Mededeling

Collapse
No announcement yet.

pc heeft vreemde kuren

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • pc heeft vreemde kuren

    Goeieavond,

    Sedert een 2-tal weken merk ik een paar erg vreemde dingen: soms zie ik een scherm doorschemeren achter een ander zonder dat er 2 versch. sites openstaan. Wanneer ik foto's digitaal bewerk, duurt het véél langer om ze op te slaan. Sites openen gaat ook veel trager. Bovendien hoor ik aan mijn pc dat die veel meer moeite moet doen (gesuis tijdens het werken neemt toe binnenin de desktop).
    Ik hoop dat jullie raad weten.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 28/09/2014
    Scantijd: 21:12:30
    Logbestand: mbamlog.txt
    Beheerder: Ja

    Versie: 2.00.2.1012
    Malwaredatabase: v2014.09.28.07
    Rootkitdatabase: v2014.09.19.01
    Licentie: Gratis
    Malwarebescherming: Uitgeschakeld
    Kwaadaardige Website Bescherming: Uitgeschakeld
    Self-protection: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: leo

    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten Gescand: 320123
    Verstreken Tijd: 8 m, 43 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Heuristics: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registersleutels: 0
    (No malicious items detected)

    Registerwaardes: 0
    (No malicious items detected)

    Registerdata: 0
    (No malicious items detected)

    Mappen: 0
    (No malicious items detected)

    Bestanden: 0
    (No malicious items detected)

    Fysieke Sectoren: 0
    (No malicious items detected)


    (end)


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
    Run by leo at 21:25:59 on 2014-09-28
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6071.4062 [GMT 2:00]
    .
    AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SysWOW64\nlssrv32.exe
    C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
    C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\vVX1000.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://telenet.be/nl
    uDefault_Page_URL = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mDefault_Page_URL = hxxp://www.google.com
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    uRun: [AdobeBridge] <no file>
    uRunOnce: [Application Restart #1] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=AppsPanel_BL --appletVersion=1.0 --mode=LBS --helperBridgeName={C04B067A-2E1D-46BE-A5D5-AD0859F3D0E0} --lbsWorkflowID={EF345DB5-567C-422A-952B-9D4E90F73507} --inputXmlPath="C:\Users\leo\AppData\Local\Temp\{FEC1E8F2-B995-48FE-99EC-857C4141E212}" /RestartByRestartManager:FC920BE1-096F-44e9-8196-5792753AFC69
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
    mRun: [PC MaticRT] C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
    dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-Windows\System: EnableSmartScreen = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
    IE: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    TCP: NameServer = 195.130.131.5 195.130.130.133
    TCP: Interfaces\{D7A5EE61-9E34-4DA0-B336-BE175D9F47DE} : DHCPNameServer = 195.130.131.5 195.130.130.133
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://www.google.com
    x64-mDefault_Page_URL = hxxp://www.google.com
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll
    x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll
    x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
    x64-Run: [VX1000] C:\Windows\vVX1000.exe
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\a5ihbfby.default\
    FF - prefs.js: browser.startup.homepage - www.standaard.be
    FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Canon\Uploader for CANON iMAGE GATEWAY Plugin\npUploaderForCiG.dll
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\Users\leo\AppData\Local\Citrix\Plugins\104\npappdetector.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-6-17 84536]
    R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-6-17 66616]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
    R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54368]
    R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-18 239616]
    R2 AVP;Kaspersky Anti-Virus-service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356128]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-14 13336]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2014-9-18 70768]
    R2 PCPitstop Realtime;PCPitstop Realtime;C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [2014-2-7 586352]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2013-7-8 86632]
    R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2014-9-2 82872]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
    R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\System32\drivers\AVer888RC_64.sys [2013-7-8 543616]
    R3 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
    R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\System32\drivers\AVer888RCIR_64.sys [2010-1-14 39936]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-14 56344]
    R3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29280]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29280]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-7-8 2350176]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-8 726160]
    R3 SeqCal;SeqCal;C:\Windows\System32\drivers\SeqCal.sys [2013-7-8 7808]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S3 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-9-3 242216]
    S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-11-12 41032]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
    S3 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-9 19456]
    S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-1-5 31800]
    S3 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-8-20 289496]
    S3 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2014-2-6 1050904]
    S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2014-1-17 1909032]
    S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-9 57856]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-8 1255736]
    S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2014-9-6 29288]
    .
    =============== File Associations ===============
    .
    FileExt: .chm: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2014-09-26 08:57:24 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76048644-280D-4E5F-A031-C8556CF833D0}\mpengine.dll
    2014-09-24 10:22:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-09-24 10:22:07 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-09-18 20:12:51 -------- d-----w- C:\Users\leo\AppData\Roaming\Thinstall
    2014-09-18 20:12:51 -------- d-----w- C:\Users\leo\AppData\Local\Thinstall
    2014-09-17 22:18:35 -------- d-----w- C:\Users\leo\AppData\Roaming\onOne Software
    2014-09-17 22:18:07 -------- d-----w- C:\Program Files\onOne Software
    2014-09-17 22:17:18 70768 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
    2014-09-17 22:17:18 -------- d-----w- C:\Program Files (x86)\onOne Software
    2014-09-17 22:17:15 70768 ----a-w- C:\Windows\System32\nlssrv32.exe
    2014-09-11 12:37:51 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
    2014-09-10 23:22:43 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2014-09-10 23:22:43 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2014-09-10 12:23:46 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    2014-09-10 12:23:46 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-09-10 12:23:35 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2014-09-10 12:23:35 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2014-09-10 12:23:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-09-10 12:23:24 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-09-10 12:23:24 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-09-10 12:23:24 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-09-10 12:23:24 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-09-09 07:23:48 -------- d-----w- C:\Program Files (x86)\Cewe Photoservice
    2014-09-08 15:10:03 -------- d-----w- C:\Users\leo\AppData\Local\Programs
    2014-09-08 15:05:53 -------- d-----w- C:\Users\leo\AppData\Local\Phase_One
    2014-09-08 15:05:16 -------- d-----w- C:\ProgramData\Phase One
    2014-09-06 13:31:32 -------- d-----w- C:\Users\leo\AppData\Roaming\Bigasoft Audio Converter 4
    2014-09-06 13:14:44 -------- d-----w- C:\Users\leo\AppData\Roaming\Apowersoft
    2014-09-06 12:59:22 -------- d-----w- C:\Users\leo\AppData\Local\Wondershare
    2014-09-06 12:59:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
    2014-09-06 12:59:14 -------- d-----w- C:\Users\leo\AppData\Roaming\Wondershare
    2014-09-06 12:58:37 29288 ----a-w- C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys
    2014-09-06 12:58:28 -------- d-----w- C:\Program Files (x86)\Wondershare
    2014-09-03 11:44:24 -------- d-----w- C:\Program Files\TermTutor
    2014-09-03 11:43:53 -------- d-----w- C:\Users\leo\AppData\Roaming\0F1L1I1P0H1L1E1E1F
    2014-09-02 13:56:04 -------- d-----w- C:\Program Files\Microsoft LifeCam
    2014-09-02 13:56:04 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
    2014-09-02 13:55:58 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
    2014-09-02 13:51:26 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
    2014-09-01 18:58:58 -------- d-----w- C:\Users\leo\restore
    2014-09-01 18:47:41 -------- d-----w- C:\Program Files\Pixum
    2014-08-29 23:35:53 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
    2014-08-29 23:35:28 -------- d-----w- C:\Program Files (x86)\DivX
    .
    ==================== Find3M ====================
    .
    2014-09-28 19:12:21 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-09-23 18:53:07 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-23 18:53:07 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-09-15 07:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
    2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
    2014-08-21 09:41:11 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
    2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
    2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
    2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-08-06 14:07:39 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
    2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
    2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
    2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
    2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
    2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
    2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
    2014-06-30 22:24:50 8856 ----a-w- C:\Windows\System32\icardres.dll
    2014-06-30 22:14:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
    .
    ============= FINISH: 21:26:53,05 ===============


    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-09-28 21:45:54
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST375052 rev.HP34 698,64GB
    Running: o0okmym2.exe; Driver: C:\Users\leo\AppData\Local\Temp\ufldapow.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fb9000 63 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80002fb9040 1 byte [01]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000773afaa8 5 bytes JMP 00000001739319b0
    .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000173932066
    .text C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754e1465 2 bytes [4E, 75]
    .text C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754e14bb 2 bytes [4E, 75]
    .text ... * 2

    ---- Kernel IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800371cf00] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\System32\svchost.exe [3812:3876] 000007fef1589688

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D7A5EE61-9E34-4DA0-B336-BE175D9F47DE}@LeaseObtainedTime 1411931196
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D7A5EE61-9E34-4DA0-B336-BE175D9F47DE}@T1 1411932996
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D7A5EE61-9E34-4DA0-B336-BE175D9F47DE}@T2 1411934346
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D7A5EE61-9E34-4DA0-B336-BE175D9F47DE}@LeaseTerminatesTime 1411934796

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----

    Dank,

    vonkske

  • #2
    Hoi vonkske,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Zet je emoticons (Smileys) uit als je logs plaatst aub . ( INFO )
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Heb je deze richtlijnen gelezen en begrepen, mag je verder gaan.....



    Stap 1:

    Malware scannen en verwijderen....

    Start MBAM.
    Klik bovenin het scherm van Malwarebytes Anti-Malware op Scan.
    Kies in het scherm voor de Aangepaste scan en vink de partities aan die van toepassing zijn (c:\ d\ enz..)
    Vink in het linkervenster ook de Rootkit scan aan.
    Klik vervolgens op de knop Scan nu.

    Voor het scannen wordt er altijd eerst automatisch gecontroleerd of er updates van de virusdefinities beschikbaar zijn, indien er een update beschikbaar is, moet je deze eerst laten installeren.

    Wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijg je hier een overzicht van.
    Selecteer om allen in quarantaine te plaatsen.
    Bij de melding dat uw computer opnieuw opgestart moet worden klik je op Ja.

    Na herstart van de PC, indien Malwarebytes heeft gevraagd om de PC opnieuw op te starten, open Malwarebytes opnieuw.
    Klik de Historie knop bovenaan in het menu.
    Klik vervolgens op de optie programmalogboeken en selecteer het Scanlogboek wat u wilt exporteren. Dit is de laatste scan die je hebt gedaan (kan je zien aan de datum en tijd).
    Selecteer deze om te bekijken.
    In een nieuw venster dat zal openen zal je de resultaten van je scan zien.

