pc besmet!

  • jasper

    Beste mensen,

    Sinds laatse week is pc traag, en krijg ik steeds spontaan pop ups in beeld met spam reclame (zoveelste bezoeker , schijfruimte vol, pc geinfecteerd allemaal spam)

    Mbam vond 1e keer paar treats vorige week maar laatste dagen vind hij niks, maar de spam houd maar niet op!! zomaar opent er tabblad en komt er reclame, kortom pc is besmet

    Eset virusscanner vind ook niks. hieronder me logjes

    Logfile of random's system information tool 1.09 (written by random/random)

    Run by Supervisor at 2014-03-08 14:22:49

    Microsoft Windows 7 Ultimate Service Pack 1

    System drive C: has 30 GB (30%) free of 102 GB

    Total RAM: 4095 MB (47% free)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 14:22:54, on 8-3-2014

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.16518)

    Boot mode: Normal

    Running processes:

    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

    C:\Program Files (x86)\Samsung\Kies\Kies.exe

    C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe

    C:\Windows\SysWOW64\rundll32.exe

    C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\trend micro\Supervisor.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL

    O2 - BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dll

    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    O4 - HKLM\..\Run: C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

    O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin

    O4 - HKLM\..\Run: RunDll32 P17RunE.dll,RunDLLEntry

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”

    O4 - HKLM\..\Run: C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

    O4 - HKUS\S-1-5-21-3116784316-362696581-2426180777-1004\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)

    O4 - HKUS\S-1-5-21-3116784316-362696581-2426180777-1004\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)

    O4 - Startup: Verzenden naar OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe

    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000

    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

    O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

    O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

    O9 - Extra ‘Tools’ menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

    O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll

    O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll

    O11 - Options group: Accelerated graphics

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/canvasx.cab

    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

    O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://navigram.com/engine/v1140/Navigram.cab

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://fotosnelservice.hema.nl/xupload/XUpload.ocx

    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab

    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys

    O23 - Service: PCProtect - Objectify Media Inc - C:\Program Files (x86)\Web Protect\PCProtect.exe

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\monitorsvc.exe

    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe

    O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    End of file - 16389 bytes

    ======Listing Processes======

    \SystemRoot\System32\smss.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    wininit.exe

    winlogon.exe

    C:\Windows\system32\services.exe

    C:\Windows\system32\lsass.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    “C:\Windows\system32\nvvsvc.exe”

    “C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe”

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\AUDIODG.EXE 0x2e0

    “C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe”

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\WLANExt.exe 28525120

    \??\C:\Windows\system32\conhost.exe "-18568551301810563158-257360958-9601779641766516142-4186804571493890429938682

    “C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe”

    C:\Windows\system32\nvvsvc.exe -session -first

    taskeng.exe {48E75DC7-B3CF-4E4A-B76C-BF3B40920D7C}

    C:\Windows\System32\spoolsv.exe

    C:\Windows\AutoKMS\AutoKMS.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    \??\C:\Windows\system32\conhost.exe "1788317502-7676916361879738829-17743956843094313441405937447183689-619780259

    “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”

    C:\Windows\system32\svchost.exe -k apphost

    “C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe”

    “taskhost.exe”

    “C:\Windows\system32\Dwm.exe”

    C:\Windows\Explorer.EXE

    “C:\Program Files\Bonjour\mDNSResponder.exe”

    “C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe”

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    “C:\Windows\WindowsMobile\wmdc.exe”

    “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice

    “C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe”

    “C:\Program Files (x86)\Samsung\Kies\Kies.exe” /preload

    “C:/Program Files/NVIDIA Corporation/Display/nvtray.exe” -user_has_logged_in 1

    “C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe” -s

    “C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE” /tsr

    “C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe” -r

    “C:\Windows\System32\rundll32.exe” P17RunE.dll,RunDLLEntry

    “C:\Program Files (x86)\Mobogenie\DaemonProcess.exe”

    “C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe”

    “C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe”

    C:\monitor.exe

    “C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe”

    “C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe”

    C:\Windows\system32\svchost.exe -k imgsvc

    “C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe”

