-01-15 11:51:14 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2014-01-15 11:51:14 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-01-15 11:51:14 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2014-01-15 11:51:14 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2014-01-15 11:51:13 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
    2014-01-11 20:55:44 -------- d-----w- C:\Users\leo\.assistant
    2014-01-11 15:31:50 -------- d-----w- C:\Program Files (x86)\MSECache
    2014-01-10 00:23:24 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
    2014-01-10 00:22:45 -------- d-----w- C:\Windows\PCHEALTH
    2014-01-10 00:22:45 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
    2014-01-10 00:21:42 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2014-01-05 17:10:57 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
    2014-01-04 23:02:48 -------- d-----w- C:\Users\leo\AppData\Local\Helicon
    2014-01-04 23:02:08 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon
    2013-12-27 18:05:18 -------- d-----w- C:\Users\leo\AppData\Local\Last.fm
    2013-12-27 18:05:18 -------- d-----w- C:\Program Files (x86)\Last.fm
    2013-12-24 01:48:01 70768 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
    2013-12-24 01:47:59 70768 ----a-w- C:\Windows\System32\nlssrv32.exe
    .
    ==================== Find3M ====================
    .
    2014-01-16 11:14:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-16 11:14:55 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-12-11 11:53:17 9272200 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
    2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-11-19 02:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
    2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
    2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
    .
    ============= FINISH: 20:00:31,19 ===============


    GMER 2.1.19324 - http://www.gmer.net
    Rootkit scan 2014-01-20 20:22:35
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST375052 rev.HP34 698,64GB
    Running: iq44wrg8.exe; Driver: C:\Users\leo\AppData\Local\Temp\ufldapow.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ff2000 45 bytes [00, 00, A8, 00, 4D, 6D, 43, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002ff202f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\SysWOW64\svchost.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
    .text C:\Windows\SysWOW64\svchost.exe[2272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
    .text ... * 2
    .text C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
    .text C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
    .text ... * 2
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
    .text C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
    .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
    .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
    .text ... * 2
    .text C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe[7232] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 0000000075ea3491 4 bytes {CALL 0xffffffff8a60a688}
    .text C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe[7232] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075e71465 2 bytes [E7, 75]
    .text C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe[7232] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075e714bb 2 bytes [E7, 75]
    .text ... * 2
    ? C:\Windows\system32\mssprxy.dll [7232] entry point in ".rdata" section 00000000610c71e6

    ---- Kernel IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004ce6ea4] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\System32\svchost.exe [1068:1508] 000007fefa6a59a0
    Thread C:\Windows\System32\svchost.exe [1068:2060] 000007fef55720c0
    Thread C:\Windows\System32\svchost.exe [1068:2428] 000007fef55726a8
    Thread C:\Windows\System32\svchost.exe [1068:1880] 000007fef55414a0
    Thread C:\Windows\System32\svchost.exe [1068:1960] 000007fef55729dc
    Thread C:\Windows\System32\svchost.exe [1068:2596] 000007fef55729dc
    Thread C:\Windows\System32\svchost.exe [1068:2620] 000007fef55729dc
    Thread C:\Windows\System32\svchost.exe [1068:3244] 000007fef508a2b0
    Thread C:\Windows\System32\svchost.exe [1068:3132] 000007fefcc81a70
    Thread C:\Windows\System32\svchost.exe [1068:4436] 000007fef62644e0
    Thread C:\Windows\System32\svchost.exe [1068:4120] 000007fef7b288f8
    Thread C:\Windows\system32\svchost.exe [1692:1800] 000007fef8305fd0
    Thread C:\Windows\system32\svchost.exe [1692:3480] 000007fef83063ec
    Thread C:\Windows\system32\svchost.exe [1692:3232] 000007fef1758470
    Thread C:\Windows\system32\svchost.exe [1692:3644] 000007fef1762418
    Thread C:\Windows\system32\svchost.exe [1724:2324] 000007fef7f535c0
    Thread C:\Windows\system32\svchost.exe [1724:2232] 000007fef7f55600
    Thread C:\Windows\system32\svchost.exe [1724:1864] 000007fef51e2888
    Thread C:\Windows\system32\svchost.exe [1724:1872] 000007fef51c2940
    Thread C:\Windows\system32\svchost.exe [1724:3388] 000007fef51e2a40
    Thread C:\Windows\SYSTEM32\WISPTIS.EXE [2000:1308] 000007fefda50168
    Thread C:\Windows\SYSTEM32\WISPTIS.EXE [2000:1312] 000007feff186e60
    Thread C:\Windows\SYSTEM32\WISPTIS.EXE [2000:1360] 000007feff186e60
    Thread C:\Windows\SYSTEM32\WISPTIS.EXE [2000:1404] 000007feff186e60
    Thread C:\Windows\SYSTEM32\WISPTIS.EXE [2000:1716] 000007feff186e60
    Thread C:\Windows\SYSTEM32\WISPTIS.EXE [2000:3112] 000007feff186e60
    Thread C:\Windows\SYSTEM32\WISPTIS.EXE [2000:972] 000007feff186e60
    Thread C:\Windows\SYSTEM32\WISPTIS.EXE [2000:3240] 000007feff186e60
    Thread C:\Windows\System32\WUDFHost.exe [3280:3320] 000007fef4d124a0
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3900:3672] 000007fefb592a7c
    Thread C:\Windows\System32\svchost.exe [1552:1352] 000007fef4539688

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----

  • #2
    Hoi vonkske,

    Volg deze handleiding en voer ze correct uit; Zeker mbt Windows Unlocker.
    Post de logs die gevraagd worden.
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      ransomware

      Hallo Emphyrio,

      De 2de PC draait op Ubuntu. Ik kan de .iso niet installeren noch op een cd noch op de USB stick. Hij herkent de writer niet en wanneer ik de USB methode probeer, kan ik die niet vinden in het fly out menu.Er is daar maar 1 enkele optie: kies de USB drive.
      Nochtans kan ik de stick openen en is hij herkend op de pc maar ik kan hem dus niet selecteren.

