Mededeling

Collapse
No announcement yet.

heropening topic 27-04-2016:mailadres genereert eigenhandig berichten

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • heropening topic 27-04-2016:mailadres genereert eigenhandig berichten

    Hallo,
    Aanvankelijk leek het probleem opgelost maar nu is het terug aan de gang: een willekeurig aantal contacten wordt aangeschreven vanop mijn mailadres met valse berichten (gisteren nog reclame voor medicijnen om zo intelligent te worden als Stephen Hawkins In bijlage kan je er eentje vinden (mailadressen uit adresboek werden doorstreept of gedeletet)

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 8/05/2016
    Scantijd: 23:15
    Logboekbestand: mbamlog.txt
    Beheerder: Ja

    Versie: 2.2.1.1043
    Malware-database: v2016.05.08.04
    Rootkit-database: v2016.05.06.01
    Licentie: Premium
    Malware-bescherming: Ingeschakeld
    Bescherming tegen kwaadaardige websites: Ingeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 10
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: Leo

    Scantype: Aangepaste scan
    Resultaat: Voltooid
    Objecten gescand: 560151
    Verstreken tijd: 2 u., 2 min, 49 sec

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaarden: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 0
    (Geen kwaadaardige items gedetecteerd)

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)


    # AdwCleaner v5.116 - Logbestand aangemaakt 09/05/2016 op 11:23:54
    # Laatste update 09/05/2016 door Xplode
    # Database : 2016-05-09.1 [Server]
    # Besturingssysteem : Windows 10 Home (X64)
    # Gebruikersnaam : Leo - DESKTOP-H2G7JK4
    # Gestart vanuit : C:\Users\Leo\Desktop\adwcleaner_5.116.exe
    # Optie : Scannen
    # Ondersteuning : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Mappen ] *****


    ***** [ Bestanden ] *****


    ***** [ DLL ] *****


    ***** [ WMI ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ Geplande taken ] *****


    ***** [ Register ] *****


    ***** [ Internetbrowsers ] *****


    *************************

    C:\AdwCleaner\AdwCleaner[S1].txt - [670 bytes] - [09/05/2016 11:23:54]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [742 bytes] ##########


