Mededeling

Collapse
No announcement yet.

Virus ??

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virus ??

    Goedemiddag, ik ben bang dat er virus in mijn computer is binnengeslopen, is er iemand in de gelegenheid om het even te controleren.
    m.v.g. M.Jansen
    Bijgevoegde Bestanden

  • #2
    Hoi Braamakker,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



    Stap 1:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scannen
    • Klik op Verwijderen
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
    Post deze inhoud hier op het Forum.

    Enkel de log na de "Verwijderen" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
    Deze word standaard door AdwCleaner terug gezet naar Google.com


    Stap 2:

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.


    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      # AdwCleaner v3.309 - Rapport aangemaakt 05/09/2014 op 22:54:39
      # Laatste Update 02/09/2014 door Xplode
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Gebruikersnaam : Jansen - JANSEN-PC
      # Gestart vanuit : C:\Users\Jansen\Downloads\adwcleaner_3.309.exe
      # Optie : Verwijderen

      ***** [ Services ] *****


      ***** [ Bestanden / Mappen ] *****

      Map Verwijderd : C:\ProgramData\GrEatSave4U
      Map Verwijderd : C:\Program Files (x86)\GS_x64.Enabler
      Map Verwijderd : C:\Program Files (x86)\YTDownloader
      Map Verwijderd : C:\Users\Jansen\AppData\Local\Software

      ***** [ Taken ] *****

      Taak Verwijderd : paretologic registration3
      Taak Verwijderd : paretologic update version3
      Taak Verwijderd : PC Health Advisor Defrag
      Taak Verwijderd : PC Health Advisor

      ***** [ Snelkoppelingen ] *****


      ***** [ Register ] *****

      Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
      Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1B084C86-9657-42F9-A5E5-AC8DD832CDE9}
      Sleutel Verwijderd : HKCU\Software\GlobalUpdate
      Sleutel Verwijderd : HKLM\SOFTWARE\GlobalUpdate
      Sleutel Verwijderd : HKLM\SOFTWARE\PerformerSoft
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6EDB1653-9585-8A7A-8C61-F6D9ADC0491E}
      Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

      ***** [ Browsers ] *****

      -\\ Internet Explorer v11.0.9600.17239


      -\\ Mozilla Firefox v31.0 (x86 nl)

      [ Bestand : C:\Users\Jansen\AppData\Roaming\Mozilla\Firefox\Profiles\62l3j0zm.default-1409934244844\prefs.js ]


      *************************

      AdwCleaner[R0].txt - [16011 octets] - [01/07/2014 21:06:25]
      AdwCleaner[R1].txt - [2026 octets] - [05/09/2014 22:51:51]
      AdwCleaner[S0].txt - [14067 octets] - [01/07/2014 21:13:39]
      AdwCleaner[S1].txt - [1927 octets] - [05/09/2014 22:54:39]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1987 octets] ##########