    Onderaan, selecteer ofwel om te exporteren als tekstbestand en geef het tekstbestand een naam, bijvoorbeeld mbamlog.
    Ofwel kan je selecteren om te kopieren naar het klembord, zodat de inhoud van de log naar je klembord wordt gekopieerd en je die zo in je volgende post kan plakken.


    Stap 2:

    Controle op slechte toolbars...

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner
    • Klik op Scannen
    • Klik op Verwijderen
    • KLIK HIER voor een vergroting! 

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent een logfile (C:\ AdwCleaner\AdwCleaner[xx].txt
    Post deze inhoud hier op het Forum.

    Enkel de log na de "Verwijderen" optie heb ik nodig.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in.
    Deze word standaard door AdwCleaner terug gezet naar Google.com


    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.


    Stap 4:

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.


    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.
    (Desnoods in meerdere postingen.)

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Hallo, hierbij de gevraagde logs:

      Malwarebytes Anti-Malware
      www.malwarebytes.org

      Scandatum: 30/09/2014
      Scantijd: 11:04:10
      Logbestand: mbamlog.txt
      Beheerder: Ja

      Versie: 2.00.2.1012
      Malwaredatabase: v2014.09.30.03
      Rootkitdatabase: v2014.09.19.01
      Licentie: Gratis
      Malwarebescherming: Uitgeschakeld
      Kwaadaardige Website Bescherming: Uitgeschakeld
      Self-protection: Uitgeschakeld

      Besturingssysteem: Windows 7 Service Pack 1
      Processor: x64
      Bestandssysteem: NTFS
      Gebruiker: leo

      Scantype: Bedreigingsscan
      Resultaat: Voltooid
      Objecten Gescand: 320839
      Verstreken Tijd: 8 m, 10 s

      Geheugen: Ingeschakeld
      Opstarten: Ingeschakeld
      Bestandssysteem: Ingeschakeld
      Archieven: Ingeschakeld
      Rootkits: Uitgeschakeld
      Heuristics: Ingeschakeld
      POP: Ingeschakeld
      POA: Ingeschakeld

      Processen: 0
      (No malicious items detected)

      Modules: 0
      (No malicious items detected)

      Registersleutels: 0
      (No malicious items detected)

      Registerwaardes: 0
      (No malicious items detected)

      Registerdata: 0
      (No malicious items detected)

      Mappen: 0
      (No malicious items detected)

      Bestanden: 0
      (No malicious items detected)

      Fysieke Sectoren: 0
      (No malicious items detected)


      (end)

      # AdwCleaner v3.310 - Rapport aangemaakt 30/09/2014 op 11:19:38
      # Laatste Update 12/09/2014 door Xplode
      # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
      # Gebruikersnaam : leo - LEO-PC
      # Gestart vanuit : C:\Users\leo\Desktop\adwcleaner_3.310.exe
      # Optie : Verwijderen

      ***** [ Services ] *****


      ***** [ Bestanden / Mappen ] *****

      Map Verwijderd : C:\Users\leo\AppData\Local\PackageAware

      ***** [ Taken ] *****

      Taak Verwijderd : Desk 365 RunAsStdUser

      ***** [ Snelkoppelingen ] *****


      ***** [ Register ] *****

      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
      Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
      Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_foxit-reader_RASAPI32
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_foxit-reader_RASMANCS
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_malwarebytes-anti-malware_RASAPI32
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_malwarebytes-anti-malware_RASMANCS
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_nvidia-geforce-driver_RASAPI32
      Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_nvidia-geforce-driver_RASMANCS
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
      Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
      Sleutel Verwijderd : HKLM\SOFTWARE\AVG Secure Search
      Sleutel Verwijderd : HKLM\SOFTWARE\hdcode

      ***** [ Browsers ] *****

      -\\ Internet Explorer v11.0.9600.17280


      -\\ Mozilla Firefox v32.0.3 (x86 en-US)

      [ Bestand : C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\a5ihbfby.default\prefs.js ]

      Regel verwijderd : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
      Regel verwijderd : user_pref("extentions.webcake.installId", "e9205abc-c2af-4e6d-9048-a88ca85077f6");

      -\\ Google Chrome v37.0.2062.124

      [ Bestand : C:\Users\leo\AppData\Local\Google\Chrome\User Data\Default\preferences ]


      *************************

      AdwCleaner[R0].txt - [2478 octets] - [30/09/2014 11:17:51]
      AdwCleaner[S0].txt - [2438 octets] - [30/09/2014 11:19:38]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2498 octets] ##########

      DDS (Ver_2012-11-20.01) - NTFS_AMD64
      Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
      Run by leo at 11:33:18 on 2014-09-30
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6071.4107 [GMT 2:00]
      .
      AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
      SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\system32\atiesrxx.exe
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k GPSvcGroup
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\atieclxx.exe
      C:\Windows\SYSTEM32\WISPTIS.EXE
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
      C:\Windows\system32\taskhost.exe
      C:\Windows\SYSTEM32\WISPTIS.EXE
      C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
      C:\Windows\system32\Dwm.exe
      C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      C:\Program Files\Microsoft LifeCam\MSCamS64.exe
      C:\Windows\SysWOW64\nlssrv32.exe
      C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
      C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Windows\System32\WUDFHost.exe
      C:\Windows\servicing\TrustedInstaller.exe
      C:\Windows\Explorer.EXE
      C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
      C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      C:\Windows\vVX1000.exe
      C:\Users\leo\AppData\Roaming\uTorrent\uTorrent.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
      C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
      C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
      C:\Program Files\CCleaner\CCleaner64.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\System32\svchost.exe -k secsvcs
      C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\System32\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://telenet.be/nl
      uDefault_Page_URL = hxxp://www.google.com
      mStart Page = hxxp://www.google.com
      mDefault_Page_URL = hxxp://www.google.com
      BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
      BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
      BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
      BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
      BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
      BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
      BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
      BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
      uRun: [AdobeBridge] <no file>
      uRunOnce: [Application Restart #1] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=AppsPanel_BL --appletVersion=1.0 --mode=LBS --helperBridgeName={C04B067A-2E1D-46BE-A5D5-AD0859F3D0E0} --lbsWorkflowID={EF345DB5-567C-422A-952B-9D4E90F73507} --inputXmlPath="C:\Users\leo\AppData\Local\Temp\{FEC1E8F2-B995-48FE-99EC-857C4141E212}" /RestartByRestartManager:FC920BE1-096F-44e9-8196-5792753AFC69
      mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
      mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
      mRun: [PC MaticRT] C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
      dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
      uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
      mPolicies-Explorer: NoActiveDesktop = dword:1
      mPolicies-Explorer: NoActiveDesktopChanges = dword:1
      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
      mPolicies-System: ConsentPromptBehaviorUser = dword:3
      mPolicies-System: EnableUIADesktopToggle = dword:0
      mPolicies-Windows\System: EnableSmartScreen = dword:0
      IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
      IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
      IE: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
      IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
      IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
      IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
      IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
      IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
      DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
      TCP: NameServer = 195.130.131.5 195.130.130.133
      TCP: Interfaces\{D7A5EE61-9E34-4DA0-B336-BE175D9F47DE} : DHCPNameServer = 195.130.131.5 195.130.130.133
      Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
      Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
      Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
      SSODL: WebCheck - <orphaned>
      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
      x64-mStart Page = hxxp://www.google.com
      x64-mDefault_Page_URL = hxxp://www.google.com
      x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
      x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
      x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
      x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll
      x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
      x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
      x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
      x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll
      x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
      x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
      x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
      x64-Run: [VX1000] C:\Windows\vVX1000.exe
      x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
      x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
      x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
      x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
      x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
      x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
      x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
      x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
      x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
      x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
      x64-SSODL: WebCheck - <orphaned>
      x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\a5ihbfby.default\
      FF - prefs.js: browser.startup.homepage - www.standaard.be
      FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
      FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
      FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
      FF - plugin: C:\Program Files (x86)\Canon\Uploader for CANON iMAGE GATEWAY Plugin\npUploaderForCiG.dll
      FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
      FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
      FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
      FF - plugin: C:\Users\leo\AppData\Local\Citrix\Plugins\104\npappdetector.dll
      FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-6-17 84536]
      R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-6-17 66616]
      R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
      R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54368]
      R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
      R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-18 239616]
      R2 AVP;Kaspersky Anti-Virus-service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356128]
      R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-14 13336]
      R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2014-9-18 70768]
      R2 PCPitstop Realtime;PCPitstop Realtime;C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [2014-2-7 586352]
      R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2013-7-8 86632]
      R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2014-9-2 82872]
      R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
      R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\System32\drivers\AVer888RC_64.sys [2013-7-8 543616]
      R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\System32\drivers\AVer888RCIR_64.sys [2010-1-14 39936]
      R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-14 56344]
      R3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
      R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29280]
      R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29280]
      R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-7-8 2350176]
      R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-8 726160]
      R3 SeqCal;SeqCal;C:\Windows\System32\drivers\SeqCal.sys [2013-7-8 7808]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
      S3 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
      S3 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
      S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-11-12 41032]
      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
      S3 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
      S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-9 19456]
      S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-1-5 31800]
      S3 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-8-20 289496]
      S3 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2014-2-6 1050904]
      S3 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2014-1-17 1909032]
      S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-9 57856]
      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-8 1255736]
      S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2014-9-6 29288]
      .
      =============== File Associations ===============
      .
      FileExt: .chm: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
      .
      =============== Created Last 30 ================
      .
      2014-09-30 09:18:38 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
      2014-09-30 09:17:46 -------- d-----w- C:\AdwCleaner
      2014-09-30 08:23:32 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7398406A-E6C0-4826-B971-294E20CD7410}\mpengine.dll
      2014-09-29 21:52:55 -------- d-----r- C:\Program Files (x86)\Skype
      2014-09-24 10:22:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
      2014-09-24 10:22:07 2048 ----a-w- C:\Windows\System32\tzres.dll
      2014-09-18 20:12:51 -------- d-----w- C:\Users\leo\AppData\Roaming\Thinstall
      2014-09-18 20:12:51 -------- d-----w- C:\Users\leo\AppData\Local\Thinstall
      2014-09-17 22:18:35 -------- d-----w- C:\Users\leo\AppData\Roaming\onOne Software
      2014-09-17 22:18:07 -------- d-----w- C:\Program Files\onOne Software
      2014-09-17 22:17:18 70768 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
      2014-09-17 22:17:18 -------- d-----w- C:\Program Files (x86)\onOne Software
      2014-09-17 22:17:15 70768 ----a-w- C:\Windows\System32\nlssrv32.exe
      2014-09-11 12:37:51 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
      2014-09-10 23:22:43 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
      2014-09-10 23:22:43 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
      2014-09-10 12:23:46 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
      2014-09-10 12:23:46 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
      2014-09-10 12:23:35 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
      2014-09-10 12:23:35 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
      2014-09-10 12:23:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
      2014-09-10 12:23:24 728064 ----a-w- C:\Windows\System32\kerberos.dll
      2014-09-10 12:23:24 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
      2014-09-10 12:23:24 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
      2014-09-10 12:23:24 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
      2014-09-09 07:23:48 -------- d-----w- C:\Program Files (x86)\Cewe Photoservice
      2014-09-08 15:10:03 -------- d-----w- C:\Users\leo\AppData\Local\Programs
      2014-09-08 15:05:53 -------- d-----w- C:\Users\leo\AppData\Local\Phase_One
      2014-09-08 15:05:16 -------- d-----w- C:\ProgramData\Phase One
      2014-09-06 13:31:32 -------- d-----w- C:\Users\leo\AppData\Roaming\Bigasoft Audio Converter 4
      2014-09-06 13:14:44 -------- d-----w- C:\Users\leo\AppData\Roaming\Apowersoft
      2014-09-06 12:59:22 -------- d-----w- C:\Users\leo\AppData\Local\Wondershare
      2014-09-06 12:59:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
      2014-09-06 12:59:14 -------- d-----w- C:\Users\leo\AppData\Roaming\Wondershare
      2014-09-06 12:58:37 29288 ----a-w- C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys
      2014-09-06 12:58:28 -------- d-----w- C:\Program Files (x86)\Wondershare
      2014-09-03 11:44:24 -------- d-----w- C:\Program Files\TermTutor
      2014-09-03 11:43:53 -------- d-----w- C:\Users\leo\AppData\Roaming\0F1L1I1P0H1L1E1E1F
      2014-09-02 13:56:04 -------- d-----w- C:\Program Files\Microsoft LifeCam
      2014-09-02 13:56:04 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
      2014-09-02 13:55:58 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
      2014-09-02 13:51:26 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
      2014-09-01 18:58:58 -------- d-----w- C:\Users\leo\restore
      2014-09-01 18:47:41 -------- d-----w- C:\Program Files\Pixum
      .
      ==================== Find3M ====================
      .
      2014-09-30 09:03:56 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
      2014-09-23 18:53:07 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2014-09-23 18:53:07 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2014-09-15 07:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
      2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
      2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
      2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
      2014-08-21 09:41:11 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
      2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
      2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
      2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
      2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
      2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
      2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
      2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
      2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
      2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
      2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
      2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
      2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
      2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
      2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
      2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
      2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
      2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
      2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
      2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
      2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
      2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
      2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
      2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
      2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
      2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
      2014-08-06 14:07:39 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
      2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
      2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
      2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
      2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
      2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
      2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
      2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
      2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
      .
      ============= FINISH: 11:33:56,02 ===============