    C:\Windows\system32\svchost.exe -k iissvcs

    C:\Windows\System32\svchost.exe -k secsvcs

    “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”

    WLIDSvcM.exe 3232

    “C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe” /TUStart /pid:3052

    “C:\Program Files\Microsoft Office\Office15\MsoSync.exe”

    “C:\Program Files (x86)\Web Protect\PCProtect.exe”

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\svchost.exe -k WindowsMobile

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    “C:\Program Files\Windows Media Player\wmpnetwk.exe”

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    “C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-675af72e-e19c-4093-933d-c89b74814739 -SystemEventPortName:HostProcess-1fd627ea-a69f-46b9-b662-915202818c47 -IoCancelEventPortName:HostProcess-a7af67e6-af47-4661-9d33-47084d931d4f -NonStateChangingEventPortName:HostProcess-7b0fbf0b-7477-40da-a599-cf1257691f9b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c0952260-4143-4632-b98c-a39fefe30582 -DeviceGroupId:WpdFsGroup

    C:\Windows\servicing\TrustedInstaller.exe

    “C:\Program Files\Internet Explorer\iexplore.exe”

    “C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:5420 CREDAT:144385 /prefetch:2

    C:\Windows\system32\wbem\wmiprvse.exe

    “C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE”

    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 1688 55041-00168-305-190595-03-1033-3790.0000-2692009

    C:\Windows\system32\svchost.exe -k SDRSVC

    “C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:5420 CREDAT:1324082 /prefetch:2

    taskeng.exe {86B764D2-D962-417F-B1E0-BCEB22DB4AD2}

    C:\Windows\system32\wbem\wmiprvse.exe

    “C:\Users\Supervisor\Desktop\RSITx64.exe”

    ======Scheduled tasks folder======

    C:\Windows\tasks\Adobe Flash Player Updater.job

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    ======Registry dump======

    Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

    Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

    Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL

    PrintEco - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader64.dll

    Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

    Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll

    Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

    Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL

    PrintEco - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dll

    Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

    Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    “Windows Mobile Device Center”=C:\Windows\WindowsMobile\wmdc.exe

    “AdobeAAMUpdater-1.0”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

    “egui”=C:\Program Files\ESET\ESET Smart Security\egui.exe

    “Nvtmru”=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe

    “KiesPreload”=C:\Program Files (x86)\Samsung\Kies\Kies.exe

    “HDAudDeck”=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

    “”=

    “SwitchBoard”=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    “AdobeCS6ServiceManager”=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe

    “P17RunE”=RunDll32 P17RunE.dll,RunDLLEntry

    “APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

    “mobilegeni daemon”=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

    “KiesTrayAgent”=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

    Sitecom Wireless Utility.lnk - C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe

    C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

    Verzenden naar OneNote.lnk - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

    C:\Windows\system32\igfxdev.dll

    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    “SecurityProviders”=credssp.dll