      DDS (Ver_2012-11-20.01) - NTFS_AMD64
      Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.67.2
      Run by Jansen at 17:07:28 on 2013-09-06
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.5589.3268 [GMT 2:00]
      .
      AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
      SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Program Files\Microsoft Security Client\MsMpEng.exe
      C:\Windows\system32\atiesrxx.exe
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k GPSvcGroup
      C:\Windows\system32\atieclxx.exe
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
      C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
      C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
      C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
      C:\Program Files\Acer\Acer Updater\UpdaterService.exe
      C:\Windows\System32\svchost.exe -k HPZ12
      C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
      C:\Windows\System32\svchost.exe -k HPZ12
      C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
      C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
      C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
      C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      C:\Program Files\Microsoft Security Client\msseces.exe
      C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
      C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
      C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
      C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
      C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
      C:\Windows\Samsung\PanelMgr\SSMMgr.exe
      C:\Windows\Samsung\PanelMgr\caller64.exe
      C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
      C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
      C:\Program Files\Microsoft Security Client\NisSrv.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\svchost.exe -k HPService
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Windows\System32\WUDFHost.exe
      C:\Windows\servicing\TrustedInstaller.exe
      C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
      C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
      C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Program Files (x86)\Nero\Update\NASvc.exe
      C:\Windows\system32\sppsvc.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\wuauclt.exe
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = www.google.com
      uDefault_Page_URL = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      mSearch Page = hxxp://www.google.com
      mDefault_Page_URL = hxxp://www.google.com
      mDefault_Search_URL = hxxp://www.google.com
      mWinlogon: Userinit = userinit.exe,
      BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\java\jre7\bin\ssv.dll
      BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\java\jre7\bin\jp2ssv.dll
      BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
      EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
      EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
      mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
      mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
      mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
      mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
      mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
      mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
      mRun: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"
      dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
      uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
      mPolicies-Explorer: NoActiveDesktop = dword:1
      mPolicies-Explorer: NoActiveDesktopChanges = dword:1
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableLUA = dword:0
      mPolicies-System: EnableUIADesktopToggle = dword:0
      mPolicies-System: PromptOnSecureDesktop = dword:0
      IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
      IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001065-0002-0065-ABCDEFFEDCBC} - <orphaned>
      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
      IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
      IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
      DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
      TCP: NameServer = 195.121.1.34 195.121.1.66 192.168.1.254
      TCP: Interfaces\{F2761557-3531-4638-B2A5-3C1757D28602} : DHCPNameServer = 195.121.1.34 195.121.1.66 192.168.1.254
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      Notify: SDWinLogon - SDWinLogon.dll
      SSODL: WebCheck - <orphaned>
      x64-mStart Page = hxxp://www.google.com
      x64-mSearch Page = hxxp://www.google.com
      x64-mDefault_Page_URL = hxxp://www.google.com
      x64-mDefault_Search_URL = hxxp://www.google.com
      x64-BHO: greatssaver: {04D7A7D6-E4AC-C7F8-A1AC-A2442EB4A7C1} -
      x64-BHO: NewSavErr: {5F9DC287-03E7-0F54-57A2-225EB324FB29} -
      x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
      x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
      x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
      x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
      x64-SSODL: WebCheck - <orphaned>
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\Jansen\AppData\Roaming\Mozilla\Firefox\Profiles\hatihx59.default-1388920775580\
      FF - prefs.js: browser.search.selectedEngine - omiga-plus
      FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl/
      FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
      FF - plugin: C:\Program Files (x86)\Downloader\npdd.dll
      FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\java\jre7\bin\dtplugin\npdeployJava1.dll
      FF - plugin: C:\Program Files (x86)\java\jre7\bin\plugin2\npjp2.dll
      FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
      FF - plugin: C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.81\npSurveillancePlugin.dll
      FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
      FF - plugin: C:\Users\Jansen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
      FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-7-22 79488]
      R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-7-22 40064]
      R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
      R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-7-22 22648]
      R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-7-22 20520]
      R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-7-22 62776]
      R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-22 204288]
      R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-13 249648]
      R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]
      R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368]
      R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-22 244624]
      R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
      R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
      R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-6-1 167424]
      R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe [2013-9-6 216576]
      R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-6-30 1817560]
      R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-6-30 171928]
      R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2009-7-13 11576]
      R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-11-29 87168]
      R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-11-29 188544]
      R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-7-22 231440]
      R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-1 122584]
      R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
      R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-22 533096]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
      S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-6-30 1033688]
      S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
      S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
      S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
      S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-3-31 1038088]
      S3 gpslc64;gpslc64;C:\Windows\System32\drivers\gpslc64.sys [2013-5-26 102624]
      S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
      S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
      S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
      S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-11 19456]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-11 57856]
      S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-11 30208]
      S3 VCR2PC;VCR2PC Analog Capture;C:\Windows\System32\drivers\0140_ION.sys [2008-9-22 301504]
      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-28 1255736]
      S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
      .
      =============== File Associations ===============
      .
      FileExt: .vbe: VBEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
      FileExt: .vbs: VBSFile=C:\Windows\SysWow64\CScript.exe "%1" %*
      FileExt: .js: JSFile=C:\Windows\SysWow64\CScript.exe "%1" %*
      FileExt: .jse: JSEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
      FileExt: .wsf: WSFFile=C:\Windows\SysWow64\CScript.exe "%1" %*
      .
      =============== Created Last 30 ================
      .
      2014-09-03 17:41:57 -------- d-----w- C:\Users\Jansen\AppData\Local\{1D6D7200-B986-4095-9FD9-D06BCE1A0F0B}
      2014-09-02 19:20:46 -------- d-----w- C:\Users\Jansen\AppData\Local\{53B796CC-7B45-4AE7-A1D4-EC08FE9C5BD1}
      2014-09-01 20:21:30 -------- d-----w- C:\Users\Jansen\AppData\Local\{CEC1F4F8-E935-4E99-8BD8-7FC5FBC6218D}
      2014-09-01 10:08:25 -------- d-----w- C:\Users\Jansen\AppData\Local\{1384708F-269C-4D6A-AC6C-2343717C1A86}
      2014-09-01 08:14:13 -------- d-----w- C:\Users\Jansen\AppData\Local\{D935B76B-E972-4999-8530-83698E2E5E9A}
      2014-08-31 18:34:57 -------- d-----w- C:\Users\Jansen\AppData\Local\Adobe
      2014-08-31 18:32:52 -------- d-----w- C:\Users\Jansen\AppData\Local\{B9F8E04E-D5A6-4025-9F35-07B46C7D5EB8}
      2014-08-30 19:54:25 -------- d-----w- C:\Users\Jansen\AppData\Local\Software
      2014-08-30 17:26:08 -------- d-----w- C:\Users\Jansen\AppData\Local\{EC926076-39B7-4BF7-B1AC-825B0082F49C}
      2014-08-29 22:17:37 -------- d-----w- C:\Users\Jansen\AppData\Local\{5973B42D-F875-477E-97D3-84552DD83FD7}
      2014-08-28 21:21:09 -------- d-----w- C:\Users\Jansen\AppData\Local\{014B4904-9436-44EE-A345-A6336F876A5C}
      2014-08-27 19:19:46 -------- d-----w- C:\Users\Jansen\AppData\Local\{DD6D78E6-AB4B-4104-868C-B5D1650547D7}
      2014-08-27 17:19:43 -------- d-----w- C:\Users\Jansen\AppData\Local\{480B7AB0-4A48-4F01-BD85-B31A62EBA032}
      2014-08-27 10:19:58 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
      2014-08-26 18:17:28 -------- d-----w- C:\Users\Jansen\AppData\Local\{A381AFE6-3D43-423D-8A1E-F9498426F927}
      2014-08-25 21:29:27 -------- d-----w- C:\Users\Jansen\AppData\Local\{89F4C4EC-39AE-41E1-AA42-BE01EF62DA8E}
      2014-08-25 09:28:50 -------- d-----w- C:\Users\Jansen\AppData\Local\{6C3A14FE-CFE2-4E85-9EF6-00925AFB1530}
      2014-08-24 11:44:51 -------- d-----w- C:\Users\Jansen\AppData\Local\{015BF59D-CEC9-4A25-AD4C-A6F7F1F149C4}
      2014-08-23 22:51:21 -------- d-----w- C:\Users\Jansen\AppData\Local\{24A0FFB1-91C4-49AC-A330-216B091625CA}
      2014-08-23 17:17:11 -------- d-----w- C:\Users\Jansen\AppData\Local\{E4C5FCD6-E873-4D58-A818-78259307F1AB}
      2014-08-22 18:15:28 -------- d-----w- C:\Users\Jansen\AppData\Local\{65FCCA95-1A89-4CDB-A3B2-D3E058ABA327}
      2014-08-21 17:34:28 -------- d-----w- C:\Users\Jansen\AppData\Local\{07AE38A5-BB48-49C8-AE5A-07E4CBF6E502}
      2014-08-20 17:19:12 -------- d-----w- C:\Users\Jansen\AppData\Local\{52877915-7341-4CF8-AA1E-165F6333AC69}
      2014-08-20 09:43:54 1169712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C8E2FE3B-5DD7-470E-89EA-1096A3A44D2F}\gapaengine.dll
      2014-08-18 18:35:35 -------- d-----w- C:\Users\Jansen\AppData\Local\{37FA124C-D0FD-4B37-A993-1ED1CC131227}
      2014-08-18 14:12:25 -------- d-----w- C:\Users\Jansen\AppData\Local\{5B025931-CBE0-4A71-A629-BDC4F493BC96}
      2014-08-18 08:05:30 -------- d-----w- C:\Users\Jansen\AppData\Local\{01F2584A-FCA3-414D-862E-5111DFB4D561}
      2014-08-17 11:18:38 -------- d-----w- C:\Users\Jansen\AppData\Local\{3B91A664-44A0-4435-AE48-99034BD2B8BF}
      2014-08-16 22:09:22 -------- d-----w- C:\Users\Jansen\AppData\Local\{49F85BB2-EF50-48D3-87FF-0536B0435ACD}
      2014-08-16 20:13:36 -------- d-----w- C:\Program Files (x86)\Synology
      2014-08-15 19:07:38 -------- d-----w- C:\Users\Jansen\AppData\Local\{E4DF34FF-5F0F-4463-8527-F9C6EC70C2C3}
      2014-08-14 22:40:59 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
      2014-08-14 22:40:59 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
      2014-08-14 22:40:59 171160 ----a-w- C:\Windows\System32\infocardapi.dll
      2014-08-14 22:40:59 1389208 ----a-w- C:\Windows\System32\icardagt.exe
      2014-08-14 22:40:57 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