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.10586.20
    Run by Leo at 11:28:53 on 2016-05-09
    Microsoft Windows 10 Home 10.0.10586.0.1252.32.1043.18.12245.8396 [GMT 2:00]
    .
    AV: Kaspersky Total Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Total Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Total Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k RPCSS
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\WINDOWS\system32\atiesrxx.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\spoolsv.exe
    C:\WINDOWS\system32\WLANExt.exe
    C:\WINDOWS\System32\svchost.exe -k utcsvc
    C:\WINDOWS\system32\dashost.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\ksm.exe
    C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    C:\WINDOWS\system32\svchost.exe -k appmodel
    C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\WINDOWS\System32\dwm.exe
    C:\WINDOWS\system32\atieclxx.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
    C:\WINDOWS\system32\sihost.exe
    C:\WINDOWS\system32\taskhostw.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\smui.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\WINDOWS\Explorer.EXE
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    C:\Program Files\Tablet\Wacom\WacomHost.exe
    C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\WINDOWS\system32\SettingSyncHost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
    C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    C:\WINDOWS\system32\ApplicationFrameHost.exe
    C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\CCleaner\CCleaner64.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www2.telenet.be/nl/
    uLocal Page = %11%\blank.htm
    BHO: Virtual Keyboard Plugin: {6E11DD15-E054-4F89-840D-CD04499407A3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\IEExt\ie_plugin.dll
    BHO: Kaspersky Protection plugin: {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll
    BHO: Safe Money Plugin: {CE5452FA-F4B3-4422-BE64-D4B1093F6DFF} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\IEExt\ie_plugin.dll
    BHO: Content Blocker Plugin: {D48EC204-5CFE-43FD-8CC9-B4BC8645CD46} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\IEExt\ie_plugin.dll
    TB: Kaspersky Protection toolbar: {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll
    uRun: [Spotify Web Helper] "C:\Users\Leo\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    uRun: [Spotify] "C:\Users\Leo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    StartupFolder: C:\Users\Leo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INKTWA~1.LNK - C:\WINDOWS\System32\RunDll32.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    mPolicies-System: DSCAutomationHostEnabled = dword:2
    mPolicies-Windows\System: EnableSmartScreen = dword:0
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office16\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll/105
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    TCP: NameServer = 195.130.131.5 195.130.130.5
    TCP: Interfaces\{6e7498c5-e31e-46ad-ba34-0e38fb70c6d0} : DHCPNameServer = 195.130.131.133 195.130.130.5
    TCP: Interfaces\{9baca6b7-3204-469b-ac24-9ff09734e086} : DHCPNameServer = 195.130.131.5 195.130.130.5
    TCP: Interfaces\{ce096b84-6f7a-49cf-9a8e-3133359ce9b3} : DHCPNameServer = 195.130.130.134 195.130.131.134
    Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = ""
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
    x64-BHO: Virtual Keyboard Plugin: {6E11DD15-E054-4F89-840D-CD04499407A3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\x64\IEExt\ie_plugin.dll
    x64-BHO: Kaspersky Protection plugin: {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll
    x64-BHO: Safe Money Plugin: {CE5452FA-F4B3-4422-BE64-D4B1093F6DFF} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\x64\IEExt\ie_plugin.dll
    x64-BHO: Content Blocker Plugin: {D48EC204-5CFE-43FD-8CC9-B4BC8645CD46} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\x64\IEExt\ie_plugin.dll
    x64-TB: Kaspersky Protection toolbar: {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll
    x64-Run: [RtHDVBg_SOUNDEDGE] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SOUNDEDGE
    x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [StartCN] "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
    x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
    x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
    x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
    x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
    Hosts: 0.0.0.0 cdn.mbamupdates.com
    Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    Hosts: 0.0.0.0 media.opencandy.com
    Hosts: 0.0.0.0 cdn.opencandy.com
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\tdun0omk.default-1448055285435\
    FF - prefs.js: browser.startup.homepage - www.destandaard.be
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\FFExt\[email protected]\npContentBlocker.dll
    FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\FFExt\[email protected]\npOnlineBanking.dll
    FF - plugin: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\FFExt\[email protected]\npVKPlugin.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
    FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll
    .
    ---- FIREFOX POLICIES ----
    .
    FF - user.js: plugin.state.npcontentblocker - 2
    .
    FF - user.js: plugin.state.nponlinebanking - 2
    .
    FF - user.js: plugin.state.npvkplugin - 2
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);C:\WINDOWS\System32\drivers\cm_km.sys [2015-7-6 389816]
    R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2014-6-7 1462720]
    R0 kl1sm;kl1sm;C:\WINDOWS\System32\drivers\kl1sm.sys [2015-10-8 478392]
    R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\WINDOWS\System32\drivers\klbackupdisk.sys [2015-6-6 53432]
    R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
    R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
    R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
    R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
    R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
    R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
    R1 klbackupflt;Kaspersky Lab klbackupflt;C:\WINDOWS\System32\drivers\klbackupflt.sys [2015-6-27 70512]
    R1 klhk;Kaspersky Lab service driver;C:\WINDOWS\System32\drivers\klhk.sys [2015-11-16 227512]
    R1 KLIFSM;Kaspersky Lab SafeMoney Driver;C:\WINDOWS\System32\drivers\klifsm.sys [2015-12-13 812448]
    R1 klpd;Kaspersky Lab format recognizer driver;C:\WINDOWS\System32\drivers\klpd.sys [2015-6-8 41352]
    R1 klwfp;klwfp;C:\WINDOWS\System32\drivers\klwfp.sys [2015-6-27 87944]
