Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Frans54
Vandaag na een herstart plotseling een politiebericht op mijn PC.
Ik kon helemaal niets meer.
Heb in de veilige modus opgestart en via de PC van mijn vrouw de aanwijzingen gevolgd en e.e.a. gedownload.
Bijgaand de logjes.
Graag hoor ik of alles nu oké is.
Dit is niet de eerste keer dat ik hier last van heb. Kan het zijn dat er de vorige keer toch iets is blijven hangen?
Frans
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.05.26.03
Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 10.0.9200.16576
Frans :: FRANS-PC
26-5-2013 15:28:12
mbam-log-2013-05-26 (15-28-12).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 222873
Verstreken tijd: 8 minuut/minuten, 36 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ctfmon.exe (Trojan.Agent.Gen) -> Data: C:\PROGRA~3\rundll32.exe C:\PROGRA~3\jbe9.dat,FG00 -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 3
C:\ProgramData\jbe9.dat (Trojan.FakeMS) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Frans\7072857.dll (Trojan.FakeMS) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
# AdwCleaner v2.301 - Verslag gemaakt op 26/05/2013 om 15:03:10
# Geactualiseerd op 16/05/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : Frans - FRANS-PC
# Opstarten Modus : Veillige modus met netwerk
# Gelanceerd vanaf : F:\adwcleaner.exe
# Optie
***** *****
***** *****
***** *****
Sleutel Verwijdert : HKCU\Software\PrivitizeVPNInstallDates
Sleutel Verwijdert : HKLM\Software\AVG Security Toolbar
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
***** *****
-\\ Internet Explorer v10.0.9200.16576
Het register bevat geen enkele ongeoorloofde invoer.
-\\ Mozilla Firefox v13.0.1 (nl)
File : C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\prefs.js
De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
Logfile of random's system information tool 1.09 (written by random/random)
Run by Frans at 2013-05-26 19:11:20
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 502 GB (53%) free of 941 GB
Total RAM: 6071 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:11:25, on 26-5-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal
Running processes:
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Sitecom\Common\RaUI.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Program Files\trend micro\Frans.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll” (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll” (file missing)
O4 - HKLM\..\Run: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2013\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\RaUI.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra ‘Tools’ menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hitachi Backup Service (HitachiBackupService) - Hitachi GST - C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\Users\Frans\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe (file missing)
O23 - Service: vToolbarUpdater15.0.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 11382 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\system32\WLANExt.exe 28107808
\??\C:\Windows\system32\conhost.exe "-29471854416176760213190608306904323981310245859-4571057541617503044-555717349
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“taskhost.exe”
“C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe”
C:\Windows\Explorer.EXE
“C:\Windows\system32\Dwm.exe”
“C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE”
C:\Windows\SysWOW64\svchost.exe -k netsvcs
“C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe”
“C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe”
“C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe”
“c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe”
“C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe”
“C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe”