    “ConsentPromptBehaviorAdmin”=5

    “ConsentPromptBehaviorUser”=3

    “EnableUIADesktopToggle”=0

    “dontdisplaylastusername”=0

    “legalnoticecaption”=

    “legalnoticetext”=

    “shutdownwithoutlogon”=1

    “undockwithoutlogon”=1

    “EnableSecureUIAPath”=1

    “NoDrives”=0

    “NoDrives”=0

    “vidc.mrle”=msrle32.dll

    “vidc.msvc”=msvidc32.dll

    “msacm.imaadpcm”=imaadp32.acm

    “msacm.msg711”=msg711.acm

    “msacm.msgsm610”=msgsm32.acm

    “msacm.msadpcm”=msadp32.acm

    “midimapper”=midimap.dll

    “wavemapper”=msacm32.drv

    “vidc.uyvy”=msyuv.dll

    “vidc.yuy2”=msyuv.dll

    “vidc.yvyu”=msyuv.dll

    “vidc.iyuv”=iyuv_32.dll

    “vidc.i420”=iyuv_32.dll

    “vidc.yvu9”=tsbyuv.dll

    “msacm.l3acm”=C:\Windows\System32\l3codeca.acm

    “wave”=wdmaud.drv

    “midi”=wdmaud.drv

    “mixer”=wdmaud.drv

    “aux”=wdmaud.drv

    “wave5”=wdmaud.drv

    “midi5”=wdmaud.drv

    “mixer5”=wdmaud.drv

    “wave3”=wdmaud.drv

    “midi3”=wdmaud.drv

    “mixer3”=wdmaud.drv

    “wave4”=wdmaud.drv

    “midi4”=wdmaud.drv

    “mixer4”=wdmaud.drv

    “wave1”=wdmaud.drv

    “midi1”=wdmaud.drv

    “mixer1”=wdmaud.drv

    “wave2”=wdmaud.drv

    “midi2”=wdmaud.drv

    “mixer2”=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    ======List of files/folders created in the last 1 month======