      Results of screen317's Security Check version 0.99.87
      Windows 7 Service Pack 1 x64 (UAC is enabled)
      Internet Explorer 11
      ``````````````Antivirus/Firewall Check:``````````````
      Kaspersky PURE 3.0
      Antivirus up to date!
      `````````Anti-malware/Other Utilities Check:`````````
      Java 7 Update 67
      Adobe Flash Player 15.0.0.152
      Mozilla Firefox (32.0.3)
      Google Chrome 37.0.2062.102
      Google Chrome 37.0.2062.124
      ````````Process Check: objlist.exe by Laurent````````
      Kaspersky Lab Kaspersky PURE 3.0 avp.exe
      `````````````````System Health check`````````````````
      Total Fragmentation on Drive C: 0%
      ````````````````````End of Log``````````````````````


      vonkske

      Comment


      • #4
        Mag ik de aangepaste scan log van MBAM zoals gevraagd geweest is in Stap 1 aub?
        (Lees aandachtig de instructies)

        Daana mag je tevens een verse DDS log posten.
        Last edited by Emphyrio; 30-09-14, 13:34.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          De MBAM is nu 8u40' aan het lopen maar de laatste 2 uur blijft de scan steken op 457765 bestanden. Het blauwe balkje stroomt nog verder maar er komen geen nieuw gescande bestanden bij.
          Afsluiten of gewoon laten lopen?

          grt, vonkske

          Nu, 0:17 nog steeds hangen, ik sluit af en herbegin een nieuwe scan. Wanneer alles goed loopt, kan ik morgen posten.
          Last edited by vonkske; 30-09-14, 23:19.

          Comment


          • #6
            MBAM heeft een 10-tal dingen in quarantaine gezet maar daar is in het log niets van te zien.Je laat me wel weten mocht het weerom niet de juiste scan betreffen? Ook een nieuwe dds geplaatst.

            grt, vonkske

            Malwarebytes Anti-Malware
            www.malwarebytes.org

            Scandatum: 30/09/2014
            Scantijd: 11:04:10
            Logbestand: mbamlog.txt
            Beheerder: Ja

            Versie: 2.00.2.1012
            Malwaredatabase: v2014.09.30.03
            Rootkitdatabase: v2014.09.19.01
            Licentie: Gratis
            Malwarebescherming: Uitgeschakeld
            Kwaadaardige Website Bescherming: Uitgeschakeld
            Self-protection: Uitgeschakeld

            Besturingssysteem: Windows 7 Service Pack 1
            Processor: x64
            Bestandssysteem: NTFS
            Gebruiker: leo

            Scantype: Bedreigingsscan
            Resultaat: Voltooid
            Objecten Gescand: 320839
            Verstreken Tijd: 8 m, 10 s

            Geheugen: Ingeschakeld
            Opstarten: Ingeschakeld
            Bestandssysteem: Ingeschakeld
            Archieven: Ingeschakeld
            Rootkits: Uitgeschakeld
            Heuristics: Ingeschakeld
            POP: Ingeschakeld
            POA: Ingeschakeld

            Processen: 0
            (No malicious items detected)

            Modules: 0
            (No malicious items detected)

            Registersleutels: 0
            (No malicious items detected)

            Registerwaardes: 0
            (No malicious items detected)

            Registerdata: 0
            (No malicious items detected)

            Mappen: 0
            (No malicious items detected)

            Bestanden: 0
            (No malicious items detected)

            Fysieke Sectoren: 0
            (No malicious items detected)


            (end)


