Pc al enkele dagen van slag

Wim

18-02-2014 02:10

Beste prikbordexperts,
Na het installeren van een zgn hulpprogramma van een toch wel betrouwbare site: http://www.computeridee.nl/achtergrond/de-25-favoriete-tools-van-de-faqman/
heeft mijn pc wat kuren gekregen, het hoofdprobleem is vooral dat ie langzamer is geworden, en dat er ongeacht ik welk antivirusprogramma ik gebruik, er iedere keer wel iets gevonden wordt. Ik heb helaas niet bijgehouden om welke virussen/malware het ging, omdat ik dacht me er wel uit te redden zonder de hulp van het av pribord
Hopelijk kunnen jullie iets zien? Ik heb uiteraard het stappenplan uitgevoerd, en zelfs met zo n beetje alle bekende av programma s een online scan uitgevoerd.
hier mijn logje van hijackthis en mbam.
Mvg,
Willem
Logfile of random's system information tool 1.09 (written by random/random)
Run by Willem at 2014-02-18 02:04:39
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 98 GB (33%) free of 294 GB
Total RAM: 4086 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:04:49, on 18-2-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Willem.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: End of entries inserted by Spybot - Search & Destroy
O1 - Hosts: 67.221.174.30 tagged.com
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.113.152.32 istockphoto.com
O1 - Hosts: 208.94.0.38 yfrog.com
O1 - Hosts: 63.309.5.102 virustotal.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 74.208.73.101 qvc.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 213.238.60.190 xing.com
O1 - Hosts: 59.106.98.139 seesaa.net
O1 - Hosts: 184.72.253.170 hootsuite.com
O1 - Hosts: 211.151.146.16 soku.com
O1 - Hosts: 72.32.120.222 metacafe.com
O1 - Hosts: 204.11.109.133 tribalfusion.com
O1 - Hosts: 207.154.14.31tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 174.36.244.132 linkwithin.com
O1 - Hosts: 121.67.203.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 103.67.101.13 trendmicro.com
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.116.241.57 softonic.com
O1 - Hosts: 208.83.243.15 match.com202.57.69.84 nwt.com
O1 - Hosts: 65.11.53.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.157 nozonedata.com
O1 - Hosts: 76.106.43.251 nachtagenten.com
O1 - Hosts: 195.82.124.124 musicmatch.com
O1 - Hosts: 70.52.56.163 moscowtimes.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 61.178.63.198 mgd.com
O1 - Hosts: 174.142.24.205 mediastorm.hu
O1 - Hosts: 38.113.207.59 media-servers.com
O1 - Hosts: 116.66.206.161 m5prod.com
O1 - Hosts: 74.175.65.66 lupa.com
O1 - Hosts: 207.200.66.53 liveintercom.com
O1 - Hosts: 71.96.135.20 keenspace.com
O1 - Hosts: 202.51.107.37 jetsoftware.com
O1 - Hosts: 60.251.54.208 jamba.com
O1 - Hosts: 222.161.3.133 ir.com
O1 - Hosts: 200.24.227.170 investopedia.com
O1 - Hosts: 202.149.24.216 choiceradio.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 141.76.45.18 chip.com
O1 - Hosts: 128.006.192.15 redv.net
O1 - Hosts: 194.42.17.124 cgi.com
O1 - Hosts: 199.26.254.66 centcomm.com
O1 - Hosts: 202.149.24.216 digitallook.com
O1 - Hosts: 60.251.189.134 domainfactory.com
O1 - Hosts: 222.161.3.133 dvdfocomm.nu
O1 - Hosts: 157.95.56.15 e-kolay.com
O1 - Hosts: 85.249.23.115 eurosport.com
O1 - Hosts: 189.104.149.61 f1cd.com
O1 - Hosts: 125.162.92.234 free6.com
O1 - Hosts: 80.81.159.20 cdmworldsoftware.com
O1 - Hosts: 117.102.101.219 grafika.com
O1 - Hosts: 85.249.23.115 adware-delete.com
O1 - Hosts: 69.89.22.135 hbv.com
O1 - Hosts: 92.48.201.39 protectorsuite.com
O1 - Hosts: 128.31.1.16 howstuffworks.com
O1 - Hosts: 132.239.17.2 httpool.com
O1 - Hosts: 85.249.23.117 hyena.com
O1 - Hosts: 219.139.158.59 iinfo.com67.221.174.30 tagged.com
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.113.152.32 istockphoto.com
O1 - Hosts: 208.94.0.38 yfrog.com
O1 - Hosts: 63.309.5.102 virustotal.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 74.208.73.101 qvc.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 213.238.60.190 xing.com
O1 - Hosts: 59.106.98.139 seesaa.net
O1 - Hosts: 184.72.253.170 hootsuite.com
O1 - Hosts: 211.151.146.16 soku.com
O1 - Hosts: 72.32.120.222 metacafe.com
O1 - Hosts: 204.11.109.133 tribalfusion.com
O1 - Hosts: 207.154.14.31tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 174.36.244.132 linkwithin.com
O1 - Hosts: 121.67.203.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 103.67.101.13 trendmicro.com
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.116.241.57 softonic.com
O1 - Hosts: 208.83.243.15 match.com202.57.69.84 nwt.com
O1 - Hosts: 65.11.53.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.157 nozonedata.com
O1 - Hosts: 76.106.43.251 nachtagenten.com
O1 - Hosts: 195.82.124.124 musicmatch.com
O1 - Hosts: 70.52.56.163 moscowtimes.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 61.178.63.198 mgd.com
O1 - Hosts: 174.142.24.205 mediastorm.hu
O1 - Hosts: 38.113.207.59 media-servers.com
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe” -app -hosterid:1
O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE” /splash
O4 - HKLM\..\RunOnce: %WINDIR%\SMINST\VistaLauncher.exe
O4 - HKCU\..\Run: C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKUS\S-1-5-18\..\RunOnce: reg.exe delete “HKCU\Software\AppDataLow\Software\panda4_0dn” /f (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\RunOnce: reg.exe delete “HKCU\Software\panda4_0dn” /f (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\RunOnce: reg.exe delete “HKCU\Software\AppDataLow\Software\panda4_0dn” /f (User ‘Default user’)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - https://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myheritage.com/FP/ImageUploader/ImageUploader5.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HiSuiteOuc64.exe - Unknown owner - C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 19375 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
“C:\Windows\system32\nvvsvc.exe”
“C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe”
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE”
“C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe”
“C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe”
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe”
“C:\Program Files\Bonjour\mDNSResponder.exe”
“C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe”
“C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe”
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
“C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe” -hosterid:0
“C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe”
“C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE” /service /stopevent=672 /ipcexch=780
C:\Windows\system32\hasplms.exe -run
“C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe” -/service
“C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe” -/service
“C:\Program Files (x86)\Common Files\Motive\McciCMService.exe”
“C:\Program Files\Common Files\Motive\McciCMService.exe”
C:\Windows\SysWOW64\nlssrv32.exe
“C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe”
“C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe”
“C:\Program Files (x86)\PDF Architect\HelperService.exe”
“C:\Program Files (x86)\PDF Architect\ConversionService.exe”
C:\Windows\SysWOW64\PnkBstrA.exe
“c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe”
“C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe”
“C:\Windows\system32\rundll32.exe” Shell32.dll,Control_RunDLL mmsys.cpl
“C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe”
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe”
WLIDSvcM.exe 2092
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe”
“C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE”
“C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe”
oid 1.3.6.1.4.1.2213.11.1.27.64 HosterGroupType 0
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\fssm32.exe” 3 868 880 884
“C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe”
C:\Windows\system32\wbem\wmiprvse.exe
“C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe”
C:\Windows\system32\SearchIndexer.exe /Embedding
“C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe”
C:\Windows\system32\nvvsvc.exe -session -first
“taskhost.exe”
“C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe” serviceapp
taskeng.exe {4986187F-C940-4B5F-BAEC-BCF78B62320A}
\??\C:\Windows\system32\conhost.exe "-1283071955-635151189-365211233-969394659518258249-18555360709144826831035382942
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
“C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe”
“C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe”
“C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe” -scheduler
“C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe”
“C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe” -app -hosterid:1
“C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE” /splash
“C:/Program Files/NVIDIA Corporation/Display/nvtray.exe” -user_has_logged_in 1
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
“C:\Windows\system32\wuauclt.exe”
“C:\Windows\system32\NOTEPAD.EXE” C:\rsit\log.txt
“C:\Program Files\Internet Explorer\iexplore.exe”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:6980 CREDAT:267521 /prefetch:2
“C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe”
AdblockPlusEngine.exe nl-NL
“C:\Windows\System32\MsSpellCheckingFacility.exe” -Embedding
taskeng.exe {1CDBD35C-8BD8-4C0B-AAC4-8D91802AD995}
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:6980 CREDAT:1971481 /prefetch:2
C:\Windows\system32\wbem\wmiprvse.exe
“C:\Users\Willem\Desktop\RSITx64 (1).exe”
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce0b1024662774.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Willem\AppData\Roaming\Mozilla\Firefox\Profiles\0rcaef2i.default
“Description”=Adobe® Flash® Player 12.0.0.44 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
“Description”=Adobe Shockwave Player
“Path”=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
“Description”=Google Earth in your browser
“Path”=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
“Description”=Picasa3 plugin
“Path”=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=Motive Plugin
“Path”=C:\Program Files (x86)\Common Files\Motive\npMotive.dll
“Description”=NVIDIA stereo images plugin for Mozilla browsers
“Path”=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
“Description”=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
“Path”=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
“Description”=VLC Multimedia Plugin
“Path”=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
“Description”=
“Path”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
“Description”=Adobe® Flash® Player 11.9.900.170 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
“Description”=VLC Multimedia Plugin
“Path”=C:\Program Files\VideoLAN\VLC\npvlc.dll
“Description”=
“Path”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
McSiteAdvisor.xml
C:\Users\Willem\AppData\Roaming\Mozilla\Firefox\Profiles\0rcaef2i.default\extensions\
ascsurfingprotection@iobit.com
jid1-yZwVFzbsyfMrqQ@jetpack
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
{e001c731-5e37-4538-a5cb-8168736a2360}
Wilm