    2014-03-08 14:22:49 —-D—- C:\rsit

    2014-03-05 14:55:10 —-SHD—- C:\Config.Msi

    2014-03-05 14:52:16 —-D—- C:\Program Files (x86)\PrintEco

    2014-03-05 14:47:01 —-A—- C:\Windows\SYSWOW64\PCProtectOff.ini

    2014-03-05 14:47:01 —-A—- C:\Windows\SYSWOW64\PCProtect.ini

    2014-03-05 14:47:01 —-A—- C:\Windows\system32\PCProtectOff.ini

    2014-03-05 14:46:53 —-A—- C:\Windows\system32\PCProtect64.dll

    2014-03-05 14:46:51 —-A—- C:\Windows\SYSWOW64\PCProtect.dll

    2014-03-05 14:46:07 —-D—- C:\Program Files (x86)\Web Protect

    2014-02-25 17:36:16 —-D—- C:\Windows\Migration

    2014-02-19 09:23:20 —-D—- C:\Program Files\CCleaner

    2014-02-19 09:19:00 —-D—- C:\Program Files\WinZip

    2014-02-13 15:12:36 —-A—- C:\monitor.exe

    2014-02-13 14:43:24 —-A—- C:\monitorsvc.exe

    2014-02-12 15:30:07 —-A—- C:\Windows\SYSWOW64\vbscript.dll

    2014-02-12 15:30:07 —-A—- C:\Windows\system32\vbscript.dll

    2014-02-12 15:29:33 —-A—- C:\Windows\SYSWOW64\msrating.dll

    2014-02-12 15:29:33 —-A—- C:\Windows\SYSWOW64\ieui.dll

    2014-02-12 15:29:33 —-A—- C:\Windows\system32\msrating.dll

    2014-02-12 15:29:33 —-A—- C:\Windows\system32\ieui.dll

    2014-02-12 15:29:32 —-A—- C:\Windows\system32\iernonce.dll

    2014-02-12 15:29:32 —-A—- C:\Windows\system32\ieetwcollectorres.dll

    2014-02-12 15:29:32 —-A—- C:\Windows\system32\ie4uinit.exe

    2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\msfeeds.dll

    2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\jsproxy.dll

    2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe

    2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\iesetup.dll

    2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\iernonce.dll

    2014-02-12 15:29:31 —-A—- C:\Windows\system32\msfeeds.dll

    2014-02-12 15:29:31 —-A—- C:\Windows\system32\jsproxy.dll

    2014-02-12 15:29:31 —-A—- C:\Windows\system32\ieUnatt.exe

    2014-02-12 15:29:31 —-A—- C:\Windows\system32\iesetup.dll

    2014-02-12 15:29:30 —-A—- C:\Windows\SYSWOW64\ieetwproxystub.dll

    2014-02-12 15:29:30 —-A—- C:\Windows\system32\ieetwproxystub.dll

    2014-02-12 15:29:30 —-A—- C:\Windows\system32\ieetwcollector.exe

    2014-02-12 15:29:29 —-A—- C:\Windows\SYSWOW64\jscript9diag.dll

    2014-02-12 15:29:29 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll

    2014-02-12 15:29:29 —-A—- C:\Windows\system32\mshtml.dll

    2014-02-12 15:29:29 —-A—- C:\Windows\system32\jscript9diag.dll

    2014-02-12 15:29:29 —-A—- C:\Windows\system32\ieapfltr.dll

    2014-02-12 15:29:28 —-A—- C:\Windows\SYSWOW64\iertutil.dll

    2014-02-12 15:29:28 —-A—- C:\Windows\system32\iertutil.dll

    2014-02-12 15:29:27 —-A—- C:\Windows\SYSWOW64\wininet.dll

    2014-02-12 15:29:27 —-A—- C:\Windows\SYSWOW64\urlmon.dll

    2014-02-12 15:29:27 —-A—- C:\Windows\system32\wininet.dll

    2014-02-12 15:29:27 —-A—- C:\Windows\system32\urlmon.dll

    2014-02-12 15:29:25 —-A—- C:\Windows\system32\ieframe.dll

    2014-02-12 15:29:24 —-A—- C:\Windows\SYSWOW64\ieframe.dll

    2014-02-12 15:29:23 —-A—- C:\Windows\SYSWOW64\mshtml.dll

    2014-02-12 15:29:22 —-A—- C:\Windows\SYSWOW64\jscript9.dll

    2014-02-12 15:29:22 —-A—- C:\Windows\system32\jscript9.dll

    2014-02-12 09:27:57 —-A—- C:\Windows\SYSWOW64\msxml3r.dll

    2014-02-12 09:27:57 —-A—- C:\Windows\SYSWOW64\msxml3.dll

    2014-02-12 09:27:57 —-A—- C:\Windows\system32\msxml3r.dll

    2014-02-12 09:27:57 —-A—- C:\Windows\system32\msxml3.dll

    2014-02-12 09:27:49 —-A—- C:\Windows\SYSWOW64\RMActivate_isv.exe

    2014-02-12 09:27:49 —-A—- C:\Windows\system32\RMActivate_isv.exe

    2014-02-12 09:27:49 —-A—- C:\Windows\system32\RMActivate.exe

    2014-02-12 09:27:48 —-A—- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe

    2014-02-12 09:27:48 —-A—- C:\Windows\SYSWOW64\RMActivate_ssp.exe

    2014-02-12 09:27:48 —-A—- C:\Windows\SYSWOW64\RMActivate.exe

    2014-02-12 09:27:48 —-A—- C:\Windows\system32\RMActivate_ssp_isv.exe

    2014-02-12 09:27:48 —-A—- C:\Windows\system32\RMActivate_ssp.exe

    2014-02-12 09:27:47 —-A—- C:\Windows\SYSWOW64\secproc_isv.dll

    2014-02-12 09:27:47 —-A—- C:\Windows\SYSWOW64\secproc.dll

    2014-02-12 09:27:47 —-A—- C:\Windows\SYSWOW64\msdrm.dll

    2014-02-12 09:27:47 —-A—- C:\Windows\system32\secproc_ssp.dll

    2014-02-12 09:27:47 —-A—- C:\Windows\system32\secproc_isv.dll

    2014-02-12 09:27:47 —-A—- C:\Windows\system32\secproc.dll

    2014-02-12 09:27:47 —-A—- C:\Windows\system32\msdrm.dll

    2014-02-12 09:27:46 —-A—- C:\Windows\SYSWOW64\secproc_ssp_isv.dll

    2014-02-12 09:27:46 —-A—- C:\Windows\SYSWOW64\secproc_ssp.dll

    2014-02-12 09:27:46 —-A—- C:\Windows\system32\secproc_ssp_isv.dll

    2014-02-12 09:27:44 —-A—- C:\Windows\SYSWOW64\d3d10warp.dll

    2014-02-12 09:27:44 —-A—- C:\Windows\system32\d3d10warp.dll

    2014-02-12 09:27:43 —-A—- C:\Windows\SYSWOW64\d2d1.dll

    2014-02-12 09:27:43 —-A—- C:\Windows\system32\d2d1.dll

    2014-02-10 13:13:32 —-D—- C:\Users\Supervisor\AppData\Roaming\Usenet Collector v3