      Hopelijk weet jij raad.

      ps: de sitepage met de dreiging heb ik kunnen afsluiten met het Windows taakbeheer en ik kan surfen maar er hapert wel één en ander: trager pagina's inladen, het muisicoon springt heen en weer, soms is de muis niet te besturen..

      Groet, vonkske

      Comment


      • #4
        Je kan via "Wine" op Ubuntu een Windows omgeving creëren


        Kan je opstarten in Veilige Modus?
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Zal eens nakijken (pc is een 'afgedankte' laptop van zoonlief, die nu in Groot-Brittanië woont)

          Ik kan de besmette pc in veilige modus starten maar ook met de gewone start...vreemd is dat

          ps: ondertussen ook pcpitstop en F secure laten lopen en ook die vinden niets.

          Comment


          • #6
            Oorspronkelijk geplaatst door vonkske Bekijk Berichten
            ps: ondertussen ook pcpitstop en F secure laten lopen en ook die vinden niets.
            Niet wat anders doen ondertussen, Vonkske, dat maakt het voor mij moeilijker.


            Download rkill via één van de onderstaande links naar het bureaublad.
            Dubbelklik op "rkill" om het te starten
            Dit kan een beetje tijd in beslag nemen.
            Indien er een melding komt dat rkill een infectie is kunt u dit negeren, het is namelijk een vals alarm.
            Indien u problemen blijft houden qua meldingen download dan hier (iExplorer.exe) een hernoemde rkill versie naar uw bureaublad en voer deze uit.
            Als "rkill" gereed is zal er LOG bestanden geopend worden, deze is ook terug te vinden op de systeemschijf C:\rkill.log plaats de inhoud hiervan in het volgende bericht.


            Let op!!! Herstart niet de computer na het gebruik van rkill


            Start MBAM.
            Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
            • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
            • Ga naar het tabblad "Updates" en Update MBAM.
            • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
            • Druk vervolgens op "Scannen" om de scan te starten.
            • Het scannen kan een tijdje duren, dus wees geduldig.
            • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
            • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
            • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

            Indien MBAM vraagt om een herstart, doe dit dan ook.
            Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
            In dat geval post je dus de twee logs.

            De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


            Bij problemen!!!


            Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


            DDS is een diagnosetool en maakt gebruik van scripts.
            Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


            Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
            Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
            Beide logfiles sla je op je bureaublad.

            Post de inhoud van DDS.txt.

            De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              Rkill 2.6.5 by Lawrence Abrams (Grinler)
              http://www.bleepingcomputer.com/
              Copyright 2008-2014 BleepingComputer.com
              More Information about Rkill can be found at this link:
              http://www.bleepingcomputer.com/forums/topic308364.html

              Program started at: 01/21/2014 04:39:25 PM in x64 mode.
              Windows Version: Windows 7 Home Premium Service Pack 1

              Checking for Windows services to stop:

              * No malware services found to stop.

              Checking for processes to terminate:

              * No malware processes found to kill.

              Checking Registry for malware related settings:

              * No issues found in the Registry.

              Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

              Performing miscellaneous checks:

              * Windows Firewall Disabled

              [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
              "EnableFirewall" = dword:00000000

              Checking Windows Service Integrity:

              * No issues found.

              Searching for Missing Digital Signatures:

              * No issues found.

              Checking HOSTS File:

              * HOSTS file entries found:

              127.0.0.1 lmlicenses.wip4.adobe.com
              127.0.0.1 lm.licenses.adobe.com
              127.0.0.1 na1r.services.adobe.com
              127.0.0.1 hlrcv.stage.adobe.com
              127.0.0.1 practivate.adobe.com
              127.0.0.1 activate.adobe.com
              127.0.0.1 activate-sea.adobe.com
              127.0.0.1 activate-sjc0.adobe.com
              127.0.0.1 practivate.adobe.com
              127.0.0.1 ereg.adobe.com
              127.0.0.1 activate.wip3.adobe.com
              127.0.0.1 wip3.adobe.com
              127.0.0.1 3dns-3.adobe.com
              127.0.0.1 3dns-2.adobe.com
              127.0.0.1 adobe-dns.adobe.com
              127.0.0.1 adobe-dns-2.adobe.com
              127.0.0.1 adobe-dns-3.adobe.com
              127.0.0.1 ereg.wip3.adobe.com
              127.0.0.1 wwis-dubc1-vip60.adobe.com


              Program finished at: 01/21/2014 04:40:16 PM
              Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)


              Malwarebytes Anti-Malware 1.75.0.1300
              www.malwarebytes.org

              Databaseversie: v2014.01.21.05

              Windows 7 Service Pack 1 x64 NTFS
              Internet Explorer 11.0.9600.16476
              leo :: LEO-PC [administrator]

              21/01/2014 17:21:24
              mbam-log-2014-01-21 (17-21-24).txt

              Scan type: Snelle scan
              Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
              Uitgeschakelde scan opties: P2P
              Objecten gescand: 208429
              Verstreken tijd: 4 minuut/minuten, 11 seconde(n)