      2014-08-14 22:40:57 8856 ----a-w- C:\Windows\System32\icardres.dll
      2014-08-14 22:40:39 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
      2014-08-14 22:40:39 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
      2014-08-14 19:48:54 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
      2014-08-14 19:37:04 -------- d-----w- C:\Users\Jansen\AppData\Local\{356E4574-FC25-4D59-8D74-35BC2AF27B9B}
      2014-08-14 15:15:59 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
      2014-08-13 19:18:44 -------- d-----w- C:\Users\Jansen\AppData\Local\{0EF0319C-E289-4DA8-B717-E049EA85130B}
      2014-08-12 10:38:48 -------- d-----w- C:\Users\Jansen\AppData\Local\{9E76F1A7-86F7-496D-AFDC-DA90BBA212CD}
      2014-08-11 19:11:45 -------- d-----w- C:\Users\Jansen\AppData\Local\{816CA12D-20CD-42C5-9547-F40C6790B9A8}
      2014-08-11 13:50:11 -------- d-----w- C:\Users\Jansen\AppData\Local\{EB6E349A-5A30-4E5E-9FE4-7955857D13F3}
      2014-08-10 22:50:39 -------- d-----w- C:\Users\Jansen\AppData\Local\{419F95E0-13EF-45E8-8597-7EC1079967E9}
      2014-08-10 09:23:05 -------- d-----w- C:\Users\Jansen\AppData\Local\{0BBCF975-F910-4C2D-B66C-1235D8D5691A}
      2014-08-09 09:45:06 -------- d-----w- C:\Users\Jansen\AppData\Local\{AC06DE34-B8FC-4D8B-B4E9-6FBE932B85A4}
      2014-08-08 18:13:19 -------- d-----w- C:\Users\Jansen\AppData\Local\{7D0A5567-C7F6-4D46-92CB-0223B5CC10AF}
      2014-08-07 17:31:14 -------- d-----w- C:\Users\Jansen\AppData\Local\{0C60457E-1EC1-4142-A4B5-FF5DBA4F3354}
      2014-08-06 18:32:12 -------- d-----w- C:\Users\Jansen\AppData\Local\{37EB35AF-80CF-4B74-A074-520211A28A4A}
      2014-08-05 22:06:33 -------- d-----w- C:\Users\Jansen\AppData\Local\{E9684A7E-9E32-45B2-A556-A5071007C90F}
      2014-08-04 22:21:02 -------- d-----w- C:\Users\Jansen\AppData\Local\{994806D0-34A6-4A7B-B74E-ED5C8832A60D}
      2014-08-04 08:16:26 -------- d-----w- C:\Users\Jansen\AppData\Local\{5190D565-7F55-40BF-98BE-43C21F121BBE}
      2014-08-03 09:53:47 188304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
      2014-08-03 08:53:41 -------- d-----w- C:\Users\Jansen\AppData\Local\{F0264065-9FBB-4E00-8465-0864DF8E9B6D}
      2014-08-01 12:19:58 -------- d-----w- C:\Users\Jansen\AppData\Local\{88B8DCDC-2768-44E3-AAF2-DA5CD93B84CF}
      2014-07-31 20:17:54 -------- d-----w- C:\Users\Jansen\AppData\Local\{B6D153AA-91DD-4FF7-B6F7-E8CDA59DD7BE}
      2014-07-31 20:01:22 -------- d-----w- C:\ProgramData\The Revills Games
      2014-07-31 19:37:19 -------- d-----w- C:\ProgramData\Seven-Seas-Solitaire
      2014-07-31 19:34:40 -------- d-----w- C:\Program Files (x86)\Legends of Solitaire - De Verloren Kaarten
      2014-07-30 21:32:06 -------- d-----w- C:\Users\Jansen\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
      2014-07-28 20:16:08 -------- d-----w- C:\Program Files (x86)\Mystery of the Ancients - De Vloek van het Zwarte Water
      2014-07-28 19:25:37 -------- d-----w- C:\Users\Jansen\AppData\Roaming\AlawarEntertainment
      2014-07-28 17:08:34 -------- d-----w- C:\Users\Jansen\AppData\Local\{615AA7C4-2F7C-42CD-918C-D8103598BDC8}
      2014-07-28 14:05:44 -------- d-----w- C:\Users\Jansen\AppData\Roaming\Mariaglorum
      2014-07-27 20:13:59 -------- d-----w- C:\ProgramData\Big Fish
      2014-07-27 20:13:57 -------- d-----w- C:\Program Files (x86)\bfgclient
      2014-07-27 20:13:35 -------- d-----w- C:\BigFishCache
      2014-07-27 10:56:42 -------- d-----w- C:\Users\Jansen\AppData\Local\{8DB3B3F8-19F3-404F-84C5-1D286B3EA860}
      2014-07-26 17:39:45 -------- d-----w- C:\Users\Jansen\AppData\Local\{E8818C72-3B6D-474C-B572-9925ED9168CD}
      2014-07-25 18:29:25 -------- d-----w- C:\Users\Jansen\AppData\Local\{FFB48041-843E-4F0E-893C-A3E8146ED8A2}
      2014-07-24 20:01:59 -------- d-----w- C:\Users\Jansen\AppData\Local\{AA238A93-4D31-4C2C-A968-93D4EEA94E4F}
      2014-07-22 16:28:10 -------- d-----w- C:\Users\Jansen\AppData\Local\{627013F1-6F75-4516-82B6-F887C3517CAB}
      2014-07-21 12:46:30 -------- d-----w- C:\Users\Jansen\AppData\Local\{1FF4E219-8581-4716-8220-F413F0E8E145}
      2014-07-20 08:42:55 -------- d-----w- C:\Users\Jansen\AppData\Local\{6DAD1C39-8A52-444C-A953-F6B75CB26259}
      2014-07-17 22:10:10 -------- d-----w- C:\Users\Jansen\AppData\Local\{4BA9152E-8D6E-44DA-B211-09F6F0951435}
      2014-07-16 17:45:55 -------- d-----w- C:\Users\Jansen\AppData\Local\{B5BF935F-3ADD-4665-8FFC-390064335953}
      2014-07-14 07:57:06 -------- d-----w- C:\Users\Jansen\AppData\Local\{B100DEF9-2A27-4E0A-8A86-2AB4FEC41FA6}
      2014-07-13 08:35:29 -------- d-----w- C:\Users\Jansen\AppData\Local\{6B0C890A-256C-4C33-8CDE-AA193C51DE4D}
      2014-07-11 19:12:17 -------- d-----w- C:\Users\Jansen\AppData\Local\{E5999F04-02F0-4128-BF5F-9B97F00FBD0D}
      2014-07-09 18:54:43 -------- d-----w- C:\Users\Jansen\AppData\Local\{1C1CAD38-5537-49E0-AF04-F5BC05870D22}
      2014-07-09 16:03:03 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
      2014-07-09 16:03:01 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
      2014-07-09 16:03:01 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
      2014-07-09 16:03:00 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
      2014-07-09 16:03:00 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
      2014-07-09 16:01:54 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
      2014-07-09 16:01:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
      2014-07-09 16:01:53 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
      2014-07-07 15:12:36 -------- d-----w- C:\Users\Jansen\AppData\Local\{E195885D-F688-4FBD-B536-D2BDD9520D79}
      2014-07-06 20:05:34 -------- d-----w- C:\Users\Jansen\AppData\Local\{1C869BFB-4AA3-4A72-878F-75CF14FB7B6A}
      2014-07-05 19:08:39 -------- d-----w- C:\Users\Jansen\AppData\Local\{5241ACBA-D71D-47A6-9155-3DB16A37887D}
      2014-07-05 19:08:14 -------- d-----w- C:\Users\Jansen\AppData\Local\{B934FD24-F5A2-4F41-ADAC-9DD7ABE46B86}
      2014-07-04 19:49:39 -------- d-----w- C:\Users\Jansen\AppData\Local\{C4123D4B-07F9-49D4-B999-688376D2E737}
      2014-07-03 20:56:58 -------- d-----w- C:\Users\Jansen\AppData\Local\{7FF8D341-A8FB-43CB-AFBD-24C17A7F7367}
      2014-07-02 20:37:01 -------- d-----w- C:\Users\Jansen\AppData\Local\{8639CD11-0E51-4D51-82C2-8F35534D4B57}
      2014-07-01 20:40:27 -------- d-----w- C:\Users\Jansen\AppData\Local\{4A53FEE5-CAA5-43D3-BC59-BB0111A577BF}
      2014-07-01 19:29:08 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
      2014-07-01 19:28:42 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
      2014-07-01 19:28:42 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
      2014-07-01 19:28:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
      2014-07-01 19:06:47 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
      2014-07-01 19:05:54 -------- d-----w- C:\AdwCleaner
      2014-07-01 18:53:53 -------- d-----w- C:\Windows\ERUNT
      2014-07-01 18:15:48 -------- d-----w- C:\Users\Jansen\AppData\Local\Temp
      2014-06-16 16:16:55 -------- d-----w- C:\PhSp_CS2_UE_Ret
      2014-05-23 19:23:12 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
      2014-05-23 19:00:49 -------- d-sh--w- C:\Users\Jansen\AppData\Local\EmieUserList
      2014-05-23 19:00:49 -------- d-sh--w- C:\Users\Jansen\AppData\Local\EmieSiteList
      2014-05-16 06:56:24 1619632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
      2014-05-04 13:06:12 -------- d-s---w- C:\Windows\System32\CompatTel
      2014-04-07 15:13:40 -------- d-----w- C:\Users\Jansen\AppData\Roaming\Unity
      2014-04-07 15:11:14 -------- d-----w- C:\Users\Jansen\AppData\Local\Unity
      2014-03-31 20:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
      2014-03-31 20:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
      2014-03-12 20:55:56 228864 ----a-w- C:\Windows\System32\wwansvc.dll
      2014-03-12 20:55:55 484864 ----a-w- C:\Windows\System32\wer.dll
      2014-03-12 20:55:55 381440 ----a-w- C:\Windows\SysWow64\wer.dll
      2014-03-12 20:55:37 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
      2014-03-12 20:55:36 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
      2014-03-06 21:23:37 -------- d-----w- C:\ProgramData\GrEatSave4U
      2014-02-25 23:20:25 -------- d-----w- C:\Windows\Migration
      2014-02-25 23:19:20 -------- d-----r- C:\Program Files (x86)\Skype
      2014-02-08 21:34:04 -------- d-----w- C:\ProgramData\Canon_Inc_IC
      2014-02-04 18:41:01 -------- d-----w- C:\Windows\CMS
      2014-02-04 18:41:01 -------- d-----w- C:\Program Files (x86)\CMS
      2014-01-30 20:38:41 -------- d-----w- C:\ProgramData\kidcpgideckciiijkfikmagbgfmbkbnh
      2014-01-24 23:19:42 268512 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
      2014-01-17 22:38:42 -------- d-----w- C:\ProgramData\BlueStacks
      2014-01-15 22:27:18 -------- d-----w- C:\Users\Jansen\AppData\Roaming\LittleGamesCompany
      2014-01-15 22:27:18 -------- d-----w- C:\ProgramData\LittleGamesCompany
      2014-01-15 14:35:16 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
      2014-01-15 14:35:16 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
      2014-01-15 14:35:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
      2014-01-15 14:35:15 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
      2014-01-15 14:35:15 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
      2014-01-15 14:35:15 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
      2014-01-15 14:35:15 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
      2014-01-15 14:35:14 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
      2014-01-05 12:15:14 -------- d-----w- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
      2014-01-05 10:18:05 -------- d-----w- C:\Program Files\Enigma Software Group
      2014-01-05 10:16:42 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
      2014-01-03 20:21:54 -------- d-----w- C:\Users\Jansen\AppData\Local\Kobo
      2014-01-03 20:21:43 -------- d-----w- C:\Windows\tmp
      2014-01-03 20:21:36 -------- d-----w- C:\Program Files (x86)\Kobo
      2014-01-03 17:40:12 3041792 ----a-w- C:\Program Files (x86)\GS.Enabler
      2014-01-03 17:40:12 2759168 ----a-w- C:\Program Files (x86)\GS_x64.Enabler
      2014-01-03 17:39:10 -------- d-----w- C:\Users\Jansen\AppData\Local\Packages
      2014-01-03 17:38:47 -------- d-----w- C:\Users\Jansen\AppData\Local\Comodo
      2014-01-03 17:38:47 -------- d-----w- C:\ProgramData\940e26afa505ba6d
      2014-01-03 17:38:18 -------- d-----w- C:\ProgramData\InstallMate
      2014-01-03 17:37:57 -------- d-----w- C:\Users\Jansen\.android
      2014-01-03 17:37:55 -------- d-----w- C:\Users\Jansen\AppData\Local\cache
      2013-12-23 19:35:45 -------- d-----w- C:\Users\Jansen\AppData\Roaming\Princess Isabella
      2013-12-23 15:47:35 -------- d-----w- C:\ProgramData\Media Center Programs
      2013-12-23 15:42:59 -------- d-----w- C:\Users\Jansen\AppData\Roaming\ScreenSeven
      2013-12-23 15:42:59 -------- d-----w- C:\ProgramData\ScreenSeven
      2013-12-23 15:40:25 -------- d-----w- C:\Program Files (x86)\GAMESVOORIEDEREEN.NL
      2013-12-23 15:39:56 -------- d-----w- C:\Program Files (x86)\OXXOGames
      2013-12-17 18:53:51 -------- d-----w- C:\HattrickOrganizer
      2013-12-11 23:36:18 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
      2013-12-11 23:36:18 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
      2013-12-11 23:36:17 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
      2013-12-11 23:36:17 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
      2013-12-11 18:41:09 335360 ----a-w- C:\Windows\System32\msieftp.dll
      2013-12-11 18:41:09 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
      2013-12-11 18:41:08 81408 ----a-w- C:\Windows\System32\imagehlp.dll
      2013-12-11 18:41:08 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
      2013-12-11 18:41:08 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
      2013-12-11 18:41:08 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
      2013-12-11 18:40:56 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
      2013-12-11 18:40:56 202752 ----a-w- C:\Windows\System32\scrrun.dll
      2013-12-11 18:40:56 168960 ----a-w- C:\Windows\System32\wscript.exe
      2013-12-11 18:40:56 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
      2013-12-11 18:40:56 156160 ----a-w- C:\Windows\System32\cscript.exe
      2013-12-11 18:40:56 150016 ----a-w- C:\Windows\System32\wshom.ocx
      2013-12-11 18:40:56 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
      2013-12-11 18:40:56 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
      2013-12-11 18:40:56 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
      2013-12-11 18:40:55 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
      2013-12-06 21:53:14 -------- d-----w- C:\Users\Jansen\AppData\Roaming\Awesomium
      2013-12-06 21:12:57 -------- d-----w- C:\Users\Jansen\AppData\Local\Demiurge Studios
      2013-11-17 14:35:52 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
      2013-11-17 14:34:59 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll
      2013-11-17 12:12:49 1474048 ----a-w- C:\Windows\System32\crypt32.dll
      2013-11-17 12:12:47 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
      2013-11-17 12:12:30 197120 ----a-w- C:\Windows\System32\credui.dll
      2013-11-17 12:12:30 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
      2013-11-17 12:12:30 168960 ----a-w- C:\Windows\SysWow64\credui.dll
      2013-11-17 12:12:30 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
      2013-11-17 12:12:22 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
      2013-11-17 12:12:19 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
      2013-11-17 12:12:19 830464 ----a-w- C:\Windows\System32\nshwfp.dll
      2013-11-17 12:12:19 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
      2013-11-17 12:12:19 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
      2013-11-17 12:12:19 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
      2013-11-17 10:06:47 -------- d-----w- C:\Users\Jansen\Assassin
      2013-11-16 19:02:58 -------- d-----w- C:\Users\Jansen\AppData\Local\Ubisoft
      2013-11-16 18:48:25 -------- d-----w- C:\Users\Jansen\AppData\Roaming\openvr
      2013-11-15 21:37:11 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
      2013-11-15 21:37:09 -------- d-----w- C:\Program Files (x86)\Steam
      2013-11-15 20:14:31 -------- d-----w- C:\Program Files (x86)\YTDownloader
      2013-11-15 20:13:12 -------- d-----w- C:\Users\Jansen\AppData\Roaming\BitTorrent
      2013-11-10 16:13:10 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
      2013-11-10 16:13:10 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
      2013-11-10 16:13:10 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
      2013-11-10 16:13:10 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
      2013-11-10 16:13:10 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
      2013-11-10 16:12:47 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
      2013-11-10 16:12:47 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
      2013-11-04 13:52:41 -------- d-----w- C:\Program Files (x86)\Rockstar Games
      2013-11-04 13:52:09 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
      2013-11-04 13:52:09 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
      2013-11-04 13:52:09 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
      2013-11-04 13:52:09 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
      2013-11-04 13:52:08 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
      2013-11-04 13:52:03 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
      2013-11-04 13:52:03 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
      2013-10-20 08:44:14 -------- d-----w- C:\ProgramData\Oracle
      2013-10-17 18:46:13 -------- d-----w- C:\ProgramData\ManiaPlanet
      2013-10-17 18:46:13 -------- d-----w- C:\Program Files (x86)\ManiaPlanet
      2013-10-11 10:14:59 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
      2013-10-10 19:40:55 -------- d-----w- C:\Program Files (x86)\TmUnitedForever
      2013-10-10 19:35:53 -------- d-----w- C:\Users\Jansen\AppData\Local\Downloader
      2013-10-10 19:35:27 -------- d-----w- C:\Program Files (x86)\Downloader
      2013-10-04 21:23:33 -------- d-----w- C:\Users\Jansen\AppData\Local\Gameforge4d
      2013-10-04 21:22:59 -------- d-----w- C:\Program Files (x86)\GameforgeLive
      2013-09-25 10:51:12 957048 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
      2013-09-11 20:21:54 863344 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
      2013-09-11 20:21:54 501872 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
      2013-09-11 20:21:54 28776 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
      2013-09-11 20:21:54 18000 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
      2013-09-11 18:39:06 855664 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
      2013-09-11 18:39:06 614000 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
      2013-09-11 18:39:06 30312 ----a-w- C:\Windows\System32\aspnet_counters.dll
      2013-09-11 18:39:06 18000 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
      2013-09-06 19:20:51 -------- d-----w- C:\ProgramData\TmForever
      2013-09-06 15:01:43 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{143E2E7B-2F51-7049-FB91-38F4AF41FA6B}\GapaEngine.dll
      2013-09-06 12:17:53 474624 ----a-w- C:\Windows\prinst.exe
      2013-09-06 12:17:41 229888 ----a-r- C:\Windows\System32\NetFaxPort64.dll
      2013-09-06 12:17:37 81920 ----a-w- C:\Windows\SysWow64\ssdevm.dll
      2013-09-06 12:15:56 -------- d-----w- C:\Program Files (x86)\SmarThru 4
      2013-09-06 12:14:16 138776 ----a-r- C:\Windows\SysWow64\TWAINDSM.dll
      2013-09-06 12:14:13 -------- d-----w- C:\Program Files\Scan Assistant
      2013-09-06 12:13:57 -------- d-----w- C:\Users\Jansen\AppData\Local\S2PC
      2013-09-06 12:11:32 49152 ----a-w- C:\Windows\SysWow64\Ssusbpn.dll
      2013-09-06 12:11:32 43520 ----a-w- C:\Windows\System32\Ssusbp64.dll
      2013-09-06 12:11:28 98816 ----a-w- C:\Windows\System32\SaSegFlt.dll
      2013-09-06 12:11:28 55808 ----a-w- C:\Windows\System32\SaErHdlr.dll
      2013-09-06 12:11:28 333312 ----a-w- C:\Windows\System32\SaMinDrv.dll
      2013-09-06 12:11:28 129536 ----a-w- C:\Windows\System32\SaImgFlt.dll
      2013-09-06 12:09:53 -------- d-----w- C:\Program Files (x86)\Samsung
      2013-09-06 12:08:15 11576 ------w- C:\Windows\SysWow64\drivers\SSPORT.SYS
      2013-09-06 11:56:21 -------- d-----w- C:\Users\Jansen\AppData\Local\{0D96E596-7EE8-4934-B3CD-A227692ACE40}
      2013-09-06 11:19:11 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52FD6AFE-4857-42C6-B477-743A7AAF915A}\mpengine.dll
      2013-08-31 19:44:54 -------- d-----w- C:\Users\Jansen\AppData\Local\EgisTec
      2013-08-15 22:39:53 -------- d-----w- C:\Windows\System32\MRT
      2013-08-15 07:37:44 224256 ----a-w- C:\Windows\System32\wintrust.dll
      2013-08-15 07:37:44 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
      2013-08-15 07:37:44 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
      2013-08-15 07:37:44 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
      2013-08-15 07:37:43 139776 ----a-w- C:\Windows\System32\cryptnet.dll
      2013-08-15 07:37:43 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
      2013-08-15 07:37:32 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
      2013-08-15 07:37:32 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
      2013-08-15 07:37:23 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
      2013-08-13 19:56:21 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
      2013-08-13 19:48:19 -------- d-----w- C:\Program Files (x86)\Sierra
      2013-08-13 19:40:13 303616 ----a-w- C:\Windows\System32\drivers\atksgt.sys
      2013-08-13 19:39:53 35328 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
      .
      ==================== Find3M ====================
      .
      2014-08-20 06:47:58 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2014-08-20 06:47:58 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2014-08-07 02:06:41 529920 ----a-w- C:\Windows\System32\aepdu.dll
      2014-08-07 02:01:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
      2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
      2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
      2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
      2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
      2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
      2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
      2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
      2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
      2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
      2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
      2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
      2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
      2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
      2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
      2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
      2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
      2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
      2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
      2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
      2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
      2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
      2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
      2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
      2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
      2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
      2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
      2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
      2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
      2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
      2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
      2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
      2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
      2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
      2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
      2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
      2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
      2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
      2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
      2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
      2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
      2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
      2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
      2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
      2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
      2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
      2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
      2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
      2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
      2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
      2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
      2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
      2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
      2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
      2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
      2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
      2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
      2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
      2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
      2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
      2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
      2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
      2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
      2014-05-14 16:21:04 2620928 ----a-w- C:\Windows\System32\wucltux.dll
      2014-05-14 16:20:45 97792 ----a-w- C:\Windows\System32\wudriver.dll
      2014-05-14 16:17:10 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
      2014-05-14 07:23:04 198600 ----a-w- C:\Windows\System32\wuwebv.dll
      2014-05-14 07:23:04 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
      2014-05-14 07:20:46 36864 ----a-w- C:\Windows\System32\wuapp.exe
      2014-05-14 07:17:14 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
      2014-05-12 05:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
      2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
      2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
      2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
      2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
      2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
      2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
      2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
      2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
      2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
      2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
      2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
      2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
      2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
      2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
      2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
      2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
      2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
      2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
      2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
      2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
      2014-03-11 07:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
      2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
      2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
      2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
      .
      ============= FINISH: 17:08:54,68 ===============