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9d2e8be6-195d-4601-b98c-0b9047bcd75d -SystemEventPortName:HostProcess-b6fa21fd-fab1-47b0-a730-e722f2570da9 -IoCancelEventPortName:HostProcess-044cd414-6b2b-4212-a62b-3a3b3b7b4992 -NonStateChangingEventPortName:HostProcess-bde1b494-e667-4dbb-9563-5eeb052a0acf -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4af863a5-a64d-4be7-9571-9cd09302f380 -DeviceGroupId:WpdFsGroup
taskeng.exe {A20D7315-8787-44C6-AC27-4CAB53C0980E}
“c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe”
“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe”
“C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe”
“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe”
“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
“C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe” /background
“C:\Program Files\Logitech\SetPointP\SetPoint.exe” /launchGaming
“C:\Program Files\Windows Sidebar\sidebar.exe” /autoRun
“C:\Program Files (x86)\Sitecom\Common\RaUI.exe” -s
“C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe”
“C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe”
“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe”
“C:\Program Files (x86)\AVG\AVG2013\avgui.exe” /TRAYONLY
KHALMNPR.EXE /API
C:\Windows\system32\SearchIndexer.exe /Embedding
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
“C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe” Local\{03EF091C-4B8C-4DE4-ADA6-28D9B9DEDDC9}
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM”
“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe” 0
“C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe”
“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
“C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe” /command_id=a34e6c63-fe11-425a-8e09-2857bb5c7a27 /client_id=da09f135-5444-4e45-8948-6f0521281441
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe12_ Global\UsGthrCtrlFltPipeMssGthrPipe12 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”
“C:\Windows\system32\SearchFilterHost.exe” 0 528 532 540 65536 536
“C:\Users\Frans\Desktop\RSITx64.exe”
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HP Photo Creations Messager.job
C:\Windows\tasks\HPCeeScheduleForFRANS-PC$.job
C:\Windows\tasks\PCDRScheduledMaintenance.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default
prefs.js - “browser.startup.homepage” - “http://www.geocaching.com/”
prefs.js - “extensions.enabledItems” - “{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3, DeviceDetection@logitech.com:1.20.0.66, avg@igeared:6.103.018.001, {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15”
“Description”=Adobe® Flash® Player 11.7.700.202 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
“Description”=Canon MycameraPlugin
“Path”=C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
“Description”=Garmin GPS Control for Firefox
“Path”=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
“Description”=Google Earth in your browser
“Path”=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Windows\SysWOW64\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
“Description”=
“Path”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
“Description”=
“Path”=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
“Description”=Adobe® Flash® Player 11.7.700.202 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
“Description”=
“Path”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
“Description”=
“Path”=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
bing.xml
bolcom-nl.xml
google.xml
marktplaats-nl.xml
wikipedia-nl.xml
C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\extensions\
DeviceDetection@logitech.com
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\searchplugins\
Startpins.xml
======Registry dump======
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
“SmartMenu”=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
“PC-Doctor for Windows localizer”=C:\Program Files\PC-Doctor for Windows\localizer.exe
“EvtMgr6”=C:\Program Files\Logitech\SetPointP\SetPoint.exe
“AdobeAAMUpdater-1.0”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe
“hpsysdrv”=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
“IAStorIcon”=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