    2014-02-10 13:13:32 —-D—- C:\Program Files\Usenet Collector v3

    ======List of files/folders modified in the last 1 month======

    2014-03-08 14:22:53 —-D—- C:\Program Files\trend micro

    2014-03-08 14:22:51 —-D—- C:\Windows\temp

    2014-03-08 14:19:07 —-D—- C:\Windows

    2014-03-08 14:13:23 —-D—- C:\Windows\system32\config

    2014-03-08 14:11:35 —-D—- C:\ProgramData\NVIDIA

    2014-03-08 06:46:26 —-D—- C:\Windows\inf

    2014-03-08 06:38:55 —-D—- C:\Windows\Prefetch

    2014-03-07 13:50:29 —-SHD—- C:\System Volume Information

    2014-03-06 16:06:40 —-D—- C:\Windows\SoftwareDistribution

    2014-03-06 16:05:40 —-D—- C:\Windows\system32\Tasks

    2014-03-06 15:28:39 —-D—- C:\Windows\System32

    2014-03-06 15:28:39 —-A—- C:\Windows\system32\PerfStringBackup.INI

    2014-03-05 14:55:55 —-SHD—- C:\Windows\Installer

    2014-03-05 14:55:47 —-D—- C:\Windows\SysWOW64

    2014-03-05 14:55:42 —-RD—- C:\Program Files (x86)

    2014-03-05 14:55:38 —-D—- C:\Program Files (x86)\TuneUp Utilities 2012

    2014-03-05 14:52:37 —-D—- C:\ProgramData

    2014-03-04 10:42:54 —-D—- C:\Users\Supervisor\AppData\Roaming\Media Player Classic

    2014-03-02 14:24:03 —-D—- C:\Program Files (x86)\Mobogenie

    2014-03-02 13:09:52 —-D—- C:\Users\Supervisor\AppData\Roaming\uTorrent

    2014-03-01 11:27:33 —-D—- C:\Windows\system32\catroot2

    2014-02-28 12:42:20 —-D—- C:\Windows\Microsoft.NET

    2014-02-26 15:30:19 —-D—- C:\Users\Supervisor\AppData\Roaming\Belastingdienst

    2014-02-26 14:30:50 —-D—- C:\Users\Supervisor\AppData\Roaming\Winamp

    2014-02-25 17:40:39 —-RSD—- C:\Windows\assembly

    2014-02-25 17:36:41 —-D—- C:\Windows\SYSWOW64\en-US

    2014-02-25 17:36:41 —-D—- C:\Windows\system32\en-US

    2014-02-25 17:36:16 —-SD—- C:\ProgramData\Microsoft

    2014-02-24 19:16:21 —-D—- C:\Windows\system32\catroot

    2014-02-23 15:59:28 —-D—- C:\Windows\system32\DriverStore

    2014-02-23 15:59:15 —-D—- C:\Windows\system32\drivers

    2014-02-22 12:10:16 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe

    2014-02-19 09:23:20 —-D—- C:\Program Files

    2014-02-19 09:19:21 —-D—- C:\ProgramData\WinZip

    2014-02-19 09:11:24 —-D—- C:\Program Files\WinRAR

    2014-02-17 11:27:34 —-D—- C:\Windows\debug

    2014-02-17 03:03:38 —-D—- C:\Windows\system32\MRT

    2014-02-17 03:01:06 —-A—- C:\Windows\system32\MRT.exe

    2014-02-15 10:18:49 —-D—- C:\Windows\rescache

    2014-02-13 10:04:31 —-D—- C:\Windows\winsxs

    2014-02-13 10:01:58 —-D—- C:\Windows\SYSWOW64\nl-NL

    2014-02-13 10:01:58 —-D—- C:\Windows\system32\nl-NL

    2014-02-13 10:01:56 —-D—- C:\Program Files\Internet Explorer

    2014-02-13 10:01:56 —-D—- C:\Program Files (x86)\Internet Explorer

    2014-02-09 21:03:58 —-D—- C:\Program Files (x86)\Usenet Collector

    2014-02-09 20:49:33 —-D—- C:\Windows\Usenet Collector

    2014-02-09 20:49:33 —-A—- C:\Windows\Usenet Collector.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys

    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys

    R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys

    R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys

    R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys

    R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys

    R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys

    R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys

    R3 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys

    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys

    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys

    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys

    R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys

    R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys

    R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr28ux.sys

    R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys

    R3 P17;SB 5.1 VX; C:\Windows\system32\drivers\P17.sys

    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys

    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys

    S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys

    S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys

    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys

    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys

    S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys

    S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys

    S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys

    S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys

    S3 Pcouffin64;Low level access layer for CD devices; C:\Windows\System32\Drivers\pcouffin64a.sys

    S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys

    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys

    S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys

    S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

    S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys

    S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys

    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys

    S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys

    S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys

    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys

    S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys

    S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\drivers\usb8023x.sys

    S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys

    S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys

    S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys

    S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys

    S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe

    R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe

    R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

    R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

    R2 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    R2 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe

    R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe

    R2 RalinkRegistryWriter64;Ralink Registry Writer 64; C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe

    R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe

    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

    R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe

    R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe

    R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe

    R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    S2 KMService;KMService; C:\Windows\syswow64\srvany.exe

    S2 PCLEPCI;PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys

    S2 ProtectMonitor;Protect Monitor; C:\monitorsvc.exe

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe

    S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

    S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe

    S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe

    S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

    S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    S3 PCProtect;PCProtect; C:\Program Files (x86)\Web Protect\PCProtect.exe

    S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe

    S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

    S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe

    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe

    S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    —————–EOF—————–

    Malwarebytes Anti-Malware 1.75.0.1300

    www.malwarebytes.org

    Databaseversie: v2014.03.05.06

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 11.0.9600.16518

    Supervisor :: SUPERVISOR-PC

    8-3-2014 14:16:50

    mbam-log-2014-03-08 (14-16-50).txt

    Scan type: Snelle scan

    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scan opties: P2P

    Objecten gescand: 278882

    Verstreken tijd: 5 minuut/minuten, 1 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

  • Ben

    Hallo,

    Download LSPFix naar het bureaublad.

    1. Start het programma.

    2. Selecteer "I know what I'am doing"

    3. Selecteer ALLEEN dit bestand: pcprotect.dll

    4. Klik op "remove" zodat het bestand naar het rechter venster gaat.

    5. Klik op "Finish"

    6. Herstart de pc.

    7. Verwijder het bovengenoemde bestand uit de C:\Windows\System32\ directory (als het bestand niet missing is)

    Vertel of dit is gelukt en plaats ook een nieuw RSIT logje erbij.

  • jasper

    He ben bedankt voor je snelle reactie!!!

    is uitgevoerd, kon het bestandje niet vinden in die directory??

    hieronder logje…

    Logfile of random's system information tool 1.09 (written by random/random)

    Run by Supervisor at 2014-03-08 14:49:10

    Microsoft Windows 7 Ultimate Service Pack 1

    System drive C: has 30 GB (30%) free of 102 GB

    Total RAM: 4095 MB (56% free)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 14:49:14, on 8-3-2014

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.16518)

    Boot mode: Normal

    Running processes:

    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

    C:\Program Files (x86)\Samsung\Kies\Kies.exe

    C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe

    C:\Windows\SysWOW64\rundll32.exe

    C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\trend micro\Supervisor.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL

    O2 - BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dll

    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    O4 - HKLM\..\Run: C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

    O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin

    O4 - HKLM\..\Run: RunDll32 P17RunE.dll,RunDLLEntry

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”

    O4 - HKLM\..\Run: C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

    O4 - HKUS\S-1-5-21-3116784316-362696581-2426180777-1004\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)

    O4 - HKUS\S-1-5-21-3116784316-362696581-2426180777-1004\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)

    O4 - Startup: Verzenden naar OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe

    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000

    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

    O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

    O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

    O9 - Extra ‘Tools’ menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

    O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/canvasx.cab

    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

    O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://navigram.com/engine/v1140/Navigram.cab

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://fotosnelservice.hema.nl/xupload/XUpload.ocx

    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab

    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys

    O23 - Service: PCProtect - Objectify Media Inc - C:\Program Files (x86)\Web Protect\PCProtect.exe