              Geheugenprocessen gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Geheugenmodulen gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Registersleutels gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Registerwaarden gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Registerdata gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Mappen gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Bestanden gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              (einde)


              DDS (Ver_2012-11-20.01) - NTFS_AMD64
              Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
              Run by leo at 17:27:07 on 2014-01-21
              Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6071.3472 [GMT 1:00]
              .
              AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
              SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
              SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
              .
              ============== Running Processes ===============
              .
              C:\Windows\system32\lsm.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch
              C:\Windows\system32\svchost.exe -k RPCSS
              C:\Windows\system32\atiesrxx.exe
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
              C:\Windows\system32\svchost.exe -k LocalService
              C:\Windows\system32\svchost.exe -k netsvcs
              C:\Windows\system32\svchost.exe -k GPSvcGroup
              C:\Windows\system32\svchost.exe -k NetworkService
              C:\Windows\system32\atieclxx.exe
              C:\Windows\SYSTEM32\WISPTIS.EXE
              C:\Windows\System32\spoolsv.exe
              C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
              C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
              C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
              C:\Program Files (x86)\Bonjour\mDNSResponder.exe
              C:\Windows\SysWOW64\nlssrv32.exe
              C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe
              C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
              C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
              C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
              C:\Windows\system32\taskhost.exe
              C:\Windows\system32\Dwm.exe
              C:\Windows\Explorer.EXE
              C:\Windows\SYSTEM32\WISPTIS.EXE
              C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
              C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
              C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
              C:\Windows\System32\WUDFHost.exe
              C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
              C:\Program Files (x86)\IDimager Products\IDimager\IDimagerMonitor.exe
              C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
              C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
              C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
              C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
              C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
              C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
              C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
              C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
              C:\Windows\system32\wbem\unsecapp.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Program Files\Windows Media Player\wmpnetwk.exe
              C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
              C:\Windows\system32\SearchIndexer.exe
              C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
              C:\Windows\System32\svchost.exe -k secsvcs
              C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
              C:\Program Files (x86)\Mozilla Firefox\firefox.exe
              C:\Windows\system32\taskhost.exe
              C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
              C:\Windows\system32\SearchProtocolHost.exe
              C:\Windows\system32\SearchFilterHost.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Windows\System32\cscript.exe
              .
              ============== Pseudo HJT Report ===============
              .
              uStart Page = hxxp://telenet.be/nl
              uDefault_Page_URL = hxxp://www.google.com
              mStart Page = hxxp://www.google.com
              mDefault_Page_URL = hxxp://www.google.com
              BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
              BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
              BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
              BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
              BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
              BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
              BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
              BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
              BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
              BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
              BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
              TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
              uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
              uRun: [IDimager Monitor] C:\Program Files (x86)\IDimager Products\IDimager\IDimagerMonitor.exe -PWD
              uRun: [AdobeBridge] <no file>
              mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
              mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
              mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
              mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
              mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
              mRun: [PC MaticRT] C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
              dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
              StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
              StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
              uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
              mPolicies-Explorer: NoActiveDesktop = dword:1
              mPolicies-Explorer: NoActiveDesktopChanges = dword:1
              mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
              mPolicies-System: ConsentPromptBehaviorUser = dword:3
              mPolicies-System: EnableUIADesktopToggle = dword:0
              IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
              IE: Kaspersky PURE - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll/616
              IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
              IE: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
              IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
              IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
              IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
              IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
              IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
              IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
              IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
              IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
              DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
              TCP: NameServer = 195.130.131.133 195.130.130.5
              TCP: Interfaces\{D7A5EE61-9E34-4DA0-B336-BE175D9F47DE} : DHCPNameServer = 195.130.131.133 195.130.130.5
              Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
              Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
              Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
              Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
              SSODL: WebCheck - <orphaned>
              mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
              x64-mStart Page = hxxp://www.google.com
              x64-mDefault_Page_URL = hxxp://www.google.com
              x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
              x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
              x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
              x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
              x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
              x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
              x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
              x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
              x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
              x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
              x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
              x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
              x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
              x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
              x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
              x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
              x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
              x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
              x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
              x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
              x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
              x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
              x64-SSODL: WebCheck - <orphaned>
              .
              ================= FIREFOX ===================
              .
              FF - ProfilePath - C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\a5ihbfby.default\
              FF - prefs.js: browser.startup.homepage - www.standaard.be
              FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
              FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
              FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
              FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
              FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
              FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
              FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
              FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
              FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
              FF - plugin: C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll
              FF - plugin: C:\Users\leo\AppData\Local\Citrix\Plugins\104\npappdetector.dll
              FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
              .
              ============= SERVICES / DRIVERS ===============
              .
              R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-7-7 84536]
              R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-7-7 66616]
              R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
              R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54368]
              R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
              R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
              R2 AVP;Kaspersky Anti-Virus-service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356128]
              R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-14 13336]
              R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2013-12-24 70768]
              R2 PCPitstop Realtime;PCPitstop Realtime;C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe [2013-11-12 3874928]
              R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2013-7-7 86216]
              R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2014-1-15 82872]
              R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
              R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\System32\drivers\AVer888RC_64.sys [2013-7-8 543616]
              R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\System32\drivers\AVer888RCIR_64.sys [2010-1-14 39936]
              R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-14 56344]
              R3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
              R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29280]
              R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29280]
              R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-7-8 2350176]
              R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-8 726160]
              R3 SeqCal;SeqCal;C:\Windows\System32\drivers\SeqCal.sys [2013-7-8 7808]
              S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
              S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
              S3 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
              S3 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
              S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-7-13 57840]
              S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
              S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-11-12 41032]
              S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
              S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-9 19456]
              S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-1-5 31800]
              S3 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-10-24 288472]
              S3 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2014-1-17 1909032]
              S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
              S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-9 57856]
              S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-8 1255736]
              .
              =============== Created Last 30 ================
              .
              2014-01-21 10:46:16 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FF59CE5-8AF3-42FF-9A6C-B2E497F52D54}\mpengine.dll
              2014-01-21 08:55:23 -------- d-----w- C:\WTablet
              2014-01-20 11:31:51 -------- d-----w- C:\Program Files (x86)\Belarc
              2014-01-17 19:19:08 -------- d-----w- C:\Users\leo\AppData\Roaming\WTablet
              2014-01-17 19:18:59 3095848 ------w- C:\Windows\System32\PenTablet.cpl
              2014-01-17 19:18:52 12976 ----a-w- C:\Windows\System32\drivers\WacomVKHid.sys
              2014-01-17 19:18:39 14640 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys
              2014-01-17 19:18:39 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys
              2014-01-17 19:18:34 -------- d-----w- C:\Windows\System32\WTablet
              2014-01-17 19:18:31 181544 ------w- C:\Windows\SysWow64\Wintab32.dll
              2014-01-17 19:18:29 164648 ------w- C:\Windows\System32\Pen_Tablet.dll
              2014-01-17 19:18:29 128296 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll
              2014-01-17 19:18:27 1909032 ------w- C:\Windows\System32\Pen_Tablet.exe
              2014-01-17 19:18:18 -------- d-----w- C:\Program Files (x86)\Tablet
              2014-01-16 12:06:46 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
              2014-01-16 12:05:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
              2014-01-15 13:47:03 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
              2014-01-15 11:51:14 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
              2014-01-15 11:51:14 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
              2014-01-15 11:51:14 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
              2014-01-15 11:51:14 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
              2014-01-15 11:51:14 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
              2014-01-15 11:51:14 3156480 ----a-w- C:\Windows\System32\win32k.sys
              2014-01-15 11:51:14 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
              2014-01-15 11:51:14 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
              2014-01-15 11:51:13 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
              2014-01-11 20:55:44 -------- d-----w- C:\Users\leo\.assistant
              2014-01-11 15:31:50 -------- d-----w- C:\Program Files (x86)\MSECache
              2014-01-10 00:23:24 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
              2014-01-10 00:22:45 -------- d-----w- C:\Windows\PCHEALTH
              2014-01-10 00:22:45 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
              2014-01-10 00:21:42 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
              2014-01-05 17:10:57 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
              2014-01-04 23:02:48 -------- d-----w- C:\Users\leo\AppData\Local\Helicon
              2014-01-04 23:02:08 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon
              2013-12-27 18:05:18 -------- d-----w- C:\Users\leo\AppData\Local\Last.fm
              2013-12-27 18:05:18 -------- d-----w- C:\Program Files (x86)\Last.fm
              2013-12-24 01:48:01 70768 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
              2013-12-24 01:47:59 70768 ----a-w- C:\Windows\System32\nlssrv32.exe
              .
              ==================== Find3M ====================
              .
              2014-01-16 11:14:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
              2014-01-16 11:14:55 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
              2013-12-18 05:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
              2013-12-11 11:53:17 9272200 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
              2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
              2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
              2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
              2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
              2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
              2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
              2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
              2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
              2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
              2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
              2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
              2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
              2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
              2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
              2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
              2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
              2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
              2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
              2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
              2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
              2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
              .
              ============= FINISH: 17:27:27,35 ===============