“StartCCC”=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
“Easybits Recovery”=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
“RoxWatchTray”=C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
“AVG_UI”=C:\Program Files (x86)\AVG\AVG2013\avgui.exe
“SwitchBoard”=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
“AdobeCS6ServiceManager”=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Sitecom Wireless Utility.lnk - C:\Program Files (x86)\Sitecom\Common\RaUI.exe
Spyder3Utility.lnk - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoDrives”=0
“NoDrives”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“aux2”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2013-05-26 19:11:21 —-D—- C:\Program Files\trend micro
2013-05-26 19:11:20 —-D—- C:\rsit
2013-05-26 16:47:20 —-AD—- C:\Kaspersky Rescue Disk 10.0
2013-05-26 15:51:10 —-D—- C:\Program Files (x86)\ESET
2013-05-26 15:27:14 —-A—- C:\Windows\system32\drivers\mbam.sys
2013-05-26 15:27:11 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-26 15:20:51 —-N—- C:\bootsqm.dat
2013-05-26 15:19:41 —-SHD—- C:\found.000
2013-05-26 15:05:00 —-A—- C:\ProgramData\as98213.txt
2013-05-26 15:03:10 —-A—- C:\AdwCleaner.txt
2013-05-26 14:21:09 —-A—- C:\AdwCleaner.txt
2013-05-26 14:19:33 —-A—- C:\AdwCleaner.txt
2013-05-26 14:12:59 —-A—- C:\Windows\ntbtlog.txt
2013-05-25 00:35:25 —-A—- C:\Windows\SYSWOW64\wininet.dll
2013-05-25 00:35:25 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2013-05-25 00:35:25 —-A—- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-05-25 00:35:25 —-A—- C:\Windows\SYSWOW64\msls31.dll
2013-05-25 00:35:25 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2013-05-25 00:35:25 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2013-05-25 00:35:25 —-A—- C:\Windows\SYSWOW64\elshyph.dll
2013-05-25 00:35:25 —-A—- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-05-25 00:35:25 —-A—- C:\Windows\system32\elshyph.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\wextract.exe
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\webcheck.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\vbscript.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\pngfilt.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\occache.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\msrating.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\mshtmlmedia.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\mshtmler.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\mshtmled.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\mshta.exe
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\msfeedssync.exe
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\msfeedsbs.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\jscript.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\inseng.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\imgutil.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\iexpress.exe
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\iesysprep.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\iepeers.dll
2013-05-25 00:35:24 —-A—- C:\Windows\SYSWOW64\IEAdvpack.dll
2013-05-25 00:35:23 —-A—- C:\Windows\SYSWOW64\url.dll
2013-05-25 00:35:23 —-A—- C:\Windows\SYSWOW64\licmgr10.dll
2013-05-25 00:35:23 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2013-05-25 00:35:23 —-A—- C:\Windows\SYSWOW64\ieui.dll
2013-05-25 00:35:23 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2013-05-25 00:35:23 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2013-05-25 00:35:23 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2013-05-25 00:35:23 —-A—- C:\Windows\SYSWOW64\iedkcs32.dll
2013-05-25 00:35:23 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll
2013-05-25 00:35:23 —-A—- C:\Windows\SYSWOW64\ieapfltr.dat
2013-05-25 00:35:23 —-A—- C:\Windows\SYSWOW64\icardie.dll
2013-05-25 00:35:23 —-A—- C:\Windows\SYSWOW64\dxtrans.dll
2013-05-25 00:35:23 —-A—- C:\Windows\SYSWOW64\dxtmsft.dll
2013-05-25 00:35:23 —-A—- C:\Windows\system32\urlmon.dll
2013-05-25 00:35:23 —-A—- C:\Windows\system32\RegisterIEPKEYs.exe