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\monitorsvc.exe

    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe

    O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    End of file - 16039 bytes

    ======Listing Processes======

    \SystemRoot\System32\smss.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    wininit.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    C:\Windows\system32\services.exe

    C:\Windows\system32\lsass.exe

    C:\Windows\system32\lsm.exe

    winlogon.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    “C:\Windows\system32\nvvsvc.exe”

    “C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe”

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\AUDIODG.EXE 0x2cc

    “C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe”

    “C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe”

    C:\Windows\system32\nvvsvc.exe -session -first

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\WLANExt.exe 28897872

    \??\C:\Windows\system32\conhost.exe "-1072862627515015264-2882765171330428178-82980252758181500219466195-1887332606

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    taskeng.exe {FCB0C753-F88B-47ED-8E4A-A58C34C27D43}

    “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”

    C:\Windows\system32\svchost.exe -k apphost

    C:\Windows\AutoKMS\AutoKMS.exe

    \??\C:\Windows\system32\conhost.exe "-1995045052-1747517368-1279180158737005111-1641685266-1538165911362598051765588012

    “C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe”

    “C:\Program Files\Bonjour\mDNSResponder.exe”

    “C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe”

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    “taskhost.exe”

    “C:\Windows\system32\Dwm.exe”

    C:\Windows\Explorer.EXE

    “C:\Windows\WindowsMobile\wmdc.exe”

    “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice

    “C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe”

    “C:\Program Files (x86)\Samsung\Kies\Kies.exe” /preload

    “C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe” -s

    “C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE” /tsr

    “C:/Program Files/NVIDIA Corporation/Display/nvtray.exe” -user_has_logged_in 1

    “C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe”

    C:\monitor.exe

    “C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe”

    “C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe”

    C:\Windows\system32\svchost.exe -k imgsvc

    “C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe”

    C:\Windows\system32\svchost.exe -k iissvcs

    C:\Windows\System32\svchost.exe -k secsvcs

    “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”

    WLIDSvcM.exe 2044

    “C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe” -r

    “C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe” /TUStart /pid:2164

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    “C:\Windows\System32\rundll32.exe” P17RunE.dll,RunDLLEntry

    “C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE”

    “C:\Program Files (x86)\Web Protect\PCProtect.exe”

    “C:\Program Files (x86)\Mobogenie\DaemonProcess.exe”

    “C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe”

    C:\Windows\system32\svchost.exe -k WindowsMobile

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    “C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-718e0278-838e-403b-92fa-cf2efad96f03 -SystemEventPortName:HostProcess-7fba0228-eea1-4a0f-93b3-dcc6fb69930b -IoCancelEventPortName:HostProcess-145319db-bf80-4b60-a0e2-884b91bf4461 -NonStateChangingEventPortName:HostProcess-b37fc3e3-63f9-4ca8-8b13-b3cea143273f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:aac446b3-03dd-4576-92e7-1c1e372f9e9e -DeviceGroupId:WpdFsGroup

    “C:\Program Files\Windows Media Player\wmpnetwk.exe”

    C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding

    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 1688 55041-00168-305-190595-03-1033-3790.0000-2692009

    C:\Windows\servicing\TrustedInstaller.exe

    “C:\Program Files\Internet Explorer\iexplore.exe”

    “C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:5544 CREDAT:144385 /prefetch:2

    “C:\Program Files\Microsoft Office\Office15\MsoSync.exe”

    “C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:5544 CREDAT:2044971 /prefetch:2

    “C:\Users\Supervisor\Desktop\RSITx64.exe”

    ======Scheduled tasks folder======

    C:\Windows\tasks\Adobe Flash Player Updater.job

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    ======Registry dump======

    Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

    Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

    Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL

    PrintEco - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader64.dll

    Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

    Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll

    Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

    Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL

    PrintEco - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dll

    Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

    Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    “Windows Mobile Device Center”=C:\Windows\WindowsMobile\wmdc.exe