              Comment


              • #8
                mag ik de log van de volledige scan van MBAM zoals gevraagd aub.?
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Malwarebytes Anti-Malware 1.75.0.1300
                  www.malwarebytes.org

                  Databaseversie: v2014.01.21.05

                  Windows 7 Service Pack 1 x64 NTFS
                  Internet Explorer 11.0.9600.16476
                  leo :: LEO-PC [administrator]

                  22/01/2014 10:23:08
                  mbam-log-2014-01-22 (10-23-08).txt

                  Scan type: Snelle scan
                  Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
                  Uitgeschakelde scan opties: P2P
                  Objecten gescand: 208192
                  Verstreken tijd: 5 minuut/minuten, 17 seconde(n)

                  Geheugenprocessen gedetecteerd: 0
                  (Geen kwaadaardige objecten gedetecteerd)

                  Geheugenmodulen gedetecteerd: 0
                  (Geen kwaadaardige objecten gedetecteerd)

                  Registersleutels gedetecteerd: 0
                  (Geen kwaadaardige objecten gedetecteerd)

                  Registerwaarden gedetecteerd: 0
                  (Geen kwaadaardige objecten gedetecteerd)

                  Registerdata gedetecteerd: 0
                  (Geen kwaadaardige objecten gedetecteerd)

                  Mappen gedetecteerd: 0
                  (Geen kwaadaardige objecten gedetecteerd)

                  Bestanden gedetecteerd: 0
                  (Geen kwaadaardige objecten gedetecteerd)

                  (einde)

                  Comment


                  • #10
                    Je hebt me de verkeerde log toegestuurd, vonkske:
                    Oorspronkelijk geplaatst door Emphyrio Bekijk Berichten
                    mag ik de log van de volledige scan van MBAM zoals gevraagd aub.?
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      Sorry, maar u vroeg naar een snelle scan. Hierbij nu de log van de volledige scan, de gevonden objecten heb ik voorlopig niet verwijderd.