18-02-2014 02:11

-Vervolg
======Registry dump======
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
WOT Helper - C:\Program Files\WOT\WOT.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
Adblock Plus for IE Browser Helper Object - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
Advanced SystemCare Browser Protection - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
WOT Helper - C:\Program Files (x86)\WOT\WOT.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
Adblock Plus for IE Browser Helper Object - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
{CF0F43AB-9C23-4D7B-8040-201B82844854}
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files (x86)\WOT\WOT.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
“Nvtmru”=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
“ShadowPlay”=C:\Windows\system32\nvspcap64.dll
“NvBackend”=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
“ISUSPM”=C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
“swg”=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ZiggoOnlineHelp\McciTrayApp.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher –windows-run
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto
C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
c:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup
C:\PROGRA~1\Eraser\Eraser.exe
C:\Users\Willem\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Program Files (x86)\FCleaner\FCleaner.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\HiSuite\HiSuite.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Willem\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe
C:\Program Files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\PROGRA~2\Canon\IMAGEB~1\MFMANA~1.EXE
C:\PROGRA~2\ENCRYP~1\ENCRYP~1.EXE
C:\Users\Willem\AppData\Local\Facebook\MESSEN~1\214814~1.0\FACEBO~1.EXE
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE
“DMXLauncher”=C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe
“F-Secure Hoster (45123)”=C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
“F-Secure Manager”=C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE
“ST Recovery Launcher”=C:\Windows\SMINST\VistaLauncher.exe
“AppInit_DLLs”=“ ”
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoDriveTypeAutoRun”=60
“NoDrives”=0
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service”
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-02-16 19:39:47 —-A—- C:\Windows\SYSWOW64\PnkBstrB.exe
2014-02-16 02:04:33 —-D—- C:\Windows\ERUNT
2014-02-15 21:12:19 —-D—- C:\SUPERDelete
2014-02-15 02:47:22 —-D—- C:\Users\Willem\AppData\Roaming\Ulead Systems
2014-02-15 02:44:06 —-D—- C:\Program Files (x86)\Corel
2014-02-14 22:46:51 —-A—- C:\Windows\system32\WavesGUILib64.dll
2014-02-14 22:46:51 —-A—- C:\Windows\system32\tossaeapo64.dll
2014-02-14 22:46:51 —-A—- C:\Windows\system32\toseaeapo64.dll
2014-02-14 22:46:51 —-A—- C:\Windows\system32\tosasfapo64.dll
2014-02-14 22:46:51 —-A—- C:\Windows\system32\tosade.dll
2014-02-14 22:46:51 —-A—- C:\Windows\system32\tepeqapo64.dll
2014-02-14 22:46:51 —-A—- C:\Windows\system32\tadefxapo264.dll
2014-02-14 22:46:51 —-A—- C:\Windows\system32\tadefxapo.dll
2014-02-14 22:46:51 —-A—- C:\Windows\system32\SRSWOW64.dll
2014-02-14 22:46:50 —-A—- C:\Windows\system32\SRSTSX64.dll
2014-02-14 22:46:50 —-A—- C:\Windows\system32\SRSTSH64.dll
2014-02-14 22:46:50 —-A—- C:\Windows\system32\SRSHP64.dll
2014-02-14 22:46:50 —-A—- C:\Windows\system32\sltech64.dll
2014-02-14 22:46:50 —-A—- C:\Windows\system32\slprp64.dll
2014-02-14 22:46:50 —-A—- C:\Windows\system32\slcnt64.dll
2014-02-14 22:46:50 —-A—- C:\Windows\system32\sl3apo64.dll
2014-02-14 22:46:50 —-A—- C:\Windows\system32\SFSS_APO.dll
2014-02-14 22:46:49 —-A—- C:\Windows\system32\SFNHK64.dll
2014-02-14 22:46:48 —-A—- C:\Windows\SYSWOW64\SFCOM.dll
2014-02-14 22:46:48 —-A—- C:\Windows\system32\SFCOM64.dll
2014-02-14 22:46:48 —-A—- C:\Windows\system32\SFAPO64.dll
2014-02-14 22:46:48 —-A—- C:\Windows\system32\drivers\rtvienna.dat
2014-02-14 22:46:47 —-A—- C:\Windows\system32\RtPgEx64.dll
2014-02-14 22:46:47 —-A—- C:\Windows\system32\RtlCPAPI64.dll
2014-02-14 22:46:47 —-A—- C:\Windows\system32\RtkCoLDR64.dll
2014-02-14 22:46:47 —-A—- C:\Windows\system32\RtkCfg64.dll
2014-02-14 22:46:47 —-A—- C:\Windows\system32\RtkAPO64.dll
2014-02-14 22:46:47 —-A—- C:\Windows\system32\RtkApi64.dll
2014-02-14 22:46:47 —-A—- C:\Windows\system32\RTEEP64A.dll
2014-02-14 22:46:47 —-A—- C:\Windows\system32\RTEEL64A.dll
2014-02-14 22:46:47 —-A—- C:\Windows\system32\drivers\RTKVHD64.sys
2014-02-14 22:46:46 —-A—- C:\Windows\system32\RTEEG64A.dll
2014-02-14 22:46:46 —-A—- C:\Windows\system32\RTEED64A.dll
2014-02-14 22:46:46 —-A—- C:\Windows\system32\RtDataProc64.dll
2014-02-14 22:46:46 —-A—- C:\Windows\system32\RTCOM64.dll
2014-02-14 22:46:46 —-A—- C:\Windows\system32\RP3DHT64.dll
2014-02-14 22:46:46 —-A—- C:\Windows\system32\RP3DAA64.dll
2014-02-14 22:46:46 —-A—- C:\Windows\system32\RCoRes64.dat
2014-02-14 22:46:46 —-A—- C:\Windows\system32\RCoInstII64.dll
2014-02-14 22:46:46 —-A—- C:\Windows\system32\drivers\RTAIODAT.DAT
2014-02-14 22:46:45 —-A—- C:\Windows\system32\R4EEP64A.dll
2014-02-14 22:46:45 —-A—- C:\Windows\system32\R4EEL64A.dll
2014-02-14 22:46:45 —-A—- C:\Windows\system32\R4EEG64A.dll
2014-02-14 22:46:45 —-A—- C:\Windows\system32\R4EED64A.dll
2014-02-14 22:46:45 —-A—- C:\Windows\system32\R4EEA64A.dll
2014-02-14 22:46:45 —-A—- C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2014-02-14 22:46:45 —-A—- C:\Windows\system32\NAHIMICAPOlfx.dll
2014-02-14 22:46:45 —-A—- C:\Windows\system32\MISS_APO.dll
2014-02-14 22:46:45 —-A—- C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-02-14 22:46:45 —-A—- C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-02-14 22:46:45 —-A—- C:\Windows\system32\MaxxSpeechAPO64.dll
2014-02-14 22:46:44 —-A—- C:\Windows\system32\MaxxAudioVnN64.dll
2014-02-14 22:46:44 —-A—- C:\Windows\system32\MaxxAudioVnA64.dll
2014-02-14 22:46:44 —-A—- C:\Windows\system32\MaxxAudioRealtek64.dll
2014-02-14 22:46:44 —-A—- C:\Windows\system32\MaxxAudioRealtek264.dll
2014-02-14 22:46:44 —-A—- C:\Windows\system32\MaxxAudioEQ64.dll
2014-02-14 22:46:43 —-A—- C:\Windows\SYSWOW64\MaxxAudioAPOShell.dll
2014-02-14 22:46:43 —-A—- C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-02-14 22:46:43 —-A—- C:\Windows\system32\MaxxAudioAPO5064.dll
2014-02-14 22:46:43 —-A—- C:\Windows\system32\MaxxAudioAPO4064.dll
2014-02-14 22:46:43 —-A—- C:\Windows\system32\MaxxAudioAPO30.dll
2014-02-14 22:46:43 —-A—- C:\Windows\system32\MaxxAudioAPO20.dll
2014-02-14 22:46:43 —-A—- C:\Windows\system32\KAAPORT64.dll
2014-02-14 22:46:41 —-A—- C:\Windows\system32\FMAPO64.dll
2014-02-14 22:46:41 —-A—- C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-02-14 22:46:41 —-A—- C:\Windows\system32\DTSU2PREC64.dll
2014-02-14 22:46:41 —-A—- C:\Windows\system32\DTSU2PLFX64.dll
2014-02-14 22:46:41 —-A—- C:\Windows\system32\DTSU2PGFX64.dll
2014-02-14 22:46:41 —-A—- C:\Windows\system32\DTSSymmetryDLL64.dll
2014-02-14 22:46:41 —-A—- C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-02-14 22:46:41 —-A—- C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-02-14 22:46:41 —-A—- C:\Windows\system32\DTSNeoPCDLL64.dll
2014-02-14 22:46:41 —-A—- C:\Windows\system32\DTSLimiterDLL64.dll
2014-02-14 22:46:41 —-A—- C:\Windows\system32\DTSLFXAPO64.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\DTSGFXAPONS64.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\DTSGFXAPO64.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\DTSBoostDLL64.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\DDPP64A.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\DDPO64A.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\DDPD64A.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\DDPA64.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\audioLibVc.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\AERTAR64.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\AERTAC64.dll
2014-02-14 22:46:40 —-A—- C:\Windows\system32\AcpiServiceVnA64.dll
2014-02-14 22:46:15 —-A—- C:\Windows\system32\NicInstK.dll
2014-02-14 22:46:15 —-A—- C:\Windows\system32\e1kmsg.dll
2014-02-14 22:46:15 —-A—- C:\Windows\system32\drivers\e1k62x64.sys
2014-02-14 22:45:53 —-A—- C:\Windows\SYSWOW64\RtsUStoricon.dll
2014-02-14 22:45:53 —-A—- C:\Windows\system32\drivers\RtsUStor.sys
2014-02-14 22:41:46 —-A—- C:\log.txt
2014-02-14 22:40:18 —-A—- C:\Windows\system32\SmartDefragBootTime.exe
2014-02-14 22:39:53 —-A—- C:\Windows\system32\IObitSmartDefragExtension.dll
2014-02-14 20:46:01 —-D—- C:\ProgramData\ProductData
2014-02-14 20:45:53 —-D—- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-02-14 20:45:51 —-D—- C:\ProgramData\IObit
2014-02-14 20:45:25 —-D—- C:\Program Files (x86)\IObit
2014-02-14 20:45:10 —-D—- C:\Users\Willem\AppData\Roaming\IObit
2014-02-13 23:18:43 —-D—- C:\Program Files (x86)\encryptdrop
2014-02-13 01:25:38 —-A—- C:\Windows\SYSWOW64\vbscript.dll
2014-02-13 01:25:38 —-A—- C:\Windows\system32\vbscript.dll
2014-02-13 01:23:51 —-A—- C:\Windows\SYSWOW64\msrating.dll
2014-02-13 01:23:50 —-A—- C:\Windows\SYSWOW64\ieui.dll
2014-02-13 01:23:50 —-A—- C:\Windows\system32\msrating.dll
2014-02-13 01:23:50 —-A—- C:\Windows\system32\ieui.dll
2014-02-13 01:23:49 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2014-02-13 01:23:49 —-A—- C:\Windows\system32\jsproxy.dll
2014-02-13 01:23:49 —-A—- C:\Windows\system32\iernonce.dll
2014-02-13 01:23:49 —-A—- C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 01:23:49 —-A—- C:\Windows\system32\ie4uinit.exe
2014-02-13 01:23:48 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2014-02-13 01:23:48 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe
2014-02-13 01:23:48 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2014-02-13 01:23:48 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2014-02-13 01:23:48 —-A—- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-02-13 01:23:48 —-A—- C:\Windows\system32\msfeeds.dll
2014-02-13 01:23:48 —-A—- C:\Windows\system32\ieUnatt.exe
2014-02-13 01:23:48 —-A—- C:\Windows\system32\iesetup.dll
2014-02-13 01:23:48 —-A—- C:\Windows\system32\ieetwproxystub.dll
2014-02-13 01:23:48 —-A—- C:\Windows\system32\ieetwcollector.exe
2014-02-13 01:23:46 —-A—- C:\Windows\SYSWOW64\jscript9diag.dll
2014-02-13 01:23:46 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll
2014-02-13 01:23:46 —-A—- C:\Windows\system32\mshtml.dll
2014-02-13 01:23:46 —-A—- C:\Windows\system32\jscript9diag.dll
2014-02-13 01:23:46 —-A—- C:\Windows\system32\ieapfltr.dll
2014-02-13 01:23:45 —-A—- C:\Windows\SYSWOW64\wininet.dll
2014-02-13 01:23:45 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2014-02-13 01:23:45 —-A—- C:\Windows\system32\iertutil.dll
2014-02-13 01:23:44 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2014-02-13 01:23:44 —-A—- C:\Windows\system32\wininet.dll
2014-02-13 01:23:44 —-A—- C:\Windows\system32\urlmon.dll
2014-02-13 01:23:43 —-A—- C:\Windows\system32\ieframe.dll
2014-02-13 01:23:42 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2014-02-13 01:23:41 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2014-02-13 01:23:40 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2014-02-13 01:23:40 —-A—- C:\Windows\system32\jscript9.dll
2014-02-13 01:21:09 —-A—- C:\Windows\system32\RMActivate_isv.exe
2014-02-13 01:21:09 —-A—- C:\Windows\system32\RMActivate.exe
2014-02-13 01:21:08 —-A—- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-02-13 01:21:08 —-A—- C:\Windows\SYSWOW64\RMActivate.exe
2014-02-13 01:21:07 —-A—- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-02-13 01:21:07 —-A—- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 01:21:06 —-A—- C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 01:21:05 —-A—- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-02-13 01:21:04 —-A—- C:\Windows\SYSWOW64\secproc_isv.dll
2014-02-13 01:21:04 —-A—- C:\Windows\system32\secproc_isv.dll
2014-02-13 01:21:03 —-A—- C:\Windows\system32\secproc.dll
2014-02-13 01:21:02 —-A—- C:\Windows\system32\msdrm.dll
2014-02-13 01:21:01 —-A—- C:\Windows\SYSWOW64\secproc.dll
2014-02-13 01:21:00 —-A—- C:\Windows\SYSWOW64\msdrm.dll
2014-02-13 01:20:59 —-A—- C:\Windows\system32\secproc_ssp.dll
2014-02-13 01:20:57 —-A—- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-02-13 01:20:57 —-A—- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 01:20:56 —-A—- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-02-13 01:20:04 —-A—- C:\Windows\SYSWOW64\msxml3.dll
2014-02-13 01:20:04 —-A—- C:\Windows\system32\msxml3.dll
2014-02-13 01:20:03 —-A—- C:\Windows\SYSWOW64\msxml3r.dll
2014-02-13 01:20:03 —-A—- C:\Windows\system32\msxml3r.dll
2014-02-13 01:16:29 —-A—- C:\Windows\SYSWOW64\d3d10warp.dll
2014-02-13 01:16:28 —-A—- C:\Windows\system32\d3d10warp.dll
2014-02-13 01:16:21 —-A—- C:\Windows\system32\d2d1.dll
2014-02-13 01:16:18 —-A—- C:\Windows\SYSWOW64\d2d1.dll
2014-02-12 02:27:58 —-D—- C:\Program Files\CCleaner
2014-02-12 02:02:32 —-D—- C:\Users\Willem\AppData\Roaming\AnvSoft
2014-02-12 00:31:27 —-D—- C:\Users\Willem\AppData\Roaming\TS3Client
2014-02-12 00:31:13 —-D—- C:\Program Files\TeamSpeak 3 Client
2014-02-09 00:08:21 —-D—- C:\Program Files\VideoLAN
2014-02-06 11:53:28 —-D—- C:\Program Files (x86)\Mozilla Thunderbird
2014-02-02 02:02:33 —-D—- C:\Users\Willem\AppData\Roaming\FTWeak
2014-02-02 02:02:18 —-D—- C:\ProgramData\FTWeak
2014-02-02 02:02:15 —-D—- C:\Program Files (x86)\FCleaner
2014-01-30 01:44:05 —-D—- C:\Program Files\Adblock Plus for IE
2014-01-30 00:48:19 —-D—- C:\Users\Willem\AppData\Roaming\PDF Architect
2014-01-30 00:46:44 —-D—- C:\Program Files (x86)\PDF Architect
2014-01-24 23:29:59 —-D—- C:\Program Files (x86)\GUMFBFA.tmp
======List of files/folders modified in the last 1 month======
2014-02-18 02:04:41 —-D—- C:\Program Files\trend micro
2014-02-18 02:02:08 —-D—- C:\Windows\Temp
2014-02-18 01:55:25 —-D—- C:\Windows\Prefetch
2014-02-18 01:54:11 —-D—- C:\Windows\system32\config
2014-02-18 01:42:13 —-D—- C:\Windows\SMINST
2014-02-18 01:41:38 —-D—- C:\Windows\winsxs
2014-02-18 01:37:40 —-D—- C:\Windows\system32\catroot2
2014-02-18 01:37:40 —-D—- C:\Windows\system32\catroot
2014-02-18 01:33:02 —-D—- C:\Windows\SysWOW64
2014-02-18 01:32:56 —-D—- C:\ProgramData\NVIDIA
2014-02-18 01:32:41 —-RD—- C:\Program Files (x86)
2014-02-18 01:31:20 —-D—- C:\Windows\system32\DriverStore
2014-02-18 01:31:20 —-D—- C:\Windows\system32\drivers
2014-02-18 01:31:19 —-D—- C:\Windows\System32
2014-02-18 01:31:18 —-D—- C:\Windows\inf
2014-02-18 01:29:54 —-D—- C:\Users\Willem\AppData\Roaming\Azureus
2014-02-18 01:25:58 —-D—- C:\Users\Willem\AppData\Roaming\Skype
2014-02-18 01:25:16 —-D—- C:\Windows\Downloaded Program Files
2014-02-18 00:20:30 —-AD—- C:\ProgramData\TEMP
2014-02-16 22:33:55 —-SHD—- C:\Windows\Installer
2014-02-16 21:34:41 —-D—- C:\Users\Willem\AppData\Roaming\vlc
2014-02-16 02:35:43 —-D—- C:\Users\Willem\AppData\Roaming\QuickScan
2014-02-16 02:08:12 —-D—- C:\ProgramData
2014-02-16 02:04:33 —-AD—- C:\WINDOWS
2014-02-16 01:51:20 —-D—- C:\Windows\pss
2014-02-16 01:18:40 —-D—- C:\Users\Willem\AppData\Roaming\dvdcss
2014-02-15 03:55:24 —-D—- C:\Windows\system32\Tasks
2014-02-15 03:17:35 —-D—- C:\Windows\Tasks
2014-02-15 02:46:30 —-D—- C:\ProgramData\Corel
2014-02-15 02:46:22 —-D—- C:\Program Files (x86)\Common Files
2014-02-15 01:28:37 —-D—- C:\Windows\SoftwareDistribution
2014-02-15 01:09:54 —-D—- C:\Windows\debug
2014-02-14 22:49:12 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-02-14 22:47:39 —-D—- C:\Windows\SYSWOW64\RTCOM
2014-02-14 22:41:30 —-SHD—- C:\System Volume Information
2014-02-14 22:31:40 —-D—- C:\Boot
2014-02-14 20:56:05 —-D—- C:\Program Files (x86)\Auslogics
2014-02-14 20:51:29 —-D—- C:\Windows\Panther
2014-02-14 20:46:15 —-D—- C:\Users\Willem\AppData\Roaming\Apple Computer
2014-02-14 16:50:59 —-RD—- C:\Program Files
2014-02-14 16:50:33 —-D—- C:\Program Files\Common Files
2014-02-13 17:46:25 —-D—- C:\Windows\rescache
2014-02-13 13:06:33 —-D—- C:\Windows\Microsoft.NET
2014-02-13 12:57:32 —-RSD—- C:\Windows\assembly
2014-02-13 01:49:09 —-D—- C:\Windows\SYSWOW64\nl-NL
2014-02-13 01:49:08 —-D—- C:\Windows\system32\nl-NL
2014-02-13 01:49:06 —-D—- C:\Program Files\Internet Explorer
2014-02-13 01:49:06 —-D—- C:\Program Files (x86)\Internet Explorer
2014-02-13 01:49:00 —-D—- C:\Windows\system32\MRT
2014-02-13 01:41:51 —-A—- C:\Windows\system32\MRT.exe
2014-02-12 19:22:40 —-A—- C:\Windows\wininit.ini
2014-02-12 15:48:27 —-D—- C:\Windows\system32\wfp
2014-02-12 15:48:24 —-D—- C:\Windows\system32\wbem
2014-02-12 15:47:12 —-D—- C:\Program Files (x86)\Internetbeveiliging
2014-02-12 15:47:12 —-D—- C:\Program Files (x86)\Ad-Aware Antivirus
2014-02-12 15:47:10 —-D—- C:\Windows\registration
2014-02-12 02:29:11 —-D—- C:\Users\Willem\AppData\Roaming\Media Player Classic
2014-02-12 02:01:59 —-D—- C:\Program Files (x86)\AnvSoft
2014-02-07 00:59:06 —-D—- C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 23:13:07 —-D—- C:\ProgramData\DVD Shrink
2014-02-05 23:03:29 —-D—- C:\Program Files (x86)\DVD Shrink
2014-02-05 14:37:19 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-02-04 12:35:37 —-D—- C:\Program Files\Vuze
2014-02-03 20:16:51 —-D—- C:\ProgramData\Kaspersky Lab
2014-01-30 01:43:57 —-D—- C:\ProgramData\Package Cache
2014-01-25 02:20:35 —-D—- C:\Program Files (x86)\OpenOffice 4
2014-01-25 02:19:40 —-RSD—- C:\Windows\Fonts
2014-01-22 19:24:51 —-D—- C:\Program Files\Recuva
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 c2scsi64;c2scsi64; C:\Windows\system32\DRIVERS\c2scsi64.sys
R0 fsbts;fsbts; C:\Windows\system32\Drivers\fsbts.sys
R0 gfibto;gfibto; C:\Windows\system32\drivers\gfibto.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\HIPS\drivers\fshs.sys
R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys
R2 aksfridge;aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys
R2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys
R3 e1kexpress;Intel(R) Network Connections Driver K; C:\Windows\system32\DRIVERS\e1k62x64.sys
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
R3 fsni;fsni; \??\C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Scanning\fsni64.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys
S1 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys
S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys
S3 akshasp;Aladdin HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys
S3 aksusb;Aladdin USB Key; C:\Windows\system32\DRIVERS\aksusb.sys
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys
S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys
S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys
S3 cpuz134;cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS
S3 GDPkIcpt;GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys
S3 gfiark;gfiark; C:\Windows\system32\drivers\gfiark.sys
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0; C:\Windows\system32\drivers\libusb0.sys
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
S3 Spyder2;ColorVision Spyder2; C:\Windows\system32\DRIVERS\Spyder2.sys
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\drivers\usb8023x.sys
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
R2 Ad-Aware Service;Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
R2 DragonSvc;Dragon Service; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
R2 fshoster;F-Secure Dll Hoster; C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
R2 FSORSPClient;F-Secure ORSP Client; C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe
R2 hasplms;HASP License Manager; C:\Windows\system32\hasplms.exe
R2 HiSuiteOuc64.exe;HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
R2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
R2 McciCMService;McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
R2 McciCMService64;McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\nlssrv32.exe
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe
R2 PDF Architect Service;PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
R2 SamsungAllShareV2.0;Samsung AllShare PC; C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
R2 SBAMSvc;Ad-Aware; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
R3 FSMA;F-Secure Management Agent; C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files (x86)\BlueStacks\HD-Service.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
S3 SimpleSlideShowServer;SimpleSlideShowServer; C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
S3 stllssvr;stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2014.02.14.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Willem :: WILLEM-PC
17-2-2014 1:38:37
mbam-log-2014-02-17 (01-38-37).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 251915
Verstreken tijd: 7 minuut/minuten, 38 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
opmerking: bij het starten van hijackthis kreeg ik onderstaan bericht te lezen. Ik weet niet wat hier mee bedoeld wordt en/of wat ik moet doen
http://www.freebits.nl/view.php?filename=349prikbord.jpg
fazantje

18-02-2014 10:21

Hoi Wim,
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Download Zoek.exe naar het bureaublad.
Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren.
Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
Windows XP: dubbelklik op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8: Klik met de rechtermuisknop en kies voor Als Administrator uitvoeren.
Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
firefoxlook;
emptyclsid;
torpigcheck;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
resethosts;
Klik nu op de knop “Run script”.
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht.
Succes,
Huib;)
Wim