    R1 Klwtp;Klwtp;C:\WINDOWS\System32\drivers\klwtp.sys [2015-6-16 102584]
    R1 Klwtpsm;Klwtpsm;C:\WINDOWS\System32\drivers\klwtpsm.sys [2015-10-8 99720]
    R1 kneps;kneps;C:\WINDOWS\System32\drivers\kneps.sys [2015-6-23 187056]
    R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-8-20 2020056]
    R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2016-4-1 260112]
    R2 AVP16.0.0;Kaspersky Anti-Virus-service 16.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [2015-8-12 194000]
    R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
    R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
    R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-9-28 26680]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-7-11 223520]
    R2 kldisk;kldisk;C:\WINDOWS\System32\drivers\kldisk.sys [2015-6-6 77728]
    R2 KSM3.5.0;Kaspersky Fraud Prevention for Endpoint Service 3.5.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Fraud Prevention for Endpoint 3.5\ksm.exe [2015-10-8 194000]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-5-3 1514464]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-5-3 1136608]
    R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-6-24 316152]
    R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
    R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
    R2 Unchecky;Unchecky;C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [2016-4-30 254904]
    R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
    R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2015-11-21 730304]
    R3 AmUStor;AM USB Stroage Driver;C:\WINDOWS\System32\drivers\AmUStor.sys [2015-11-20 92312]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 111120]
    R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
    R3 hidkmdf;KMDF Driver;C:\WINDOWS\System32\drivers\hidkmdf.sys [2015-11-21 14016]
    R3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-5-19 335872]
    R3 klflt;Kaspersky Lab Kernel DLL;C:\WINDOWS\System32\drivers\klflt.sys [2015-11-16 181640]
    R3 klfltsm;Kaspersky Lab SafeMoney Kernel DLL;C:\WINDOWS\System32\drivers\klfltsm.sys [2015-12-13 159960]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\WINDOWS\System32\drivers\klkbdflt.sys [2015-6-6 41656]
    R3 klkbdfltsm;Kaspersky Lab KLKBDFLTSM;C:\WINDOWS\System32\drivers\klkbdfltsm.sys [2015-10-8 40304]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\System32\drivers\klmouflt.sys [2015-6-7 41656]
    R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
    R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
    R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2016-5-3 27008]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-5-3 192216]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2016-5-3 65408]
    R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
    R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
    R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-11-16 896768]
    R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\WINDOWS\System32\drivers\rtwlane.sys [2015-11-16 4620504]
    R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
    R3 UEFI;Microsoft UEFI-stuurprogramma;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
    R3 WacHidRouter;Wacom Hid Router;C:\WINDOWS\System32\drivers\wachidrouter.sys [2015-11-21 103616]
    R3 wacomrouterfilter;Wacom Router Filter Driver;C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [2015-11-21 15040]
    R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-4-12 694784]
    S0 klelam;klelam;C:\WINDOWS\System32\drivers\klelam.sys [2015-6-24 30328]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\WINDOWS\System32\drivers\klim6.sys [2015-6-11 39608]
    S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
    S2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-5-19 7680]
    S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
    S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
    S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
    S3 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmafd.sys [2016-3-21 23240]
    S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
    S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
    S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
    S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
    S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
    S3 buttonconverter;Service voor Portable Device Control-apparaten;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
    S3 CapImg;HID-stuurprogramma voor CapImg-touchscreen;C:\WINDOWS\System32\drivers\capimg.sys [2015-12-3 117248]
    S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
    S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
    S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
    S3 diagnosticshub.standardcollector.service;Microsoft(R) Diagnostics Hub Standard Collector-service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
    S3 DmEnrollmentSvc;Registratieservice voor Apparaatbeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
    S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
    S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
    S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
    S3 EyeOneDisplay;EyeOneDisplay;C:\WINDOWS\System32\drivers\i1display_x64.sys [2016-4-11 7808]
    S3 genericusbfn;Algemene USB-functieklasse;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
    S3 hidinterrupt;Algemeen stuurprogramma voor HID-knoppen waarvoor interrupts zijn geïmplementeerd;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
    S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
    S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
    S3 iaLPSSi_GPIO;Stuurprogramma van Intel(R) Serial IO GPIO-controller;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
    S3 iaLPSSi_I2C;Stuurprogramma voor Intel(R) Serial IO I2C-controller;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
    S3 iaStorAV;Intel(R) SATA RAID-controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
    S3 ibbus;Mellanox InfiniBand Bus/AL (filterstuurprogramma);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
    S3 icssvc;Windows Mobiele hotspotservice;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
    S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
    S3 intelpep;Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing ;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
    S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
    S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
    S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
    S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