                      Malwarebytes Anti-Malware 1.75.0.1300
                      www.malwarebytes.org

                      Databaseversie: v2014.01.23.02

                      Windows 7 Service Pack 1 x64 NTFS
                      Internet Explorer 11.0.9600.16476
                      leo :: LEO-PC [administrator]

                      23/01/2014 12:23:00
                      mbam-log-2014-01-23 (12-23-00).txt

                      Scan type: Volledige scan (C:\|E:\|)
                      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
                      Uitgeschakelde scan opties: P2P
                      Objecten gescand: 440279
                      Verstreken tijd: 1 uur/uren, 23 minuut/minuten, 32 seconde(n)

                      Geheugenprocessen gedetecteerd: 0
                      (Geen kwaadaardige objecten gedetecteerd)

                      Geheugenmodulen gedetecteerd: 0
                      (Geen kwaadaardige objecten gedetecteerd)

                      Registersleutels gedetecteerd: 0
                      (Geen kwaadaardige objecten gedetecteerd)

                      Registerwaarden gedetecteerd: 0
                      (Geen kwaadaardige objecten gedetecteerd)

                      Registerdata gedetecteerd: 0
                      (Geen kwaadaardige objecten gedetecteerd)

                      Mappen gedetecteerd: 0
                      (Geen kwaadaardige objecten gedetecteerd)

                      Bestanden gedetecteerd: 22
                      C:\Program Files\VS Revo Group\Revo Uninstaller Pro\revo.uninstaller.pro.3.x.(x64)-patch.exe (PUP.Riskware.Patcher) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\adobe bridge cc_sHaRe\Bridge.CC\Crack\Patch.exe (PUP.RiskwareTool.CK) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\Adobe Photoshop CC 14.1.2_Share\sHaRewbb_adbptscc1412new\CRACK\Patch by PainteR\adobe.photoshop.cc-patch-painter.zip (PUP.RiskwareTool.CK) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\Adobe Photoshop CC 14.1.2_Share\sHaRewbb_adbptscc1412new\CRACK\Patch by PainteR\adobe.photoshop.cc-patch-painter\adobe.photoshop.cc-patch-painter.exe (PUP.RiskwareTool.CK) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\Adobe Photoshop CS6_download_ShaRe\Adobe Photoshop CS6 Extended 13.1.2 Extended LS16\Keygen\keygen-XFORCE\xf-mccs6.exe (PUP.RiskwareTool.CK) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\Adobe Photoshop CS6_download_ShaRe\Adobe Photoshop CS6 Extended 13.1.2 Extended LS16\Update\aam-patch.painter.exe (PUP.Riskware.Patcher) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\Adobe.Photoshop.Lightroom.v5.2.x64.Multilingual.Incl.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\DxO Optics Pro 9.0.0 Build 1394 Elite (Win 32-64 bit) [ChingLiu]\Patch.And.Cracked-MPT\dxo.optics.pro.9.0.0.1394..(32-bit)-MPT.exe (PUP.Riskware.Patcher) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\DxO Optics Pro 9.0.0 Build 1394 Elite (Win 32-64 bit) [ChingLiu]\Patch.And.Cracked-MPT\dxo.optics.pro.9.0.0.1394..(64-bit)-MPT.exe (PUP.Riskware.Patcher) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\DxO ViewPoint 2.1.0 Build 14 (64 bit) (Patch MPT) [ChingLiu]\Crack MPT\dxo.viewpoint.2.1.0.14. .64.bits-MPT.exe (PUP.Riskware.Patcher) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\DxO.Optics.Pro.9.0.1.1469\dxo.optics.pro.9.0.0.1394..(32-bit)-MPT.exe (PUP.Riskware.Patcher) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\DxO.Optics.Pro.9.0.1.1469\dxo.optics.pro.9.0.0.1394..(64-bit)-MPT.exe (PUP.Riskware.Patcher) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\DxO.Optics.Pro.9.0.1.1469\DxO.Optics.Pro.9.0.0.1394.Patch.And.Cr acked-MPT.zip (PUP.Riskware.Patcher) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\DxO_Optics_Pro_9.0.0_Build_1394_Elite\dxo.optics.pro.9.0.0.1394. .(32-bit)-MPT.exe (PUP.Riskware.Patcher) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\DxO_Optics_Pro_9.0.0_Build_1394_Elite\dxo.optics.pro.9.0.0.1394. .(64-bit)-MPT.exe (PUP.Riskware.Patcher) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\Lightroom5_sHaRe\Adobe.Photoshop.Lightroom.v5.2.x64.Multilingual .Incl.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\Photomatix Pro 4.2.6 x86+x64\Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\Photoshop Elements 12\Photoshop.Elements\Crack\Alternative\Patch.exe (PUP.RiskwareTool.CK) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\Fotosoftware\snapseed\keygen.exe (PUP.RiskwareTool.CK) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\PC software\Revo uninstaller\sHaRewbb_rvo308patch.rar (PUP.Riskware.Patcher) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\PC software\Revo uninstaller\Revo\Revo.Uninstaller.Pro.patch-XenoCoder\x64\revo.uninstaller.pro.3.x.(x64)-patch.exe (PUP.Riskware.Patcher) -> Geen actie ondernomen.
                      C:\Users\leo\Documents\PC software\Revo uninstaller\Revo\Revo.Uninstaller.Pro.patch-XenoCoder\x86\revo.uninstaller.pro.3.x.(x86)-patch.exe (PUP.Riskware.Patcher) -> Geen actie ondernomen.