            DDS (Ver_2012-11-20.01) - NTFS_AMD64
            Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
            Run by leo at 11:59:40 on 2014-10-01
            Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6071.3325 [GMT 2:00]
            .
            AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
            SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
            SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
            FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
            .
            ============== Running Processes ===============
            .
            C:\Windows\system32\lsm.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch
            C:\Windows\system32\svchost.exe -k RPCSS
            C:\Windows\system32\atiesrxx.exe
            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
            C:\Windows\system32\svchost.exe -k LocalService
            C:\Windows\system32\svchost.exe -k netsvcs
            C:\Windows\system32\svchost.exe -k GPSvcGroup
            C:\Windows\system32\svchost.exe -k NetworkService
            C:\Windows\System32\spoolsv.exe
            C:\Windows\system32\atieclxx.exe
            C:\Windows\SYSTEM32\WISPTIS.EXE
            C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
            C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
            C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
            C:\Windows\system32\taskhost.exe
            C:\Windows\SYSTEM32\WISPTIS.EXE
            C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
            C:\Windows\system32\Dwm.exe
            C:\Program Files (x86)\Bonjour\mDNSResponder.exe
            C:\Program Files\Microsoft LifeCam\MSCamS64.exe
            C:\Windows\Explorer.EXE
            C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
            C:\Windows\SysWOW64\nlssrv32.exe
            C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
            C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
            C:\Windows\system32\svchost.exe -k imgsvc
            C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
            C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
            C:\Windows\System32\WUDFHost.exe
            C:\Windows\servicing\TrustedInstaller.exe
            C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
            C:\Windows\vVX1000.exe
            C:\Users\leo\AppData\Roaming\uTorrent\uTorrent.exe
            C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
            C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
            C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
            C:\Windows\system32\taskeng.exe
            C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
            C:\Program Files\CCleaner\CCleaner64.exe
            C:\Windows\system32\wbem\unsecapp.exe
            C:\Windows\system32\wbem\wmiprvse.exe
            C:\Program Files\Windows Media Player\wmpnetwk.exe
            C:\Windows\system32\SearchIndexer.exe
            C:\Windows\system32\SearchProtocolHost.exe
            C:\Windows\System32\svchost.exe -k secsvcs
            C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
            C:\Windows\system32\wuauclt.exe
            C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
            C:\Program Files (x86)\Mozilla Firefox\firefox.exe
            C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
            C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
            C:\Windows\system32\taskeng.exe
            C:\Windows\system32\SearchFilterHost.exe
            C:\Windows\system32\taskeng.exe
            C:\Windows\system32\wbem\wmiprvse.exe
            C:\Windows\system32\sppsvc.exe
            C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
            C:\Windows\System32\cscript.exe
            .
            ============== Pseudo HJT Report ===============
            .
            uStart Page = hxxp://telenet.be/nl
            uDefault_Page_URL = hxxp://www.google.com
            mStart Page = hxxp://www.google.com
            mDefault_Page_URL = hxxp://www.google.com
            BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
            BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
            BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
            BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
            BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
            BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
            BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
            BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
            BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
            BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
            uRun: [AdobeBridge] <no file>
            uRunOnce: [Application Restart #1] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=AppsPanel_BL --appletVersion=1.0 --mode=LBS --helperBridgeName={C04B067A-2E1D-46BE-A5D5-AD0859F3D0E0} --lbsWorkflowID={EF345DB5-567C-422A-952B-9D4E90F73507} --inputXmlPath="C:\Users\leo\AppData\Local\Temp\{FEC1E8F2-B995-48FE-99EC-857C4141E212}" /RestartByRestartManager:FC920BE1-096F-44e9-8196-5792753AFC69
            mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
            mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
            mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
            mRun: [PC MaticRT] C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
            dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
            StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
            StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
            uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
            mPolicies-Explorer: NoActiveDesktop = dword:1
            mPolicies-Explorer: NoActiveDesktopChanges = dword:1
            mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
            mPolicies-System: ConsentPromptBehaviorUser = dword:3
            mPolicies-System: EnableUIADesktopToggle = dword:0
            mPolicies-Windows\System: EnableSmartScreen = dword:0
            IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
            IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
            IE: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
            IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
            IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
            IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
            IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
            IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
            IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
            IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
            DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
            TCP: NameServer = 195.130.131.5 195.130.130.133
            TCP: Interfaces\{D7A5EE61-9E34-4DA0-B336-BE175D9F47DE} : DHCPNameServer = 195.130.131.5 195.130.130.133
            Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
            Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
            Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
            SSODL: WebCheck - <orphaned>
            mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
            x64-mStart Page = hxxp://www.google.com
            x64-mDefault_Page_URL = hxxp://www.google.com
            x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
            x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
            x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
            x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll
            x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
            x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
            x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
            x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll
            x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
            x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
            x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
            x64-Run: [VX1000] C:\Windows\vVX1000.exe
            x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
            x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
            x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
            x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
            x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
            x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
            x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
            x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
            x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
            x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
            x64-SSODL: WebCheck - <orphaned>
            x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
            .
            ================= FIREFOX ===================
            .
            FF - ProfilePath - C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\a5ihbfby.default\
            FF - prefs.js: browser.startup.homepage - www.standaard.be
            FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
            FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
            FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
            FF - plugin: C:\Program Files (x86)\Canon\Uploader for CANON iMAGE GATEWAY Plugin\npUploaderForCiG.dll
            FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
            FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
            FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
            FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
            FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
            FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
            FF - plugin: C:\Users\leo\AppData\Local\Citrix\Plugins\104\npappdetector.dll
            FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
            .
            ============= SERVICES / DRIVERS ===============
            .
            R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-6-17 84536]
            R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-6-17 66616]
            R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
            R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54368]
            R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
            R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-18 239616]
            R2 AVP;Kaspersky Anti-Virus-service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356128]
            R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-14 13336]
            R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2014-9-18 70768]
            R2 PCPitstop Realtime;PCPitstop Realtime;C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [2014-2-7 586352]
            R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2013-7-8 86632]
            R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2014-9-2 82872]
            R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
            R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\System32\drivers\AVer888RC_64.sys [2013-7-8 543616]
            R3 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
            R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\System32\drivers\AVer888RCIR_64.sys [2010-1-14 39936]
            R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-14 56344]
            R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29280]
            R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29280]
            R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-17 122584]
            R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-7-8 2350176]
            R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-8 726160]
            R3 SeqCal;SeqCal;C:\Windows\System32\drivers\SeqCal.sys [2013-7-8 7808]
            S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
            S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
            S3 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
            S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-11-12 41032]
            S3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
            S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
            S3 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