    S3 ndfltr;NetworkDirect-service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
    S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
    S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
    S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
    S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
    S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
    S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
    S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
    S3 RetailDemo;Retaildemoservice;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
    S3 Revoflt;Revoflt;C:\WINDOWS\System32\drivers\revoflt.sys [2015-11-17 31800]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUStor.sys [2015-1-7 263896]
    S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
    S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
    S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
    S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
    S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
    S3 SmsRouter;Microsoft Windows SMS Router-service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
    S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
    S3 storufs;Microsoft Universal Flash Storage (UFS)-stuurprogramma;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
    S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
    S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
    S3 UcmUcsi;UCSI-client van USB-connectorbeheer;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
    S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
    S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-4-12 258912]
    S3 UfxChipidea;Chipidea USB-controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
    S3 ufxsynopsys;Synopsys USB-controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
    S3 UrsChipidea;Stuurprogramma voor Chipidea USB Role-Switch;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
    S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
    S3 UrsSynopsys;Stuurprogramma voor Synopsys USB Role-Switch;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
    S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
    S3 vhf;Virtual HID Framework (VHF)-stuurprogramma;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
    S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
    S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
    S3 vssbrigde64;vssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [2015-7-9 144640]
    S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
    S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
    S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
    S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
    S3 WinMad;WinMad-service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
    S3 WinVerbs;WinVerbs-service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
    S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
    S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
    S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
    S3 XblAuthManager;Xbox Live-verificatiebeheer;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
    S3 XblGameSave;Games opslaan op Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
    S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-2 238592]
    S3 XboxNetApiSvc;Netwerkservice van Xbox Live;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
    S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-4-12 26112]
    S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
    S4 tzautoupdate;Updater van automatische tijdzone;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
    .
    =============== Created Last 30 ================
    .
    2016-05-09 09:23:41 -------- d-----w- C:\AdwCleaner
    2016-05-08 18:48:43 -------- d-----w- C:\Program Files\CCleaner
    2016-05-07 09:52:30 300488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\repB8A9.tmp
    2016-05-03 09:41:27 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    2016-05-03 09:31:30 65408 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
    2016-05-03 09:31:30 27008 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
    2016-05-03 09:31:30 140672 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    2016-05-03 09:31:30 -------- d---a-w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-05-03 09:31:30 -------- d-----w- C:\ProgramData\Malwarebytes
    2016-04-30 14:12:56 -------- d---a-w- C:\Program Files (x86)\Unchecky
    2016-04-30 14:12:56 -------- d-----w- C:\ProgramData\Unchecky
    2016-04-28 13:08:40 -------- d---a-w- C:\Program Files (x86)\ZHPFix
    2016-04-28 12:08:34 -------- d-----w- C:\Users\Leo\AppData\Roaming\ZHP
    2016-04-22 19:00:19 -------- d-----w- C:\Users\Leo\AppData\Local\BlueStacks
    2016-04-22 18:33:21 -------- d-----w- C:\ProgramData\BlueStacksSetup
    2016-04-12 18:09:59 7474016 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
    2016-04-12 18:08:59 162816 ----a-w- C:\WINDOWS\SysWow64\MTF.dll
    2016-04-11 18:32:51 7808 ----a-w- C:\WINDOWS\System32\drivers\i1display_x64.sys
    2016-04-11 18:32:51 51600 ----a-w- C:\WINDOWS\System32\drivers\i1iO2_x64.sys
    2016-04-11 18:32:51 51600 ----a-w- C:\WINDOWS\System32\drivers\i1_x64.sys
    2016-04-11 18:32:51 -------- d-----w- C:\Program Files (x86)\X-Rite
    2016-04-11 18:32:49 503808 ----a-w- C:\WINDOWS\SysWow64\msvcp71.dll
    2016-04-11 18:32:49 348160 ----a-w- C:\WINDOWS\SysWow64\msvcr71.dll
    2016-04-11 18:32:49 1060864 ----a-w- C:\WINDOWS\SysWow64\MFC71.dll
    2016-04-11 18:32:40 -------- d-----w- C:\Program Files (x86)\GretagMacbeth
    .
    ==================== Find3M ====================
    .
    2016-04-06 18:32:08 829944 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
    2016-04-06 18:32:08 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
    2016-04-02 04:13:14 369912 ----a-w- C:\WINDOWS\System32\audiodg.exe
    2016-04-02 04:10:46 730344 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
    2016-04-02 04:10:39 374008 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
    2016-04-02 04:10:25 770640 ----a-w- C:\WINDOWS\System32\iuilp.dll
    2016-04-02 03:30:16 151040 ----a-w- C:\WINDOWS\System32\VEStoreEventHandlers.dll
    2016-04-02 03:29:38 127488 ----a-w- C:\WINDOWS\System32\VEDataLayerHelpers.dll
    2016-04-02 03:29:29 83968 ----a-w- C:\WINDOWS\SysWow64\VEDataLayerHelpers.dll
    2016-04-02 03:26:25 630272 ----a-w- C:\WINDOWS\System32\PhoneProviders.dll
    2016-04-02 03:25:58 239104 ----a-w- C:\WINDOWS\SysWow64\NotificationObjFactory.dll
    2016-04-02 03:25:42 278528 ----a-w- C:\WINDOWS\System32\NotificationObjFactory.dll