18-02-2014 13:52

Goede middag fazantje,
Hierbij het log(je) van zoek.exe
Zoek.exe v5.0.0.0 Updated 17-February-2014
Tool run by Willem on di 18-02-2014 at 12:31:25,78.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Willem\Desktop\zoek.exe
==== System Restore Info ======================
18-2-2014 12:33:19 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Reset Hosts File ======================
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\3DWorlds deleted successfully
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\AVN Products deleted successfully
C:\PROGRA~2\AVS4YOU deleted successfully
C:\PROGRA~2\Convar deleted successfully
C:\PROGRA~2\Digiarty deleted successfully
C:\PROGRA~2\GUM6A5.tmp deleted successfully
C:\PROGRA~2\GUMB21F.tmp deleted successfully
C:\PROGRA~2\GUMFBFA.tmp deleted successfully
C:\PROGRA~2\Keronsoft deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\NASA deleted successfully
C:\PROGRA~2\PC Unleashed Online deleted successfully
C:\PROGRA~2\SunlitGreen deleted successfully
C:\PROGRA~2\Wolfenstein - Enemy Territory deleted successfully
C:\PROGRA~2\COMMON~1\G DATA deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Bitdefender deleted successfully
C:\Program Files\HitmanPro deleted successfully
C:\PROGRA~3\AVAST Software deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Panda Security deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully
C:\Users\Willem\AppData\Roaming\AccurateRip deleted successfully
C:\Users\Willem\AppData\Roaming\DigitalVolcano deleted successfully
C:\Users\Willem\AppData\Roaming\EXIF Date Changer deleted successfully
C:\Users\Willem\AppData\Roaming\f-secure deleted successfully
C:\Users\Willem\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Willem\AppData\Roaming\Power Mp3 Recorder deleted successfully
C:\Users\Willem\AppData\Roaming\PowerCam deleted successfully
C:\Users\Willem\AppData\Roaming\SampleView deleted successfully
C:\Users\Willem\AppData\Roaming\Vso deleted successfully
C:\Users\Willem\AppData\Local\Downloaded Installations deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-4143939538-3833764649-2899497851-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36} deleted successfully
HKEY_USERS\S-1-5-21-4143939538-3833764649-2899497851-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} deleted successfully
HKEY_USERS\S-1-5-21-4143939538-3833764649-2899497851-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully
HKEY_USERS\S-1-5-21-4143939538-3833764649-2899497851-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully
HKEY_USERS\S-1-5-21-4143939538-3833764649-2899497851-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
==== Running Processes ======================
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe
C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE
C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Users\Willem\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Willem\AppData\Roaming\Mozilla\Firefox\Profiles\0rcaef2i.default
user.js not found
—- Lines ask.com removed from prefs.js —-
user_pref(“weboftrust.search.ask.display”, “Ask.com Web Search”);
—- FireFox user.js and prefs.js backups —-
prefs_18-02-2014_1248_.backup
ProfilePath: C:\Users\Willem\AppData\Roaming\Thunderbird\Profiles\i0mh1byb.default
user.js not found
—- FireFox user.js and prefs.js backups —-
prefs_18-02-2014_1248_.backup
==== Batch Command(s) Run By Tool======================
C:\Windows\system32\appdata deleted
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found
“C:\Windows\Installer\5309a9.msi” not found
C:\Windows\syswow64\appdata deleted
C:\Users\Willem\daemonprocess.txt deleted
C:\Users\Willem\.android deleted
C:\PROGRA~2\Lavasoft\AdAware SecureSearch Toolbar deleted
C:\PROGRA~3\dzejot4.pad deleted
C:\PROGRA~3\as98213.txt deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\wangzhisong\AppData\Local\Mobogenie deleted
C:\Users\Willem\AppData\Local\cache deleted
C:\Users\Willem\AppData\LocalLow\ADSRemoval deleted
C:\Windows\SysNative\config\systemprofile\AppData\LocalLow\pandasecuritytb deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\pandasecuritytb deleted
C:\Windows\wininit.ini deleted
C:\Users\wangzhisong deleted
C:\Users\Willem\AppData\Roaming\Mozilla\Firefox\Profiles\0rcaef2i.default\Invalidprefs.js deleted
C:\Users\Willem\AppData\Roaming\Mozilla\Firefox\Profiles\0rcaef2i.default\jetpack deleted
C:\Users\Willem\AppData\Roaming\Mozilla\Firefox\Profiles\0rcaef2i.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack deleted
“C:\Users\Willem\AppData\Roaming\.ptbt0” deleted
“C:\Users\Willem\AppData\Roaming\Temp” deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4087 MB
CPU Info: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
CPU Speed: 2684.2 MHz
Sound Card: Luidsprekers (Realtek High Defi |
Realtek Digital Output (Realtek |
Display Adapters: NVIDIA GeForce GTS 250 | NVIDIA GeForce GTS 250 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm |
Screen Resolution: 1920 X 1200 - 32 bit
Network: Network Present
Network Adapters: Intel(R) 82578DC Gigabit Network Connection
CD / DVD Drives: 2x (G: | H: | ) G: TSSTcorpCDDVDW SH-S223C | H: ROXIO DVD-ROM EMULATOR
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C: 287.3GB | D: 546.0GB | E: 551.3GB | F: 12.7GB
Hard Disks - Free: C: 95.0GB | D: 484.2GB | E: 393.3GB | F: 7.2GB
Manufacturer *: Intel Corp.
BIOS Info: AT/AT COMPATIBLE | 08/02/09 | INTEL - 7a
Time Zone: West-Europa (standaardtijd)
Motherboard *: Intel Corporation DP55WB
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: Basis On-access scanning disabled (Outdated)
Anti-Virus: Lavasoft Ad-Aware On-access scanning disabled (Outdated)
Anti-Spyware: Basis disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Lavasoft Ad-Aware disabled (Outdated)
Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)
Firewall: Lavasoft Ad-Aware disabled
Default Browser: Google Chrome 32.0.1700.107
Internet Explorer Version: 11.0.9600.16518
Mozilla Firefox version: 25.0 (x86 nl)
Google Chrome version: 32.0.1700.107
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_51 (32-bit)
Sun Java version: 1.7.0_45 (64-bit)
Flash Player version: 12.0.0.44
Shockwave Player version: 12.0.7r148
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Willem\AppData\Local\Temp ====
2014-02-18 00:22:48 FE447D1CD38CECAC2331FA932078D9A0 271360 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\SmiProvider.dll
2014-02-18 00:22:48 FC00A05639494779002682A9B965EF9C 471040 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\WimProvider.dll
2014-02-18 00:22:48 E7CAED467F80B29F4E63BA493614DBB1 127488 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\OSProvider.dll
2014-02-18 00:22:48 8D3855B133E21143E8B4BFADB9FB14A3 302080 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\UnattendProvider.dll
2014-02-18 00:22:48 7B38D7916A7CD058C16A0A6CA5077901 271360 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\wdscore.dll
2014-02-18 00:22:48 739968678548BA15F6B9372E8760C012 444416 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\TransmogProvider.dll
2014-02-18 00:22:48 45FF4FA5CA5432BFCCDED4433FE2A85B 216576 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\MsiProvider.dll
2014-02-18 00:22:47 FC2DB5842190C6E78A40CD7DA483B27C 435712 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\DmiProvider.dll
2014-02-18 00:22:47 F2B0771A7CD27F20689E0AB787B7EB7C 289792 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\DismCore.dll
2014-02-18 00:22:47 EFCB002ABC3529D71B61E6FB6434566C 762368 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\CbsProvider.dll
2014-02-18 00:22:47 C9D74156913061BE6C51D8FC3ACF8E93 53760 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\FolderProvider.dll
2014-02-18 00:22:47 BBB9E4FA2561F6A6E5CCF25DA069AC1B 313344 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\IntlProvider.dll
2014-02-18 00:22:47 9A821D8D62F4C60232B856E98CBA7E4F 96768 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\DismHost.exe
2014-02-18 00:22:47 8CA117CB9338C0351236939717CB7084 186368 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\DismProv.dll
2014-02-18 00:22:47 6A4BD682396F29FD7DF5AB389509B950 183296 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\CompatProvider.dll
2014-02-18 00:22:47 5488E381238FF19687FDD7AB2F44CFCC 111616 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\DismCorePS.dll
2014-02-16 13:35:31 E891085E0043A70543655D9A61871DB1 2581040 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\tscdll64.dll
2014-02-16 13:35:31 BDE21EC1618633A32EE2ED984B3FEDD8 93008 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\BPMNT.dll
2014-02-16 13:35:31 28E6D2591EACB4BE4D1A5BB38360FDB1 2279960 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\vsapi64.dll
2014-02-16 13:35:20 FD35BD83DCD48338931442B47644719A 192512 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\bspatch.exe
2014-02-16 13:35:20 EE14A00D9640EABA7F5FC9ADBEB13107 1290256 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\ICRCHdler.dll
2014-02-16 13:35:20 EDD40000A5B4E0DC51DC64D3340A0DA3 709120 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\libcurl.dll
2014-02-16 13:35:20 DCFC19032C60CCC660D4346295DA42B9 45320 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\utilClientLoader.dll
2014-02-16 13:35:20 CDA170DE62078B673D554C73335CB4D5 1835520 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\libeay32.dll
2014-02-16 13:35:20 6B5F1D789B3550B0023C80423B8C2F4C 2181680 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\hc_core.dll
2014-02-16 13:35:20 56CA40F5BA609B9AE0C2880FD20B467E 401920 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\ssleay32.dll
2014-02-16 13:35:20 56476990887DDD7932E7325FED702305 233488 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\perfiCrcPerfMonMgr.dll
2014-02-16 13:35:20 3469A5064D39DF2F1F29C437263434ED 647184 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\tmfbeng.dll
2014-02-16 13:35:20 227AAAE2B6E60ADD679F632C3BF51A61 148992 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\libexpatw.dll
2014-02-16 13:35:20 030ABA06C7DC9FAB49ED0EB5A8DAE325 1120080 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\tmufeng.dll
2014-02-16 13:35:17 D53C8E3487CA0FF26F96C67F35ADA162 2674152 —-a-w- C:\Users\Willem\AppData\Local\Temp\HCBackup\hcpackage64.exe
2014-02-16 01:00:13 2E0323A94915FAAB10A25F3BABF82584 157696 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-02-16 00:14:12 08AF557C8E6E74D7D92314F6B2C86273 4608 —-a-w- C:\Users\Willem\AppData\Local\Temp\i4jdel0.exe
2014-02-15 02:53:16 C76B8E74F900E083712ADC5B597A05C3 339264 —-a-w- C:\Users\Willem\AppData\Local\Temp\6618\taskmgr.dll
2014-02-15 02:53:16 5C74AD321FDD45D4562F6F67D9A75C84 1145120 —-a-w- C:\Users\Willem\AppData\Local\Temp\6618\ProjectOnUninstall.exe
2014-02-15 02:51:15 58A8AAF6CA71B5E2843FC282A5A24CFB 1756448 —-a-w- C:\Users\Willem\AppData\Local\Temp\ASCDownloader\ActionCenterDownloader.exe
2014-02-15 02:17:31 C76B8E74F900E083712ADC5B597A05C3 339264 —-a-w- C:\Users\Willem\AppData\Local\Temp\3284\taskmgr.dll
2014-02-15 02:17:31 5C74AD321FDD45D4562F6F67D9A75C84 1145120 —-a-w- C:\Users\Willem\AppData\Local\Temp\3284\ProjectOnUninstall.exe
2014-02-15 01:53:21 E6144FB36C1FDC6BA1D1AFA9632588F8 12288 —-a-w- C:\Users\Willem\AppData\Local\Temp\CKuqBZjQIODRFEIeGLwP.DLL
2014-02-15 01:53:00 0E9AB9B9798100ADC1F0C329D53A9C70 100618064 —-a-w- C:\Users\Willem\AppData\Local\Temp\Rar$EXa0.409\~Get Your Software Here\PSPX5_SP3.exe
2014-02-15 01:52:40 6EB53FFE143CBCBF833B6E00D0B89958 145320240 —-a-w- C:\Users\Willem\AppData\Local\Temp\Rar$EXa0.409\~Get Your Software Here\1_setup.exe
2014-02-15 01:50:15 0E9AB9B9798100ADC1F0C329D53A9C70 100618064 —-a-w- C:\Users\Willem\AppData\Local\Temp\Rar$EXa0.723\~Get Your Software Here\PSPX5_SP3.exe
2014-02-15 01:49:56 6EB53FFE143CBCBF833B6E00D0B89958 145320240 —-a-w- C:\Users\Willem\AppData\Local\Temp\Rar$EXa0.723\~Get Your Software Here\1_setup.exe
2014-02-15 01:41:37 0E9AB9B9798100ADC1F0C329D53A9C70 100618064 —-a-w- C:\Users\Willem\AppData\Local\Temp\Rar$EXa0.034\~Get Your Software Here\PSPX5_SP3.exe
2014-02-15 01:41:34 6EB53FFE143CBCBF833B6E00D0B89958 145320240 —-a-w- C:\Users\Willem\AppData\Local\Temp\Rar$EXa0.034\~Get Your Software Here\1_setup.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-02-16 18:39:47 A0BE870EC5C21503E67F8203CDD513ED 282296 —-a-w- C:\Windows\SysWOW64\PnkBstrB.exe
2014-02-14 21:46:48 FDDC4D6EC3B2BD3B5A04C22881305621 74064 —-a-w- C:\Windows\SysWOW64\SFCOM.dll
2014-02-14 21:46:43 99DE7F0838685CE9F4C39E58FEE6F48B 790272 —-a-w- C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2014-02-14 21:45:53 3331806A4E3026A4583C1565816CEA8E 9889352 —-a-w- C:\Windows\SysWOW64\RtsUStoricon.dll
2014-02-13 00:25:38 3D485254E43EF4E4F707346B5731EA9A 454656 —-a-w- C:\Windows\SysWOW64\vbscript.dll
2014-02-13 00:23:51 B8F28AAC003060E3B125D2447CFC19E2 164864 —-a-w- C:\Windows\SysWOW64\msrating.dll
2014-02-13 00:23:51 B5B3334F177CED627C2D7FE38235B6B1 2724864 —-a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 00:23:50 85AC8EB265EDCAD86D651D45C5E3AB83 440832 —-a-w- C:\Windows\SysWOW64\ieui.dll
2014-02-13 00:23:49 C9D1131E2163CE932DF3EAAF0EEA3673 524288 —-a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 00:23:48 7D6B20C69CC8EECB8F31D4FAF913BBE8 112128 —-a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 00:23:48 6A06EB11F1E5BDAA795DAE7838F9FE20 43008 —-a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 00:23:48 408805B8083896DC95E6340F4016BEBD 61952 —-a-w- C:\Windows\SysWOW64\iesetup.dll
2014-02-13 00:23:48 260D6B421E5551E8BA75D16B5CA90D9A 51200 —-a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 00:23:48 0E7B7C9F483300F9FF97C6A1E4BC4F57 32768 —-a-w- C:\Windows\SysWOW64\iernonce.dll
2014-02-13 00:23:46 5DD49C02D059C1E6E47A8FB4A076C9B1 703488 —-a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 00:23:46 0F739443669F3A48F1B2325995117BFE 553472 —-a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 00:23:45 9C89246184979A070B0C6CCF61C68136 1820160 —-a-w- C:\Windows\SysWOW64\wininet.dll
2014-02-13 00:23:45 34CBED7698D557DDB43F8732FBC2ACB9 2168320 —-a-w- C:\Windows\SysWOW64\iertutil.dll
2014-02-13 00:23:44 5D9DC6332A4FC66388B09BBE7CF53750 1156096 —-a-w- C:\Windows\SysWOW64\urlmon.dll
2014-02-13 00:23:44 40E68599FE3A10F816217D3789FCE74E 1964032 —-a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 00:23:42 79FA7D8B488F90EDE325963379A6F738 11266048 —-a-w- C:\Windows\SysWOW64\ieframe.dll
2014-02-13 00:23:41 C863E5A2417DF0F2A31ED32C3B2CB23F 17103872 —-a-w- C:\Windows\SysWOW64\mshtml.dll
2014-02-13 00:23:40 99280392987A1A96C756A9F38C4CE396 4244480 —-a-w- C:\Windows\SysWOW64\jscript9.dll
2014-02-13 00:21:08 E01D2AC63453534DB8AD1EA97DEE9C3A 594944 —-a-w- C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 00:21:08 6142C5540C8D2764D59CBC11AF4A5900 572416 —-a-w- C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 00:21:07 0F5FEF37588AF457E02125674F171A4F 508928 —-a-w- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 00:21:05 08D323750350A8A29611D1004C0CF319 510976 —-a-w- C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 00:21:04 BBCE3E9E74C7CEA47FA4115B360AC2C6 423936 —-a-w- C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 00:21:01 12A9F24DC9F465DA79AC2272D829A81E 428032 —-a-w- C:\Windows\SysWOW64\secproc.dll
2014-02-13 00:21:00 7FA485555BF802FE3DB5598004DBDFAC 390144 —-a-w- C:\Windows\SysWOW64\msdrm.dll
2014-02-13 00:20:57 58712A48D31B40EBCB35B47205F87771 87040 —-a-w- C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 00:20:56 9158DBE2F8483434FC72F320690C9DB8 87040 —-a-w- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 00:20:04 E4561704CBFA193761743E5AF746C669 1237504 —-a-w- C:\Windows\SysWOW64\msxml3.dll
2014-02-13 00:20:03 17B06F23237FCD731FA2E10ECD6EDFE1 2048 —-a-w- C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 00:18:41 EA093130471090037BB70A4AF86FAD1B 420008 —-a-w- C:\Windows\SysWOW64\locale.nls
2014-02-13 00:16:29 D96106CF60505734B14F6AE80AAA4B07 1987584 —-a-w- C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 00:16:18 14800BD31701A5047AC3145BB1E698AE 3419136 —-a-w- C:\Windows\SysWOW64\d2d1.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-02-14 21:46:51 C082B23A77E89D5AA0329777FF34A0DE 65944 —-a-w- C:\Windows\Sysnative\tepeqapo64.dll