            S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-9 19456]
            S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-1-5 31800]
            S3 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-8-20 289496]
            S3 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2014-2-6 1050904]
            S3 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2014-1-17 1909032]
            S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
            S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-9 57856]
            S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-8 1255736]
            S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2014-9-6 29288]
            .
            =============== File Associations ===============
            .
            FileExt: .chm: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
            .
            =============== Created Last 30 ================
            .
            2014-09-30 10:35:39 -------- d-----w- C:\Users\leo\AppData\Roaming\BitTorrent
            2014-09-30 09:18:38 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
            2014-09-30 09:17:46 -------- d-----w- C:\AdwCleaner
            2014-09-30 08:23:32 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7398406A-E6C0-4826-B971-294E20CD7410}\mpengine.dll
            2014-09-29 21:52:55 -------- d-----r- C:\Program Files (x86)\Skype
            2014-09-24 10:22:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
            2014-09-24 10:22:07 2048 ----a-w- C:\Windows\System32\tzres.dll
            2014-09-18 20:12:51 -------- d-----w- C:\Users\leo\AppData\Roaming\Thinstall
            2014-09-18 20:12:51 -------- d-----w- C:\Users\leo\AppData\Local\Thinstall
            2014-09-17 22:18:35 -------- d-----w- C:\Users\leo\AppData\Roaming\onOne Software
            2014-09-17 22:18:07 -------- d-----w- C:\Program Files\onOne Software
            2014-09-17 22:17:18 70768 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
            2014-09-17 22:17:18 -------- d-----w- C:\Program Files (x86)\onOne Software
            2014-09-17 22:17:15 70768 ----a-w- C:\Windows\System32\nlssrv32.exe
            2014-09-11 12:37:51 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
            2014-09-10 23:22:43 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
            2014-09-10 23:22:43 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
            2014-09-10 12:23:46 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
            2014-09-10 12:23:46 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
            2014-09-10 12:23:35 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
            2014-09-10 12:23:35 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
            2014-09-10 12:23:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
            2014-09-10 12:23:24 728064 ----a-w- C:\Windows\System32\kerberos.dll
            2014-09-10 12:23:24 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
            2014-09-10 12:23:24 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
            2014-09-10 12:23:24 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
            2014-09-09 07:23:48 -------- d-----w- C:\Program Files (x86)\Cewe Photoservice
            2014-09-08 15:10:03 -------- d-----w- C:\Users\leo\AppData\Local\Programs
            2014-09-08 15:05:53 -------- d-----w- C:\Users\leo\AppData\Local\Phase_One
            2014-09-08 15:05:16 -------- d-----w- C:\ProgramData\Phase One
            2014-09-06 13:31:32 -------- d-----w- C:\Users\leo\AppData\Roaming\Bigasoft Audio Converter 4
            2014-09-06 13:14:44 -------- d-----w- C:\Users\leo\AppData\Roaming\Apowersoft
            2014-09-06 12:59:22 -------- d-----w- C:\Users\leo\AppData\Local\Wondershare
            2014-09-06 12:59:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
            2014-09-06 12:59:14 -------- d-----w- C:\Users\leo\AppData\Roaming\Wondershare
            2014-09-06 12:58:37 29288 ----a-w- C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys
            2014-09-06 12:58:28 -------- d-----w- C:\Program Files (x86)\Wondershare
            2014-09-03 11:44:24 -------- d-----w- C:\Program Files\TermTutor
            2014-09-03 11:43:53 -------- d-----w- C:\Users\leo\AppData\Roaming\0F1L1I1P0H1L1E1E1F
            2014-09-02 13:56:04 -------- d-----w- C:\Program Files\Microsoft LifeCam
            2014-09-02 13:56:04 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
            2014-09-02 13:55:58 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
            2014-09-02 13:51:26 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
            2014-09-01 18:58:58 -------- d-----w- C:\Users\leo\restore
            2014-09-01 18:47:41 -------- d-----w- C:\Program Files\Pixum
            .
            ==================== Find3M ====================
            .
            2014-10-01 09:54:46 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
            2014-09-30 15:10:08 59664 ----a-w- C:\Windows\help\OEM\Scripts\certmgr.exe
            2014-09-23 18:53:07 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
            2014-09-23 18:53:07 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
            2014-09-15 07:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
            2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
            2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
            2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
            2014-08-21 09:41:11 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
            2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
            2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
            2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
            2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
            2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
            2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
            2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
            2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
            2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
            2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
            2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
            2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
            2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
            2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
            2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
            2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
            2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
            2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
            2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
            2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
            2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl

            grt, vonkske
            2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
            2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
            2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
            2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
            2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
            2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
            2014-08-06 14:07:39 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
            2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
            2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
            2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
            2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
            2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
            2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
            2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
            2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
            .
            ============= FINISH: 12:00:13,04 ===============

            Comment


            • #7
              Je hebt weer een bedreigingscan log gepost.
              Ik vroeg om een aangepaste scan.

              De historie van MBAM kan je volgens deze instructies vinden: http://www.nucia.eu/forum/entries/21...-mijn-MBAM-log
              Last edited by Emphyrio; 01-10-14, 12:46.
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                Nu gelukt, denk ik. MBAmlog en nieuw DDS

                Malwarebytes Anti-Malware
                www.malwarebytes.org

                Scandatum: 1/10/2014
                Scantijd: 14:31:38
                Logbestand: mbamlog.txt
                Beheerder: Ja

                Versie: 2.00.2.1012
                Malwaredatabase: v2014.10.01.04
                Rootkitdatabase: v2014.09.19.01
                Licentie: Gratis
                Malwarebescherming: Uitgeschakeld
                Kwaadaardige Website Bescherming: Uitgeschakeld
                Self-protection: Uitgeschakeld

                Besturingssysteem: Windows 7 Service Pack 1
                Processor: x64
                Bestandssysteem: NTFS
                Gebruiker: leo

                Scantype: Aangepaste Scan
                Resultaat: Voltooid
                Objecten Gescand: 602046
                Verstreken Tijd: 4 u, 10 m, 14 s

                Geheugen: Ingeschakeld
                Opstarten: Ingeschakeld
                Bestandssysteem: Ingeschakeld
                Archieven: Ingeschakeld
                Rootkits: Ingeschakeld
                Heuristics: Ingeschakeld
                POP: Ingeschakeld
                POA: Ingeschakeld

                Processen: 0
                (No malicious items detected)

                Modules: 0
                (No malicious items detected)

                Registersleutels: 0
                (No malicious items detected)

                Registerwaardes: 0
                (No malicious items detected)

                Registerdata: 0
                (No malicious items detected)

                Mappen: 0
                (No malicious items detected)

                Bestanden: 10
                PUP.RiskwareTool.CK, L:\mijn documenten 23 07 2014\Fotosoftware\Adobe Bridge_sHaRe_juni 2014\Bridge.CC\Crack\Patch.exe, In Quarantaine, [1c69955a3645171f50b363501ce4cf31],
                PUP.RiskwareTool.CK, L:\mijn documenten 23 07 2014\Fotosoftware\Adobe Photoshop 2014-mojado\Adobe Photoshop CC 2014 v15.0 x64\Adobe NEW KEYGEN!\xf-adobecc2014.7z, In Quarantaine, [2a5b6f8055263df95496f5947b876e92],
                PUP.RiskwareTool.CK, L:\mijn documenten 23 07 2014\Fotosoftware\Adobe Photoshop 2014-mojado\Adobe Photoshop CC 2014 v15.0 x64\Adobe NEW KEYGEN!\xf-adobecc2014.exe, In Quarantaine, [2c59c22d89f20432aa400287cf336a96],
                PUP.RiskwareTool.CK, L:\mijn documenten 23 07 2014\Fotosoftware\Adobe Photoshop CC 14.2.1-sHaRe_juni 2014\sHaRewbb_adbptscc1421new\CRACK\Patch by PainteR\adobe.photoshop.cc-patch-painter.zip, In Quarantaine, [2a5bd11e7cff3105e3203a79b848857b],
                PUP.RiskwareTool.CK, L:\mijn documenten 23 07 2014\Fotosoftware\Adobe Photoshop CC 14.2.1-sHaRe_juni 2014\sHaRewbb_adbptscc1421new\CRACK\Patch by PainteR\adobe.photoshop.cc-patch-painter\adobe.photoshop.cc-patch-painter.exe, In Quarantaine, [82039b54dc9fcf673dc6734059a7b14f],
                PUP.RiskwareTool.CK, L:\mijn documenten 23 07 2014\Fotosoftware\Adobe Photoshop cc 2014-sHaRe-12 07 2014\Adobe Photoshop CC 2014 WiN64\Crack\ADOBE_CC_V2014_KEYGEN_WIN_MACOSX-XFORCE\Crack-Windows\xf-adobecc2014.7z, In Quarantaine, [92f3a54a7efd3cfaa545f99044bec33d],
                PUP.RiskwareTool.CK, L:\mijn documenten 23 07 2014\Fotosoftware\Adobe Photoshop cc 2014-sHaRe-12 07 2014\Adobe Photoshop CC 2014 WiN64\Crack\ADOBE_CC_V2014_KEYGEN_WIN_MACOSX-XFORCE\Crack-Windows\xf-adobecc2014.exe, In Quarantaine, [8302ad42cbb069cd9c4e3158aa5854ac],
                PUP.Riskware.Patcher, L:\mijn documenten 23 07 2014\Fotosoftware\DxO Viewpoint 2-juli 2014\DxO_ViewPoint_2.1.7_Build_38\dxo.viewpoint.2.1.4.[x64]-MPT.exe, In Quarantaine, [c7be1fd0f6853204bda824fa53ae8779],
                PUP.Keygen.Intro, L:\mijn documenten 23 07 2014\Fotosoftware\Lightroom 5.5-juni2014\sHaRewbb_apl55win64new\Adobe.Photoshop.Lightroom.v5.5.x64.Multilingual.Incl.Keymaker-CORE\Keygen\CORE10k.EXE, In Quarantaine, [9ee7e50a6a11a492313d6c4de91b1fe1],
                Trojan.Downloader, L:\mijn documenten 23 07 2014\Fotosoftware\Topaz bundle\Topaz Plug-ins Bundle for Adobe Photoshop DC 20.06.2014\crack\keygen.exe, In Quarantaine, [c4c108e7d2a97bbbe21ba383768cf40c],