      Results of screen317's Security Check version 0.99.87
      Windows 7 Service Pack 1 x64 (UAC is disabled!)
      Internet Explorer 11
      ``````````````Antivirus/Firewall Check:``````````````
      Microsoft Security Essentials
      Antivirus up to date!
      `````````Anti-malware/Other Utilities Check:`````````
      Spybot - Search & Destroy
      Java 7 Update 67
      Java(TM) 6 Update 11
      Adobe Flash Player 14.0.0.179
      Adobe Reader 10.1.11 Adobe Reader out of Date!
      Mozilla Firefox (31.0)
      ````````Process Check: objlist.exe by Laurent````````
      Microsoft Security Essentials MSMpEng.exe
      Microsoft Security Essentials msseces.exe
      Spybot Teatimer.exe is disabled!
      `````````````````System Health check`````````````````
      Total Fragmentation on Drive C: 0%
      ````````````````````End of Log``````````````````````

      Comment


      • #4
        Download of Update Ccleaner

        Start CCleaner op.
        • Run Ccleaner en klik in de linkse kolom op Opties
        • Selecteer het tabblad Geavanceerd
        • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
        • Selecteer het tabblad Instellingen
        • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
        • Klik in de linkse kolom op Cleaner.
        • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
        • Klik vervolgens in de linkse kolom op Register
        • Klik op Scan naar problemen.
        • Op de vraag of je een backup wil maken van het register, klik je "Ja".
        • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

        .


        Download Combofix naar je bureaublad.
        (Dus niet naar een download map of temp map)

        Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
        Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

        Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

        Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
        Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

        Als Combofix vraagt om een update, dan staat je dit toe.

        Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
        Deze kan je vinden als C:\combofix.txt.

        Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

        * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
        • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
        • Illegal operation attempted on a registry key that has been marked for deletion.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          Combifix is opgestart vanuit downloads.