2014-02-14 21:46:51 A58E46E776CFAD5DCBC8C2D9A920E7B4 582056 —-a-w- C:\Windows\Sysnative\tosasfapo64.dll
2014-02-14 21:46:51 95F25E2D41AACCB8956F8E3C6740E377 148416 —-a-w- C:\Windows\Sysnative\tadefxapo.dll
2014-02-14 21:46:51 771536F10F1A419622787FB5D27A8E6B 871856 —-a-w- C:\Windows\Sysnative\tossaeapo64.dll
2014-02-14 21:46:51 7380AE45CFA24369A7305520897142B8 1361336 —-a-w- C:\Windows\Sysnative\tosade.dll
2014-02-14 21:46:51 3D30D3B2776C1A24F6498F569466E8D7 162224 —-a-w- C:\Windows\Sysnative\toseaeapo64.dll
2014-02-14 21:46:51 2FCADCC14F8E540F6ADE4BF92BD8AEDD 155888 —-a-w- C:\Windows\Sysnative\SRSWOW64.dll
2014-02-14 21:46:51 1A3586235C5DEF0C05F2F0C711E94376 836544 —-a-w- C:\Windows\Sysnative\tadefxapo264.dll
2014-02-14 21:46:51 0C089E47D8BD3996742F0939DE7E2D48 2103040 —-a-w- C:\Windows\Sysnative\WavesGUILib64.dll
2014-02-14 21:46:50 D29D34D0AF33EDD9D604816154CBFE6A 244480 —-a-w- C:\Windows\Sysnative\slprp64.dll
2014-02-14 21:46:50 D1A3064BD95D337804EFCF6D8C03B406 897792 —-a-w- C:\Windows\Sysnative\sl3apo64.dll
2014-02-14 21:46:50 CC0434CBB00ECF7B4FDD072A4101AC60 1014016 —-a-w- C:\Windows\Sysnative\slcnt64.dll
2014-02-14 21:46:50 B4D7A07098508A3BCC3C57612F890F98 947760 —-a-w- C:\Windows\Sysnative\SFSS_APO.dll
2014-02-14 21:46:50 A88BE9A6C4E646A2B2A1BD3A7F4B58E7 198896 —-a-w- C:\Windows\Sysnative\SRSHP64.dll
2014-02-14 21:46:50 A028717B791416182959B325D5B40679 211184 —-a-w- C:\Windows\Sysnative\SRSTSH64.dll
2014-02-14 21:46:50 43B0E62B728A04A73FE6FAE3274FFEE7 722688 —-a-w- C:\Windows\Sysnative\sltech64.dll
2014-02-14 21:46:50 018D3D2478754AA411DE6DA6DE5F8F21 518896 —-a-w- C:\Windows\Sysnative\SRSTSX64.dll
2014-02-14 21:46:49 7B3E9344FB43D799C6462227A0E65877 221024 —-a-w- C:\Windows\Sysnative\SFNHK64.dll
2014-02-14 21:46:48 2C25AF115BDDC05D9A84D26227A08E63 81248 —-a-w- C:\Windows\Sysnative\SFCOM64.dll
2014-02-14 21:46:48 17ABCAD44A75C635583A238ED6333357 78688 —-a-w- C:\Windows\Sysnative\SFAPO64.dll
2014-02-14 21:46:47 F0D94C5786977B4C44A914683DEBAA9A 1958616 —-a-w- C:\Windows\Sysnative\RTSnMg64.cpl
2014-02-14 21:46:47 ECAEC5FBBBEF8612AF0A866AFA5F7EF2 101208 —-a-w- C:\Windows\Sysnative\RTEEL64A.dll
2014-02-14 21:46:47 D0D0D82B7366E691275E433CD34F89B2 375128 —-a-w- C:\Windows\Sysnative\RTEEP64A.dll
2014-02-14 21:46:47 CA1D7D09854D305A64B100DC1400BA21 331880 —-a-w- C:\Windows\Sysnative\RtlCPAPI64.dll
2014-02-14 21:46:47 C08DE9FE49B8DE126EE7A42C7C80450E 1021656 —-a-w- C:\Windows\Sysnative\RtkApi64.dll
2014-02-14 21:46:47 8814A281406553A2640D6A04702C63BD 14952 —-a-w- C:\Windows\Sysnative\RtkCoLDR64.dll
2014-02-14 21:46:47 6090C634C996CBA3DEB6A4A18ED91345 2588888 —-a-w- C:\Windows\Sysnative\RtkAPO64.dll
2014-02-14 21:46:47 0E2C5B7C842024F50B1795A980C4D0FF 2810072 —-a-w- C:\Windows\Sysnative\RtPgEx64.dll
2014-02-14 21:46:47 0805289E121F3E3C458C970B08314EB2 149608 —-a-w- C:\Windows\Sysnative\RtkCfg64.dll
2014-02-14 21:46:46 E9D4A333DF15D06C68AC4BFB9B6581CB 310104 —-a-w- C:\Windows\Sysnative\RP3DAA64.dll
2014-02-14 21:46:46 B6FE01558CC03F3866C9AD0ED19261D8 310104 —-a-w- C:\Windows\Sysnative\RP3DHT64.dll
2014-02-14 21:46:46 A6286A6C7A1BBFCBA17AA54384A21D1C 204120 —-a-w- C:\Windows\Sysnative\RTEED64A.dll
2014-02-14 21:46:46 A501B35471810628A9263E966FBCB362 153304 —-a-w- C:\Windows\Sysnative\RCoInstII64.dll
2014-02-14 21:46:46 6F4CD493196100EEF349D7132CECAFD9 78680 —-a-w- C:\Windows\Sysnative\RTEEG64A.dll
2014-02-14 21:46:46 43E5AC698CDB42A7823106FF22D14F26 43342848 —-a-w- C:\Windows\Sysnative\RCoRes64.dat
2014-02-14 21:46:46 2A7224C314131592497D02A57D867218 618200 —-a-w- C:\Windows\Sysnative\RtDataProc64.dll
2014-02-14 21:46:46 22CAB76AF907B82664FEDE6A653ABA2A 1286872 —-a-w- C:\Windows\Sysnative\RTCOM64.dll
2014-02-14 21:46:45 D0EB28022A91A5C084E8A7DEBB08D8D2 141584 —-a-w- C:\Windows\Sysnative\R4EEL64A.dll
2014-02-14 21:46:45 B6DBCBB878A3BE0B48E8F5045CB9CA9D 906800 —-a-w- C:\Windows\Sysnative\MISS_APO.dll
2014-02-14 21:46:45 8C3D0711219078FB6601C39387EB7B30 1286400 —-a-w- C:\Windows\Sysnative\MaxxSpeechAPO64.dll
2014-02-14 21:46:45 8882AD10853E45402CABD3BAF48A7EFC 124176 —-a-w- C:\Windows\Sysnative\R4EEA64A.dll
2014-02-14 21:46:45 587A8CF457604D84266FF858CEB60223 662784 —-a-w- C:\Windows\Sysnative\MaxxVolumeSDAPO.dll
2014-02-14 21:46:45 34775CBB1FAA0693C61994082B4C55D9 5753112 —-a-w- C:\Windows\Sysnative\NAHIMICAPOlfx.dll
2014-02-14 21:46:45 32E91908A319CF4FDDE18C6F5699E0E0 907008 —-a-w- C:\Windows\Sysnative\MaxxVoiceAPO2064.dll
2014-02-14 21:46:45 32D0421AE8550172EEFC6301685FED1C 912184 —-a-w- C:\Windows\Sysnative\NAHIMICAPOSettingsIPC.dll
2014-02-14 21:46:45 0B5EF50E26CFD1E7BF01E32E053532B2 434960 —-a-w- C:\Windows\Sysnative\R4EED64A.dll
2014-02-14 21:46:45 03625A179B27362D3A90E3331AEBE95E 7164176 —-a-w- C:\Windows\Sysnative\R4EEP64A.dll
2014-02-14 21:46:45 01096663377134C41D618AF0E53A953E 75024 —-a-w- C:\Windows\Sysnative\R4EEG64A.dll
2014-02-14 21:46:44 DD8A18C147ACD7799D84FD4A4E1C4064 1922304 —-a-w- C:\Windows\Sysnative\MaxxAudioRealtek264.dll
2014-02-14 21:46:44 61D45CFD4C0694D318D8160857CF4DDA 14153984 —-a-w- C:\Windows\Sysnative\MaxxAudioRealtek64.dll
2014-02-14 21:46:44 1B89185D5D7AB3A10B4309E16C62CC30 27644160 —-a-w- C:\Windows\Sysnative\MaxxAudioVnA64.dll
2014-02-14 21:46:44 1A6C91215105B6B6C48B0F531E1CD8FA 2036992 —-a-w- C:\Windows\Sysnative\MaxxAudioEQ64.dll
2014-02-14 21:46:44 0B8F799CDEFF2A5C4ADFA86CC22323FA 3899648 —-a-w- C:\Windows\Sysnative\MaxxAudioVnN64.dll
2014-02-14 21:46:43 E15522E4A9CF2F48395F5548167E8895 1345280 —-a-w- C:\Windows\Sysnative\MaxxAudioAPO5064.dll
2014-02-14 21:46:43 D956C3D6ECE65A10A1018A72E08C4973 1013504 —-a-w- C:\Windows\Sysnative\MaxxAudioAPOShell64.dll
2014-02-14 21:46:43 75616F8DB5C092A8A50AFEC273859DD7 318808 —-a-w- C:\Windows\Sysnative\MaxxAudioAPO20.dll
2014-02-14 21:46:43 6F7D1601DA55BBE5C7A79E01E236D7B9 603984 —-a-w- C:\Windows\Sysnative\KAAPORT64.dll
2014-02-14 21:46:43 315AEF22E309E724AD0575C75E7EF5F3 1084160 —-a-w- C:\Windows\Sysnative\MaxxAudioAPO4064.dll
2014-02-14 21:46:43 06080807E61471A18AD99F3E6FF3C9B5 663296 —-a-w- C:\Windows\Sysnative\MaxxAudioAPO30.dll
2014-02-14 21:46:41 F7C357462077156DC211AC2112FC8C53 1568360 —-a-w- C:\Windows\Sysnative\DTSS2HeadphoneDLL64.dll
2014-02-14 21:46:41 F132C08BD8C58579B400DFAA71F34CFB 1756264 —-a-w- C:\Windows\Sysnative\DTSS2SpeakerDLL64.dll
2014-02-14 21:46:41 DE32448E6B40141C80DAABFF6FBE1744 693352 —-a-w- C:\Windows\Sysnative\DTSVoiceClarityDLL64.dll
2014-02-14 21:46:41 B3977C8BA77559F4F8752AE8EB724C87 242792 —-a-w- C:\Windows\Sysnative\DTSLFXAPO64.dll
2014-02-14 21:46:41 A9B98F96FBE514ADEABD20B2BD132172 415680 —-a-w- C:\Windows\Sysnative\DTSU2PREC64.dll
2014-02-14 21:46:41 9948969B2C1987B1D64789EFEB284A84 712296 —-a-w- C:\Windows\Sysnative\DTSSymmetryDLL64.dll
2014-02-14 21:46:41 922CDA544EB5C5A57795B38ED5871B69 2743328 —-a-w- C:\Windows\Sysnative\FMAPO64.dll
2014-02-14 21:46:41 8AE860D92752CFA136979B1FF797FFDC 501184 —-a-w- C:\Windows\Sysnative\DTSU2PLFX64.dll
2014-02-14 21:46:41 37B8A8089ECED77F6CEAF74917C5D12B 487360 —-a-w- C:\Windows\Sysnative\DTSU2PGFX64.dll
2014-02-14 21:46:41 2EF5442E8E7ED20F7634EEFB09640C8F 491112 —-a-w- C:\Windows\Sysnative\DTSNeoPCDLL64.dll
2014-02-14 21:46:41 192A03A21636D3775CEE4C049C3BEB2A 432744 —-a-w- C:\Windows\Sysnative\DTSLimiterDLL64.dll
2014-02-14 21:46:40 FF31A2F57AAAB58DB78FCC961A58B206 428648 —-a-w- C:\Windows\Sysnative\DTSGainCompensatorDLL64.dll
2014-02-14 21:46:40 FAC24F4CC63235D9533DD6605E5EE6F0 1938608 —-a-w- C:\Windows\Sysnative\DDPD64A.dll
2014-02-14 21:46:40 F2CF417EF502555B139EDCD9FEBF9CD3 109848 —-a-w- C:\Windows\Sysnative\AcpiServiceVnA64.dll
2014-02-14 21:46:40 BC0474E5476E5EA0D0E1AA5AC41E2061 242792 —-a-w- C:\Windows\Sysnative\DTSGFXAPO64.dll
2014-02-14 21:46:40 B827E0AE582ACD641F0B2B052773A5CA 6217904 —-a-w- C:\Windows\Sysnative\DDPP64A.dll
2014-02-14 21:46:40 B3E9EA31E37EDCC1D54CE20504549ABE 108640 —-a-w- C:\Windows\Sysnative\AERTAR64.dll
2014-02-14 21:46:40 A1C8F811777EFA1B6BD82B226016CF2D 313520 —-a-w- C:\Windows\Sysnative\DDPO64A.dll
2014-02-14 21:46:40 8B5A737AD11EF45D9B1AEB4ED6884968 728680 —-a-w- C:\Windows\Sysnative\DTSBassEnhancementDLL64.dll
2014-02-14 21:46:40 82DF29C6D5571BFA69429563F0AED677 260272 —-a-w- C:\Windows\Sysnative\DDPA64.dll
2014-02-14 21:46:40 6E14F444A2506049EEC25CB5EDFE0905 113576 —-a-w- C:\Windows\Sysnative\CONEQMSAPOGUILibrary.dll
2014-02-14 21:46:40 3B8FB5376F5431C0101747D5138BCB9B 241768 —-a-w- C:\Windows\Sysnative\DTSGFXAPONS64.dll
2014-02-14 21:46:40 2D0895BED270D1A8CADD981A5BFC0AE5 605496 —-a-w- C:\Windows\Sysnative\audioLibVc.dll
2014-02-14 21:46:40 2CBDC11690656A1A2D03EC65AE2BCE68 209096 —-a-w- C:\Windows\Sysnative\AERTAC64.dll
2014-02-14 21:46:40 21B38D4D86A87909491F690883AE6D1E 1486952 —-a-w- C:\Windows\Sysnative\DTSBoostDLL64.dll
2014-02-14 21:46:15 FB1E6C48D4297355396ADCAF9FB09BF8 89888 —-a-w- C:\Windows\Sysnative\NicInstK.dll
2014-02-14 21:46:15 C4F70145AD24C32F4FF92C0544CBB0CD 73480 —-a-w- C:\Windows\Sysnative\e1kmsg.dll
2014-02-14 21:46:15 90B1553081F09AB1F944A07C93023C88 3093 —-a-w- C:\Windows\Sysnative\e1k62x64.din
2014-02-14 21:40:18 4D5D8058F17C873B4F0792678BAA6534 34080 —-a-w- C:\Windows\Sysnative\SmartDefragBootTime.exe
2014-02-14 21:39:53 6A6E91C06ACDBE1D85A4EC469BBB8EBB 121856 —-a-w- C:\Windows\Sysnative\IObitSmartDefragExtension.dll
2014-02-13 00:25:38 F67C7D80745379DC4C5332EFFE5AC696 548864 —-a-w- C:\Windows\Sysnative\vbscript.dll
2014-02-13 00:23:51 94C59DD02BC7EA0E421055B9946CA861 2724864 —-a-w- C:\Windows\Sysnative\mshtml.tlb
2014-02-13 00:23:50 63B5E990896BA81D604032A48CC80A5C 574976 —-a-w- C:\Windows\Sysnative\ieui.dll
2014-02-13 00:23:50 1D1D7F52EC84294859642A4309FE648E 195584 —-a-w- C:\Windows\Sysnative\msrating.dll
2014-02-13 00:23:49 FD08F8BA2437A85F500EFFE3FD3158A6 33792 —-a-w- C:\Windows\Sysnative\iernonce.dll
2014-02-13 00:23:49 E77092C38028EB0A5C461B3436E0A6D5 4096 —-a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-02-13 00:23:49 99ED8FBAFD325550D07A32664D9E3CC8 53760 —-a-w- C:\Windows\Sysnative\jsproxy.dll
2014-02-13 00:23:49 27516B54E116D5EF8B0129B5C829A87C 218624 —-a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-02-13 00:23:48 FCFAEDF0AA1A78A1875FDB798598408B 48640 —-a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-02-13 00:23:48 E129D34089E70215B65EA611F802FA9A 111616 —-a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-02-13 00:23:48 CDE728C8FB1D6E132CED44835FA44C87 627200 —-a-w- C:\Windows\Sysnative\msfeeds.dll
2014-02-13 00:23:48 C1E2C16D58D76323800C3EE5E2C5095A 66048 —-a-w- C:\Windows\Sysnative\iesetup.dll
2014-02-13 00:23:48 338415F2E9A188875B6E43B5269620B0 139264 —-a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-02-13 00:23:46 F348B2D0983C91392632B4291C517AA4 817664 —-a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-02-13 00:23:46 D016F5092E4FFC41147E8555A71D2DDE 23170048 —-a-w- C:\Windows\Sysnative\mshtml.dll
2014-02-13 00:23:46 3906C9640406FC0FC00A324947C74893 708608 —-a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-02-13 00:23:45 6300AD525D639CECBB3D144B6D7B30F9 2765824 —-a-w- C:\Windows\Sysnative\iertutil.dll
2014-02-13 00:23:44 83296DE8CFFEADA636DCC1AB2E3BF643 2041856 —-a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-02-13 00:23:44 263B6E451526A90FF8B1CEC759F22956 2334208 —-a-w- C:\Windows\Sysnative\wininet.dll
2014-02-13 00:23:44 22874047B810B5B174C68ACD7C0B6510 1393664 —-a-w- C:\Windows\Sysnative\urlmon.dll
2014-02-13 00:23:43 DB02F4D37E5F7F07A0D0F9FAA68249EE 13051392 —-a-w- C:\Windows\Sysnative\ieframe.dll
2014-02-13 00:23:40 5922EEA922D3AD686342F866CAEE851F 5768704 —-a-w- C:\Windows\Sysnative\jscript9.dll
2014-02-13 00:21:09 1B3741488AA7E237961A29D1E7A44C0A 626176 —-a-w- C:\Windows\Sysnative\RMActivate.exe
2014-02-13 00:21:09 17CF3B3F68272BD40C878D4DBAB0EBC9 658432 —-a-w- C:\Windows\Sysnative\RMActivate_isv.exe
2014-02-13 00:21:07 297926B15AE5390409F1007EB28A8EFB 552960 —-a-w- C:\Windows\Sysnative\RMActivate_ssp_isv.exe
2014-02-13 00:21:06 03F8F411F118CFDA508E77C747BB05EA 553984 —-a-w- C:\Windows\Sysnative\RMActivate_ssp.exe
2014-02-13 00:21:04 5693212AB2EBCACBBE05EC3A642113E2 485888 —-a-w- C:\Windows\Sysnative\secproc_isv.dll
2014-02-13 00:21:03 399FC1B75790EE606A6FD9F2FB4C891C 488448 —-a-w- C:\Windows\Sysnative\secproc.dll
2014-02-13 00:21:02 C6AC2C91541D24F9E236A670C0CA793D 528384 —-a-w- C:\Windows\Sysnative\msdrm.dll
2014-02-13 00:20:59 B41B1FEDEBBD955B4E25676B42087885 123392 —-a-w- C:\Windows\Sysnative\secproc_ssp.dll
2014-02-13 00:20:57 DC6DD779F35BB42E2E76FDFEC565C251 123392 —-a-w- C:\Windows\Sysnative\secproc_ssp_isv.dll
2014-02-13 00:20:04 0D298133C359AB8CB9EB4FA178BF3947 1882112 —-a-w- C:\Windows\Sysnative\msxml3.dll
2014-02-13 00:20:03 CD2C20CC3B385A32701F78C0ACBBE9F3 2048 —-a-w- C:\Windows\Sysnative\msxml3r.dll
2014-02-13 00:18:41 EA093130471090037BB70A4AF86FAD1B 420008 —-a-w- C:\Windows\Sysnative\locale.nls
2014-02-13 00:16:28 E8710B5DDA963E6BA198DF5FB209E72A 2565120 —-a-w- C:\Windows\Sysnative\d3d10warp.dll
2014-02-13 00:16:21 C676E5EA388AF7C4C031F56F9B42E362 3928064 —-a-w- C:\Windows\Sysnative\d2d1.dll
====== C:\Windows\Sysnative\drivers =====
2014-02-14 21:46:48 858BC9345F2BD44140C4B2F8EED8EB42 5681196 —-a-w- C:\Windows\Sysnative\drivers\rtvienna.dat
2014-02-14 21:46:47 69976169745EDFB3225D9ABEB5E91155 3771352 —-a-w- C:\Windows\Sysnative\drivers\RTKVHD64.sys
2014-02-14 21:46:46 8AD236A88D274D688105C23679723581 693385 —-a-w- C:\Windows\Sysnative\drivers\RTAIODAT.DAT
2014-02-14 21:46:15 477E33019A855D9B8E7B3263CB9A1AE5 497424 —-a-w- C:\Windows\Sysnative\drivers\e1k62x64.sys
2014-02-14 21:45:53 3E636A8B877F843C5F531BF478B24910 266968 —-a-w- C:\Windows\Sysnative\drivers\RtsUStor.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-02-11 23:31:13 ——– d—–w- C:\Program Files\TeamSpeak 3 Client
2014-02-08 23:08:21 ——– d—–w- C:\Program Files\VideoLAN
2014-01-30 00:44:05 ——– d—–w- C:\Program Files\Adblock Plus for IE
======= C:\PROGRA~2 =====
2014-02-15 01:46:22 ——– d—–w- C:\PROGRA~2\COMMON~1\Protexis
2014-02-15 01:44:06 ——– d—–w- C:\PROGRA~2\Corel
2014-02-14 19:45:25 ——– d—–w- C:\PROGRA~2\IObit
2014-02-13 22:18:43 ——– d—–w- C:\PROGRA~2\encryptdrop
2014-02-06 10:53:28 ——– d—–w- C:\PROGRA~2\Mozilla Thunderbird
2014-02-02 01:02:15 ——– d—–w- C:\PROGRA~2\FCleaner
2014-01-29 23:46:44 ——– d—–w- C:\PROGRA~2\PDF Architect
======= C: =====
====== C:\Users\Willem\AppData\Roaming ======
2014-02-15 01:47:22 ——– d—–w- C:\Users\Willem\AppData\Roaming\Ulead Systems
2014-02-15 01:47:20 ——– d—–w- C:\Users\Willem\AppData\Local\Corel PaintShop Pro
2014-02-15 00:09:56 ——– d—–w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\IObit
2014-02-14 19:57:28 ——– d—–w- C:\Users\Willem\AppData\Local\Popajar
2014-02-14 19:46:13 ——– d—–w- C:\Users\Willem\AppData\Locallow\IObit
2014-02-14 19:45:10 ——– d—–w- C:\Users\Willem\AppData\Roaming\IObit
2014-02-12 14:48:57 A521B5C73AD82482D0DD6EDD0C0BC774 82992 —-a-w- C:\Windows\SysNative\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-12 01:02:32 ——– d—–w- C:\Users\Willem\AppData\Roaming\AnvSoft
2014-02-11 23:31:27 ——– d—–w- C:\Users\Willem\AppData\Roaming\TS3Client
2014-02-02 01:02:33 ——– d—–w- C:\Users\Willem\AppData\Roaming\FTWeak
2014-01-30 00:44:07 ——– d—–w- C:\Users\Willem\AppData\Locallow\Adblock Plus for IE
2014-01-29 23:48:19 ——– d—–w- C:\Users\Willem\AppData\Roaming\PDF Architect
====== C:\Users\Willem ======
2014-02-18 00:50:39 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Willem\Desktop\RSITx64 (1).exe
2014-02-16 15:41:56 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 —-a-w- C:\Users\Willem\Desktop\esetsmartinstaller_enu.exe
2014-02-15 01:45:12 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X5
2014-02-14 21:48:03 D41D8CD98F00B204E9800998ECF8427E 0 —ha-w- C:\ProgramData\DP45977C.lfl
2014-02-14 19:45:51 ——– d—–w- C:\ProgramData\IObit
2014-02-13 22:19:02 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\encryptdrop
2014-02-13 22:18:11 B9DE495AD954CBF5D666843DDF0CDAE2 1300550 —-a-w- C:\Users\Willem\Desktop\encryptdrop_setup.exe
2014-02-12 01:02:22 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2014-02-11 23:31:16 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-02-02 01:02:19 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FCleaner
2014-02-02 01:02:18 ——– d—–w- C:\ProgramData\FTWeak
2014-01-29 23:46:47 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
2014-01-25 01:20:17 ——– d-s—w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
wim