                Fysieke Sectoren: 0
                (No malicious items detected)


                (end)


                DDS (Ver_2012-11-20.01) - NTFS_AMD64
                Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
                Run by leo at 19:45:48 on 2014-10-01
                Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6071.3931 [GMT 2:00]
                .
                AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
                SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
                SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
                .
                ============== Running Processes ===============
                .
                C:\Windows\system32\lsm.exe
                C:\Windows\system32\svchost.exe -k DcomLaunch
                C:\Windows\system32\svchost.exe -k RPCSS
                C:\Windows\system32\atiesrxx.exe
                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                C:\Windows\system32\svchost.exe -k LocalService
                C:\Windows\system32\svchost.exe -k netsvcs
                C:\Windows\system32\svchost.exe -k GPSvcGroup
                C:\Windows\system32\svchost.exe -k NetworkService
                C:\Windows\System32\spoolsv.exe
                C:\Windows\system32\atieclxx.exe
                C:\Windows\SYSTEM32\WISPTIS.EXE
                C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
                C:\Windows\system32\taskhost.exe
                C:\Windows\SYSTEM32\WISPTIS.EXE
                C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
                C:\Program Files (x86)\Bonjour\mDNSResponder.exe
                C:\Windows\system32\Dwm.exe
                C:\Program Files\Microsoft LifeCam\MSCamS64.exe
                C:\Windows\Explorer.EXE
                C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
                C:\Windows\SysWOW64\nlssrv32.exe
                C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
                C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
                C:\Windows\system32\svchost.exe -k imgsvc
                C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
                C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                C:\Windows\servicing\TrustedInstaller.exe
                C:\Windows\System32\WUDFHost.exe
                C:\Windows\system32\SearchIndexer.exe
                C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                C:\Windows\vVX1000.exe
                C:\Users\leo\AppData\Roaming\uTorrent\uTorrent.exe
                C:\Windows\system32\taskeng.exe
                C:\Program Files\CCleaner\CCleaner64.exe
                C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
                C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
                C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
                C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
                C:\Windows\system32\wbem\unsecapp.exe
                C:\Windows\system32\wbem\wmiprvse.exe
                C:\Program Files\Windows Media Player\wmpnetwk.exe
                C:\Windows\System32\svchost.exe -k secsvcs
                C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
                C:\Windows\system32\wuauclt.exe
                C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
                C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
                C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
                C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                C:\Windows\system32\NOTEPAD.EXE
                C:\Windows\System32\cscript.exe
                .
                ============== Pseudo HJT Report ===============
                .
                uStart Page = hxxp://telenet.be/nl
                uDefault_Page_URL = hxxp://www.google.com
                mStart Page = hxxp://www.google.com
                mDefault_Page_URL = hxxp://www.google.com
                BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
                BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
                BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
                BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
                BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
                BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
                BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
                BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
                uRun: [AdobeBridge] <no file>
                uRunOnce: [Application Restart #1] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=AppsPanel_BL --appletVersion=1.0 --mode=LBS --helperBridgeName={C04B067A-2E1D-46BE-A5D5-AD0859F3D0E0} --lbsWorkflowID={EF345DB5-567C-422A-952B-9D4E90F73507} --inputXmlPath="C:\Users\leo\AppData\Local\Temp\{FEC1E8F2-B995-48FE-99EC-857C4141E212}" /RestartByRestartManager:FC920BE1-096F-44e9-8196-5792753AFC69
                mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
                mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
                mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
                mRun: [PC MaticRT] C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
                dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
                StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
                StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
                uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
                mPolicies-Explorer: NoActiveDesktop = dword:1
                mPolicies-Explorer: NoActiveDesktopChanges = dword:1
                mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                mPolicies-System: ConsentPromptBehaviorUser = dword:3
                mPolicies-System: EnableUIADesktopToggle = dword:0
                mPolicies-Windows\System: EnableSmartScreen = dword:0
                IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
                IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
                IE: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
                IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
                IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
                IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
                IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
                IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
                IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
                IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
                DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
                TCP: NameServer = 195.130.131.133 195.130.130.5
                TCP: Interfaces\{D7A5EE61-9E34-4DA0-B336-BE175D9F47DE} : DHCPNameServer = 195.130.131.133 195.130.130.5
                Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
                Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
                Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
                SSODL: WebCheck - <orphaned>
                mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                x64-mStart Page = hxxp://www.google.com
                x64-mDefault_Page_URL = hxxp://www.google.com
                x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
                x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
                x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
                x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll
                x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
                x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
                x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
                x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll
                x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
                x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
                x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                x64-Run: [VX1000] C:\Windows\vVX1000.exe
                x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
                x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
                x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
                x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
                x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
                x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
                x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
                x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
                x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
                x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
                x64-SSODL: WebCheck - <orphaned>
                x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                .
                ================= FIREFOX ===================
                .
                FF - ProfilePath - C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\a5ihbfby.default\
                FF - prefs.js: browser.startup.homepage - www.standaard.be
                FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
                FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
                FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
                FF - plugin: C:\Program Files (x86)\Canon\Uploader for CANON iMAGE GATEWAY Plugin\npUploaderForCiG.dll
                FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
                FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
                FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
                FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
                FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
                FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
                FF - plugin: C:\Users\leo\AppData\Local\Citrix\Plugins\104\npappdetector.dll
                FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
                .
                ============= SERVICES / DRIVERS ===============
                .
                R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-6-17 84536]
                R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-6-17 66616]
                R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
                R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54368]
                R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
                R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-18 239616]
                R2 AVP;Kaspersky Anti-Virus-service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356128]
                R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-14 13336]
                R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2014-9-18 70768]
                R2 PCPitstop Realtime;PCPitstop Realtime;C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [2014-2-7 586352]
                R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2013-7-8 86632]
                R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2014-9-2 82872]
                R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
                R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\System32\drivers\AVer888RC_64.sys [2013-7-8 543616]
                R3 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
                R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\System32\drivers\AVer888RCIR_64.sys [2010-1-14 39936]
                R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-14 56344]
                R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29280]
                R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29280]
                R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-17 122584]
                R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-7-8 2350176]
                R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-8 726160]
                R3 SeqCal;SeqCal;C:\Windows\System32\drivers\SeqCal.sys [2013-7-8 7808]
                S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                S3 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
                S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-11-12 41032]
                S3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
                S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
                S3 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
                S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-9 19456]
                S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-1-5 31800]
                S3 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-8-20 289496]
                S3 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2014-2-6 1050904]
                S3 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2014-1-17 1909032]
                S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
                S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-9 57856]
                S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-8 1255736]
                S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2014-9-6 29288]
                .
                =============== File Associations ===============
                .
                FileExt: .chm: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
                .
                =============== Created Last 30 ================
                .
                2014-09-30 10:35:39 -------- d-----w- C:\Users\leo\AppData\Roaming\BitTorrent
                2014-09-30 09:18:38 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
                2014-09-30 09:17:46 -------- d-----w- C:\AdwCleaner
                2014-09-30 08:23:32 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7398406A-E6C0-4826-B971-294E20CD7410}\mpengine.dll
                2014-09-29 21:52:55 -------- d-----r- C:\Program Files (x86)\Skype
                2014-09-24 10:22:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
                2014-09-24 10:22:07 2048 ----a-w- C:\Windows\System32\tzres.dll
                2014-09-18 20:12:51 -------- d-----w- C:\Users\leo\AppData\Roaming\Thinstall
                2014-09-18 20:12:51 -------- d-----w- C:\Users\leo\AppData\Local\Thinstall
                2014-09-17 22:18:35 -------- d-----w- C:\Users\leo\AppData\Roaming\onOne Software
                2014-09-17 22:18:07 -------- d-----w- C:\Program Files\onOne Software
                2014-09-17 22:17:18 70768 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
                2014-09-17 22:17:18 -------- d-----w- C:\Program Files (x86)\onOne Software
                2014-09-17 22:17:15 70768 ----a-w- C:\Windows\System32\nlssrv32.exe
                2014-09-11 12:37:51 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
                2014-09-10 23:22:43 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
                2014-09-10 23:22:43 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
                2014-09-10 12:23:46 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
                2014-09-10 12:23:46 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
                2014-09-10 12:23:35 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
                2014-09-10 12:23:35 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
                2014-09-10 12:23:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
                2014-09-10 12:23:24 728064 ----a-w- C:\Windows\System32\kerberos.dll
                2014-09-10 12:23:24 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
                2014-09-10 12:23:24 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
                2014-09-10 12:23:24 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
                2014-09-09 07:23:48 -------- d-----w- C:\Program Files (x86)\Cewe Photoservice
                2014-09-08 15:10:03 -------- d-----w- C:\Users\leo\AppData\Local\Programs
                2014-09-08 15:05:53 -------- d-----w- C:\Users\leo\AppData\Local\Phase_One
                2014-09-08 15:05:16 -------- d-----w- C:\ProgramData\Phase One
                2014-09-06 13:31:32 -------- d-----w- C:\Users\leo\AppData\Roaming\Bigasoft Audio Converter 4
                2014-09-06 13:14:44 -------- d-----w- C:\Users\leo\AppData\Roaming\Apowersoft
                2014-09-06 12:59:22 -------- d-----w- C:\Users\leo\AppData\Local\Wondershare
                2014-09-06 12:59:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
                2014-09-06 12:59:14 -------- d-----w- C:\Users\leo\AppData\Roaming\Wondershare
                2014-09-06 12:58:37 29288 ----a-w- C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys
                2014-09-06 12:58:28 -------- d-----w- C:\Program Files (x86)\Wondershare
                2014-09-03 11:44:24 -------- d-----w- C:\Program Files\TermTutor
                2014-09-03 11:43:53 -------- d-----w- C:\Users\leo\AppData\Roaming\0F1L1I1P0H1L1E1E1F
                2014-09-02 13:56:04 -------- d-----w- C:\Program Files\Microsoft LifeCam
                2014-09-02 13:56:04 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
                2014-09-02 13:55:58 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
                2014-09-02 13:51:26 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
                2014-09-01 18:58:58 -------- d-----w- C:\Users\leo\restore
                2014-09-01 18:47:41 -------- d-----w- C:\Program Files\Pixum
                .
                ==================== Find3M ====================
                .
                2014-10-01 17:41:40 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
                2014-09-30 15:10:08 59664 ----a-w- C:\Windows\help\OEM\Scripts\certmgr.exe
                2014-09-23 18:53:07 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                2014-09-23 18:53:07 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                2014-09-15 07:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
                2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
                2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
                2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
                2014-08-21 09:41:11 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
                2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
                2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
                2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
                2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
                2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
                2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
                2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
                2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
                2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
                2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
                2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
                2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
                2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
                2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
                2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
                2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
                2014-08-06 14:07:39 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
                2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
                2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
                2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
                2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
                2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
                2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
                2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
                .
                ============= FINISH: 19:46:18,28 ===============