    2016-04-02 03:23:44 219648 ----a-w- C:\WINDOWS\SysWow64\VEEventDispatcher.dll
    2016-04-02 03:23:05 285696 ----a-w- C:\WINDOWS\System32\VEEventDispatcher.dll
    2016-04-02 03:21:17 498688 ----a-w- C:\WINDOWS\System32\tileobjserver.dll
    2016-04-02 03:19:00 1054208 ----a-w- C:\WINDOWS\System32\audiosrv.dll
    2016-04-02 03:18:47 988160 ----a-w- C:\WINDOWS\System32\SharedStartModel.dll
    2016-04-02 03:15:47 1090048 ----a-w- C:\WINDOWS\System32\RDXService.dll
    2016-04-02 03:14:35 3994624 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
    2016-04-02 03:09:17 1832448 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
    2016-04-02 03:08:48 2193408 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
    2016-04-02 03:07:41 2158592 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
    2016-04-02 03:07:22 3575296 ----a-w- C:\WINDOWS\System32\SystemSettingsThresholdAdminFlowUI.dll
    2016-04-02 03:03:52 4774912 ----a-w- C:\WINDOWS\System32\actxprxy.dll
    2016-04-02 03:00:39 1390080 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
    2016-03-31 22:46:50 143600 ----a-w- C:\WINDOWS\SysWow64\atiuxpag.dll
    2016-03-31 22:46:48 162784 ----a-w- C:\WINDOWS\System32\atiuxp64.dll
    2016-03-31 22:46:46 8669624 ----a-w- C:\WINDOWS\SysWow64\atiumdva.dll
    2016-03-31 22:46:32 7466024 ----a-w- C:\WINDOWS\SysWow64\atiumdag.dll
    2016-03-31 22:46:12 8929400 ----a-w- C:\WINDOWS\System32\atiumd64.dll
    2016-03-31 22:46:04 112400 ----a-w- C:\WINDOWS\SysWow64\atiu9pag.dll
    2016-03-31 22:46:02 130616 ----a-w- C:\WINDOWS\System32\atiu9p64.dll
    2016-03-31 22:46:00 81200 ----a-w- C:\WINDOWS\SysWow64\atimpc32.dll
    2016-03-31 22:45:58 11735800 ----a-w- C:\WINDOWS\System32\atidxx64.dll
    2016-03-31 22:45:38 9675944 ----a-w- C:\WINDOWS\SysWow64\atidxx32.dll
    2016-03-31 22:45:22 1539560 ----a-w- C:\WINDOWS\System32\aticfx64.dll
    2016-03-31 22:45:16 1265208 ----a-w- C:\WINDOWS\SysWow64\aticfx32.dll
    2016-03-31 22:45:12 8468248 ----a-w- C:\WINDOWS\System32\amdxc64.dll
    2016-03-31 22:44:56 6658376 ----a-w- C:\WINDOWS\SysWow64\amdxc32.dll
    2016-03-31 22:44:38 88032 ----a-w- C:\WINDOWS\System32\amdpcom64.dll
    2016-03-31 22:44:38 81192 ----a-w- C:\WINDOWS\SysWow64\amdpcom32.dll
    2016-03-31 22:44:36 471344 ----a-w- C:\WINDOWS\System32\amdmiracast.dll
    2016-03-31 22:44:36 151968 ----a-w- C:\WINDOWS\System32\amdhcp64.dll
    2016-03-31 22:44:34 138416 ----a-w- C:\WINDOWS\SysWow64\amdhcp32.dll
    2016-03-31 22:44:26 120768 ----a-w- C:\WINDOWS\System32\amdave64.dll
    2016-03-31 22:44:24 112400 ----a-w- C:\WINDOWS\SysWow64\amdave32.dll
    2016-03-31 22:39:12 106000 ----a-w- C:\WINDOWS\System32\mantleaxl64.dll
    2016-03-31 22:39:10 98320 ----a-w- C:\WINDOWS\SysWow64\mantleaxl32.dll
    2016-03-31 22:39:10 136208 ----a-w- C:\WINDOWS\System32\mantle64.dll
    2016-03-31 22:39:06 122392 ----a-w- C:\WINDOWS\SysWow64\mantle32.dll
    2016-03-31 22:39:04 203800 ----a-w- C:\WINDOWS\System32\hsa-thunk64.dll
    2016-03-31 22:39:02 183312 ----a-w- C:\WINDOWS\SysWow64\hsa-thunk.dll
    2016-03-31 22:39:00 218648 ----a-w- C:\WINDOWS\System32\GameManager64.dll
    2016-03-31 22:38:58 195088 ----a-w- C:\WINDOWS\SysWow64\GameManager32.dll
    2016-03-31 22:38:52 232984 ----a-w- C:\WINDOWS\System32\dgtrayicon.exe
    2016-03-31 22:38:52 12824 ----a-w- C:\WINDOWS\System32\detoured.dll
    2016-03-31 22:38:50 12824 ----a-w- C:\WINDOWS\SysWow64\detoured.dll
    2016-03-31 22:38:48 874008 ----a-w- C:\WINDOWS\System32\coinst_16.15.dll
    2016-03-31 22:38:46 243728 ----a-w- C:\WINDOWS\System32\clinfo.exe
    2016-03-31 22:36:34 97808 ----a-w- C:\WINDOWS\System32\atisamu64.dll
    2016-03-31 22:36:34 199704 ----a-w- C:\WINDOWS\System32\atitmm64.dll
    2016-03-31 22:36:32 89624 ----a-w- C:\WINDOWS\SysWow64\atisamu32.dll
    2016-03-31 22:36:30 25077784 ----a-w- C:\WINDOWS\SysWow64\atioglxx.dll
    2016-03-31 22:36:08 59928 ----a-w- C:\WINDOWS\System32\ATIODCLI.exe
    2016-03-31 22:36:08 341520 ----a-w- C:\WINDOWS\System32\ATIODE.exe
    2016-03-31 22:35:36 87056 ----a-w- C:\WINDOWS\System32\atimuixx.dll
    2016-03-31 22:35:34 685592 ----a-w- C:\WINDOWS\System32\drivers\atikmpag.sys
    2016-03-31 22:35:28 26354192 ----a-w- C:\WINDOWS\System32\drivers\atikmdag.sys
    2016-03-31 22:35:10 78864 ----a-w- C:\WINDOWS\SysWow64\atiglpxx.dll
    2016-03-31 22:35:10 78864 ----a-w- C:\WINDOWS\System32\atiglpxx.dll
    2016-03-31 22:35:08 151056 ----a-w- C:\WINDOWS\SysWow64\atigktxx.dll
    2016-03-31 22:35:06 84504 ----a-w- C:\WINDOWS\System32\atig6pxx.dll
    2016-03-31 22:35:06 166416 ----a-w- C:\WINDOWS\System32\atig6txx.dll
    2016-03-31 22:35:04 260112 ----a-w- C:\WINDOWS\System32\atiesrxx.exe
    2016-03-31 22:35:02 573456 ----a-w- C:\WINDOWS\System32\atieclxx.exe
    2016-03-31 22:35:02 171032 ----a-w- C:\WINDOWS\System32\atieah64.exe
    2016-03-31 22:35:00 154136 ----a-w- C:\WINDOWS\SysWow64\atieah32.exe
    2016-03-31 22:33:48 5428752 ----a-w- C:\WINDOWS\SysWow64\amdvlk32.dll
    2016-03-31 22:33:38 48221720 ----a-w- C:\WINDOWS\System32\amdocl64.dll
    2016-03-31 22:33:14 26895896 ----a-w- C:\WINDOWS\System32\amdocl12cl64.dll
    2016-03-31 22:33:00 21739024 ----a-w- C:\WINDOWS\SysWow64\amdocl12cl.dll
    2016-03-31 22:32:32 40135696 ----a-w- C:\WINDOWS\SysWow64\amdocl.dll
    2016-03-31 22:32:16 59408 ----a-w- C:\WINDOWS\System32\amdmmcl6.dll
    2016-03-31 22:32:16 48152 ----a-w- C:\WINDOWS\SysWow64\amdmmcl.dll
    2016-03-31 22:32:12 6893584 ----a-w- C:\WINDOWS\System32\amdmantle64.dll
    2016-03-31 22:31:58 5406736 ----a-w- C:\WINDOWS\SysWow64\amdmantle32.dll
    2016-03-31 22:31:48 710168 ----a-w- C:\WINDOWS\System32\amdlvr64.dll
    2016-03-31 22:31:48 588816 ----a-w- C:\WINDOWS\SysWow64\amdlvr32.dll
    2016-03-31 22:31:38 143376 ----a-w- C:\WINDOWS\System32\amdhdl64.dll
    2016-03-31 22:31:36 213528 ----a-w- C:\WINDOWS\System32\amdgfxinfo64.dll
    2016-03-31 22:31:36 198680 ----a-w- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
    2016-03-31 22:31:36 132112 ----a-w- C:\WINDOWS\SysWow64\amdhdl32.dll
    2016-03-31 22:31:34 305400 ----a-w- C:\WINDOWS\System32\drivers\amdacpksd.sys
    2016-03-31 22:31:32 73744 ----a-w- C:\WINDOWS\System32\OpenCL.dll
    2016-03-31 22:31:30 68120 ----a-w- C:\WINDOWS\SysWow64\OpenCL.dll
    2016-03-31 21:32:30 30386712 ----a-w- C:\WINDOWS\System32\atio6axx.dll
    2016-03-31 21:29:28 9618792 ----a-w- C:\WINDOWS\System32\atiumd6a.dll
    2016-03-31 21:29:24 88032 ----a-w- C:\WINDOWS\System32\atimpc64.dll
    2016-03-29 10:23:38 277856 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
    2016-03-29 10:22:12 874968 ----a-w- C:\WINDOWS\System32\winresume.exe
    .
    ============= FINISH: 11:29:11,46 ===============