18-02-2014 13:52

-vervolg
====== C: exe-files ==
2014-02-18 01:53:50 824C8B34E89F6829855B543586E7EF13 10073120 —-a-w- C:\Users\Willem\AppData\Roaming\Azureus\tmp\AZU33318404682652955.tmp\Vuze_5.3.0.0_win32.exe
2014-02-18 00:50:48 E4F8047DB3F79867F8AAED8CB0EBAA3F 544 —-a-w- C:\$RECYCLE.BIN\S-1-5-21-4143939538-3833764649-2899497851-1001\$I2PLNGU.exe
2014-02-18 00:50:39 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Willem\Desktop\RSITx64 (1).exe
2014-02-18 00:22:47 9A821D8D62F4C60232B856E98CBA7E4F 96768 —-a-w- C:\Users\Willem\AppData\Local\Temp\EE7D09A3-76D7-47A8-AC8B-971BC61B7451\DismHost.exe
2014-02-16 15:41:56 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 —-a-w- C:\Users\Willem\Desktop\esetsmartinstaller_enu.exe
2014-02-16 15:40:06 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\$RECYCLE.BIN\S-1-5-21-4143939538-3833764649-2899497851-1001\$R2PLNGU.exe
2014-02-16 13:35:20 FD35BD83DCD48338931442B47644719A 192512 —-a-w- C:\Users\Willem\AppData\Local\Temp\HouseCall\bspatch.exe
2014-02-16 13:35:17 D53C8E3487CA0FF26F96C67F35ADA162 2674152 —-a-w- C:\Users\Willem\AppData\Local\Temp\HCBackup\hcpackage64.exe
2014-02-16 01:00:13 2E0323A94915FAAB10A25F3BABF82584 157696 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-02-16 00:14:12 08AF557C8E6E74D7D92314F6B2C86273 4608 —-a-w- C:\Users\Willem\AppData\Local\Temp\i4jdel0.exe
2014-02-15 02:53:16 5C74AD321FDD45D4562F6F67D9A75C84 1145120 —-a-w- C:\Users\Willem\AppData\Local\Temp\6618\ProjectOnUninstall.exe
2014-02-15 02:52:18 398AA8F18B72F46F40E9D42A6C714B0E 1185088 —-a-w- C:\Program Files (x86)\IObit\Surfing Protection\unins000.exe
2014-02-15 02:51:17 0B5398EA94DF801B6228A13B623B5B24 34477624 —-a-w- C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare 7.exe
2014-02-15 02:51:15 58A8AAF6CA71B5E2843FC282A5A24CFB 1756448 —-a-w- C:\Users\Willem\AppData\Local\Temp\ASCDownloader\ActionCenterDownloader.exe
2014-02-15 02:17:31 5C74AD321FDD45D4562F6F67D9A75C84 1145120 —-a-w- C:\Users\Willem\AppData\Local\Temp\3284\ProjectOnUninstall.exe
2014-02-15 01:53:00 0E9AB9B9798100ADC1F0C329D53A9C70 100618064 —-a-w- C:\Users\Willem\AppData\Local\Temp\Rar$EXa0.409\~Get Your Software Here\PSPX5_SP3.exe
2014-02-15 01:52:40 6EB53FFE143CBCBF833B6E00D0B89958 145320240 —-a-w- C:\Users\Willem\AppData\Local\Temp\Rar$EXa0.409\~Get Your Software Here\1_setup.exe
2014-02-15 01:50:15 0E9AB9B9798100ADC1F0C329D53A9C70 100618064 —-a-w- C:\Users\Willem\AppData\Local\Temp\Rar$EXa0.723\~Get Your Software Here\PSPX5_SP3.exe
2014-02-15 01:49:56 6EB53FFE143CBCBF833B6E00D0B89958 145320240 —-a-w- C:\Users\Willem\AppData\Local\Temp\Rar$EXa0.723\~Get Your Software Here\1_setup.exe
2014-02-15 01:41:37 0E9AB9B9798100ADC1F0C329D53A9C70 100618064 —-a-w- C:\Users\Willem\AppData\Local\Temp\Rar$EXa0.034\~Get Your Software Here\PSPX5_SP3.exe
2014-02-15 01:41:34 6EB53FFE143CBCBF833B6E00D0B89958 145320240 —-a-w- C:\Users\Willem\AppData\Local\Temp\Rar$EXa0.034\~Get Your Software Here\1_setup.exe
2014-02-14 21:46:51 ACA3B1A550ED553028F5FDBFA0398A22 101120 —-a-w- C:\Program Files\Realtek\Audio\HDA\WavesSvc.exe
2014-02-14 21:46:51 2FF3426DE6BB81F20849755381B47B52 287488 —-a-w- C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
2014-02-14 21:46:51 2A21E75EF80242E0646E7567993E977D 562792 —-a-w- C:\Program Files\Realtek\Audio\HDA\vncutil64.exe
2014-02-14 21:46:47 781BAF1C6935A5D60C7945B34313F2DE 7506136 —-a-w- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
2014-02-14 21:46:47 72C58C9DE23EE6B9B15E9D3A33E5B59E 1719512 —-a-w- C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe
2014-02-14 21:46:47 6158659D8A14CE144CF2634B881399D6 289496 —-a-w- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
2014-02-14 21:46:47 54BF6A01D8E2C804612703F878E2BCDC 978648 —-a-w- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
2014-02-14 21:46:45 F31CDC26F3624750C2AE2DEFF1E598DA 1368792 —-a-w- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
2014-02-14 21:46:45 16438B000BF56F2CD7FDB5E6C3B38C7E 13662936 —-a-w- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2014-02-14 21:46:43 736E5D35E9AA5F847CC84A0DA6BF2B18 3670272 —-a-w- C:\Program Files\Realtek\Audio\HDA\MaxxAudioControl64.exe
2014-02-14 21:46:41 6688B6F74C360CBC366B7AF948D9084D 240576 —-a-w- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
2014-02-14 21:46:41 0C57BAD785EEAD029ABF6CBCF43E9A39 51776 —-a-w- C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-02-14 21:46:40 F9EDCA74B8CB3744159DEF02352F7BD6 58880 —-a-w- C:\Program Files\Realtek\Audio\HDA\CreateRtkToastLnk.exe
2014-02-14 21:46:40 D1E343BC00136CE03C4D403194D06A80 98208 —-a-w- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
2014-02-14 21:46:40 44BB65B1D3827043978FC8E11CA7C0B4 210024 —-a-w- C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
2014-02-14 21:39:44 E8E8A70102A95CABDDF8FE040961721D 2339136 —-a-w- C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\chrome.exe
2014-02-14 21:39:00 13BECDBFC9F055C1D07479F38C4A2123 7267616 —-a-w- C:\ProgramData\IObit\ASCDownloader\Smart Defrag 3.exe
2014-02-14 21:38:48 D9365C61C616D0F8369D9D4B23A16912 13933264 —-a-w- C:\ProgramData\IObit\ASCDownloader\Driver Booster.exe
2014-02-14 21:38:37 EFC5AF1AF298781D459C80A3C75E5873 23688584 —-a-w- C:\ProgramData\IObit\ASCDownloader\IObit Malware Fighter 2.exe
2014-02-14 19:57:28 27A78D9C93196F9F37C94EBAF0F6225D 50688 —-a-w- C:\Users\Willem\AppData\Local\Popajar\UpdateChecker\uninstall.exe
2014-02-14 19:46:02 497AF28F6231FA74DE734C9628F30FAD 1362240 —-a-w- C:\Program Files (x86)\IObit\Surfing Protection\SPUpdate.exe
2014-02-14 19:46:01 A2BEBB4B29D426CC58F98B297E84970E 1244992 —-a-w- C:\Program Files (x86)\IObit\Surfing Protection\PluginInstall.exe
2014-02-14 19:45:59 935E2093CEED8198C820B7F60BB63167 2151200 —-a-w- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
2014-02-13 22:18:11 B9DE495AD954CBF5D666843DDF0CDAE2 1300550 —-a-w- C:\Users\Willem\Desktop\encryptdrop_setup.exe
2014-02-13 14:55:30 B0AB350E3E98C7FB1E4930F762D0477B 3273016 —-a-w- C:\Users\Willem\AppData\Local\NVIDIA\NvBackend\Packages\000057eb\DAO.17845377.exe
2014-02-13 00:23:48 AFAB9B381886ABE3490689B7633A858F 482816 —-a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-02-13 00:23:48 9E8F9FDD407DDE997965EEFD9E635CCF 469504 —-a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-02-13 00:23:44 C6E1178294BDEAB1CACF50427688DF05 806104 —-a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-02-13 00:23:44 4263F6C131E513CEA1AE82B5B81A4E1A 808152 —-a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-02-12 14:54:36 69BAC259A78561327ECFDE108BB5B686 3241056 —-a-w- C:\Users\Willem\AppData\Local\NVIDIA\NvBackend\Packages\000057d2\DAO.17829829.exe
2014-02-12 01:02:13 F5E6D3F393383040721C724E6CD1B589 40960 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\SendSignal.exe
2014-02-12 01:02:10 7C9FD421D420ECA27D43237F0569BAC4 777137 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\genisoimage\genisoimage.exe
2014-02-12 01:02:07 780DAA4D6ACFC6475F6910138EE44271 19802624 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\avc\mplayer.exe
2014-02-12 01:02:06 E00DDE221088882CB62102036E785A3E 247175 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\mpeg2enc.exe
2014-02-12 01:02:06 A701286880A6803A5EAC49DCA852DD6F 226816 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\tsMuxeR.exe
2014-02-12 01:02:06 A1B2F19F552160C0A32C18A5B91C31BE 255437 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\mplex.exe
2014-02-12 01:02:06 9174800DAA19F6D7DD35D3E0EC467D0E 32148 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\qt-faststart.exe
2014-02-12 01:02:06 8DDDA00BF809C2EE574EBA59CD98212E 488744 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\mp4creator.exe
2014-02-12 01:02:06 61F324A54B7407E2563FCC03AB3A402B 89088 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\spumux.exe
2014-02-12 01:02:06 43A13E3A323ED8B95E2FED789BB26C18 13824 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\mpeg2desc.exe
2014-02-12 01:02:06 24690476ED56CC7DEFEB4C7808D12A0E 20480 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\spuunmux.exe
2014-02-12 01:02:05 02ED66B5B82700E2A610A9107E97B52F 166400 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\MP4Box.exe
2014-02-12 01:02:04 BA775F229128A3667802809CBBFBDAC0 40960 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\FlvBind.exe
2014-02-12 01:02:03 5FD9B90318F2765E31796C086088AB8D 12724736 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\ffmpeg.exe
2014-02-12 01:02:03 0B3D2BA6A8414373A36FCBB843820A3F 113664 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\dvdauthor.exe
2014-02-12 01:02:00 9459FED7E43029BDD8EA6CEC84D3EADA 994576 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\AVCFree.exe
2014-02-12 01:01:59 C0EFCD0AC7B83643BF5E00AE6A1FF7DB 1193808 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\unins000.exe
2014-02-11 23:31:17 C99CF0594F6E7BDDA3A133FCC949793F 126223 —-a-w- C:\Program Files\TeamSpeak 3 Client\Uninstall.exe
2014-02-11 22:20:49 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 —-atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe
2014-02-11 22:20:49 BA5C08130D2EFBD4E546912646DC4461 847640 —-a-w- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateSetup.exe
2014-02-11 22:20:49 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 —-atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateBroker.exe
2014-02-11 22:20:27 EA8B5B41163A06FFA8930F5316473035 273800 —-atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
2014-02-11 22:20:27 C98ACDE22458C8F46FD0503CB9E2D01F 223112 —-atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
2014-02-11 22:20:26 506708142BC63DABA64F2D3AD1DCD5BF 116648 —-atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdate.exe
2014-02-11 22:20:22 BA5C08130D2EFBD4E546912646DC4461 847640 —-a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe
=== C: other files ==
2014-02-16 13:35:21 185F415B42679577D2CC430DD04B0784 2593 —-a-w- C:\Users\Willem\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip
2014-02-16 01:00:13 7178963AEE641F3E47E1CE22416F8A3A 9295 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\runvalues.bat
2014-02-16 01:00:13 58605DA3492FB918D3D40B1FB88046AE 39471 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\prelim.bat
2014-02-16 01:00:13 372EA6F783198102CF5779072EE78C79 24751 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\searchlnk.bat
2014-02-16 01:00:13 1FBF882AA934A741530741FC134872A3 1243 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\TDL4.bat
2014-02-16 01:00:12 DFB8D08F2FD68D58239045B366D68CE2 10261 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\JRT.bat
2014-02-16 01:00:12 CC6C23C02BE66014AD87F2678BBB3A1D 8117 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\modules.bat
2014-02-16 01:00:12 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\chrome.bat
2014-02-16 01:00:12 B964B792D3692699CD7D4FDB63EE470E 1239 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\FWPolicy.bat
2014-02-16 01:00:12 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\ask.bat
2014-02-16 01:00:12 AE697BC275F5B52FB9E1164F14FB18F8 151936 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\firefox.bat
2014-02-16 01:00:12 8C7709AE609C5235976C4567E810D4B8 154424 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\misc.bat
2014-02-16 01:00:12 868D0E22DC055BA214D7EC71600F2CFA 16063 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\get.bat
2014-02-16 01:00:12 80D02380F1AC33E459324B088392A1EC 732 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\ev_clear.bat
2014-02-16 01:00:12 75C9C20DD9839BF287B43B0E179822DC 31414 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\iexplore.bat
2014-02-16 01:00:12 654E9FE74B930A454EE5BDE165794B65 85 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\delorphans.bat
2014-02-16 01:00:12 14D6EE8B672684E2232FB430D8C4A928 18668 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\medfos.bat
2014-02-16 01:00:12 0768E560CCD86C18F35FAD29DCEA7B80 1820 —-a-w- C:\Users\Willem\AppData\Local\Temp\jrt\delfolders.bat
2014-02-15 20:05:49 000240B0D546724F1DE1899C22AA1610 2554719 —-a-w- C:\Users\Willem\AppData\Local\Temp\swt-4233-win32-win32-x86.zip
2014-02-15 20:05:35 CD0E05DBDC8984548DBA144E20D0F35C 9234316 —-a-w- C:\Users\Willem\AppData\Local\Temp\Vuze_5.3.0.0_win32.zip
2014-02-14 21:46:47 69976169745EDFB3225D9ABEB5E91155 3771352 —-a-w- C:\WINDOWS\System32\drivers\RTKVHD64.sys
2014-02-14 21:46:15 477E33019A855D9B8E7B3263CB9A1AE5 497424 —-a-w- C:\WINDOWS\System32\drivers\e1k62x64.sys
2014-02-14 21:45:53 3E636A8B877F843C5F531BF478B24910 266968 —-a-w- C:\WINDOWS\System32\drivers\RtsUStor.sys
2014-02-14 19:56:40 76485C25B3557E4EB293CF72A26F0DB3 490422 —-a-w- C:\Users\Willem\AppData\Roaming\Mozilla\Firefox\Profiles\0rcaef2i.default\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi
2014-02-14 19:46:04 032694B0FE8D2AE6EC544B989E1CBF75 341164 —-a-w- C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx
==== Startup Registry Enabled ======================
“ISUSPM”=“C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler”
“swg”=“C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“panda4_0dn”=“reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn /f”
“panda4_0dn_XP”=“reg.exe delete HKCU\Software\panda4_0dn /f”
“panda4_0dn”=“reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn /f”
“panda4_0dn_XP”=“reg.exe delete HKCU\Software\panda4_0dn /f”
“DMXLauncher”=“C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe”
“F-Secure Hoster (45123)”=“C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe -app -hosterid:1”
“F-Secure Manager”=“C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE /splash”
“ST Recovery Launcher”=“%WINDIR%\SMINST\VistaLauncher.exe ”
“ISUSPM”=“C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler”
“swg”=“C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
==== Startup Registry Enabled x64 ======================
“Nvtmru”=“C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe”
“ShadowPlay”=“C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart”
“NvBackend”=“C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe”
==== Startup Registry Disabled ======================
“DNS7reminder”=“\”C:\\Program Files (x86)\\Nuance\\NaturallySpeaking11\\Ereg\\Ereg.exe\“ -r \”C:\\ProgramData\\Nuance\\NaturallySpeaking11\\Ereg.ini\“”
“Adobe ARM”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
==== Startup Registry Disabled x64 ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“@ssm.vendorid@_McciTrayApp”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\ZiggoOnlineHelp\\McciTrayApp.exe\“”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Ad-Aware Antivirus”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Ad-Aware Antivirus\\AdAwareLauncher\“ –windows-run”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Ad-Aware Browsing Protection”
“hkey”=“HKLM”
“command”=“\”C:\\ProgramData\\Ad-Aware Browsing Protection\\adawarebp.exe\“”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Adobe ARM”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“AdobeAAMUpdater-1.0”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Advanced SystemCare 7”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\IObit\\Advanced SystemCare 7\\ASCTray.exe\“ /Auto”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“AllShareAgent”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\Samsung\\AllShare\\AllShareAgent.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“APSDaemon”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Badoo Desktop”
“hkey”=“HKCU”
“command”=“C:\\ProgramData\\Badoo\\Badoo Desktop\\1.6.55.1183\\Badoo.Desktop.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“CommonToolkitTray”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\Fighters\\Tray\\FightersTray.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Corel File Shell Monitor”
“hkey”=“HKLM”
“command”=“c:\\Program Files (x86)\\Corel\\Corel PaintShop Photo Pro\\X3\\PSPClassic\\CorelIOMonitor.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Corel Photo Downloader”
“hkey”=“HKCU”
“command”=“\”c:\\Program Files (x86)\\Common Files\\Corel\\Corel PhotoDownloader\\Corel Photo Downloader.exe\“ -startup”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Eraser”
“hkey”=“HKLM”
“command”=“\”C:\\PROGRA~1\\Eraser\\Eraser.exe\“ –atRestart”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Facebook Update”
“hkey”=“HKCU”
“command”=“\”C:\\Users\\Willem\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\“ /c /nocrashserver”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“FTweakFCleaner”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\FCleaner\\FCleaner.exe -a”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“GoogleChromeAutoLaunch_06D8D265122815681BEAC933F95514A2”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\“ –no-startup-window”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“IObit Malware Fighter”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\IObit\\IObit Malware Fighter\\IMF.exe\“ /autostart”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“ISUSPM”
“hkey”=“HKCU”
“command”=“C:\\ProgramData\\FLEXnet\\Connect\\11\\ISUSPM.exe -scheduler ”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“KiesHelper”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\Samsung\\Kies\\KiesHelper.exe /s”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“KiesPDLR”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe ”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“KiesPreload”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“KiesTrayAgent”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Mobile Partner”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\HiSuite\\HiSuite.exe -s”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“msnmsgr”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\“ /background”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“PWRISOVM.EXE”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\PowerISO\\PWRISOVM.EXE -startup”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“QuickTime Task”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\QuickTime\\QTTask.exe\“ -atboottime”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“RoxWatchTray”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“RtHDVCpl”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SDTray”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Skype”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\“ /minimized /regrun”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Spybot-S&D Cleaning”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDCleaner.exe\“ /autoclean”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SunJavaUpdateSched”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SUPERAntiSpyware”
“hkey”=“HKCU”
“command”=“C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“swg”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“UpdateChecker”
“hkey”=“HKCU”
“command”=“C:\\Users\\Willem\\AppData\\Local\\Popajar\\UpdateChecker\\UpdateCheckerApp.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“VoipBuster”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\“ -nosplash -minimized”
“path”=“C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ImageBrowser EX Agent.lnk”
“backup”=“C:\\Windows\\pss\\ImageBrowser EX Agent.lnk.CommonStartup”
“backupExtension”=“.CommonStartup”
“command”=“C:\\PROGRA~2\\Canon\\IMAGEB~1\\MFMANA~1.EXE ”
“item”=“ImageBrowser EX Agent”
“path”=“C:\\Users\\Willem\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\encryptdrop.lnk”
“backup”=“C:\\Windows\\pss\\encryptdrop.lnk.Startup”
“backupExtension”=“.Startup”
“command”=“C:\\PROGRA~2\\ENCRYP~1\\ENCRYP~1.EXE -silent”
“item”=“encryptdrop”
“path”=“C:\\Users\\Willem\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Facebook Messenger.lnk”
“backup”=“C:\\Windows\\pss\\Facebook Messenger.lnk.Startup”
“backupExtension”=“.Startup”
“command”=“C:\\Users\\Willem\\AppData\\Local\\Facebook\\MESSEN~1\\214814~1.0\\FACEBO~1.EXE ”
“item”=“Facebook Messenger”
“path”=“C:\\Users\\Willem\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.3 .lnk”
“backup”=“C:\\Windows\\pss\\OpenOffice.org 3.3 .lnk.Startup”
“backupExtension”=“.Startup”
“command”=“C:\\PROGRA~2\\OPENOF~1.ORG\\program\\QUICKS~1.EXE ”
“item”=“OpenOffice.org 3.3 ”
“SunJavaUpdateSched”=“\”C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\“”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce0b1024662774.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Ad-Aware Antivirus Scheduled Scan”
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\CCleanerSkipUAC”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1ce0b1024662774”
“C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate”
“C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates”
“C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization”
“C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system”
==== Folders in C:\PROGRA~3 0-6 Months Old ======================
2013-09-07 21:30:08 ——– d—–w- C:\PROGRA~3\Auslogics
2013-10-02 22:07:43 ——– d—–w- C:\PROGRA~3\EA Logs
2013-10-06 18:34:31 ——– d—–w- C:\PROGRA~3\Ad-Aware Browsing Protection
2013-10-06 18:34:42 ——– d—–w- C:\PROGRA~3\Downloaded Installations
2013-10-06 18:35:21 ——– d—–w- C:\PROGRA~3\Lavasoft
2013-10-06 18:48:01 ——– d—–w- C:\PROGRA~3\Ad-Aware Antivirus
2013-11-04 19:49:36 ——– d—–w- C:\PROGRA~3\Zylom
2013-11-06 02:23:20 ——– d—–w- C:\PROGRA~3\PC Unleashed Online
2014-01-13 18:45:18 ——– d—–w- C:\PROGRA~3\Canon_Inc_IC
2014-01-14 13:17:24 ——– d—–w- C:\PROGRA~3\Protexis64
2014-02-02 01:02:18 ——– d—–w- C:\PROGRA~3\FTWeak
2014-02-14 19:45:51 ——– d—–w- C:\PROGRA~3\IObit
==== Firefox Extensions Registry ======================
“FFPDFArchitectConverter@pdfarchitect.com”=hex(2):43,00,3a,00,5c,00,50,00,72,\
==== Firefox Extensions ======================
ProfilePath: C:\Users\Willem\AppData\Roaming\Mozilla\Firefox\Profiles\0rcaef2i.default
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Bitdefender QuickScan - %ProfilePath%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
- SmileysWeLove: Smileys for use with Facebook GMail and more - %ProfilePath%\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi
ProfilePath: C:\Users\Willem\AppData\Roaming\Thunderbird\Profiles\i0mh1byb.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Willem\AppData\Roaming\Mozilla\Firefox\Profiles\0rcaef2i.default
FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director
==== Deleted Firefox Extensions ======================
C:\Users\Willem\AppData\Roaming\Mozilla\Firefox\Profiles\0rcaef2i.default\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx
Advanced SystemCare Surfing Protection - Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Advanced SystemCare Surfing Protection - Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Angry Birds - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Google Docs - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf
WOT - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
YouTube - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Advanced SystemCare Surfing Protection - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Google Wallet - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.com”
“Search Bar”=“http://www.google.com/ie”
@=“http://www.google.com/search?q=%s”
“Tabs”=“http://www.google.com”
“Tabs”=“http://www.google.com”
“Default_Search_URL”=“http://www.google.com/ie”
New Values:
“Search Bar”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Start Page”=“http://www.google.com”
“(Default)”=“http://search.msn.com/results.asp?q=%s”
“Tabs”=“res://ieframe.dll/tabswelcome.htm”
“Tabs”=“res://ieframe.dll/tabswelcome.htm”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url=“Not_Found”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
{836C12FA-3BFE-4DEA-8358-676AC8110D98} Google Url=“http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GGHP_nlNL454”
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4143939538-3833764649-2899497851-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A8BE88F30B8922A46AC5E2B39615997F deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3F88EB8A-98B0-4A22-A65C-2E3B695199F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A8BE88F30B8922A46AC5E2B39615997F deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 7 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Badoo Desktop deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper deleted successfully
==== HijackThis Entries ======================
O1 - Hosts: ::1 localhost
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe” -app -hosterid:1
O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE” /splash
O4 - HKLM\..\RunOnce: %WINDIR%\SMINST\VistaLauncher.exe
O4 - HKCU\..\Run: C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKUS\S-1-5-18\..\RunOnce: reg.exe delete “HKCU\Software\AppDataLow\Software\panda4_0dn” /f (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\RunOnce: reg.exe delete “HKCU\Software\panda4_0dn” /f (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\RunOnce: reg.exe delete “HKCU\Software\AppDataLow\Software\panda4_0dn” /f (User ‘Default user’)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - https://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myheritage.com/FP/ImageUploader/ImageUploader5.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HiSuiteOuc64.exe - Unknown owner - C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Willem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Willem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=470 folders=89 219047109 bytes)
==== Empty Temp Folders ======================
C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Willem\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Willem\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on di 18-02-2014 at 13:28:09,92 ======================
Ben