                Comment


                • #9
                  Tja, je Photoshop is een illegale versie (Cracked), dat is vragen om problemen.
                  Ik advizeer je dan om deze te verwijderren.


                  Download of Update Ccleaner

                  Start CCleaner op.
                  • Run Ccleaner en klik in de linkse kolom op Opties
                  • Selecteer het tabblad Geavanceerd
                  • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                  • Selecteer het tabblad Instellingen
                  • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                  • Klik in de linkse kolom op Cleaner.
                  • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                  • Klik vervolgens in de linkse kolom op Register
                  • Klik op Scan naar problemen.
                  • Op de vraag of je een backup wil maken van het register, klik je "Ja".
                  • Als er fouten gevonden worden klik je op de middelste knop: Herstel alle geselecteerde fouten en OK

                  .


                  Download Combofix naar je bureaublad.
                  (Dus niet naar een download map of temp map)

                  Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                  Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

                  Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

                  Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                  Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                  Als Combofix vraagt om een update, dan staat je dit toe.

                  Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                  Deze kan je vinden als C:\combofix.txt.

                  Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                  * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                  • Illegal operation attempted on a registry key that has been marked for deletion.
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    Combofix hier, DDS in volgende post

                    ComboFix 14-09-29.02 - leo 01/10/2014 21:38:48.1.4 - x64
                    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6071.4238 [GMT 2:00]
                    Gestart vanuit: c:\users\leo\Desktop\ComboFix.exe
                    AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
                    FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
                    SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
                    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                    .
                    ADS - Windows: deleted 384 bytes in 1 streams.
                    .
                    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    c:\users\leo\AppData\Local\Adobe\gccheck.exe
                    c:\users\leo\AppData\Local\Adobe\gtbcheck.exe
                    c:\users\leo\g2mdlhlpx.exe
                    E:\install.exe
                    .
                    .
                    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    -------\Service_Service KMSELDI
                    .
                    .
                    (((((((((((((((((((( Bestanden Gemaakt van 2014-09-01 to 2014-10-01 ))))))))))))))))))))))))))))))
                    .
                    .
                    2014-10-01 19:45 . 2014-10-01 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
                    2014-09-30 10:35 . 2014-09-30 10:35 -------- d-----w- c:\users\leo\AppData\Roaming\BitTorrent
                    2014-09-30 09:18 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
                    2014-09-30 09:17 . 2014-09-30 09:19 -------- d-----w- C:\AdwCleaner
                    2014-09-30 08:23 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7398406A-E6C0-4826-B971-294E20CD7410}\mpengine.dll
                    2014-09-29 21:52 . 2014-09-29 21:52 -------- d-----w- c:\program files (x86)\Common Files\Skype
                    2014-09-29 21:52 . 2014-09-29 21:52 -------- d-----r- c:\program files (x86)\Skype
                    2014-09-28 19:52 . 2014-09-28 19:52 -------- d-----w- c:\users\Public\Foxit Software
                    2014-09-24 10:22 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
                    2014-09-24 10:22 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
                    2014-09-18 20:12 . 2014-09-18 20:12 -------- d-----w- c:\users\leo\AppData\Roaming\Thinstall
                    2014-09-18 20:12 . 2014-09-18 20:12 -------- d-----w- c:\users\leo\AppData\Local\Thinstall
                    2014-09-17 22:18 . 2014-09-17 22:24 -------- d-----w- c:\users\leo\AppData\Roaming\onOne Software
                    2014-09-17 22:18 . 2014-09-17 22:18 -------- d-----w- c:\program files\onOne Software
                    2014-09-17 22:17 . 2014-09-17 22:17 -------- d-----w- c:\program files (x86)\onOne Software
                    2014-09-17 22:17 . 2014-06-25 13:05 70768 ----a-w- c:\windows\SysWow64\nlssrv32.exe
                    2014-09-17 22:17 . 2014-06-25 13:05 70768 ----a-w- c:\windows\system32\nlssrv32.exe
                    2014-09-11 12:37 . 2009-02-24 16:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
                    2014-09-10 23:22 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
                    2014-09-10 23:22 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
                    2014-09-10 12:23 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
                    2014-09-10 12:23 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
                    2014-09-10 12:23 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
                    2014-09-10 12:23 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
                    2014-09-10 12:23 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
                    2014-09-10 12:23 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
                    2014-09-10 12:23 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
                    2014-09-10 12:23 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
                    2014-09-10 12:23 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
                    2014-09-09 07:23 . 2014-09-09 07:23 -------- d-----w- c:\program files (x86)\Cewe Photoservice
                    2014-09-08 15:10 . 2014-09-08 15:10 -------- d-----w- c:\users\leo\AppData\Local\Programs
                    2014-09-08 15:05 . 2014-09-08 15:05 -------- d-----w- c:\users\leo\AppData\Local\Phase_One
                    2014-09-08 15:05 . 2014-09-08 15:05 -------- d-----w- c:\programdata\Phase One
                    2014-09-06 13:31 . 2014-09-06 13:31 -------- d-----w- c:\users\leo\AppData\Roaming\Bigasoft Audio Converter 4
                    2014-09-06 13:14 . 2014-09-06 13:14 -------- d-----w- c:\users\leo\AppData\Roaming\Apowersoft
                    2014-09-06 12:59 . 2014-09-06 12:59 -------- d-----w- c:\users\leo\AppData\Local\Wondershare
                    2014-09-06 12:59 . 2014-09-06 12:59 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
                    2014-09-06 12:59 . 2014-09-15 19:20 -------- d-----w- c:\users\leo\AppData\Roaming\Wondershare
                    2014-09-06 12:58 . 2013-05-30 11:56 29288 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383S(1).sys
                    2014-09-06 12:58 . 2014-09-15 19:20 -------- d-----w- c:\program files (x86)\Wondershare
                    2014-09-03 11:44 . 2014-09-03 11:44 -------- d-----w- c:\program files\TermTutor
                    2014-09-03 11:43 . 2014-09-03 12:35 -------- d-----w- c:\users\leo\AppData\Roaming\0F1L1I1P0H1L1E1E1F
                    2014-09-02 13:56 . 2014-09-02 13:56 -------- d-----w- c:\program files\Microsoft LifeCam
                    2014-09-02 13:56 . 2014-09-02 13:56 -------- d-----w- c:\program files (x86)\Microsoft LifeCam
                    2014-09-02 13:55 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
                    2014-09-02 13:51 . 2014-04-15 11:02 82872 ----a-w- c:\windows\system32\drivers\sbapifs.sys
                    .
                    .
                    .
                    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2014-10-01 17:41 . 2014-06-17 17:44 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
                    2014-09-30 15:10 . 2014-09-30 15:10 59664 ----a-w- c:\windows\help\OEM\Scripts\certmgr.exe
                    2014-09-25 10:48 . 2014-05-19 23:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
                    2014-09-25 08:45 . 2014-05-19 23:18 704136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
                    2014-09-23 18:53 . 2013-07-08 01:45 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                    2014-09-23 18:53 . 2013-07-08 01:45 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                    2014-09-22 09:10 . 2013-07-13 12:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
                    2014-09-15 07:06 . 2013-07-07 20:29 278152 ------w- c:\windows\system32\MpSigStub.exe
                    2014-09-12 20:00 . 2013-07-13 12:19 704136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
                    2014-09-10 23:24 . 2013-07-07 20:36 101694776 ----a-w- c:\windows\system32\MRT.exe
                    2014-08-23 02:07 . 2014-08-28 10:33 404480 ----a-w- c:\windows\system32\gdi32.dll
                    2014-08-23 01:45 . 2014-08-28 10:33 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
                    2014-08-23 00:59 . 2014-08-28 10:33 3163648 ----a-w- c:\windows\system32\win32k.sys
                    2014-08-21 09:41 . 2014-01-16 12:06 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
                    2014-08-06 14:07 . 2014-08-06 14:07 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
                    2014-07-29 18:03 . 2014-04-03 09:58 321448 ----a-w- c:\windows\system32\javaws.exe
                    2014-07-29 18:03 . 2014-01-16 12:06 191400 ----a-w- c:\windows\system32\javaw.exe
                    2014-07-29 18:03 . 2014-01-16 12:06 190888 ----a-w- c:\windows\system32\java.exe
                    2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
                    2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
                    2014-07-14 02:02 . 2014-08-13 08:18 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
                    2014-07-14 01:40 . 2014-08-13 08:18 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
                    2014-07-09 02:03 . 2014-08-13 08:19 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
                    2014-07-09 02:03 . 2014-08-13 08:19 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
                    2014-07-09 02:03 . 2014-08-13 08:19 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
                    2014-07-09 02:03 . 2014-08-13 08:19 6656 ----a-w- c:\windows\system32\KBDRU.DLL
                    2014-07-09 02:03 . 2014-08-13 08:19 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
                    2014-07-09 01:31 . 2014-08-13 08:19 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
                    2014-07-09 01:31 . 2014-08-13 08:19 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
                    .
                    .
                    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                    REGEDIT4
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive1]
                    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
                    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
                    2014-04-19 19:28 223432 ----a-w- c:\users\leo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive2]
                    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
                    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
                    2014-04-19 19:28 223432 ----a-w- c:\users\leo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive3]
                    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
                    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
                    2014-04-19 19:28 223432 ----a-w- c:\users\leo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrivePro1 (ErrorConflict)]
                    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
                    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
                    2014-08-12 07:55 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrivePro2 (SyncInProgress)]
                    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
                    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
                    2014-08-12 07:55 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrivePro3 (InSync)]
                    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
                    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
                    2014-08-12 07:55 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\KAVOverlayIcon]
                    @="{dd230880-495a-11d1-b064-008048ec2fc5}"
                    [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
                    2014-06-17 13:12 458944 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
                    .
                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "uTorrent"="c:\users\leo\AppData\Roaming\uTorrent\uTorrent.exe" [2014-09-23 1416016]
                    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
                    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
                    "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2014-06-17 356128]
                    "PC MaticRT"="c:\program files (x86)\PCPitstop\Super Shield\PCMaticRT.exe" [2014-09-02 1727088]
                    .
                    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                    Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2013-7-9 708608]
                    ProfileReminder.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2013-7-9 954368]
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                    "ConsentPromptBehaviorAdmin"= 5 (0x5)
                    "ConsentPromptBehaviorUser"= 3 (0x3)
                    "EnableUIADesktopToggle"= 0 (0x0)
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
                    "DisableMonitoring"=dword:00000001
                    .
                    R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
                    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
                    R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys;c:\windows\SYSNATIVE\drivers\pdihwctl.sys [x]
                    R3 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
                    R3 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
                    R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
                    R3 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
                    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
                    R3 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
                    R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
                    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x]
                    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
                    R3 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
                    R3 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe;c:\windows\SYSNATIVE\Pen_Tablet .exe [x]
                    R3 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
                    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
                    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
                    R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys;c: \windows\SYSNATIVE\drivers\WsAudioDevice_383S(1).sys [x]
                    S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
                    S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDr v.sys [x]
                    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
                    S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
                    S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
                    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
                    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
                    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
                    S2 PCPitstop Realtime;PCPitstop Realtime;c:\program files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe;c:\program files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [x]
                    S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x]
                    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
                    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
                    S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys;c:\windows\SYSNATIVE\drivers\AVer888RC_64.sys [x]
                    S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer888RCIR_64. sys [x]
                    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
                    S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
                    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
                    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
                    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
                    S3 SeqCal;SeqCal;c:\windows\system32\DRIVERS\SeqCal.sys;c:\windows\SYSNATIVE\DRIVERS\SeqCal.sys [x]
                    .
                    .
                    --- Andere Services/Drivers In Geheugen ---
                    .
                    *NewlyCreated* - WS2IFSL
                    .
                    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
                    ezSharedSvc
                    .
                    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                    2014-08-30 10:22 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe
                    .
                    Inhoud van de 'Gedeelde Taken' map
                    .
                    2014-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
                    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-08 18:53]
                    .
                    .
                    --------- X64 Entries -----------
                    .
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
                    @="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
                    [HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
                    2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
                    @="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
                    [HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
                    2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
                    @="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
                    [HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
                    2014-07-16 09:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
                    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
                    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
                    2014-04-19 19:28 262344 ----a-w- c:\users\leo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
                    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
                    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
                    2014-04-19 19:28 262344 ----a-w- c:\users\leo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
                    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
                    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
                    2014-04-19 19:28 262344 ----a-w- c:\users\leo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
                    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
                    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
                    2014-08-12 07:58 2334416 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
                    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
                    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
                    2014-08-12 07:58 2334416 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
                    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
                    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
                    2014-08-12 07:58 2334416 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KA VOverlayIcon]
                    @="{dd230880-495a-11d1-b064-008048ec2fc5}"
                    [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
                    2014-06-17 13:14 491200 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
                    "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
                    .
                    ------- Bijkomende Scan -------
                    .
                    uStart Page = hxxp://telenet.be/nl
                    uLocal Page = c:\windows\system32\blank.htm
                    mDefault_Page_URL = hxxp://www.google.com
                    mStart Page = hxxp://www.google.com
                    mLocal Page = c:\windows\SysWOW64\blank.htm
                    uInternet Settings,ProxyOverride = *.local
                    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
                    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
                    TCP: DhcpNameServer = 195.130.131.133 195.130.130.5
                    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
                    FF - ProfilePath - c:\users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\a5ihbfby.default\
                    FF - prefs.js: browser.startup.homepage - www.standaard.be
                    .
                    - - - - ORPHANS VERWIJDERD - - - -
                    .
                    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
                    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
                    Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
                    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
                    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                    AddRemove-Foxit Reader Packages - c:\users\leo\AppData\Roaming\0F1L1I1P0H1L1E1E1F\Foxit Reader Packages\uninstaller.exe
                    AddRemove-SyncBack Packages - c:\users\leo\AppData\Roaming\0F1L1I1P0H1L1E1E1F\SyncBack Packages\uninstaller.exe
                    .
                    .
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
                    "ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
                    .
                    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.032"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.abr"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.ani"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.apd"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.bay"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.bw"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="ZPS150.Document.cs1"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.djv"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.djvu"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.icl"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.icn"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.ilbm"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.int"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.inta"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.iw4"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.jbr"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.jfif"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PhotoViewer.FileAssoc.Jpeg"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.jpk"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.lbm"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.pbr"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.rgb"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.rgba"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.rsb"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.sgi"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="ZPS150.Document.thm"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.ttc"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.ttf"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
                    @Denied: (2) (S-1-5-21-204530244-4151676522-2340688244-1000)
                    @Denied: (2) (LocalSystem)
                    "Progid"="PaintShopProX6_64.Image"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.xbm"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.xif"
                    .
                    [HKEY_USERS\S-1-5-21-204530244-4151676522-2340688244-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="ACDSee 16.xpm"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
                    @Denied: (A 2) (Everyone)
                    @="FlashBroker"
                    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
                    "Enabled"=dword:00000001
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
                    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
                    @Denied: (A 2) (Everyone)
                    @="IFlashBroker6"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
                    @="{00020424-0000-0000-C000-000000000046}"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    "Version"="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
                    @Denied: (A 2) (Everyone)
                    @="FlashBroker"
                    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
                    "Enabled"=dword:00000001
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                    @Denied: (A 2) (Everyone)
                    @="Shockwave Flash Object"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
                    "ThreadingModel"="Apartment"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                    @="0"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                    @="ShockwaveFlash.ShockwaveFlash.15"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                    @="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                    @="ShockwaveFlash.ShockwaveFlash"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                    @Denied: (A 2) (Everyone)
                    @="Macromedia Flash Factory Object"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
                    "ThreadingModel"="Apartment"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                    @="FlashFactory.FlashFactory.1"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                    @="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                    @="FlashFactory.FlashFactory"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
                    @Denied: (A 2) (Everyone)
                    @="IFlashBroker6"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
                    @="{00020424-0000-0000-C000-000000000046}"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
                    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                    "Version"="1.0"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
                    @Denied: (A) (Everyone)
                    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
                    @Denied: (A) (Everyone)
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
                    "Key"="ActionsPane3"
                    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
                    @Denied: (Full) (Everyone)
                    .
                    ------------------------ Andere Aktieve Processen ------------------------
                    .
                    c:\program files (x86)\Bonjour\mDNSResponder.exe
                    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
                    .
                    **************************************************************************
                    .
                    Voltooingstijd: 2014-10-01 21:52:24 - machine werd herstart
                    ComboFix-quarantined-files.txt 2014-10-01 19:52
                    .
                    Pre-Run: 359.344.144.384 bytes beschikbaar
                    Post-Run: 358.817.787.904 bytes beschikbaar
                    .
                    - - End Of File - - E68C547111CD8B09DD88A18BB54F3692