          ComboFix 14-09-05.01 - Jansen 06-09-2014 10:00:23.1.4 - x64
          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.5589.3907 [GMT 2:00]
          Gestart vanuit: c:\users\Jansen\Downloads\ComboFix.exe
          AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
          SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
          SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
          SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          .
          .
          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          C:\0.bak
          C:\install.exe
          c:\windows\tmp
          c:\windows\tmp\dd_vcredistMSI3EBB.txt
          c:\windows\tmp\dd_vcredistUI3EBB.txt
          c:\windows\tmp\fonts\fontdb
          c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile
          .
          .
          (((((((((((((((((((( Bestanden Gemaakt van 2014-08-06 to 2014-09-06 ))))))))))))))))))))))))))))))
          .
          .
          2014-09-06 08:54 . 2014-09-06 08:54 -------- d-----w- c:\users\Default\AppData\Local\temp
          2014-09-05 18:31 . 2014-08-20 09:43 1169712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED5FE132-5EBB-4C61-A80C-7DB40A355071}\gapaengine.dll
          2014-09-05 18:31 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A646772A-FB22-4D2C-A196-5C306F0C0853}\mpengine.dll
          2014-08-31 18:34 . 2014-08-31 18:34 -------- d-----w- c:\users\Jansen\AppData\Local\Adobe
          2014-08-16 20:13 . 2014-08-16 20:13 -------- d-----w- c:\program files (x86)\Synology
          2014-08-14 22:40 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
          2014-08-14 22:40 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
          2014-08-14 22:40 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
          2014-08-14 22:40 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
          2014-08-14 22:40 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
          2014-08-14 22:40 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
          2014-08-14 22:40 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
          2014-08-14 22:40 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
          2014-08-14 19:48 . 2014-08-14 19:48 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
          2014-08-14 15:15 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
          .
          .
          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2014-08-26 06:41 . 2012-04-16 21:28 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
          2014-08-23 02:07 . 2013-09-06 15:07 404480 ----a-w- c:\windows\system32\gdi32.dll
          2014-08-23 01:45 . 2013-09-06 15:07 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
          2014-08-23 00:59 . 2013-09-06 15:07 3163648 ----a-w- c:\windows\system32\win32k.sys
          2014-08-21 03:43 . 2013-09-06 11:19 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
          2014-08-20 09:43 . 2012-06-13 11:15 1169712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
          2014-08-20 06:47 . 2012-03-30 16:40 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
          2014-08-20 06:47 . 2011-07-22 10:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
          2014-08-14 22:45 . 2012-04-08 09:05 99218768 ----a-w- c:\windows\system32\MRT.exe
          2014-06-18 02:18 . 2014-07-09 16:02 692736 ----a-w- c:\windows\system32\osk.exe
          2014-06-18 01:51 . 2014-07-09 16:02 646144 ----a-w- c:\windows\SysWow64\osk.exe
          2014-01-03 17:40 . 2014-01-03 17:40 3041792 ----a-w- c:\program files (x86)\GS.Enabler
          .
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
          REGEDIT4
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
          "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
          "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
          "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
          "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384]
          "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
          "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
          "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
          "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
          "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
          "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
          "3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2010-05-10 1989120]
          .
          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
          "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "ConsentPromptBehaviorAdmin"= 0 (0x0)
          "ConsentPromptBehaviorUser"= 3 (0x3)
          "EnableLUA"= 0 (0x0)
          "EnableUIADesktopToggle"= 0 (0x0)
          "PromptOnSecureDesktop"= 0 (0x0)
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
          "LoadAppInit_DLLs"=1 (0x1)
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
          "aux"=wdmaud.drv
          .
          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
          BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
          @=""
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
          @="Service"
          .
          R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
          R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
          R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
          R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
          R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
          R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
          R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
          R3 gpslc64;gpslc64;c:\windows\system32\Drivers\gpslc64.sys;c:\windows\SYSNATIVE\Drivers\gpslc64.sys [x]
          R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
          R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
          R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
          R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
          R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
          R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
          R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
          R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
          R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
          R3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\DRIVERS\0140_ION.sys;c:\windows\SYSNATIVE\DRIVERS\0140_ION.sys [x]
          R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
          R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
          R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
          S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
          S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
          S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ mwlPSDFilter.sys [x]
          S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwl PSDNServ.sys [x]
          S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwl PSDVDisk.sys [x]
          S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
          S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
          S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
          S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
          S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
          S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
          S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
          S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe;c:\windows\SYSNATIVE\spool\drivers \x64\3\NetFaxServer64.exe [x]
          S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
          S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
          S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
          S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
          S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
          S4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
          S4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
          .
          .
          [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
          hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
          .
          Inhoud van de 'Gedeelde Taken' map
          .
          2014-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
          - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 06:47]
          .
          2014-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
          - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-14 15:53]
          .
          2014-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
          - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-14 15:53]
          .
          .
          --------- X64 Entries -----------
          .
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
          "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
          .
          ------- Bijkomende Scan -------
          .
          uLocal Page = c:\windows\system32\blank.htm
          uStart Page = www.google.com
          mDefault_Search_URL = hxxp://www.google.com
          mDefault_Page_URL = hxxp://www.google.com
          mStart Page = hxxp://www.google.com
          mLocal Page = c:\windows\SysWOW64\blank.htm
          mSearch Page = hxxp://www.google.com
          uInternet Settings,ProxyOverride = *.local
          IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
          TCP: DhcpNameServer = 195.121.1.34 195.121.1.66 192.168.1.254
          FF - ProfilePath - c:\users\Jansen\AppData\Roaming\Mozilla\Firefox\Profiles\62l3j0zm.default-1409934244844\
          FF - prefs.js: browser.startup.homepage - about:newtab
          .
          .
          ------- Bestandsassociaties -------
          .
          JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
          .
          - - - - ORPHANS VERWIJDERD - - - -
          .
          Toolbar-Locked - (no file)
          Wow6432Node-HKLM-Run-<NO NAME> - (no file)
          Notify-SDWinLogon - SDWinLogon.dll
          HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
          BHO-{04D7A7D6-E4AC-C7F8-A1AC-A2442EB4A7C1} - (no file)
          BHO-{5F9DC287-03E7-0F54-57A2-225EB324FB29} - (no file)
          Toolbar-Locked - (no file)
          .
          .
          .
          --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="FlashBroker"
          "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
          "Enabled"=dword:00000001
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
          @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="IFlashBroker5"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
          @="{00020424-0000-0000-C000-000000000046}"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          "Version"="1.0"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="FlashBroker"
          "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
          "Enabled"=dword:00000001
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
          @Denied: (A 2) (Everyone)
          @="Shockwave Flash Object"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
          "ThreadingModel"="Apartment"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
          @="0"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
          @="ShockwaveFlash.ShockwaveFlash.14"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
          @="1.0"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
          @="ShockwaveFlash.ShockwaveFlash"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
          @Denied: (A 2) (Everyone)
          @="Macromedia Flash Factory Object"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
          "ThreadingModel"="Apartment"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
          @="FlashFactory.FlashFactory.1"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
          @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
          @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
          @="1.0"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
          @="FlashFactory.FlashFactory"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
          @Denied: (A 2) (Everyone)
          @="IFlashBroker5"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
          @="{00020424-0000-0000-C000-000000000046}"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          "Version"="1.0"
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
          "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
          00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
          @Denied: (Full) (Everyone)
          .
          Voltooingstijd: 2014-09-06 10:56:18
          ComboFix-quarantined-files.txt 2014-09-06 08:56
          ComboFix2.txt 2009-07-12 15:36
          .
          Pre-Run: 235.865.858.048 bytes beschikbaar
          Post-Run: 236.235.911.168 bytes beschikbaar
          .
          - - End Of File - - 80B137D79D097CCDFA812F1F66120C5A
          A36C5E4F47E84449FF07ED3517B43A31