2013-05-25 00:35:23 —-A—- C:\Windows\system32\msrating.dll
2013-05-25 00:35:23 —-A—- C:\Windows\system32\iertutil.dll
2013-05-25 00:35:22 —-A—- C:\Windows\system32\wininet.dll
2013-05-25 00:35:22 —-A—- C:\Windows\system32\msls31.dll
2013-05-25 00:35:22 —-A—- C:\Windows\system32\jsproxy.dll
2013-05-25 00:35:22 —-A—- C:\Windows\system32\iernonce.dll
2013-05-25 00:35:22 —-A—- C:\Windows\system32\ieapfltr.dll
2013-05-25 00:35:22 —-A—- C:\Windows\system32\ieapfltr.dat
2013-05-25 00:35:22 —-A—- C:\Windows\system32\ie4uinit.exe
2013-05-25 00:35:22 —-A—- C:\Windows\system32\icardie.dll
2013-05-25 00:35:22 —-A—- C:\Windows\system32\dxtrans.dll
2013-05-25 00:35:22 —-A—- C:\Windows\system32\dxtmsft.dll
2013-05-25 00:35:21 —-A—- C:\Windows\system32\url.dll
2013-05-25 00:35:21 —-A—- C:\Windows\system32\mshtmlmedia.dll
2013-05-25 00:35:21 —-A—- C:\Windows\system32\iesetup.dll
2013-05-25 00:35:21 —-A—- C:\Windows\system32\iedkcs32.dll
2013-05-25 00:35:20 —-A—- C:\Windows\system32\wextract.exe
2013-05-25 00:35:20 —-A—- C:\Windows\system32\webcheck.dll
2013-05-25 00:35:20 —-A—- C:\Windows\system32\vbscript.dll
2013-05-25 00:35:20 —-A—- C:\Windows\system32\occache.dll
2013-05-25 00:35:20 —-A—- C:\Windows\system32\mshtmled.dll
2013-05-25 00:35:20 —-A—- C:\Windows\system32\mshtml.dll
2013-05-25 00:35:20 —-A—- C:\Windows\system32\msfeeds.dll
2013-05-25 00:35:20 —-A—- C:\Windows\system32\licmgr10.dll
2013-05-25 00:35:20 —-A—- C:\Windows\system32\inseng.dll
2013-05-25 00:35:20 —-A—- C:\Windows\system32\iexpress.exe
2013-05-25 00:35:20 —-A—- C:\Windows\system32\ieUnatt.exe
2013-05-25 00:35:19 —-A—- C:\Windows\system32\SetIEInstalledDate.exe
2013-05-25 00:35:19 —-A—- C:\Windows\system32\pngfilt.dll
2013-05-25 00:35:19 —-A—- C:\Windows\system32\mshtmler.dll
2013-05-25 00:35:19 —-A—- C:\Windows\system32\mshta.exe
2013-05-25 00:35:19 —-A—- C:\Windows\system32\msfeedssync.exe
2013-05-25 00:35:19 —-A—- C:\Windows\system32\msfeedsbs.dll
2013-05-25 00:35:19 —-A—- C:\Windows\system32\jscript9.dll
2013-05-25 00:35:19 —-A—- C:\Windows\system32\jscript.dll
2013-05-25 00:35:19 —-A—- C:\Windows\system32\imgutil.dll
2013-05-25 00:35:19 —-A—- C:\Windows\system32\ieui.dll
2013-05-25 00:35:19 —-A—- C:\Windows\system32\iesysprep.dll
2013-05-25 00:35:19 —-A—- C:\Windows\system32\iepeers.dll
2013-05-25 00:35:19 —-A—- C:\Windows\system32\IEAdvpack.dll
2013-05-25 00:35:18 —-A—- C:\Windows\system32\ieframe.dll
2013-05-25 00:34:29 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 00:34:29 —-AH—- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 00:34:29 —-AH—- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-25 00:34:29 —-AH—- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 00:34:29 —-AH—- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 00:34:28 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-25 00:34:28 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-25 00:34:28 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-25 00:34:28 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 00:34:28 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 00:34:28 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 00:34:28 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 00:34:28 —-AH—- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 00:34:28 —-AH—- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-25 00:34:28 —-AH—- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-25 00:34:28 —-AH—- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-25 00:34:28 —-AH—- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-25 00:34:28 —-AH—- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-25 00:34:27 —-A—- C:\Windows\SYSWOW64\XpsPrint.dll
2013-05-25 00:34:27 —-A—- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2013-05-25 00:34:27 —-A—- C:\Windows\SYSWOW64\WMPhoto.dll
2013-05-25 00:34:27 —-A—- C:\Windows\SYSWOW64\WindowsCodecsExt.dll
2013-05-25 00:34:27 —-A—- C:\Windows\SYSWOW64\WindowsCodecs.dll
2013-05-25 00:34:27 —-A—- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2013-05-25 00:34:27 —-A—- C:\Windows\SYSWOW64\DWrite.dll