                    Comment


                    • #11
                      DDS

                      DDS (Ver_2012-11-20.01) - NTFS_AMD64
                      Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
                      Run by leo at 21:56:33 on 2014-10-01
                      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6071.3926 [GMT 2:00]
                      .
                      AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
                      SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
                      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                      FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
                      .
                      ============== Running Processes ===============
                      .
                      C:\Windows\system32\lsm.exe
                      C:\Windows\system32\svchost.exe -k DcomLaunch
                      C:\Windows\system32\svchost.exe -k RPCSS
                      C:\Windows\system32\atiesrxx.exe
                      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                      C:\Windows\system32\svchost.exe -k LocalService
                      C:\Windows\system32\svchost.exe -k netsvcs
                      C:\Windows\system32\svchost.exe -k GPSvcGroup
                      C:\Windows\system32\svchost.exe -k NetworkService
                      C:\Windows\System32\spoolsv.exe
                      C:\Windows\system32\atieclxx.exe
                      C:\Windows\SYSTEM32\WISPTIS.EXE
                      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                      C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
                      C:\Windows\system32\taskhost.exe
                      C:\Windows\SYSTEM32\WISPTIS.EXE
                      C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
                      C:\Windows\system32\Dwm.exe
                      C:\Program Files (x86)\Bonjour\mDNSResponder.exe
                      C:\Program Files\Microsoft LifeCam\MSCamS64.exe
                      C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
                      C:\Windows\SysWOW64\nlssrv32.exe
                      C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
                      C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
                      C:\Windows\system32\svchost.exe -k imgsvc
                      C:\Windows\System32\svchost.exe -k secsvcs
                      C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
                      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                      C:\Windows\System32\WUDFHost.exe
                      C:\Windows\servicing\TrustedInstaller.exe
                      C:\Windows\system32\SearchIndexer.exe
                      C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
                      C:\Windows\system32\taskeng.exe
                      C:\Windows\system32\wuauclt.exe
                      C:\Windows\system32\notepad.exe
                      C:\Windows\explorer.exe
                      C:\Program Files\Windows Media Player\wmpnetwk.exe
                      C:\Windows\system32\taskeng.exe
                      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                      C:\Windows\system32\taskeng.exe
                      C:\Windows\system32\wbem\wmiprvse.exe
                      C:\Windows\System32\cscript.exe
                      .
                      ============== Pseudo HJT Report ===============
                      .
                      uStart Page = hxxp://telenet.be/nl
                      mStart Page = hxxp://www.google.com
                      mDefault_Page_URL = hxxp://www.google.com
                      BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
                      BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
                      BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
                      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
                      BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
                      BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
                      BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
                      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
                      BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
                      BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
                      uRun: [uTorrent] "C:\Users\leo\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
                      uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
                      mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
                      mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
                      mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
                      mRun: [PC MaticRT] C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
                      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
                      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
                      uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
                      uPolicies-Explorer: NoDrives = dword:0
                      mPolicies-Explorer: NoDrives = dword:0
                      mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
                      mPolicies-System: ConsentPromptBehaviorUser = dword:3
                      mPolicies-System: EnableUIADesktopToggle = dword:0
                      mPolicies-Windows\System: EnableSmartScreen = dword:0
                      IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
                      IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
                      IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
                      IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
                      IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
                      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
                      IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
                      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
                      IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
                      DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
                      TCP: NameServer = 195.130.131.133 195.130.130.5
                      TCP: Interfaces\{D7A5EE61-9E34-4DA0-B336-BE175D9F47DE} : DHCPNameServer = 195.130.131.133 195.130.130.5
                      Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
                      Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
                      Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
                      SSODL: WebCheck - <orphaned>
                      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                      x64-mStart Page = hxxp://www.google.com
                      x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
                      x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
                      x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
                      x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll
                      x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
                      x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
                      x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
                      x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll
                      x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
                      x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
                      x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                      x64-Run: [VX1000] C:\Windows\vVX1000.exe
                      x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
                      x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
                      x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
                      x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
                      x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
                      x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
                      x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
                      x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
                      x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
                      x64-SSODL: WebCheck - <orphaned>
                      x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                      .
                      ================= FIREFOX ===================
                      .
                      FF - ProfilePath - C:\Users\leo\AppData\Roaming\Mozilla\Firefox\Profiles\a5ihbfby.default\
                      FF - prefs.js: browser.startup.homepage - www.standaard.be
                      FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
                      FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
                      FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
                      FF - plugin: C:\Program Files (x86)\Canon\Uploader for CANON iMAGE GATEWAY Plugin\npUploaderForCiG.dll
                      FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
                      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
                      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
                      FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
                      FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
                      FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
                      FF - plugin: C:\Users\leo\AppData\Local\Citrix\Plugins\104\npappdetector.dll
                      FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
                      .
                      ============= SERVICES / DRIVERS ===============
                      .
                      R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-6-17 84536]
                      R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-6-17 66616]
                      R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
                      R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54368]
                      R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
                      R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-18 239616]
                      R2 AVP;Kaspersky Anti-Virus-service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356128]
                      R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-14 13336]
                      R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2014-9-18 70768]
                      R2 PCPitstop Realtime;PCPitstop Realtime;C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [2014-2-7 586352]
                      R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2013-7-8 86632]
                      R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2014-9-2 82872]
                      R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
                      R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\System32\drivers\AVer888RC_64.sys [2013-7-8 543616]
                      R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\System32\drivers\AVer888RCIR_64.sys [2010-1-14 39936]
                      R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-14 56344]
                      R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29280]
                      R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29280]
                      R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-7-8 2350176]
                      R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-8 726160]
                      R3 SeqCal;SeqCal;C:\Windows\System32\drivers\SeqCal.sys [2013-7-8 7808]
                      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
                      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
                      S3 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
                      S3 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
                      S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-11-12 41032]
                      S3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
                      S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
                      S3 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
                      S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-9 19456]
                      S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-1-5 31800]
                      S3 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-8-20 289496]
                      S3 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2014-1-17 1909032]
                      S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
                      S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-9 57856]
                      S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-8 1255736]
                      S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2014-9-6 29288]
                      .
                      =============== File Associations ===============
                      .
                      FileExt: .chm: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
                      .
                      =============== Created Last 30 ================
                      .
                      2014-10-01 19:47:53 -------- d-sh--w- C:\$RECYCLE.BIN
                      2014-10-01 19:37:18 98816 ----a-w- C:\Windows\sed.exe
                      2014-10-01 19:37:18 256000 ----a-w- C:\Windows\PEV.exe
                      2014-10-01 19:37:18 208896 ----a-w- C:\Windows\MBR.exe
                      2014-09-30 10:35:39 -------- d-----w- C:\Users\leo\AppData\Roaming\BitTorrent
                      2014-09-30 09:18:38 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
                      2014-09-30 09:17:46 -------- d-----w- C:\AdwCleaner
                      2014-09-30 08:23:32 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7398406A-E6C0-4826-B971-294E20CD7410}\mpengine.dll
                      2014-09-29 21:52:55 -------- d-----r- C:\Program Files (x86)\Skype
                      2014-09-24 10:22:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
                      2014-09-24 10:22:07 2048 ----a-w- C:\Windows\System32\tzres.dll
                      2014-09-18 20:12:51 -------- d-----w- C:\Users\leo\AppData\Roaming\Thinstall
                      2014-09-18 20:12:51 -------- d-----w- C:\Users\leo\AppData\Local\Thinstall
                      2014-09-17 22:18:35 -------- d-----w- C:\Users\leo\AppData\Roaming\onOne Software
                      2014-09-17 22:18:07 -------- d-----w- C:\Program Files\onOne Software
                      2014-09-17 22:17:18 70768 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
                      2014-09-17 22:17:18 -------- d-----w- C:\Program Files (x86)\onOne Software
                      2014-09-17 22:17:15 70768 ----a-w- C:\Windows\System32\nlssrv32.exe
                      2014-09-11 12:37:51 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
                      2014-09-10 23:22:43 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
                      2014-09-10 23:22:43 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
                      2014-09-10 12:23:46 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
                      2014-09-10 12:23:46 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
                      2014-09-10 12:23:35 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
                      2014-09-10 12:23:35 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
                      2014-09-10 12:23:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
                      2014-09-10 12:23:24 728064 ----a-w- C:\Windows\System32\kerberos.dll
                      2014-09-10 12:23:24 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
                      2014-09-10 12:23:24 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
                      2014-09-10 12:23:24 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
                      2014-09-09 07:23:48 -------- d-----w- C:\Program Files (x86)\Cewe Photoservice
                      2014-09-08 15:10:03 -------- d-----w- C:\Users\leo\AppData\Local\Programs
                      2014-09-08 15:05:53 -------- d-----w- C:\Users\leo\AppData\Local\Phase_One
                      2014-09-08 15:05:16 -------- d-----w- C:\ProgramData\Phase One
                      2014-09-06 13:31:32 -------- d-----w- C:\Users\leo\AppData\Roaming\Bigasoft Audio Converter 4
                      2014-09-06 13:14:44 -------- d-----w- C:\Users\leo\AppData\Roaming\Apowersoft
                      2014-09-06 12:59:22 -------- d-----w- C:\Users\leo\AppData\Local\Wondershare
                      2014-09-06 12:59:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
                      2014-09-06 12:59:14 -------- d-----w- C:\Users\leo\AppData\Roaming\Wondershare
                      2014-09-06 12:58:37 29288 ----a-w- C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys
                      2014-09-06 12:58:28 -------- d-----w- C:\Program Files (x86)\Wondershare
                      2014-09-03 11:44:24 -------- d-----w- C:\Program Files\TermTutor
                      2014-09-03 11:43:53 -------- d-----w- C:\Users\leo\AppData\Roaming\0F1L1I1P0H1L1E1E1F
                      2014-09-02 13:56:04 -------- d-----w- C:\Program Files\Microsoft LifeCam
                      2014-09-02 13:56:04 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
                      2014-09-02 13:55:58 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
                      2014-09-02 13:51:26 82872 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
                      .
                      ==================== Find3M ====================
                      .
                      2014-10-01 17:41:40 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
                      2014-09-30 15:10:08 59664 ----a-w- C:\Windows\help\OEM\Scripts\certmgr.exe
                      2014-09-23 18:53:07 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
                      2014-09-23 18:53:07 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
                      2014-09-15 07:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
                      2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
                      2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
                      2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
                      2014-08-21 09:41:11 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
                      2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
                      2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
                      2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
                      2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
                      2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
                      2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
                      2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
                      2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
                      2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
                      2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
                      2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
                      2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
                      2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
                      2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
                      2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
                      2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
                      2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
                      2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
                      2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
                      2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
                      2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
                      2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
                      2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
                      2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
                      2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
                      2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
                      2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
                      2014-08-06 14:07:39 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
                      2014-07-25 00:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
                      2014-07-24 21:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
                      2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
                      2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
                      2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
                      2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
                      2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
                      2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
                      .
                      ============= FINISH: 21:56:46,56 ===============

                      Comment


                      • #12
                        Geef je verborgen bestanden en mappen weer.

                        Ga naar Virus Total en upload de volgende file:

                        c:\windows\system32\KBDYAK.DLL

                        Druk op verzenden en wacht tot de resultaten verschijnen.
                        Indien het bestand reeds gescant is, laat je deze heranalyseren.(Je klikt dan op Re Analyse)

                        Uit het rapport, koppieer je het volgende:

                        KLIK HIER voor een vergroting! 
                        .
                        Plaats ook even de link naar dat rapport.

                        Doe hetzelfde met c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          SHA256: 33a29a3a94c2f2f9a59a7d6f241b0321951fdc711eb84cb886780279ef464417
                          Bestandsnaam: kbdyba.dll
                          Detectieverhouding: 0 / 54
                          Datum van analyse: 2014-08-14 05:51:59 UTC (1 maand, 2 weken geleden)

                          Link: https://www.virustotal.com/nl/file/3...4417/analysis/

                          Noch in Progran Files noch in PrFiles 86 vind ik een bestand pc-doctor. Zoekopdracht is ook negatief.

                          Comment


                          • #14
                            Aandachtig mijn advies lezen, vonkske.
                            Zoals ik zei:
                            Druk op verzenden en wacht tot de resultaten verschijnen.
                            Indien het bestand reeds gescant is, laat je deze heranalyseren.(Je klikt dan op Re Analyse)
                            Het staat vetgedrukt en in het rood.

                            De analyse die je mij nu laat zien is van 1 maand en 2 weken geleden.
                            Daar ben ik dus niets mee.

                            Terug opnieuw dus....
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              SHA256: 0e9a2a4136ded0e991e7db888786e1d44ab096b581d1df9745ee83d5111c4769
                              Bestandsnaam: KBDYAK.DLL
                              Detectieverhouding: 0 / 52
                              Datum van analyse: 2014-10-02 09:33:10 UTC (0 minuten geleden)

                              link: https://www.virustotal.com/nl/file/0...c4769/analysis
                              /1412242390/

                              Zoals gezegd heb ik geen bestand pc-doctor for windows gevonden.

                              grt, vonkske

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X