                      (einde)
                      Last edited by vonkske; 23-01-14, 14:33. Reden: aanvulling

                      Comment


                      • #12
                        De gevonden items selecteren voor verwijdering.
                        Indien MBAM vraagt om een herstart, dan doe je dit.

                        Post de log samen met een verse DDS log.
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          Hierbij MBAM en DDS:
                          Malwarebytes Anti-Malware 1.75.0.1300
                          www.malwarebytes.org

                          Databaseversie: v2014.01.23.02

                          Windows 7 Service Pack 1 x64 NTFS
                          Internet Explorer 11.0.9600.16476
                          leo :: LEO-PC [administrator]

                          23/01/2014 18:44:37
                          mbam-log-2014-01-23 (18-44-37).txt

                          Scan type: Volledige scan (C:\|)
                          Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
                          Uitgeschakelde scan opties: P2P
                          Objecten gescand: 426486
                          Verstreken tijd: 1 uur/uren, 11 minuut/minuten, 13 seconde(n)

                          Geheugenprocessen gedetecteerd: 0
                          (Geen kwaadaardige objecten gedetecteerd)

                          Geheugenmodulen gedetecteerd: 0
                          (Geen kwaadaardige objecten gedetecteerd)

                          Registersleutels gedetecteerd: 0
                          (Geen kwaadaardige objecten gedetecteerd)

                          Registerwaarden gedetecteerd: 0
                          (Geen kwaadaardige objecten gedetecteerd)

                          Registerdata gedetecteerd: 0
                          (Geen kwaadaardige objecten gedetecteerd)

                          Mappen gedetecteerd: 0
                          (Geen kwaadaardige objecten gedetecteerd)

                          Bestanden gedetecteerd: 22
                          C:\Program Files\VS Revo Group\Revo Uninstaller Pro\revo.uninstaller.pro.3.x.(x64)-patch.exe (PUP.Riskware.Patcher) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\adobe bridge cc_sHaRe\Bridge.CC\Crack\Patch.exe (PUP.RiskwareTool.CK) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\Adobe Photoshop CC 14.1.2_Share\sHaRewbb_adbptscc1412new\CRACK\Patch by PainteR\adobe.photoshop.cc-patch-painter.zip (PUP.RiskwareTool.CK) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\Adobe Photoshop CC 14.1.2_Share\sHaRewbb_adbptscc1412new\CRACK\Patch by PainteR\adobe.photoshop.cc-patch-painter\adobe.photoshop.cc-patch-painter.exe (PUP.RiskwareTool.CK) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\Adobe Photoshop CS6_download_ShaRe\Adobe Photoshop CS6 Extended 13.1.2 Extended LS16\Keygen\keygen-XFORCE\xf-mccs6.exe (PUP.RiskwareTool.CK) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\Adobe Photoshop CS6_download_ShaRe\Adobe Photoshop CS6 Extended 13.1.2 Extended LS16\Update\aam-patch.painter.exe (PUP.Riskware.Patcher) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\Adobe.Photoshop.Lightroom.v5.2.x64.Multilingual.Incl.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\DxO Optics Pro 9.0.0 Build 1394 Elite (Win 32-64 bit) [ChingLiu]\Patch.And.Cracked-MPT\dxo.optics.pro.9.0.0.1394..(32-bit)-MPT.exe (PUP.Riskware.Patcher) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\DxO Optics Pro 9.0.0 Build 1394 Elite (Win 32-64 bit) [ChingLiu]\Patch.And.Cracked-MPT\dxo.optics.pro.9.0.0.1394..(64-bit)-MPT.exe (PUP.Riskware.Patcher) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\DxO ViewPoint 2.1.0 Build 14 (64 bit) (Patch MPT) [ChingLiu]\Crack MPT\dxo.viewpoint.2.1.0.14. .64.bits-MPT.exe (PUP.Riskware.Patcher) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\DxO.Optics.Pro.9.0.1.1469\dxo.optics.pro.9.0.0.1394..(32-bit)-MPT.exe (PUP.Riskware.Patcher) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\DxO.Optics.Pro.9.0.1.1469\dxo.optics.pro.9.0.0.1394..(64-bit)-MPT.exe (PUP.Riskware.Patcher) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\DxO.Optics.Pro.9.0.1.1469\DxO.Optics.Pro.9.0.0.1394.Patch.And.Cr acked-MPT.zip (PUP.Riskware.Patcher) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\DxO_Optics_Pro_9.0.0_Build_1394_Elite\dxo.optics.pro.9.0.0.1394. .(32-bit)-MPT.exe (PUP.Riskware.Patcher) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\DxO_Optics_Pro_9.0.0_Build_1394_Elite\dxo.optics.pro.9.0.0.1394. .(64-bit)-MPT.exe (PUP.Riskware.Patcher) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\Lightroom5_sHaRe\Adobe.Photoshop.Lightroom.v5.2.x64.Multilingual .Incl.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\Photomatix Pro 4.2.6 x86+x64\Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\Photoshop Elements 12\Photoshop.Elements\Crack\Alternative\Patch.exe (PUP.RiskwareTool.CK) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\Fotosoftware\snapseed\keygen.exe (PUP.RiskwareTool.CK) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\PC software\Revo uninstaller\sHaRewbb_rvo308patch.rar (PUP.Riskware.Patcher) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\PC software\Revo uninstaller\Revo\Revo.Uninstaller.Pro.patch-XenoCoder\x64\revo.uninstaller.pro.3.x.(x64)-patch.exe (PUP.Riskware.Patcher) -> Succesvol in quarantaine geplaatst en verwijderd.
                          C:\Users\leo\Documents\PC software\Revo uninstaller\Revo\Revo.Uninstaller.Pro.patch-XenoCoder\x86\revo.uninstaller.pro.3.x.(x86)-patch.exe (PUP.Riskware.Patcher) -> Succesvol in quarantaine geplaatst en verwijderd.