    GMER 2.2.19882 - http://www.gmer.net
    Rootkit scan 2016-05-09 11:33:50
    Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 ST1000DM003-1ER162 rev.HP51 931,51GB
    Running: shypt2hf.exe; Driver: C:\Users\Leo\AppData\Local\Temp\kfndaaow.sys


    ---- Disk sectors - GMER 2.2 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- Threads - GMER 2.2 ----

    Thread C:\WINDOWS\system32\svchost.exe [1324:2868] 00007ffb08589670
    Thread C:\WINDOWS\system32\svchost.exe [1324:3328] 00007ffb0857e0e0
    Thread C:\WINDOWS\system32\svchost.exe [1324:3760] 00007ffb070cc040
    Thread C:\WINDOWS\system32\svchost.exe [1324:11752] 00007ffb070cc040
    Thread C:\WINDOWS\system32\svchost.exe [1324:8648] 00007ffb070cc040
    Thread C:\WINDOWS\system32\svchost.exe [1324:4252] 00007ffb0a55a180
    Thread C:\WINDOWS\system32\svchost.exe [1324:1140] 00007ffb08585a40
    Thread C:\WINDOWS\system32\svchost.exe [1620:3360] 00007ffb06d30160
    Thread C:\WINDOWS\system32\svchost.exe [1620:3372] 00007ffb06d35ab0
    Thread C:\WINDOWS\system32\svchost.exe [1620:3380] 00007ffb06d39e00
    Thread C:\WINDOWS\system32\svchost.exe [1620:3384] 00007ffb06d39720
    Thread C:\WINDOWS\system32\svchost.exe [1620:3388] 00007ffb06d394f0
    Thread C:\WINDOWS\system32\svchost.exe [1620:3396] 00007ffb06c89fd0
    Thread C:\WINDOWS\system32\svchost.exe [1620:3400] 00007ffb0a524440
    Thread C:\WINDOWS\system32\svchost.exe [1620:4312] 00007ffb06d38d30
    Thread C:\WINDOWS\System32\spoolsv.exe [1840:7244] 00007ffb07896320
    Thread C:\WINDOWS\System32\spoolsv.exe [1840:7248] 00007ffb077d29a0
    Thread C:\WINDOWS\system32\csrss.exe [9524:10816] fffff9604d0e4060
    Thread C:\Windows\System32\RuntimeBroker.exe [7712:5776] 00007ffb0b9e0250