          DDS (Ver_2012-11-20.01) - NTFS_AMD64
          Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.67.2
          Run by Jansen at 11:12:14 on 2014-09-06
          Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.5589.3449 [GMT 2:00]
          .
          AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
          SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
          SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
          .
          ============== Running Processes ===============
          .
          C:\Windows\system32\lsm.exe
          C:\Windows\system32\svchost.exe -k DcomLaunch
          C:\Windows\system32\svchost.exe -k RPCSS
          C:\Program Files\Microsoft Security Client\MsMpEng.exe
          C:\Windows\system32\atiesrxx.exe
          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
          C:\Windows\system32\svchost.exe -k LocalService
          C:\Windows\system32\svchost.exe -k netsvcs
          C:\Windows\system32\svchost.exe -k GPSvcGroup
          C:\Windows\system32\svchost.exe -k NetworkService
          C:\Windows\system32\atieclxx.exe
          C:\Windows\System32\spoolsv.exe
          C:\Windows\system32\taskeng.exe
          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
          C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
          C:\Windows\system32\taskhost.exe
          C:\Windows\system32\Dwm.exe
          C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
          C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
          C:\Windows\system32\taskeng.exe
          C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
          C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
          C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
          C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
          C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
          C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
          C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
          C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
          C:\Windows\Samsung\PanelMgr\SSMMgr.exe
          C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
          C:\Windows\Samsung\PanelMgr\caller64.exe
          C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
          C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
          C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
          C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
          C:\Program Files\Acer\Acer Updater\UpdaterService.exe
          C:\Windows\System32\svchost.exe -k HPZ12
          C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
          C:\Windows\System32\svchost.exe -k HPZ12
          C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
          C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
          C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
          C:\Windows\system32\svchost.exe -k imgsvc
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
          C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
          C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
          C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
          C:\Windows\system32\svchost.exe -k HPService
          C:\Windows\system32\SearchIndexer.exe
          C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
          C:\Windows\System32\WUDFHost.exe
          C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
          C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
          C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
          C:\Program Files (x86)\Nero\Update\NASvc.exe
          C:\Program Files\Windows Media Player\wmpnetwk.exe
          C:\Program Files\Microsoft Security Client\msseces.exe
          C:\Windows\system32\svchost.exe -k SDRSVC
          C:\Windows\explorer.exe
          C:\Program Files (x86)\Mozilla Firefox\firefox.exe
          C:\Windows\system32\SearchProtocolHost.exe
          C:\Windows\system32\SearchFilterHost.exe
          C:\Windows\system32\wbem\wmiprvse.exe
          C:\Windows\System32\cscript.exe
          .
          ============== Pseudo HJT Report ===============
          .
          uStart Page = www.google.com
          mStart Page = hxxp://www.google.com
          mSearch Page = hxxp://www.google.com
          mDefault_Page_URL = hxxp://www.google.com
          mDefault_Search_URL = hxxp://www.google.com
          BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
          BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\java\jre7\bin\ssv.dll
          BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
          BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\java\jre7\bin\jp2ssv.dll
          BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
          TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
          EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
          EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
          mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
          mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
          mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
          mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
          mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
          mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
          mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
          mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
          mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
          mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
          mRun: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"
          dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
          uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
          uPolicies-Explorer: NoDrives = dword:0
          mPolicies-Explorer: NoDrives = dword:0
          mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
          mPolicies-System: ConsentPromptBehaviorUser = dword:3
          mPolicies-System: EnableLUA = dword:0
          mPolicies-System: EnableUIADesktopToggle = dword:0
          mPolicies-System: PromptOnSecureDesktop = dword:0
          IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
          IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001065-0002-0065-ABCDEFFEDCBC} - <orphaned>
          IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
          IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
          IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
          IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
          IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
          DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
          DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
          DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
          DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
          TCP: NameServer = 195.121.1.34 195.121.1.66 192.168.1.254
          TCP: Interfaces\{F2761557-3531-4638-B2A5-3C1757D28602} : DHCPNameServer = 195.121.1.34 195.121.1.66 192.168.1.254
          Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
          Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
          Notify: SDWinLogon - SDWinLogon.dll
          SSODL: WebCheck - <orphaned>
          x64-mStart Page = hxxp://www.google.com
          x64-BHO: {04D7A7D6-E4AC-C7F8-A1AC-A2442EB4A7C1} - <orphaned>
          x64-BHO: {5F9DC287-03E7-0F54-57A2-225EB324FB29} - <orphaned>
          x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
          x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
          x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
          x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
          x64-SSODL: WebCheck - <orphaned>
          .
          ================= FIREFOX ===================
          .
          FF - ProfilePath - C:\Users\Jansen\AppData\Roaming\Mozilla\Firefox\Profiles\62l3j0zm.default-1409934244844\
          FF - prefs.js: browser.startup.homepage - about:newtab
          FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
          FF - plugin: C:\Program Files (x86)\Downloader\npdd.dll
          FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
          FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
          FF - plugin: C:\Program Files (x86)\java\jre7\bin\dtplugin\npdeployJava1.dll
          FF - plugin: C:\Program Files (x86)\java\jre7\bin\plugin2\npjp2.dll
          FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
          FF - plugin: C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.81\npSurveillancePlugin.dll
          FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
          FF - plugin: C:\Users\Jansen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
          FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
          .
          ============= SERVICES / DRIVERS ===============
          .
          R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-7-22 79488]
          R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-7-22 40064]
          R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
          R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-7-22 22648]
          R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-7-22 20520]
          R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-7-22 62776]
          R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-22 204288]
          R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-13 249648]
          R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]
          R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368]
          R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-22 244624]
          R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
          R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-6-1 167424]
          R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe [2013-9-6 216576]
          R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2009-7-13 11576]
          R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-11-29 87168]
          R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-11-29 188544]
          R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-7-22 231440]
          R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-22 533096]
          R4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-6-30 1817560]
          R4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-6-30 171928]
          S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
          S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
          S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
          S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
          S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
          S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-3-31 1038088]
          S3 gpslc64;gpslc64;C:\Windows\System32\drivers\gpslc64.sys [2013-5-26 102624]
          S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
          S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
          S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
          S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
          S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
          S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
          S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-11 19456]
          S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-11 57856]
          S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-11 30208]
          S3 VCR2PC;VCR2PC Analog Capture;C:\Windows\System32\drivers\0140_ION.sys [2008-9-22 301504]
          S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-28 1255736]
          S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-6-30 1033688]
          S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
          .
          =============== File Associations ===============
          .
          FileExt: .jse: JSEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
          FileExt: .wsf: WSFFile=C:\Windows\SysWow64\CScript.exe "%1" %*
          .
          =============== Created Last 30 ================
          .
          2014-09-06 08:56:22 -------- d-sh--w- C:\$RECYCLE.BIN
          2014-09-06 07:58:30 98816 ----a-w- C:\Windows\sed.exe
          2014-09-06 07:58:30 256000 ----a-w- C:\Windows\PEV.exe
          2014-09-06 07:58:30 208896 ----a-w- C:\Windows\MBR.exe
          2014-09-05 20:48:33 -------- d-----w- C:\Users\Jansen\AppData\Local\{826A274E-AC94-4266-A570-D39849A7F30F}
          2014-09-05 18:31:32 1169712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED5FE132-5EBB-4C61-A80C-7DB40A355071}\gapaengine.dll
          2014-09-05 18:31:14 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A646772A-FB22-4D2C-A196-5C306F0C0853}\mpengine.dll
          2014-09-03 17:41:57 -------- d-----w- C:\Users\Jansen\AppData\Local\{1D6D7200-B986-4095-9FD9-D06BCE1A0F0B}
          2014-09-02 19:20:46 -------- d-----w- C:\Users\Jansen\AppData\Local\{53B796CC-7B45-4AE7-A1D4-EC08FE9C5BD1}
          2014-09-01 20:21:30 -------- d-----w- C:\Users\Jansen\AppData\Local\{CEC1F4F8-E935-4E99-8BD8-7FC5FBC6218D}
          2014-09-01 10:08:25 -------- d-----w- C:\Users\Jansen\AppData\Local\{1384708F-269C-4D6A-AC6C-2343717C1A86}
          2014-09-01 08:14:13 -------- d-----w- C:\Users\Jansen\AppData\Local\{D935B76B-E972-4999-8530-83698E2E5E9A}
          2014-08-31 18:34:57 -------- d-----w- C:\Users\Jansen\AppData\Local\Adobe
          2014-08-31 18:32:52 -------- d-----w- C:\Users\Jansen\AppData\Local\{B9F8E04E-D5A6-4025-9F35-07B46C7D5EB8}
          2014-08-30 17:26:08 -------- d-----w- C:\Users\Jansen\AppData\Local\{EC926076-39B7-4BF7-B1AC-825B0082F49C}
          2014-08-29 22:17:37 -------- d-----w- C:\Users\Jansen\AppData\Local\{5973B42D-F875-477E-97D3-84552DD83FD7}
          2014-08-28 21:21:09 -------- d-----w- C:\Users\Jansen\AppData\Local\{014B4904-9436-44EE-A345-A6336F876A5C}
          2014-08-27 19:19:46 -------- d-----w- C:\Users\Jansen\AppData\Local\{DD6D78E6-AB4B-4104-868C-B5D1650547D7}
          2014-08-27 17:19:43 -------- d-----w- C:\Users\Jansen\AppData\Local\{480B7AB0-4A48-4F01-BD85-B31A62EBA032}
          2014-08-26 18:17:28 -------- d-----w- C:\Users\Jansen\AppData\Local\{A381AFE6-3D43-423D-8A1E-F9498426F927}
          2014-08-25 21:29:27 -------- d-----w- C:\Users\Jansen\AppData\Local\{89F4C4EC-39AE-41E1-AA42-BE01EF62DA8E}
          2014-08-25 09:28:50 -------- d-----w- C:\Users\Jansen\AppData\Local\{6C3A14FE-CFE2-4E85-9EF6-00925AFB1530}
          2014-08-24 11:44:51 -------- d-----w- C:\Users\Jansen\AppData\Local\{015BF59D-CEC9-4A25-AD4C-A6F7F1F149C4}
          2014-08-23 22:51:21 -------- d-----w- C:\Users\Jansen\AppData\Local\{24A0FFB1-91C4-49AC-A330-216B091625CA}
          2014-08-23 17:17:11 -------- d-----w- C:\Users\Jansen\AppData\Local\{E4C5FCD6-E873-4D58-A818-78259307F1AB}
          2014-08-22 18:15:28 -------- d-----w- C:\Users\Jansen\AppData\Local\{65FCCA95-1A89-4CDB-A3B2-D3E058ABA327}
          2014-08-21 17:34:28 -------- d-----w- C:\Users\Jansen\AppData\Local\{07AE38A5-BB48-49C8-AE5A-07E4CBF6E502}
          2014-08-20 17:19:12 -------- d-----w- C:\Users\Jansen\AppData\Local\{52877915-7341-4CF8-AA1E-165F6333AC69}
          2014-08-18 18:35:35 -------- d-----w- C:\Users\Jansen\AppData\Local\{37FA124C-D0FD-4B37-A993-1ED1CC131227}
          2014-08-18 14:12:25 -------- d-----w- C:\Users\Jansen\AppData\Local\{5B025931-CBE0-4A71-A629-BDC4F493BC96}
          2014-08-18 08:05:30 -------- d-----w- C:\Users\Jansen\AppData\Local\{01F2584A-FCA3-414D-862E-5111DFB4D561}
          2014-08-17 11:18:38 -------- d-----w- C:\Users\Jansen\AppData\Local\{3B91A664-44A0-4435-AE48-99034BD2B8BF}
          2014-08-16 22:09:22 -------- d-----w- C:\Users\Jansen\AppData\Local\{49F85BB2-EF50-48D3-87FF-0536B0435ACD}
          2014-08-16 20:13:36 -------- d-----w- C:\Program Files (x86)\Synology
          2014-08-15 19:07:38 -------- d-----w- C:\Users\Jansen\AppData\Local\{E4DF34FF-5F0F-4463-8527-F9C6EC70C2C3}
          2014-08-14 22:40:59 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
          2014-08-14 22:40:59 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
          2014-08-14 22:40:59 171160 ----a-w- C:\Windows\System32\infocardapi.dll
          2014-08-14 22:40:59 1389208 ----a-w- C:\Windows\System32\icardagt.exe
          2014-08-14 22:40:57 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
          2014-08-14 22:40:57 8856 ----a-w- C:\Windows\System32\icardres.dll
          2014-08-14 22:40:39 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
          2014-08-14 22:40:39 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
          2014-08-14 19:48:54 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
          2014-08-14 19:37:04 -------- d-----w- C:\Users\Jansen\AppData\Local\{356E4574-FC25-4D59-8D74-35BC2AF27B9B}
          2014-08-14 15:15:59 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
          2014-08-13 19:18:44 -------- d-----w- C:\Users\Jansen\AppData\Local\{0EF0319C-E289-4DA8-B717-E049EA85130B}
          2014-08-12 10:38:48 -------- d-----w- C:\Users\Jansen\AppData\Local\{9E76F1A7-86F7-496D-AFDC-DA90BBA212CD}
          2014-08-11 19:11:45 -------- d-----w- C:\Users\Jansen\AppData\Local\{816CA12D-20CD-42C5-9547-F40C6790B9A8}
          2014-08-11 13:50:11 -------- d-----w- C:\Users\Jansen\AppData\Local\{EB6E349A-5A30-4E5E-9FE4-7955857D13F3}
          2014-08-10 22:50:39 -------- d-----w- C:\Users\Jansen\AppData\Local\{419F95E0-13EF-45E8-8597-7EC1079967E9}
          2014-08-10 09:23:05 -------- d-----w- C:\Users\Jansen\AppData\Local\{0BBCF975-F910-4C2D-B66C-1235D8D5691A}
          2014-08-09 09:45:06 -------- d-----w- C:\Users\Jansen\AppData\Local\{AC06DE34-B8FC-4D8B-B4E9-6FBE932B85A4}
          2014-08-08 18:13:19 -------- d-----w- C:\Users\Jansen\AppData\Local\{7D0A5567-C7F6-4D46-92CB-0223B5CC10AF}
          2014-08-07 17:31:14 -------- d-----w- C:\Users\Jansen\AppData\Local\{0C60457E-1EC1-4142-A4B5-FF5DBA4F3354}
          .
          ==================== Find3M ====================
          .
          2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
          2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
          2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
          2014-08-20 06:47:58 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
          2014-08-20 06:47:58 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
          2014-08-07 02:06:41 529920 ----a-w- C:\Windows\System32\aepdu.dll
          2014-08-07 02:01:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
          2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
          2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
          2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
          2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
          2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
          2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
          2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
          2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
          2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
          2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
          2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
          2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
          2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
          2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
          2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
          2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
          2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
          2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
          2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
          2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
          2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
          2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
          2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
          2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
          2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
          2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
          2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
          2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
          2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
          2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
          2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
          2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
          2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
          2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
          2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
          2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
          2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
          2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
          2014-01-03 17:40:12 3041792 ----a-w- C:\Program Files (x86)\GS.Enabler
          .
          ============= FINISH: 11:12:25,48 ===============