2013-05-25 00:34:27 —-A—- C:\Windows\SYSWOW64\d3d11.dll
2013-05-25 00:34:27 —-A—- C:\Windows\SYSWOW64\d3d10level9.dll
2013-05-25 00:34:27 —-A—- C:\Windows\SYSWOW64\d3d10core.dll
2013-05-25 00:34:27 —-A—- C:\Windows\SYSWOW64\d3d10_1core.dll
2013-05-25 00:34:27 —-A—- C:\Windows\SYSWOW64\d3d10_1.dll
2013-05-25 00:34:27 —-A—- C:\Windows\SYSWOW64\d3d10.dll
2013-05-25 00:34:27 —-A—- C:\Windows\system32\XpsPrint.dll
2013-05-25 00:34:27 —-A—- C:\Windows\system32\XpsGdiConverter.dll
2013-05-25 00:34:27 —-A—- C:\Windows\system32\WMPhoto.dll
2013-05-25 00:34:27 —-A—- C:\Windows\system32\msmpeg2vdec.dll
2013-05-25 00:34:27 —-A—- C:\Windows\system32\FntCache.dll
2013-05-25 00:34:27 —-A—- C:\Windows\system32\dxgi.dll
2013-05-25 00:34:27 —-A—- C:\Windows\system32\DWrite.dll
2013-05-25 00:34:27 —-A—- C:\Windows\system32\d3d11.dll
2013-05-25 00:34:27 —-A—- C:\Windows\system32\d3d10warp.dll
2013-05-25 00:34:27 —-A—- C:\Windows\system32\d2d1.dll
2013-05-25 00:34:26 —-A—- C:\Windows\SYSWOW64\UIAnimation.dll
2013-05-25 00:34:26 —-A—- C:\Windows\SYSWOW64\dxgi.dll
2013-05-25 00:34:26 —-A—- C:\Windows\SYSWOW64\d3d10warp.dll
2013-05-25 00:34:26 —-A—- C:\Windows\SYSWOW64\d2d1.dll
2013-05-25 00:34:26 —-A—- C:\Windows\system32\WindowsCodecsExt.dll
2013-05-25 00:34:26 —-A—- C:\Windows\system32\WindowsCodecs.dll
2013-05-25 00:34:26 —-A—- C:\Windows\system32\UIAnimation.dll
2013-05-25 00:34:26 —-A—- C:\Windows\system32\d3d10level9.dll
2013-05-25 00:34:26 —-A—- C:\Windows\system32\d3d10core.dll
2013-05-25 00:34:26 —-A—- C:\Windows\system32\d3d10_1core.dll
2013-05-25 00:34:26 —-A—- C:\Windows\system32\d3d10_1.dll
2013-05-25 00:34:26 —-A—- C:\Windows\system32\d3d10.dll
2013-05-24 12:18:22 —-A—- C:\Windows\system32\wwansvc.dll
2013-05-24 12:18:22 —-A—- C:\Windows\system32\wwanprotdim.dll
2013-05-24 12:18:22 —-A—- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-24 12:18:22 —-A—- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-24 12:18:22 —-A—- C:\Windows\system32\cdd.dll
2013-05-24 12:18:11 —-A—- C:\Windows\system32\shell32.dll
2013-05-24 12:18:11 —-A—- C:\Windows\system32\shdocvw.dll
2013-05-24 12:18:11 —-A—- C:\Windows\system32\authui.dll
2013-05-24 12:18:10 —-A—- C:\Windows\SYSWOW64\shell32.dll
2013-05-24 12:18:10 —-A—- C:\Windows\SYSWOW64\shdocvw.dll
2013-05-24 12:18:10 —-A—- C:\Windows\SYSWOW64\authui.dll
2013-05-24 12:18:10 —-A—- C:\Windows\system32\consent.exe
2013-05-24 12:18:10 —-A—- C:\Windows\system32\appinfo.dll
2013-05-24 12:17:56 —-A—- C:\Windows\system32\win32k.sys
======List of files/folders modified in the last 1 month======
2013-05-26 19:11:25 —-D—- C:\Windows\Prefetch
2013-05-26 19:11:21 —-RD—- C:\Program Files
2013-05-26 19:07:38 —-D—- C:\ProgramData
2013-05-26 15:56:01 —-D—- C:\Windows\Temp
2013-05-26 15:53:36 —-D—- C:\Windows\system32\config
2013-05-26 15:51:10 —-RD—- C:\Program Files (x86)
2013-05-26 15:44:27 —-D—- C:\Windows\SYSWOW64\drivers
2013-05-26 15:33:22 —-D—- C:\Windows\system32\catroot2
2013-05-26 15:27:14 —-D—- C:\Windows\system32\drivers
2013-05-26 14:21:13 —-D—- C:\Program Files (x86)\Common Files
2013-05-26 14:12:59 —-D—- C:\Windows
2013-05-26 14:05:19 —-D—- C:\Users\Frans\AppData\Roaming\HpUpdate
2013-05-26 14:05:19 —-D—- C:\Users\Frans\AppData\Roaming\HP Support Assistant
2013-05-26 08:08:19 —-D—- C:\ProgramData\MFAData
2013-05-26 05:20:16 —-D—- C:\Program Files (x86)\Mozilla Firefox
2013-05-25 08:50:42 —-D—- C:\Windows\rescache
2013-05-25 00:43:58 —-D—- C:\Windows\winsxs
2013-05-25 00:43:33 —-D—- C:\Windows\Panther
2013-05-25 00:41:20 —-D—- C:\Windows\SYSWOW64\nl-NL
2013-05-25 00:41:18 —-D—- C:\Windows\system32\nl-NL
2013-05-25 00:41:14 —-D—- C:\Program Files (x86)\Internet Explorer
2013-05-25 00:41:12 —-D—- C:\Program Files\Internet Explorer
2013-05-25 00:41:10 —-D—- C:\Windows\SYSWOW64\migration
2013-05-25 00:41:09 —-D—- C:\Windows\SYSWOW64\en-US
2013-05-25 00:41:07 —-D—- C:\Windows\SysWOW64
2013-05-25 00:41:03 —-D—- C:\Windows\inf
2013-05-25 00:41:02 —-D—- C:\Windows\system32\migration
2013-05-25 00:41:02 —-D—- C:\Windows\PolicyDefinitions