    ---- EOF - GMER 2.2 ----
    Bijgevoegde Bestanden

  • #2
    Download AdwCleaner by Xplode naar je bureaublad.

    Sluit alle openstaande programma's.
    Rechtsklik op AdwCleaner en klik op 'Als administrator uitvoeren...'.

    Klik op Scannen.
    Na het scannen, klik op Verwijderen.
    In het venster '- AdwCleaner – Programma's sluiten -' klik op OK.

    Tijdens de opruim-actie zullen de snelkoppelingen verdwijnen, dit is normaal.
    Na het verwijderen verschijnen 2 meldingen:
    In het venster '- AdwCleaner – Informatie -' klik op OK.
    In het venster '- AdwCleaner – Herstart benodigd -' klik op OK.

    Nadat de computer herstart is, opent een logbestand.
    Sluit het logbestand.
    Post het bestand C:\AdwCleaner\AdwCleaner[C1].txt als bijlage in je volgend bericht.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Te vermelden: na de mail in bijlage heb ik geen vreemde mailberichten meer ontvangen.

      # AdwCleaner v5.116 - Logbestand aangemaakt 10/05/2016 op 20:02:25
      # Laatste update 09/05/2016 door Xplode
      # Database : 2016-05-09.1 [Server]
      # Besturingssysteem : Windows 10 Home (X64)
      # Gebruikersnaam : Leo - DESKTOP-H2G7JK4
      # Gestart vanuit : C:\Users\Leo\Downloads\adwcleaner_5.116.exe
      # Optie : Scannen
      # Ondersteuning : http://toolslib.net/forum

      ***** [ Services ] *****


      ***** [ Mappen ] *****


      ***** [ Bestanden ] *****


      ***** [ DLL ] *****


      ***** [ WMI ] *****


      ***** [ Snelkoppelingen ] *****


      ***** [ Geplande taken ] *****


      ***** [ Register ] *****


      ***** [ Internetbrowsers ] *****


      *************************

      C:\AdwCleaner\AdwCleaner[S1].txt - [820 bytes] - [09/05/2016 11:23:54]
      C:\AdwCleaner\AdwCleaner[S2].txt - [894 bytes] - [10/05/2016 20:00:03]
      C:\AdwCleaner\AdwCleaner[S3].txt - [966 bytes] - [10/05/2016 20:01:42]
      C:\AdwCleaner\AdwCleaner[S4].txt - [888 bytes] - [10/05/2016 20:02:25]

      ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [960 bytes] ##########

      Comment


      • #4
        Ik neem aan dat het eerste logje wel het een en ander te melden had, zo te zien meerdere keren achter elkaar gerund ?

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Toch niet, ik herhaalde het omdat ik een melding kreeg dat er geen fouten waren gevonden en er niet gevraagd werd om de pc af te sluiten.
          Eerlijk waar !

          Vergeet niet dat ik vorige week samen met jou al een volledige cleaning deed.
          Last edited by vonkske; 10-05-16, 22:11. Reden: aanvulling

          Comment


          • #6
            Download ZHPDiag via onderstaande link:
            - ZHPDiag (klik op de blauwe knop 'TÉLÉCHARGER !')
            Bewaar het op je bureaublad.

            Antivirussoftware uitschakelen
            Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPDiag.

            ZHPDiag uitvoeren
            • Rechtsklik op ZHPDiag3.exe en klik op Als Administrator uitvoeren.
            • Klik op "I agree" in het openingsscherm "TERMS OF USE".
            • Klik op "Scanner" en wacht geduldig tot dit klaar is.
            • Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op je bureaublad, post deze als bijlage in je volgende bericht.
              (Het logbestand kan je ook terugvinden in de map %AppData%\ZHP.)

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              zhpdiag.txt in bijlage
              Bijgevoegde Bestanden

              Comment


              • #8
                Download ZHPfix naar het bureaublad.
                ZHPFix installeren:
                • Rechtsklik op ZHPFix.exe en klik op "Als Administrator uitvoeren".
                • Klik meerdere keren op "Suivant" en vervolgens op "Installer" om het programma te installeren.
                • Klik daarna op "Terminer".