18-02-2014 15:44

Hallo,
Verwijder de volgende programma's (of je moet er één expres hebben aan geschaft)
Ad-Aware Antivirus/Lavasoft
Spybot - Search & Destroy 2
IObit/Advanced SystemCare
FCleaner
FTWeak
Badoo
HERSTART JE PC.
Voer daarna zoek.exe nogmaals uit met de volgende code;
firefoxlook;
emptyclsid;
torpigcheck;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
Plaats het verkregen logje.
Wim

18-02-2014 16:45

Hallo Ben, hier het logje:
Zoek.exe v5.0.0.0 Updated 17-February-2014
Tool run by Willem on di 18-02-2014 at 16:13:29,57.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Willem\Desktop\zoek.exe
==== Older Logs ======================
C:\zoek-results2014-02-18-122809.log 93989 bytes
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Empty Folders Check ======================
C:\PROGRA~2\Lavasoft deleted successfully
C:\Users\Willem\AppData\Roaming\FTWeak deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
C:\Users\Willem\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Windows\wininit.ini deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4087 MB
CPU Info: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
CPU Speed: 2719.3 MHz
Sound Card: Luidsprekers (Realtek High Defi |
Realtek Digital Output (Realtek |
Display Adapters: NVIDIA GeForce GTS 250 | NVIDIA GeForce GTS 250 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm |
Screen Resolution: 1920 X 1200 - 32 bit
Network: Network Present
Network Adapters: Intel(R) 82578DC Gigabit Network Connection
CD / DVD Drives: 2x (G: | H: | ) G: TSSTcorpCDDVDW SH-S223C | H: ROXIO DVD-ROM EMULATOR
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C: 287.3GB | D: 546.0GB | E: 551.3GB | F: 12.7GB
Hard Disks - Free: C: 96.8GB | D: 484.2GB | E: 393.3GB | F: 7.2GB
Manufacturer *: Intel Corp.
BIOS Info: AT/AT COMPATIBLE | 08/02/09 | INTEL - 7a
Time Zone: West-Europa (standaardtijd)
Motherboard *: Intel Corporation DP55WB
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: Basis On-access scanning disabled (Outdated)
Anti-Spyware: Basis disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 32.0.1700.107
Internet Explorer Version: 11.0.9600.16518
Mozilla Firefox version: 25.0 (x86 nl)
Google Chrome version: 32.0.1700.107
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_51 (32-bit)
Sun Java version: 1.7.0_45 (64-bit)
Flash Player version: 12.0.0.44
Shockwave Player version: 12.0.7r148
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Willem\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-02-16 18:39:47 9A386EC60A166DF66205343CA12C6B86 215128 —-a-w- C:\Windows\SysWOW64\PnkBstrB.exe
2014-02-14 21:46:48 FDDC4D6EC3B2BD3B5A04C22881305621 74064 —-a-w- C:\Windows\SysWOW64\SFCOM.dll
2014-02-14 21:46:43 99DE7F0838685CE9F4C39E58FEE6F48B 790272 —-a-w- C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2014-02-14 21:45:53 3331806A4E3026A4583C1565816CEA8E 9889352 —-a-w- C:\Windows\SysWOW64\RtsUStoricon.dll
2014-02-13 00:25:38 3D485254E43EF4E4F707346B5731EA9A 454656 —-a-w- C:\Windows\SysWOW64\vbscript.dll
2014-02-13 00:23:51 B8F28AAC003060E3B125D2447CFC19E2 164864 —-a-w- C:\Windows\SysWOW64\msrating.dll
2014-02-13 00:23:51 B5B3334F177CED627C2D7FE38235B6B1 2724864 —-a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 00:23:50 85AC8EB265EDCAD86D651D45C5E3AB83 440832 —-a-w- C:\Windows\SysWOW64\ieui.dll
2014-02-13 00:23:49 C9D1131E2163CE932DF3EAAF0EEA3673 524288 —-a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 00:23:48 7D6B20C69CC8EECB8F31D4FAF913BBE8 112128 —-a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 00:23:48 6A06EB11F1E5BDAA795DAE7838F9FE20 43008 —-a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 00:23:48 408805B8083896DC95E6340F4016BEBD 61952 —-a-w- C:\Windows\SysWOW64\iesetup.dll
2014-02-13 00:23:48 260D6B421E5551E8BA75D16B5CA90D9A 51200 —-a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 00:23:48 0E7B7C9F483300F9FF97C6A1E4BC4F57 32768 —-a-w- C:\Windows\SysWOW64\iernonce.dll
2014-02-13 00:23:46 5DD49C02D059C1E6E47A8FB4A076C9B1 703488 —-a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 00:23:46 0F739443669F3A48F1B2325995117BFE 553472 —-a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 00:23:45 9C89246184979A070B0C6CCF61C68136 1820160 —-a-w- C:\Windows\SysWOW64\wininet.dll
2014-02-13 00:23:45 34CBED7698D557DDB43F8732FBC2ACB9 2168320 —-a-w- C:\Windows\SysWOW64\iertutil.dll
2014-02-13 00:23:44 5D9DC6332A4FC66388B09BBE7CF53750 1156096 —-a-w- C:\Windows\SysWOW64\urlmon.dll
2014-02-13 00:23:44 40E68599FE3A10F816217D3789FCE74E 1964032 —-a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 00:23:42 79FA7D8B488F90EDE325963379A6F738 11266048 —-a-w- C:\Windows\SysWOW64\ieframe.dll
2014-02-13 00:23:41 C863E5A2417DF0F2A31ED32C3B2CB23F 17103872 —-a-w- C:\Windows\SysWOW64\mshtml.dll
2014-02-13 00:23:40 99280392987A1A96C756A9F38C4CE396 4244480 —-a-w- C:\Windows\SysWOW64\jscript9.dll
2014-02-13 00:21:08 E01D2AC63453534DB8AD1EA97DEE9C3A 594944 —-a-w- C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 00:21:08 6142C5540C8D2764D59CBC11AF4A5900 572416 —-a-w- C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 00:21:07 0F5FEF37588AF457E02125674F171A4F 508928 —-a-w- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 00:21:05 08D323750350A8A29611D1004C0CF319 510976 —-a-w- C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 00:21:04 BBCE3E9E74C7CEA47FA4115B360AC2C6 423936 —-a-w- C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 00:21:01 12A9F24DC9F465DA79AC2272D829A81E 428032 —-a-w- C:\Windows\SysWOW64\secproc.dll
2014-02-13 00:21:00 7FA485555BF802FE3DB5598004DBDFAC 390144 —-a-w- C:\Windows\SysWOW64\msdrm.dll
2014-02-13 00:20:57 58712A48D31B40EBCB35B47205F87771 87040 —-a-w- C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 00:20:56 9158DBE2F8483434FC72F320690C9DB8 87040 —-a-w- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 00:20:04 E4561704CBFA193761743E5AF746C669 1237504 —-a-w- C:\Windows\SysWOW64\msxml3.dll
2014-02-13 00:20:03 17B06F23237FCD731FA2E10ECD6EDFE1 2048 —-a-w- C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 00:18:41 EA093130471090037BB70A4AF86FAD1B 420008 —-a-w- C:\Windows\SysWOW64\locale.nls
2014-02-13 00:16:29 D96106CF60505734B14F6AE80AAA4B07 1987584 —-a-w- C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 00:16:18 14800BD31701A5047AC3145BB1E698AE 3419136 —-a-w- C:\Windows\SysWOW64\d2d1.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-02-14 21:46:51 C082B23A77E89D5AA0329777FF34A0DE 65944 —-a-w- C:\Windows\Sysnative\tepeqapo64.dll
2014-02-14 21:46:51 A58E46E776CFAD5DCBC8C2D9A920E7B4 582056 —-a-w- C:\Windows\Sysnative\tosasfapo64.dll
2014-02-14 21:46:51 95F25E2D41AACCB8956F8E3C6740E377 148416 —-a-w- C:\Windows\Sysnative\tadefxapo.dll
2014-02-14 21:46:51 771536F10F1A419622787FB5D27A8E6B 871856 —-a-w- C:\Windows\Sysnative\tossaeapo64.dll
2014-02-14 21:46:51 7380AE45CFA24369A7305520897142B8 1361336 —-a-w- C:\Windows\Sysnative\tosade.dll
2014-02-14 21:46:51 3D30D3B2776C1A24F6498F569466E8D7 162224 —-a-w- C:\Windows\Sysnative\toseaeapo64.dll
2014-02-14 21:46:51 2FCADCC14F8E540F6ADE4BF92BD8AEDD 155888 —-a-w- C:\Windows\Sysnative\SRSWOW64.dll
2014-02-14 21:46:51 1A3586235C5DEF0C05F2F0C711E94376 836544 —-a-w- C:\Windows\Sysnative\tadefxapo264.dll
2014-02-14 21:46:51 0C089E47D8BD3996742F0939DE7E2D48 2103040 —-a-w- C:\Windows\Sysnative\WavesGUILib64.dll
2014-02-14 21:46:50 D29D34D0AF33EDD9D604816154CBFE6A 244480 —-a-w- C:\Windows\Sysnative\slprp64.dll
2014-02-14 21:46:50 D1A3064BD95D337804EFCF6D8C03B406 897792 —-a-w- C:\Windows\Sysnative\sl3apo64.dll
2014-02-14 21:46:50 CC0434CBB00ECF7B4FDD072A4101AC60 1014016 —-a-w- C:\Windows\Sysnative\slcnt64.dll
2014-02-14 21:46:50 B4D7A07098508A3BCC3C57612F890F98 947760 —-a-w- C:\Windows\Sysnative\SFSS_APO.dll
2014-02-14 21:46:50 A88BE9A6C4E646A2B2A1BD3A7F4B58E7 198896 —-a-w- C:\Windows\Sysnative\SRSHP64.dll
2014-02-14 21:46:50 A028717B791416182959B325D5B40679 211184 —-a-w- C:\Windows\Sysnative\SRSTSH64.dll
2014-02-14 21:46:50 43B0E62B728A04A73FE6FAE3274FFEE7 722688 —-a-w- C:\Windows\Sysnative\sltech64.dll
2014-02-14 21:46:50 018D3D2478754AA411DE6DA6DE5F8F21 518896 —-a-w- C:\Windows\Sysnative\SRSTSX64.dll
2014-02-14 21:46:49 7B3E9344FB43D799C6462227A0E65877 221024 —-a-w- C:\Windows\Sysnative\SFNHK64.dll
2014-02-14 21:46:48 2C25AF115BDDC05D9A84D26227A08E63 81248 —-a-w- C:\Windows\Sysnative\SFCOM64.dll
2014-02-14 21:46:48 17ABCAD44A75C635583A238ED6333357 78688 —-a-w- C:\Windows\Sysnative\SFAPO64.dll
2014-02-14 21:46:47 F0D94C5786977B4C44A914683DEBAA9A 1958616 —-a-w- C:\Windows\Sysnative\RTSnMg64.cpl
2014-02-14 21:46:47 ECAEC5FBBBEF8612AF0A866AFA5F7EF2 101208 —-a-w- C:\Windows\Sysnative\RTEEL64A.dll
2014-02-14 21:46:47 D0D0D82B7366E691275E433CD34F89B2 375128 —-a-w- C:\Windows\Sysnative\RTEEP64A.dll
2014-02-14 21:46:47 CA1D7D09854D305A64B100DC1400BA21 331880 —-a-w- C:\Windows\Sysnative\RtlCPAPI64.dll
2014-02-14 21:46:47 C08DE9FE49B8DE126EE7A42C7C80450E 1021656 —-a-w- C:\Windows\Sysnative\RtkApi64.dll
2014-02-14 21:46:47 8814A281406553A2640D6A04702C63BD 14952 —-a-w- C:\Windows\Sysnative\RtkCoLDR64.dll
2014-02-14 21:46:47 6090C634C996CBA3DEB6A4A18ED91345 2588888 —-a-w- C:\Windows\Sysnative\RtkAPO64.dll
2014-02-14 21:46:47 0E2C5B7C842024F50B1795A980C4D0FF 2810072 —-a-w- C:\Windows\Sysnative\RtPgEx64.dll
2014-02-14 21:46:47 0805289E121F3E3C458C970B08314EB2 149608 —-a-w- C:\Windows\Sysnative\RtkCfg64.dll
2014-02-14 21:46:46 E9D4A333DF15D06C68AC4BFB9B6581CB 310104 —-a-w- C:\Windows\Sysnative\RP3DAA64.dll
2014-02-14 21:46:46 B6FE01558CC03F3866C9AD0ED19261D8 310104 —-a-w- C:\Windows\Sysnative\RP3DHT64.dll
2014-02-14 21:46:46 A6286A6C7A1BBFCBA17AA54384A21D1C 204120 —-a-w- C:\Windows\Sysnative\RTEED64A.dll
2014-02-14 21:46:46 A501B35471810628A9263E966FBCB362 153304 —-a-w- C:\Windows\Sysnative\RCoInstII64.dll
2014-02-14 21:46:46 6F4CD493196100EEF349D7132CECAFD9 78680 —-a-w- C:\Windows\Sysnative\RTEEG64A.dll
2014-02-14 21:46:46 43E5AC698CDB42A7823106FF22D14F26 43342848 —-a-w- C:\Windows\Sysnative\RCoRes64.dat
2014-02-14 21:46:46 2A7224C314131592497D02A57D867218 618200 —-a-w- C:\Windows\Sysnative\RtDataProc64.dll
2014-02-14 21:46:46 22CAB76AF907B82664FEDE6A653ABA2A 1286872 —-a-w- C:\Windows\Sysnative\RTCOM64.dll
2014-02-14 21:46:45 D0EB28022A91A5C084E8A7DEBB08D8D2 141584 —-a-w- C:\Windows\Sysnative\R4EEL64A.dll
2014-02-14 21:46:45 B6DBCBB878A3BE0B48E8F5045CB9CA9D 906800 —-a-w- C:\Windows\Sysnative\MISS_APO.dll
2014-02-14 21:46:45 8C3D0711219078FB6601C39387EB7B30 1286400 —-a-w- C:\Windows\Sysnative\MaxxSpeechAPO64.dll
2014-02-14 21:46:45 8882AD10853E45402CABD3BAF48A7EFC 124176 —-a-w- C:\Windows\Sysnative\R4EEA64A.dll
2014-02-14 21:46:45 587A8CF457604D84266FF858CEB60223 662784 —-a-w- C:\Windows\Sysnative\MaxxVolumeSDAPO.dll
2014-02-14 21:46:45 34775CBB1FAA0693C61994082B4C55D9 5753112 —-a-w- C:\Windows\Sysnative\NAHIMICAPOlfx.dll
2014-02-14 21:46:45 32E91908A319CF4FDDE18C6F5699E0E0 907008 —-a-w- C:\Windows\Sysnative\MaxxVoiceAPO2064.dll
2014-02-14 21:46:45 32D0421AE8550172EEFC6301685FED1C 912184 —-a-w- C:\Windows\Sysnative\NAHIMICAPOSettingsIPC.dll
2014-02-14 21:46:45 0B5EF50E26CFD1E7BF01E32E053532B2 434960 —-a-w- C:\Windows\Sysnative\R4EED64A.dll
2014-02-14 21:46:45 03625A179B27362D3A90E3331AEBE95E 7164176 —-a-w- C:\Windows\Sysnative\R4EEP64A.dll
2014-02-14 21:46:45 01096663377134C41D618AF0E53A953E 75024 —-a-w- C:\Windows\Sysnative\R4EEG64A.dll
2014-02-14 21:46:44 DD8A18C147ACD7799D84FD4A4E1C4064 1922304 —-a-w- C:\Windows\Sysnative\MaxxAudioRealtek264.dll
2014-02-14 21:46:44 61D45CFD4C0694D318D8160857CF4DDA 14153984 —-a-w- C:\Windows\Sysnative\MaxxAudioRealtek64.dll