                          (einde)

                          DDS (Ver_2012-11-20.01) - NTFS_AMD64
                          Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
                          Run by leo at 20:04:46 on 2014-01-23
                          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6071.3435 [GMT 1:00]
                          .
                          AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
                          SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
                          SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                          FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
                          .
                          ============== Running Processes ===============
                          .
                          C:\Windows\system32\lsm.exe
                          C:\Windows\system32\svchost.exe -k DcomLaunch
                          C:\Windows\system32\svchost.exe -k RPCSS
                          C:\Windows\system32\atiesrxx.exe
                          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                          C:\Windows\system32\svchost.exe -k LocalService
                          C:\Windows\system32\svchost.exe -k netsvcs
                          C:\Windows\system32\svchost.exe -k GPSvcGroup
                          C:\Windows\system32\svchost.exe -k NetworkService
                          C:\Windows\system32\atieclxx.exe
                          C:\Windows\SYSTEM32\WISPTIS.EXE
                          C:\Windows\system32\taskeng.exe
                          C:\Windows\System32\spoolsv.exe
                          C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                          C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
                          C:\Windows\system32\taskhost.exe
                          C:\Windows\SYSTEM32\WISPTIS.EXE
                          C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
                          C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
                          C:\Windows\system32\Dwm.exe
                          C:\Windows\Explorer.EXE
                          C:\Program Files (x86)\Bonjour\mDNSResponder.exe
                          C:\Windows\SysWOW64\nlssrv32.exe
                          C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe
                          C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
                          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                          C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
                          C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                          C:\Windows\System32\WUDFHost.exe
                          C:\Windows\servicing\TrustedInstaller.exe
                          C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
                          C:\Program Files (x86)\IDimager Products\IDimager\IDimagerMonitor.exe
                          C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
                          C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
                          C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
                          C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
                          C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
                          C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
                          C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
                          C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
                          C:\Windows\system32\SearchIndexer.exe
                          C:\Program Files\Windows Media Player\wmpnetwk.exe
                          C:\Windows\system32\SearchProtocolHost.exe
                          C:\Windows\system32\SearchFilterHost.exe
                          C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
                          C:\Windows\system32\wbem\unsecapp.exe
                          C:\Windows\system32\wbem\wmiprvse.exe
                          C:\Windows\system32\wbem\wmiprvse.exe
                          C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
                          C:\Windows\system32\sppsvc.exe
                          C:\Windows\System32\svchost.exe -k secsvcs
                          C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
                          C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                          C:\Windows\System32\cscript.exe
                          .
                          ============== Pseudo HJT Report ===============
                          .
                          uStart Page = hxxp://telenet.be/nl
                          uDefault_Page_URL = hxxp://www.google.com
                          mStart Page = hxxp://www.google.com
                          mDefault_Page_URL = hxxp://www.google.com
                          BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
                          BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
                          BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
                          BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
                          BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                          BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                          BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
                          BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
                          BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
                          BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                          BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
                          BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
                          TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
                          uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
                          uRun: [IDimager Monitor] C:\Program Files (x86)\IDimager Products\IDimager\IDimagerMonitor.exe -PWD
                          uRun: [AdobeBridge] <no file>
                          mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
                          mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
                          mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
                          mRun: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
                          mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
                          mRun: [PC MaticRT] C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
                          dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
                          StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
                          StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
                          uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
                          mPolicies-Explorer: NoActiveDesktop = dword:1
                          mPolicies-Explorer: NoActiveDesktopChanges = dword:1
                          mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                          mPolicies-System: ConsentPromptBehaviorUser = dword:3
                          mPolicies-System: EnableUIADesktopToggle = dword:0
                          IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
                          IE: Kaspersky PURE - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll/616
                          IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
                          IE: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
                          IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
                          IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
                          IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
                          IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
                          IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
                          IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
                          IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
                          IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
                          DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
                          TCP: NameServer = 195.130.131.133 195.130.130.5
                          TCP: Interfaces\{D7A5EE61-9E34-4DA0-B336-BE175D9F47DE} : DHCPNameServer = 195.130.131.133 195.130.130.5
                          Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
                          Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
                          Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
                          Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                          SSODL: WebCheck - <orphaned>
                          mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                          x64-mStart Page = hxxp://www.google.com
                          x64-mDefault_Page_URL = hxxp://www.google.com
                          x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
                          x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
                          x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
                          x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
                          x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                          x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
                          x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
                          x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
                          x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
                          x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
                          x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
                          x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
                          x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
                          x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
                          x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
                          x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
                          x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
                          x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
                          x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
                          x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
                          x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
                          x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
                          x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
                          x64-SSODL: WebCheck - <orphaned>
                          .
                          ================= FIREFOX ===================