          Comment


          • #6
            Ga naar Virus Total en upload de volgende file:

            c:\windows\system32\osk.exe

            Druk op verzenden en wacht tot de resultaten verschijnen.
            Indien het bestand reeds gescant is, laat je deze heranalyseren.(Je klikt dan op Re Analyse)

            Uit het rapport, koppieer je het volgende:

            KLIK HIER voor een vergroting! 
            .
            Plaats ook even de link naar dat rapport.
            Last edited by Emphyrio; 07-09-14, 08:41.
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              SHA256: 02944492f38747ce817b851f0a8638d132f9447e7395b1574954fead4c9840e3
              Bestandsnaam: osk.exe
              Detectieverhouding: 0 / 50
              Datum van analyse: 2014-09-07 08:40:46 UTC (1 minuut geleden)
              0
              0
              Waarschijnlijk onschadelijk! Het lijkt erop dat dit bestand veilig te gebruiken is.

              https://www.virustotal.com/nl/file/0...is/1410079246/

              Comment


              • #8
                Prima

                Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                c:\users\Jansen\Downloads\ComboFix /Uninstall

                Zorg ervoor dat er dus een spatie is tussen Combofix en /
                Daarna klik je op Enter.


                Klik op de afbeelding om te vergroten....


                Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw,
                verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen
                en reset je Systeemherstel opnieuw.




                Download of Update Ccleaner

                Start CCleaner op.
                • Run Ccleaner en klik in de linkse kolom op Opties
                • Selecteer het tabblad Geavanceerd
                • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                • Selecteer het tabblad Instellingen
                • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                • Klik in de linkse kolom op Cleaner.
                • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                • Klik vervolgens in de linkse kolom op Register
                • Klik op Scan naar problemen.
                • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                .

                Vertel nu eens even of er nog problemen zijn?

                Emphyrio
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Het probleem is denk ik weer uit de wereld en heb denk ik nu weer en mooie schone computer dankzij uw hulp, computer start weer goed op en o.a. windows update doet het weer, tijd rechts onderin blijft ook juist, en krijg geen vreemde meldingen meer tijdens het surfen,
                  erg bedank voor je hulp.

                  Comment


                  • #10
                    dank aan de vrijwillige medewerking Emphyrio

                    Comment


                    • #11
                      Graag gedaan

                      1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

                      2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

                      Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

                      3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

                      4) Allerlei tips en hints kan je hier raadplegen.


                      Ik zet het topic op opgelost.

                      Indien er niet meer gereageerd wordt, zal binnen een 5-tal dagen deze thread automatisch verplaatst worden
                      naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
                      Dit is gedaan om het forum netjes en overzichtelijk te houden.

                      Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.



                      Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

                      Emphyrio
                      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X