2014-02-14 21:46:44 1B89185D5D7AB3A10B4309E16C62CC30 27644160 —-a-w- C:\Windows\Sysnative\MaxxAudioVnA64.dll
2014-02-14 21:46:44 1A6C91215105B6B6C48B0F531E1CD8FA 2036992 —-a-w- C:\Windows\Sysnative\MaxxAudioEQ64.dll
2014-02-14 21:46:44 0B8F799CDEFF2A5C4ADFA86CC22323FA 3899648 —-a-w- C:\Windows\Sysnative\MaxxAudioVnN64.dll
2014-02-14 21:46:43 E15522E4A9CF2F48395F5548167E8895 1345280 —-a-w- C:\Windows\Sysnative\MaxxAudioAPO5064.dll
2014-02-14 21:46:43 D956C3D6ECE65A10A1018A72E08C4973 1013504 —-a-w- C:\Windows\Sysnative\MaxxAudioAPOShell64.dll
2014-02-14 21:46:43 75616F8DB5C092A8A50AFEC273859DD7 318808 —-a-w- C:\Windows\Sysnative\MaxxAudioAPO20.dll
2014-02-14 21:46:43 6F7D1601DA55BBE5C7A79E01E236D7B9 603984 —-a-w- C:\Windows\Sysnative\KAAPORT64.dll
2014-02-14 21:46:43 315AEF22E309E724AD0575C75E7EF5F3 1084160 —-a-w- C:\Windows\Sysnative\MaxxAudioAPO4064.dll
2014-02-14 21:46:43 06080807E61471A18AD99F3E6FF3C9B5 663296 —-a-w- C:\Windows\Sysnative\MaxxAudioAPO30.dll
2014-02-14 21:46:41 F7C357462077156DC211AC2112FC8C53 1568360 —-a-w- C:\Windows\Sysnative\DTSS2HeadphoneDLL64.dll
2014-02-14 21:46:41 F132C08BD8C58579B400DFAA71F34CFB 1756264 —-a-w- C:\Windows\Sysnative\DTSS2SpeakerDLL64.dll
2014-02-14 21:46:41 DE32448E6B40141C80DAABFF6FBE1744 693352 —-a-w- C:\Windows\Sysnative\DTSVoiceClarityDLL64.dll
2014-02-14 21:46:41 B3977C8BA77559F4F8752AE8EB724C87 242792 —-a-w- C:\Windows\Sysnative\DTSLFXAPO64.dll
2014-02-14 21:46:41 A9B98F96FBE514ADEABD20B2BD132172 415680 —-a-w- C:\Windows\Sysnative\DTSU2PREC64.dll
2014-02-14 21:46:41 9948969B2C1987B1D64789EFEB284A84 712296 —-a-w- C:\Windows\Sysnative\DTSSymmetryDLL64.dll
2014-02-14 21:46:41 922CDA544EB5C5A57795B38ED5871B69 2743328 —-a-w- C:\Windows\Sysnative\FMAPO64.dll
2014-02-14 21:46:41 8AE860D92752CFA136979B1FF797FFDC 501184 —-a-w- C:\Windows\Sysnative\DTSU2PLFX64.dll
2014-02-14 21:46:41 37B8A8089ECED77F6CEAF74917C5D12B 487360 —-a-w- C:\Windows\Sysnative\DTSU2PGFX64.dll
2014-02-14 21:46:41 2EF5442E8E7ED20F7634EEFB09640C8F 491112 —-a-w- C:\Windows\Sysnative\DTSNeoPCDLL64.dll
2014-02-14 21:46:41 192A03A21636D3775CEE4C049C3BEB2A 432744 —-a-w- C:\Windows\Sysnative\DTSLimiterDLL64.dll
2014-02-14 21:46:40 FF31A2F57AAAB58DB78FCC961A58B206 428648 —-a-w- C:\Windows\Sysnative\DTSGainCompensatorDLL64.dll
2014-02-14 21:46:40 FAC24F4CC63235D9533DD6605E5EE6F0 1938608 —-a-w- C:\Windows\Sysnative\DDPD64A.dll
2014-02-14 21:46:40 F2CF417EF502555B139EDCD9FEBF9CD3 109848 —-a-w- C:\Windows\Sysnative\AcpiServiceVnA64.dll
2014-02-14 21:46:40 BC0474E5476E5EA0D0E1AA5AC41E2061 242792 —-a-w- C:\Windows\Sysnative\DTSGFXAPO64.dll
2014-02-14 21:46:40 B827E0AE582ACD641F0B2B052773A5CA 6217904 —-a-w- C:\Windows\Sysnative\DDPP64A.dll
2014-02-14 21:46:40 B3E9EA31E37EDCC1D54CE20504549ABE 108640 —-a-w- C:\Windows\Sysnative\AERTAR64.dll
2014-02-14 21:46:40 A1C8F811777EFA1B6BD82B226016CF2D 313520 —-a-w- C:\Windows\Sysnative\DDPO64A.dll
2014-02-14 21:46:40 8B5A737AD11EF45D9B1AEB4ED6884968 728680 —-a-w- C:\Windows\Sysnative\DTSBassEnhancementDLL64.dll
2014-02-14 21:46:40 82DF29C6D5571BFA69429563F0AED677 260272 —-a-w- C:\Windows\Sysnative\DDPA64.dll
2014-02-14 21:46:40 6E14F444A2506049EEC25CB5EDFE0905 113576 —-a-w- C:\Windows\Sysnative\CONEQMSAPOGUILibrary.dll
2014-02-14 21:46:40 3B8FB5376F5431C0101747D5138BCB9B 241768 —-a-w- C:\Windows\Sysnative\DTSGFXAPONS64.dll
2014-02-14 21:46:40 2D0895BED270D1A8CADD981A5BFC0AE5 605496 —-a-w- C:\Windows\Sysnative\audioLibVc.dll
2014-02-14 21:46:40 2CBDC11690656A1A2D03EC65AE2BCE68 209096 —-a-w- C:\Windows\Sysnative\AERTAC64.dll
2014-02-14 21:46:40 21B38D4D86A87909491F690883AE6D1E 1486952 —-a-w- C:\Windows\Sysnative\DTSBoostDLL64.dll
2014-02-14 21:46:15 FB1E6C48D4297355396ADCAF9FB09BF8 89888 —-a-w- C:\Windows\Sysnative\NicInstK.dll
2014-02-14 21:46:15 C4F70145AD24C32F4FF92C0544CBB0CD 73480 —-a-w- C:\Windows\Sysnative\e1kmsg.dll
2014-02-14 21:46:15 90B1553081F09AB1F944A07C93023C88 3093 —-a-w- C:\Windows\Sysnative\e1k62x64.din
2014-02-14 21:40:18 4D5D8058F17C873B4F0792678BAA6534 34080 —-a-w- C:\Windows\Sysnative\SmartDefragBootTime.exe
2014-02-14 21:39:53 6A6E91C06ACDBE1D85A4EC469BBB8EBB 121856 —-a-w- C:\Windows\Sysnative\IObitSmartDefragExtension.dll
2014-02-13 00:25:38 F67C7D80745379DC4C5332EFFE5AC696 548864 —-a-w- C:\Windows\Sysnative\vbscript.dll
2014-02-13 00:23:51 94C59DD02BC7EA0E421055B9946CA861 2724864 —-a-w- C:\Windows\Sysnative\mshtml.tlb
2014-02-13 00:23:50 63B5E990896BA81D604032A48CC80A5C 574976 —-a-w- C:\Windows\Sysnative\ieui.dll
2014-02-13 00:23:50 1D1D7F52EC84294859642A4309FE648E 195584 —-a-w- C:\Windows\Sysnative\msrating.dll
2014-02-13 00:23:49 FD08F8BA2437A85F500EFFE3FD3158A6 33792 —-a-w- C:\Windows\Sysnative\iernonce.dll
2014-02-13 00:23:49 E77092C38028EB0A5C461B3436E0A6D5 4096 —-a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-02-13 00:23:49 99ED8FBAFD325550D07A32664D9E3CC8 53760 —-a-w- C:\Windows\Sysnative\jsproxy.dll
2014-02-13 00:23:49 27516B54E116D5EF8B0129B5C829A87C 218624 —-a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-02-13 00:23:48 FCFAEDF0AA1A78A1875FDB798598408B 48640 —-a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-02-13 00:23:48 E129D34089E70215B65EA611F802FA9A 111616 —-a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-02-13 00:23:48 CDE728C8FB1D6E132CED44835FA44C87 627200 —-a-w- C:\Windows\Sysnative\msfeeds.dll
2014-02-13 00:23:48 C1E2C16D58D76323800C3EE5E2C5095A 66048 —-a-w- C:\Windows\Sysnative\iesetup.dll
2014-02-13 00:23:48 338415F2E9A188875B6E43B5269620B0 139264 —-a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-02-13 00:23:46 F348B2D0983C91392632B4291C517AA4 817664 —-a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-02-13 00:23:46 D016F5092E4FFC41147E8555A71D2DDE 23170048 —-a-w- C:\Windows\Sysnative\mshtml.dll
2014-02-13 00:23:46 3906C9640406FC0FC00A324947C74893 708608 —-a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-02-13 00:23:45 6300AD525D639CECBB3D144B6D7B30F9 2765824 —-a-w- C:\Windows\Sysnative\iertutil.dll
2014-02-13 00:23:44 83296DE8CFFEADA636DCC1AB2E3BF643 2041856 —-a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-02-13 00:23:44 263B6E451526A90FF8B1CEC759F22956 2334208 —-a-w- C:\Windows\Sysnative\wininet.dll
2014-02-13 00:23:44 22874047B810B5B174C68ACD7C0B6510 1393664 —-a-w- C:\Windows\Sysnative\urlmon.dll
2014-02-13 00:23:43 DB02F4D37E5F7F07A0D0F9FAA68249EE 13051392 —-a-w- C:\Windows\Sysnative\ieframe.dll
2014-02-13 00:23:40 5922EEA922D3AD686342F866CAEE851F 5768704 —-a-w- C:\Windows\Sysnative\jscript9.dll
2014-02-13 00:21:09 1B3741488AA7E237961A29D1E7A44C0A 626176 —-a-w- C:\Windows\Sysnative\RMActivate.exe
2014-02-13 00:21:09 17CF3B3F68272BD40C878D4DBAB0EBC9 658432 —-a-w- C:\Windows\Sysnative\RMActivate_isv.exe
2014-02-13 00:21:07 297926B15AE5390409F1007EB28A8EFB 552960 —-a-w- C:\Windows\Sysnative\RMActivate_ssp_isv.exe
2014-02-13 00:21:06 03F8F411F118CFDA508E77C747BB05EA 553984 —-a-w- C:\Windows\Sysnative\RMActivate_ssp.exe
2014-02-13 00:21:04 5693212AB2EBCACBBE05EC3A642113E2 485888 —-a-w- C:\Windows\Sysnative\secproc_isv.dll
2014-02-13 00:21:03 399FC1B75790EE606A6FD9F2FB4C891C 488448 —-a-w- C:\Windows\Sysnative\secproc.dll
2014-02-13 00:21:02 C6AC2C91541D24F9E236A670C0CA793D 528384 —-a-w- C:\Windows\Sysnative\msdrm.dll
2014-02-13 00:20:59 B41B1FEDEBBD955B4E25676B42087885 123392 —-a-w- C:\Windows\Sysnative\secproc_ssp.dll
2014-02-13 00:20:57 DC6DD779F35BB42E2E76FDFEC565C251 123392 —-a-w- C:\Windows\Sysnative\secproc_ssp_isv.dll
2014-02-13 00:20:04 0D298133C359AB8CB9EB4FA178BF3947 1882112 —-a-w- C:\Windows\Sysnative\msxml3.dll
2014-02-13 00:20:03 CD2C20CC3B385A32701F78C0ACBBE9F3 2048 —-a-w- C:\Windows\Sysnative\msxml3r.dll
2014-02-13 00:18:41 EA093130471090037BB70A4AF86FAD1B 420008 —-a-w- C:\Windows\Sysnative\locale.nls
2014-02-13 00:16:28 E8710B5DDA963E6BA198DF5FB209E72A 2565120 —-a-w- C:\Windows\Sysnative\d3d10warp.dll
2014-02-13 00:16:21 C676E5EA388AF7C4C031F56F9B42E362 3928064 —-a-w- C:\Windows\Sysnative\d2d1.dll
====== C:\Windows\Sysnative\drivers =====
2014-02-14 21:46:48 858BC9345F2BD44140C4B2F8EED8EB42 5681196 —-a-w- C:\Windows\Sysnative\drivers\rtvienna.dat
2014-02-14 21:46:47 69976169745EDFB3225D9ABEB5E91155 3771352 —-a-w- C:\Windows\Sysnative\drivers\RTKVHD64.sys
2014-02-14 21:46:46 8AD236A88D274D688105C23679723581 693385 —-a-w- C:\Windows\Sysnative\drivers\RTAIODAT.DAT
2014-02-14 21:46:15 477E33019A855D9B8E7B3263CB9A1AE5 497424 —-a-w- C:\Windows\Sysnative\drivers\e1k62x64.sys
2014-02-14 21:45:53 3E636A8B877F843C5F531BF478B24910 266968 —-a-w- C:\Windows\Sysnative\drivers\RtsUStor.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-02-11 23:31:13 ——– d—–w- C:\Program Files\TeamSpeak 3 Client
2014-02-08 23:08:21 ——– d—–w- C:\Program Files\VideoLAN
2014-01-30 00:44:05 ——– d—–w- C:\Program Files\Adblock Plus for IE
======= C:\PROGRA~2 =====
2014-02-15 01:46:22 ——– d—–w- C:\PROGRA~2\COMMON~1\Protexis
2014-02-15 01:44:06 ——– d—–w- C:\PROGRA~2\Corel
2014-02-14 19:45:25 ——– d—–w- C:\PROGRA~2\IObit
2014-02-13 22:18:43 ——– d—–w- C:\PROGRA~2\encryptdrop
2014-02-06 10:53:28 ——– d—–w- C:\PROGRA~2\Mozilla Thunderbird
2014-01-29 23:46:44 ——– d—–w- C:\PROGRA~2\PDF Architect
======= C: =====
====== C:\Users\Willem\AppData\Roaming ======
2014-02-18 12:03:10 ——– d—–w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-02-18 12:03:10 ——– d—–w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-02-18 12:03:10 ——– d—–w- C:\Users\Willem\AppData\Local\Temp
2014-02-18 12:03:10 ——– d—–w- C:\Users\Public\AppData\Local\Temp
2014-02-18 12:03:10 ——– d—–w- C:\Users\Default\AppData\Local\Temp
2014-02-18 12:03:10 ——– d—–w- C:\Users\Default User\AppData\Local\Temp
2014-02-18 12:03:10 ——– d—–w- C:\Users\Administrator\AppData\Local\Temp
2014-02-15 01:47:22 ——– d—–w- C:\Users\Willem\AppData\Roaming\Ulead Systems
2014-02-15 01:47:20 ——– d—–w- C:\Users\Willem\AppData\Local\Corel PaintShop Pro
2014-02-15 00:09:56 ——– d—–w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\IObit
2014-02-14 19:57:28 ——– d—–w- C:\Users\Willem\AppData\Local\Popajar
2014-02-14 19:46:13 ——– d—–w- C:\Users\Willem\AppData\Locallow\IObit
2014-02-14 19:45:10 ——– d—–w- C:\Users\Willem\AppData\Roaming\IObit
2014-02-12 14:48:57 A521B5C73AD82482D0DD6EDD0C0BC774 82992 —-a-w- C:\Windows\SysNative\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-12 01:02:32 ——– d—–w- C:\Users\Willem\AppData\Roaming\AnvSoft
2014-02-11 23:31:27 ——– d—–w- C:\Users\Willem\AppData\Roaming\TS3Client
2014-01-30 00:44:07 ——– d—–w- C:\Users\Willem\AppData\Locallow\Adblock Plus for IE
2014-01-29 23:48:19 ——– d—–w- C:\Users\Willem\AppData\Roaming\PDF Architect
====== C:\Users\Willem ======
2014-02-18 00:50:39 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Willem\Desktop\RSITx64 (1).exe
2014-02-16 15:41:56 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 —-a-w- C:\Users\Willem\Desktop\esetsmartinstaller_enu.exe
2014-02-15 01:45:12 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X5
2014-02-14 21:48:03 D41D8CD98F00B204E9800998ECF8427E 0 —ha-w- C:\ProgramData\DP45977C.lfl
2014-02-14 19:45:51 ——– d—–w- C:\ProgramData\IObit
2014-02-13 22:19:02 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\encryptdrop
2014-02-13 22:18:11 B9DE495AD954CBF5D666843DDF0CDAE2 1300550 —-a-w- C:\Users\Willem\Desktop\encryptdrop_setup.exe
2014-02-12 01:02:22 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2014-02-11 23:31:16 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-01-29 23:46:47 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
2014-01-25 01:20:17 ——– d-s—w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
Wim