                          .
                          FF - ProfilePath - C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\a5ihbfby.default\
                          FF - prefs.js: browser.startup.homepage - www.standaard.be
                          FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
                          FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
                          FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
                          FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
                          FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
                          FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
                          FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
                          FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
                          FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
                          FF - plugin: C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll
                          FF - plugin: C:\Users\leo\AppData\Local\Citrix\Plugins\104\npappdetector.dll
                          FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
                          .
                          ============= SERVICES / DRIVERS ===============
                          .
                          R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-7-7 84536]
                          R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-7-7 66616]
                          R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
                          R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54368]
                          R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
                          R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
                          R2 AVP;Kaspersky Anti-Virus-service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356128]
                          R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-14 13336]
                          R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2013-12-24 70768]
                          R2 PCPitstop Realtime;PCPitstop Realtime;C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe [2013-11-12 3874928]
                          R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2013-7-7 86216]
                          R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2014-1-15 82872]
                          R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
                          R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\System32\drivers\AVer888RC_64.sys [2013-7-8 543616]
                          R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\System32\drivers\AVer888RCIR_64.sys [2010-1-14 39936]
                          R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-14 56344]
                          R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29280]
                          R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29280]
                          R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-7-8 2350176]
                          R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-8 726160]
                          R3 SeqCal;SeqCal;C:\Windows\System32\drivers\SeqCal.sys [2013-7-8 7808]
                          S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
                          S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
                          S3 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
                          S3 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
                          S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-7-13 57840]
                          S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
                          S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-11-12 41032]
                          S3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
                          S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
                          S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-9 19456]
                          S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-1-5 31800]
                          S3 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-10-24 288472]
                          S3 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2014-1-17 1909032]
                          S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
                          S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-9 57856]
                          S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-8 1255736]
                          .
                          =============== Created Last 30 ================
                          .
                          2014-01-21 10:46:16 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FF59CE5-8AF3-42FF-9A6C-B2E497F52D54}\mpengine.dll
                          2014-01-21 08:55:23 -------- d-----w- C:\WTablet
                          2014-01-20 11:31:51 -------- d-----w- C:\Program Files (x86)\Belarc
                          2014-01-17 19:19:08 -------- d-----w- C:\Users\leo\AppData\Roaming\WTablet
                          2014-01-17 19:18:59 3095848 ------w- C:\Windows\System32\PenTablet.cpl
                          2014-01-17 19:18:52 12976 ----a-w- C:\Windows\System32\drivers\WacomVKHid.sys
                          2014-01-17 19:18:39 14640 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys
                          2014-01-17 19:18:39 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys
                          2014-01-17 19:18:34 -------- d-----w- C:\Windows\System32\WTablet
                          2014-01-17 19:18:31 181544 ------w- C:\Windows\SysWow64\Wintab32.dll
                          2014-01-17 19:18:29 164648 ------w- C:\Windows\System32\Pen_Tablet.dll
                          2014-01-17 19:18:29 128296 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll
                          2014-01-17 19:18:27 1909032 ------w- C:\Windows\System32\Pen_Tablet.exe
                          2014-01-17 19:18:18 -------- d-----w- C:\Program Files (x86)\Tablet
                          2014-01-16 12:06:46 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
                          2014-01-16 12:05:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                          2014-01-15 13:47:03 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
                          2014-01-15 11:51:14 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
                          2014-01-15 11:51:14 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
                          2014-01-15 11:51:14 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
                          2014-01-15 11:51:14 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
                          2014-01-15 11:51:14 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
                          2014-01-15 11:51:14 3156480 ----a-w- C:\Windows\System32\win32k.sys
                          2014-01-15 11:51:14 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
                          2014-01-15 11:51:14 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
                          2014-01-15 11:51:13 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
                          2014-01-11 20:55:44 -------- d-----w- C:\Users\leo\.assistant
                          2014-01-11 15:31:50 -------- d-----w- C:\Program Files (x86)\MSECache
                          2014-01-10 00:23:24 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
                          2014-01-10 00:22:45 -------- d-----w- C:\Windows\PCHEALTH
                          2014-01-10 00:22:45 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
                          2014-01-10 00:21:42 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
                          2014-01-05 17:10:57 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
                          2014-01-04 23:02:48 -------- d-----w- C:\Users\leo\AppData\Local\Helicon
                          2014-01-04 23:02:08 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon
                          2013-12-27 18:05:18 -------- d-----w- C:\Users\leo\AppData\Local\Last.fm
                          2013-12-27 18:05:18 -------- d-----w- C:\Program Files (x86)\Last.fm
                          .
                          ==================== Find3M ====================
                          .
                          2014-01-23 12:09:12 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                          2014-01-23 12:09:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                          2013-12-18 05:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
                          2013-12-16 14:09:34 70768 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
                          2013-12-16 14:09:34 70768 ----a-w- C:\Windows\System32\nlssrv32.exe
                          2013-12-11 11:53:17 9272200 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
                          2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                          2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                          2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
                          2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                          2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                          2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                          2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                          2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
                          2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
                          2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                          2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
                          2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
                          2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                          2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
                          2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
                          2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
                          2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
                          2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
                          2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
                          2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
                          2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
                          .
                          ============= FINISH: 20:05:44,59 ===============

                          Comment


                          • #14
                            Mooi zo.
                            Zijn er nog problemen?
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              Emphyrio, er zijn geen problemen meer.
                              Ik dank je hartelijk voor je hulp.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X