2013-05-25 00:41:01 —-D—- C:\Windows\system32\en-US
2013-05-25 00:41:00 —-D—- C:\Windows\System32
2013-05-25 00:40:53 —-D—- C:\Windows\SYSWOW64\zh-HK
2013-05-25 00:40:53 —-D—- C:\Windows\SYSWOW64\pt-PT
2013-05-25 00:40:53 —-D—- C:\Windows\SYSWOW64\pt-BR
2013-05-25 00:40:53 —-D—- C:\Windows\SYSWOW64\pl-PL
2013-05-25 00:40:53 —-D—- C:\Windows\SYSWOW64\ko-KR
2013-05-25 00:40:53 —-D—- C:\Windows\SYSWOW64\it-IT
2013-05-25 00:40:53 —-D—- C:\Windows\SYSWOW64\hu-HU
2013-05-25 00:40:53 —-D—- C:\Windows\SYSWOW64\fr-FR
2013-05-25 00:40:53 —-D—- C:\Windows\SYSWOW64\el-GR
2013-05-25 00:40:52 —-D—- C:\Windows\SYSWOW64\zh-TW
2013-05-25 00:40:52 —-D—- C:\Windows\SYSWOW64\zh-CN
2013-05-25 00:40:52 —-D—- C:\Windows\SYSWOW64\tr-TR
2013-05-25 00:40:52 —-D—- C:\Windows\SYSWOW64\sv-SE
2013-05-25 00:40:52 —-D—- C:\Windows\SYSWOW64\ru-RU
2013-05-25 00:40:52 —-D—- C:\Windows\SYSWOW64\nb-NO
2013-05-25 00:40:52 —-D—- C:\Windows\SYSWOW64\ja-JP
2013-05-25 00:40:52 —-D—- C:\Windows\SYSWOW64\fi-FI
2013-05-25 00:40:52 —-D—- C:\Windows\SYSWOW64\es-ES
2013-05-25 00:40:52 —-D—- C:\Windows\SYSWOW64\de-DE
2013-05-25 00:40:52 —-D—- C:\Windows\SYSWOW64\da-DK
2013-05-25 00:40:52 —-D—- C:\Windows\SYSWOW64\cs-CZ
2013-05-25 00:40:50 —-D—- C:\Windows\system32\zh-HK
2013-05-25 00:40:50 —-D—- C:\Windows\system32\pt-PT
2013-05-25 00:40:50 —-D—- C:\Windows\system32\pt-BR
2013-05-25 00:40:50 —-D—- C:\Windows\system32\pl-PL
2013-05-25 00:40:50 —-D—- C:\Windows\system32\ko-KR
2013-05-25 00:40:50 —-D—- C:\Windows\system32\it-IT
2013-05-25 00:40:50 —-D—- C:\Windows\system32\hu-HU
2013-05-25 00:40:50 —-D—- C:\Windows\system32\el-GR
2013-05-25 00:40:49 —-D—- C:\Windows\system32\zh-TW
2013-05-25 00:40:49 —-D—- C:\Windows\system32\tr-TR
2013-05-25 00:40:49 —-D—- C:\Windows\system32\sv-SE
2013-05-25 00:40:49 —-D—- C:\Windows\system32\fr-FR
2013-05-25 00:40:49 —-D—- C:\Windows\system32\fi-FI
2013-05-25 00:40:49 —-D—- C:\Windows\system32\es-ES
2013-05-25 00:40:48 —-D—- C:\Windows\system32\zh-CN
2013-05-25 00:40:48 —-D—- C:\Windows\system32\ru-RU
2013-05-25 00:40:48 —-D—- C:\Windows\system32\nb-NO
2013-05-25 00:40:48 —-D—- C:\Windows\system32\ja-JP
2013-05-25 00:40:48 —-D—- C:\Windows\system32\de-DE
2013-05-25 00:40:48 —-D—- C:\Windows\system32\cs-CZ
2013-05-25 00:40:47 —-D—- C:\Windows\system32\da-DK
2013-05-25 00:38:49 —-D—- C:\Windows\Logs
2013-05-25 00:38:32 —-D—- C:\Windows\system32\catroot
2013-05-25 00:31:52 —-SHD—- C:\System Volume Information
2013-05-24 17:17:05 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-05-24 15:55:40 —-SHD—- C:\Windows\Installer
2013-05-24 15:55:19 —-D—- C:\Program Files\Common Files\Microsoft Shared
2013-05-24 14:34:22 —-RSD—- C:\Windows\assembly
2013-05-24 14:34:22 —-D—- C:\Windows\Microsoft.NET
2013-05-24 14:18:05 —-D—- C:\Windows\AppPatch
2013-05-24 13:10:12 —-D—- C:\ProgramData\Microsoft Help
2013-05-24 13:05:53 —-A—- C:\Windows\system32\MRT.exe
2013-05-24 12:33:18 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-05-24 12:20:32 —-A—- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys
R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys
R2 Sentinel64;Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\Windows\system32\DRIVERS\SNTUSB64.SYS
R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys
S1 A2DDA;A2 Direct Disk Access Support Driver; \??\K:\EmsisoftEmergencyKit\Run\a2ddax64.sys
S1 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 Spyder3;Datacolor Spyder3; C:\Windows\system32\DRIVERS\Spyder3.sys
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
R2 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe
R2 HitachiBackupService;Hitachi Backup Service; C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
R2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
R3 RoxMediaDB10;RoxMediaDB10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
S2 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
S2 SessionLauncher;SessionLauncher; C:\Users\Frans\AppData\Local\Temp\DX9\SessionLauncher.exe
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
—————–EOF—————–