18-02-2014 16:46

-vervolg
====== C: exe-files ==
2014-02-18 01:53:50 824C8B34E89F6829855B543586E7EF13 10073120 —-a-w- C:\Users\Willem\AppData\Roaming\Azureus\tmp\AZU33318404682652955.tmp\Vuze_5.3.0.0_win32.exe
2014-02-18 00:50:39 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Willem\Desktop\RSITx64 (1).exe
2014-02-16 18:39:47 9A386EC60A166DF66205343CA12C6B86 215128 —-a-w- C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-02-16 15:41:56 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 —-a-w- C:\Users\Willem\Desktop\esetsmartinstaller_enu.exe
2014-02-15 02:52:18 398AA8F18B72F46F40E9D42A6C714B0E 1185088 —-a-w- C:\Program Files (x86)\IObit\Surfing Protection\unins000.exe
2014-02-15 02:51:17 0B5398EA94DF801B6228A13B623B5B24 34477624 —-a-w- C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare 7.exe
2014-02-14 21:46:51 ACA3B1A550ED553028F5FDBFA0398A22 101120 —-a-w- C:\Program Files\Realtek\Audio\HDA\WavesSvc.exe
2014-02-14 21:46:51 2FF3426DE6BB81F20849755381B47B52 287488 —-a-w- C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
2014-02-14 21:46:51 2A21E75EF80242E0646E7567993E977D 562792 —-a-w- C:\Program Files\Realtek\Audio\HDA\vncutil64.exe
2014-02-14 21:46:47 781BAF1C6935A5D60C7945B34313F2DE 7506136 —-a-w- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
2014-02-14 21:46:47 72C58C9DE23EE6B9B15E9D3A33E5B59E 1719512 —-a-w- C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe
2014-02-14 21:46:47 6158659D8A14CE144CF2634B881399D6 289496 —-a-w- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
2014-02-14 21:46:47 54BF6A01D8E2C804612703F878E2BCDC 978648 —-a-w- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
2014-02-14 21:46:45 F31CDC26F3624750C2AE2DEFF1E598DA 1368792 —-a-w- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
2014-02-14 21:46:45 16438B000BF56F2CD7FDB5E6C3B38C7E 13662936 —-a-w- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2014-02-14 21:46:43 736E5D35E9AA5F847CC84A0DA6BF2B18 3670272 —-a-w- C:\Program Files\Realtek\Audio\HDA\MaxxAudioControl64.exe
2014-02-14 21:46:41 6688B6F74C360CBC366B7AF948D9084D 240576 —-a-w- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
2014-02-14 21:46:41 0C57BAD785EEAD029ABF6CBCF43E9A39 51776 —-a-w- C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-02-14 21:46:40 F9EDCA74B8CB3744159DEF02352F7BD6 58880 —-a-w- C:\Program Files\Realtek\Audio\HDA\CreateRtkToastLnk.exe
2014-02-14 21:46:40 D1E343BC00136CE03C4D403194D06A80 98208 —-a-w- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
2014-02-14 21:46:40 44BB65B1D3827043978FC8E11CA7C0B4 210024 —-a-w- C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
2014-02-14 21:40:18 4D5D8058F17C873B4F0792678BAA6534 34080 —-a-w- C:\WINDOWS\System32\SmartDefragBootTime.exe
2014-02-14 21:39:44 E8E8A70102A95CABDDF8FE040961721D 2339136 —-a-w- C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\chrome.exe
2014-02-14 21:39:00 13BECDBFC9F055C1D07479F38C4A2123 7267616 —-a-w- C:\ProgramData\IObit\ASCDownloader\Smart Defrag 3.exe
2014-02-14 21:38:48 D9365C61C616D0F8369D9D4B23A16912 13933264 —-a-w- C:\ProgramData\IObit\ASCDownloader\Driver Booster.exe
2014-02-14 21:38:37 EFC5AF1AF298781D459C80A3C75E5873 23688584 —-a-w- C:\ProgramData\IObit\ASCDownloader\IObit Malware Fighter 2.exe
2014-02-14 19:57:28 27A78D9C93196F9F37C94EBAF0F6225D 50688 —-a-w- C:\Users\Willem\AppData\Local\Popajar\UpdateChecker\uninstall.exe
2014-02-14 19:46:02 497AF28F6231FA74DE734C9628F30FAD 1362240 —-a-w- C:\Program Files (x86)\IObit\Surfing Protection\SPUpdate.exe
2014-02-14 19:46:01 A2BEBB4B29D426CC58F98B297E84970E 1244992 —-a-w- C:\Program Files (x86)\IObit\Surfing Protection\PluginInstall.exe
2014-02-14 19:45:59 935E2093CEED8198C820B7F60BB63167 2151200 —-a-w- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
2014-02-13 22:18:11 B9DE495AD954CBF5D666843DDF0CDAE2 1300550 —-a-w- C:\Users\Willem\Desktop\encryptdrop_setup.exe
2014-02-13 14:55:30 B0AB350E3E98C7FB1E4930F762D0477B 3273016 —-a-w- C:\Users\Willem\AppData\Local\NVIDIA\NvBackend\Packages\000057eb\DAO.17845377.exe
2014-02-13 00:23:49 27516B54E116D5EF8B0129B5C829A87C 218624 —-a-w- C:\WINDOWS\System32\ie4uinit.exe
2014-02-13 00:23:48 E129D34089E70215B65EA611F802FA9A 111616 —-a-w- C:\WINDOWS\System32\ieetwcollector.exe
2014-02-13 00:23:48 AFAB9B381886ABE3490689B7633A858F 482816 —-a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-02-13 00:23:48 9E8F9FDD407DDE997965EEFD9E635CCF 469504 —-a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-02-13 00:23:48 7D6B20C69CC8EECB8F31D4FAF913BBE8 112128 —-a-w- C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-13 00:23:48 338415F2E9A188875B6E43B5269620B0 139264 —-a-w- C:\WINDOWS\System32\ieUnatt.exe
2014-02-13 00:23:44 C6E1178294BDEAB1CACF50427688DF05 806104 —-a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-02-13 00:23:44 4263F6C131E513CEA1AE82B5B81A4E1A 808152 —-a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-02-13 00:21:09 1B3741488AA7E237961A29D1E7A44C0A 626176 —-a-w- C:\WINDOWS\System32\RMActivate.exe
2014-02-13 00:21:09 17CF3B3F68272BD40C878D4DBAB0EBC9 658432 —-a-w- C:\WINDOWS\System32\RMActivate_isv.exe
2014-02-13 00:21:08 E01D2AC63453534DB8AD1EA97DEE9C3A 594944 —-a-w- C:\WINDOWS\SysWOW64\RMActivate_isv.exe
2014-02-13 00:21:08 6142C5540C8D2764D59CBC11AF4A5900 572416 —-a-w- C:\WINDOWS\SysWOW64\RMActivate.exe
2014-02-13 00:21:07 297926B15AE5390409F1007EB28A8EFB 552960 —-a-w- C:\WINDOWS\System32\RMActivate_ssp_isv.exe
2014-02-13 00:21:07 0F5FEF37588AF457E02125674F171A4F 508928 —-a-w- C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 00:21:06 03F8F411F118CFDA508E77C747BB05EA 553984 —-a-w- C:\WINDOWS\System32\RMActivate_ssp.exe
2014-02-13 00:21:05 08D323750350A8A29611D1004C0CF319 510976 —-a-w- C:\WINDOWS\SysWOW64\RMActivate_ssp.exe
2014-02-12 14:54:36 69BAC259A78561327ECFDE108BB5B686 3241056 —-a-w- C:\Users\Willem\AppData\Local\NVIDIA\NvBackend\Packages\000057d2\DAO.17829829.exe
2014-02-12 01:02:13 F5E6D3F393383040721C724E6CD1B589 40960 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\SendSignal.exe
2014-02-12 01:02:10 7C9FD421D420ECA27D43237F0569BAC4 777137 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\genisoimage\genisoimage.exe
2014-02-12 01:02:07 780DAA4D6ACFC6475F6910138EE44271 19802624 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\avc\mplayer.exe
2014-02-12 01:02:06 E00DDE221088882CB62102036E785A3E 247175 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\mpeg2enc.exe
2014-02-12 01:02:06 A701286880A6803A5EAC49DCA852DD6F 226816 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\tsMuxeR.exe
2014-02-12 01:02:06 A1B2F19F552160C0A32C18A5B91C31BE 255437 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\mplex.exe
2014-02-12 01:02:06 9174800DAA19F6D7DD35D3E0EC467D0E 32148 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\qt-faststart.exe
2014-02-12 01:02:06 8DDDA00BF809C2EE574EBA59CD98212E 488744 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\mp4creator.exe
2014-02-12 01:02:06 61F324A54B7407E2563FCC03AB3A402B 89088 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\spumux.exe
2014-02-12 01:02:06 43A13E3A323ED8B95E2FED789BB26C18 13824 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\mpeg2desc.exe
2014-02-12 01:02:06 24690476ED56CC7DEFEB4C7808D12A0E 20480 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\spuunmux.exe
2014-02-12 01:02:05 02ED66B5B82700E2A610A9107E97B52F 166400 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\MP4Box.exe
2014-02-12 01:02:04 BA775F229128A3667802809CBBFBDAC0 40960 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\FlvBind.exe
2014-02-12 01:02:03 5FD9B90318F2765E31796C086088AB8D 12724736 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\ffmpeg.exe
2014-02-12 01:02:03 0B3D2BA6A8414373A36FCBB843820A3F 113664 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\gnu\dvdauthor.exe
2014-02-12 01:02:00 9459FED7E43029BDD8EA6CEC84D3EADA 994576 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\AVCFree.exe
2014-02-12 01:01:59 C0EFCD0AC7B83643BF5E00AE6A1FF7DB 1193808 —-a-w- C:\Program Files (x86)\AnvSoft\Any Video Converter\unins000.exe
2014-02-11 23:31:17 C99CF0594F6E7BDDA3A133FCC949793F 126223 —-a-w- C:\Program Files\TeamSpeak 3 Client\Uninstall.exe
2014-02-11 22:20:49 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 —-atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe
2014-02-11 22:20:49 BA5C08130D2EFBD4E546912646DC4461 847640 —-a-w- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateSetup.exe
2014-02-11 22:20:49 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 —-atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateBroker.exe
2014-02-11 22:20:27 EA8B5B41163A06FFA8930F5316473035 273800 —-atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
2014-02-11 22:20:27 C98ACDE22458C8F46FD0503CB9E2D01F 223112 —-atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
2014-02-11 22:20:26 506708142BC63DABA64F2D3AD1DCD5BF 116648 —-atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdate.exe
2014-02-11 22:20:22 BA5C08130D2EFBD4E546912646DC4461 847640 —-a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe
=== C: other files ==
2014-02-14 21:46:47 69976169745EDFB3225D9ABEB5E91155 3771352 —-a-w- C:\WINDOWS\System32\drivers\RTKVHD64.sys
2014-02-14 21:46:15 477E33019A855D9B8E7B3263CB9A1AE5 497424 —-a-w- C:\WINDOWS\System32\drivers\e1k62x64.sys
2014-02-14 21:45:53 3E636A8B877F843C5F531BF478B24910 266968 —-a-w- C:\WINDOWS\System32\drivers\RtsUStor.sys
2014-02-14 19:46:04 032694B0FE8D2AE6EC544B989E1CBF75 341164 —-a-w- C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx
==== Startup Registry Enabled ======================
“ISUSPM”=“C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler”
“swg”=“C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“panda4_0dn”=“reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn /f”
“panda4_0dn_XP”=“reg.exe delete HKCU\Software\panda4_0dn /f”
“panda4_0dn”=“reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn /f”
“panda4_0dn_XP”=“reg.exe delete HKCU\Software\panda4_0dn /f”
“DMXLauncher”=“C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe”
“F-Secure Hoster (45123)”=“C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe -app -hosterid:1”
“F-Secure Manager”=“C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE /splash”
“ST Recovery Launcher”=“%WINDIR%\SMINST\VistaLauncher.exe ”
“ISUSPM”=“C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler”
“swg”=“C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
==== Startup Registry Enabled x64 ======================
“Nvtmru”=“C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe”
“ShadowPlay”=“C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart”
“NvBackend”=“C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe”
==== Startup Registry Disabled ======================
“DNS7reminder”=“\”C:\\Program Files (x86)\\Nuance\\NaturallySpeaking11\\Ereg\\Ereg.exe\“ -r \”C:\\ProgramData\\Nuance\\NaturallySpeaking11\\Ereg.ini\“”
“Adobe ARM”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
==== Startup Registry Disabled x64 ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“@ssm.vendorid@_McciTrayApp”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\ZiggoOnlineHelp\\McciTrayApp.exe\“”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Ad-Aware Antivirus”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Ad-Aware Antivirus\\AdAwareLauncher\“ –windows-run”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Ad-Aware Browsing Protection”
“hkey”=“HKLM”
“command”=“\”C:\\ProgramData\\Ad-Aware Browsing Protection\\adawarebp.exe\“”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Adobe ARM”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“AdobeAAMUpdater-1.0”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\“”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“AllShareAgent”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\Samsung\\AllShare\\AllShareAgent.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“APSDaemon”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Eraser”
“hkey”=“HKLM”
“command”=“\”C:\\PROGRA~1\\Eraser\\Eraser.exe\“ –atRestart”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“FTweakFCleaner”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\FCleaner\\FCleaner.exe -a”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“GoogleChromeAutoLaunch_06D8D265122815681BEAC933F95514A2”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\“ –no-startup-window”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“ISUSPM”
“hkey”=“HKCU”
“command”=“C:\\ProgramData\\FLEXnet\\Connect\\11\\ISUSPM.exe -scheduler ”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“KiesPDLR”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe ”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“KiesPreload”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“KiesTrayAgent”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Mobile Partner”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\HiSuite\\HiSuite.exe -s”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“msnmsgr”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\“ /background”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“PWRISOVM.EXE”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\PowerISO\\PWRISOVM.EXE -startup”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“QuickTime Task”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\QuickTime\\QTTask.exe\“ -atboottime”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“RoxWatchTray”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“RtHDVCpl”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SDTray”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Skype”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\“ /minimized /regrun”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Spybot-S&D Cleaning”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDCleaner.exe\“ /autoclean”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SunJavaUpdateSched”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SUPERAntiSpyware”
“hkey”=“HKCU”
“command”=“C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“swg”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“UpdateChecker”
“hkey”=“HKCU”
“command”=“C:\\Users\\Willem\\AppData\\Local\\Popajar\\UpdateChecker\\UpdateCheckerApp.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“VoipBuster”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\“ -nosplash -minimized”
“path”=“C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ImageBrowser EX Agent.lnk”
“backup”=“C:\\Windows\\pss\\ImageBrowser EX Agent.lnk.CommonStartup”
“backupExtension”=“.CommonStartup”
“command”=“C:\\PROGRA~2\\Canon\\IMAGEB~1\\MFMANA~1.EXE ”
“item”=“ImageBrowser EX Agent”
“path”=“C:\\Users\\Willem\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\encryptdrop.lnk”
“backup”=“C:\\Windows\\pss\\encryptdrop.lnk.Startup”
“backupExtension”=“.Startup”
“command”=“C:\\PROGRA~2\\ENCRYP~1\\ENCRYP~1.EXE -silent”
“item”=“encryptdrop”
“path”=“C:\\Users\\Willem\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Facebook Messenger.lnk”
“backup”=“C:\\Windows\\pss\\Facebook Messenger.lnk.Startup”
“backupExtension”=“.Startup”
“command”=“C:\\Users\\Willem\\AppData\\Local\\Facebook\\MESSEN~1\\214814~1.0\\FACEBO~1.EXE ”
“item”=“Facebook Messenger”
“path”=“C:\\Users\\Willem\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.3 .lnk”
“backup”=“C:\\Windows\\pss\\OpenOffice.org 3.3 .lnk.Startup”
“backupExtension”=“.Startup”
“command”=“C:\\PROGRA~2\\OPENOF~1.ORG\\program\\QUICKS~1.EXE ”
“item”=“OpenOffice.org 3.3 ”
“SunJavaUpdateSched”=“\”C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\“”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce0b1024662774.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\CCleanerSkipUAC”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1ce0b1024662774”
“C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate”
==== Folders in C:\PROGRA~3 0-6 Months Old ======================
2013-09-07 21:30:08 ——– d—–w- C:\PROGRA~3\Auslogics
2013-10-02 22:07:43 ——– d—–w- C:\PROGRA~3\EA Logs
2013-10-06 18:34:31 ——– d—–w- C:\PROGRA~3\Ad-Aware Browsing Protection
2013-10-06 18:34:42 ——– d—–w- C:\PROGRA~3\Downloaded Installations
2013-11-04 19:49:36 ——– d—–w- C:\PROGRA~3\Zylom
2013-11-06 02:23:20 ——– d—–w- C:\PROGRA~3\PC Unleashed Online
2014-01-13 18:45:18 ——– d—–w- C:\PROGRA~3\Canon_Inc_IC
2014-01-14 13:17:24 ——– d—–w- C:\PROGRA~3\Protexis64
2014-02-14 19:45:51 ——– d—–w- C:\PROGRA~3\IObit
==== Firefox Extensions ======================
ProfilePath: C:\Users\Willem\AppData\Roaming\Mozilla\Firefox\Profiles\0rcaef2i.default
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Bitdefender QuickScan - %ProfilePath%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
ProfilePath: C:\Users\Willem\AppData\Roaming\Thunderbird\Profiles\i0mh1byb.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Willem\AppData\Roaming\Mozilla\Firefox\Profiles\0rcaef2i.default
FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx
Advanced SystemCare Surfing Protection - Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Advanced SystemCare Surfing Protection - Willem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Angry Birds - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Google Docs - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf
WOT - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
YouTube - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Advanced SystemCare Surfing Protection - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Google Wallet - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.com”
New Values:
“Start Page”=“http://www.google.com”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
{836C12FA-3BFE-4DEA-8358-676AC8110D98} Google Url=“http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GGHP_nlNL454”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning deleted successfully
==== HijackThis Entries ======================
O1 - Hosts: ::1 localhost
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe” -app -hosterid:1
O4 - HKLM\..\Run: “C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE” /splash
O4 - HKLM\..\RunOnce: %WINDIR%\SMINST\VistaLauncher.exe
O4 - HKCU\..\Run: C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKUS\S-1-5-18\..\RunOnce: reg.exe delete “HKCU\Software\AppDataLow\Software\panda4_0dn” /f (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\RunOnce: reg.exe delete “HKCU\Software\panda4_0dn” /f (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\RunOnce: reg.exe delete “HKCU\Software\AppDataLow\Software\panda4_0dn” /f (User ‘Default user’)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - https://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myheritage.com/FP/ImageUploader/ImageUploader5.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HiSuiteOuc64.exe - Unknown owner - C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Willem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Willem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Willem\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=470 folders=89 219044098 bytes)
==== Empty Temp Folders ======================
C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\Users\Willem\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Willem\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on di 18-02-2014 at 16:41:50,95 ======================
Ben

18-02-2014 17:02

Hallo,
Voer zoek.exe nogmaals uit met de volgende code;
;r64
C:\Program Files (x86)\Ad-Aware Antivirus;fs
C:\PROGRA~2\IObit;fs
C:\ProgramData\IObit;fs
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\IObit;fs
C:\Users\Willem\AppData\Locallow\IObit;fs
C:\Users\Willem\AppData\Roaming\IObit;fs
C:\ProgramData\DP45977C.lfl;f
;r64
C:\ProgramData\Ad-Aware Browsing Protection;fs
;r64
C:\Program Files (x86)\FCleaner;fs
;r64
;r64
C:\Program Files (x86)\Spybot - Search & Destroy 2;fs
C:\PROGRA~3\IObit;fs
C:\Program Files (x86)\IObit Apps Toolbar;fs
Plaats het verkregen logje.
Wim

18-02-2014 18:53

Goede avond Ben,
Hier weer een logje hij is al een stuk korter
Zoek.exe v5.0.0.0 Updated 17-February-2014
Tool run by Willem on di 18-02-2014 at 18:47:39,41.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Willem\Desktop\zoek.exe
==== Older Logs ======================
C:\zoek-results2014-02-18-122809.log 93989 bytes
C:\zoek-results2014-02-18-154150.log 71441 bytes
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
==== Deleting Files \ Folders ======================
C:\Program Files (x86)\Ad-Aware Antivirus not found
C:\Program Files (x86)\FCleaner not found
C:\Program Files (x86)\IObit Apps Toolbar not found
C:\PROGRA~2\IObit deleted
C:\ProgramData\IObit deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\IObit deleted
C:\Users\Willem\AppData\Locallow\IObit deleted
C:\Users\Willem\AppData\Roaming\IObit deleted
C:\ProgramData\Ad-Aware Browsing Protection deleted
C:\Program Files (x86)\Spybot - Search & Destroy 2 deleted
“C:\ProgramData\DP45977C.lfl” deleted
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4143939538-3833764649-2899497851-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully
HKEY_USERS\S-1-5-21-4143939538-3833764649-2899497851-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-4143939538-3833764649-2899497851-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=752 folders=161 417346051 bytes)
==== EOF on di 18-02-2014 at 18:51:06,71 ======================

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Pc al enkele dagen van slag

Wim

Wilm

fazantje

Wim

wim

Ben

Wim

Wim

Ben

Wim