                Kopieer onderstaande code volledig:

                Code:
                Script ZHPFix
                http://www.nicolascoolman.fr/?p=989  =>HackTool.KMSpico
                http://www.nicolascoolman.fr/?p=5145  =>.Superfluous.WellKnownMedia
                
                shortcutfix
                emptytemp
                emptyflash
                Schakel uw antivirussoftware tijdelijk uit.
                ZHPFix uitvoeren:
                • Dubbelklik op de snelkoppeling ZHPFix op het bureaublad.
                • De geselecteerde scriptcode wordt in het venster van ZHPFix geplakt. Gebeurt dit niet automatisch, rechtsklik dan in het venster van ZHPFix en klik op Plakken.
                • Druk op de knop "Importeren".
                • Druk daarna onderaan op de knop "Go".
                • Wacht nu geduldig af tot er een logje opent.

                Post het logbestand met de naam "ZHPFix[r1].txt" als bijlage in je volgend bericht.

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  zie bijlage
                  Bijgevoegde Bestanden

                  Comment


                  • #10
                    Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.
                    • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
                    • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
                    • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
                    • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
                    • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
                    • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
                    • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
                    • Als het verwijderen gereed is klikt u op de knop "Rapport bekijken" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
                    • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
                    • Herstart nu de computer.

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      Je aanwijzingen klopten niet helemaal met wat er op de programmaschermen verscheen. Ik post een malwarescan en een aangepaste scan waarbij ik alles aanvinkte. Ik hoop dat je daar mee verder kan.

                      Emsisoft Emergency Kit - Versie 10.0
                      Laatste Update: 12/05/2016 18:52:56
                      Gebruikersaccount: DESKTOP-H2G7JK4\Leo

                      Scaninstellingen:

                      Scanmodus: Aangepaste scan
                      Objecten: Rootkits, Geheugen, Sporen, C:\, D:\

                      Detecteer PUPs: Aan
                      Scan archieven: Aan
                      ADS Scan: Aan
                      Bestandsextensiefilter: Aan
                      Geselecteerd: |.asp|.bat|.cab|.cgi|.chm|.cla|.class|.cmd|.com|.cpl|.ini|.css|.dll|.elf|.exe|.hlp|.hta|.htm|.html|. zip|.wh|.jar|.jpe|.jpeg|.jpg|.js|.jse|.lnk|.ocx|.php|.pif|.rar|.xpi|.reg|.scr|.sh|.shs|.src|.sys|.tx t|.vbs|.vxd|.wmf|.doc|.docx|.xls|.xlsx|.ppt|.pptx|.pdf|
                      Geavanceerde cache: Aan
                      Directe schijftoegang: Aan

                      Scan gestart: 12/05/2016 19:37:42

                      Gescand: 310517
                      Gevonden: 0

                      Scan geëindigd: 12/05/2016 19:39:18
                      Scantijd: 0:01:36


                      Emsisoft Emergency Kit - Versie 10.0
                      Laatste Update: 12/05/2016 18:52:56
                      Gebruikersaccount: DESKTOP-H2G7JK4\Leo

                      Scaninstellingen:

                      Scanmodus: Malware Scan
                      Objecten: Rootkits, Geheugen, Sporen, Bestanden

                      Detecteer PUPs: Uit
                      Scan archieven: Uit
                      ADS Scan: Aan
                      Bestandsextensiefilter: Uit
                      Geavanceerde cache: Aan
                      Directe schijftoegang: Uit

                      Scan gestart: 12/05/2016 19:32:20

                      Gescand: 82098
                      Gevonden: 0

                      Scan geëindigd: 12/05/2016 19:35:59
                      Scantijd: 0:03:39

                      Comment


                      • #12
                        Gevonden: 0

                        Dat is niet veel!

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Dat is niet enkel niet veel, dat is niks.
                          Na de mail die ik in bijlage bij mijn eerste post zette, heb ik ook geen reacties van contactpersonen meer gehad en heb ik ook geen vreemde posts in mijn eigen postvak gevonden.

                          Moet ik nu nog iets ondernemen?

                          Comment


                          • #14
                            Bescherming tegen ongewenste software.

                            Unchecky voorkomt installatie van ongewenste software

                            Dubbelklik op het installatiebestand unchecky_setup.exe om de installatie te starten.
                            In het scherm wat nu verschijnt kunt u voor meer opties kiezen, op deze manier kunt u zelf de locatie instellen waar Unchecky geïnstalleerd dien te worden.
                            Klik vervolgens op de knop Install om Unchecky te installeren.
                            Wanneer de installatie van Unchecky gereed is klikt u op Finish.
                            Start na de installatie wel even de computer opnieuw op, dit om de wijzigingen in het hostsbestand van Windows door te voeren.



                            Misschien ook beter om Hitmanproalert te installeren. Alert
                            Uitleg hieronder.
                            Uitleg

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              Unchecky is reeds geïnstalleerd sedert de vorige keer.
                              Hitman alert heb ik er nu ook opgezet.

                              Mogen de door jou aangeraden tools die ik downloade voor de analyse verwijderen ?

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X