    “AdobeAAMUpdater-1.0”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

    “egui”=C:\Program Files\ESET\ESET Smart Security\egui.exe

    “Nvtmru”=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe

    “KiesPreload”=C:\Program Files (x86)\Samsung\Kies\Kies.exe

    “HDAudDeck”=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

    “”=

    “SwitchBoard”=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    “AdobeCS6ServiceManager”=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe

    “P17RunE”=RunDll32 P17RunE.dll,RunDLLEntry

    “APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

    “mobilegeni daemon”=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

    “KiesTrayAgent”=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

    Sitecom Wireless Utility.lnk - C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe

    C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

    Verzenden naar OneNote.lnk - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

    C:\Windows\system32\igfxdev.dll

    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    “SecurityProviders”=credssp.dll

    “ConsentPromptBehaviorAdmin”=5

    “ConsentPromptBehaviorUser”=3

    “EnableUIADesktopToggle”=0

    “dontdisplaylastusername”=0

    “legalnoticecaption”=

    “legalnoticetext”=

    “shutdownwithoutlogon”=1

    “undockwithoutlogon”=1

    “EnableSecureUIAPath”=1

    “NoDrives”=0

    “NoDrives”=0

    “vidc.mrle”=msrle32.dll

    “vidc.msvc”=msvidc32.dll

    “msacm.imaadpcm”=imaadp32.acm

    “msacm.msg711”=msg711.acm

    “msacm.msgsm610”=msgsm32.acm

    “msacm.msadpcm”=msadp32.acm

    “midimapper”=midimap.dll

    “wavemapper”=msacm32.drv

    “vidc.uyvy”=msyuv.dll

    “vidc.yuy2”=msyuv.dll

    “vidc.yvyu”=msyuv.dll

    “vidc.iyuv”=iyuv_32.dll

    “vidc.i420”=iyuv_32.dll

    “vidc.yvu9”=tsbyuv.dll

    “msacm.l3acm”=C:\Windows\System32\l3codeca.acm

    “wave”=wdmaud.drv

    “midi”=wdmaud.drv

    “mixer”=wdmaud.drv

    “aux”=wdmaud.drv

    “wave5”=wdmaud.drv

    “midi5”=wdmaud.drv

    “mixer5”=wdmaud.drv

    “wave3”=wdmaud.drv

    “midi3”=wdmaud.drv

    “mixer3”=wdmaud.drv

    “wave4”=wdmaud.drv

    “midi4”=wdmaud.drv

    “mixer4”=wdmaud.drv

    “wave1”=wdmaud.drv

    “midi1”=wdmaud.drv

    “mixer1”=wdmaud.drv

    “wave2”=wdmaud.drv

    “midi2”=wdmaud.drv

    “mixer2”=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    ======List of files/folders created in the last 1 month======

    2014-03-08 14:22:49 —-D—- C:\rsit

    2014-03-05 14:55:10 —-SHD—- C:\Config.Msi

    2014-03-05 14:52:16 —-D—- C:\Program Files (x86)\PrintEco

    2014-03-05 14:47:01 —-A—- C:\Windows\SYSWOW64\PCProtectOff.ini

    2014-03-05 14:47:01 —-A—- C:\Windows\SYSWOW64\PCProtect.ini

    2014-03-05 14:47:01 —-A—- C:\Windows\system32\PCProtectOff.ini

    2014-03-05 14:46:53 —-A—- C:\Windows\system32\PCProtect64.dll

    2014-03-05 14:46:51 —-A—- C:\Windows\SYSWOW64\PCProtect.dll

    2014-03-05 14:46:07 —-D—- C:\Program Files (x86)\Web Protect

    2014-02-25 17:36:16 —-D—- C:\Windows\Migration

    2014-02-19 09:23:20 —-D—- C:\Program Files\CCleaner

    2014-02-19 09:19:00 —-D—- C:\Program Files\WinZip

    2014-02-13 15:12:36 —-A—- C:\monitor.exe

    2014-02-13 14:43:24 —-A—- C:\monitorsvc.exe

    2014-02-12 15:30:07 —-A—- C:\Windows\SYSWOW64\vbscript.dll

    2014-02-12 15:30:07 —-A—- C:\Windows\system32\vbscript.dll

    2014-02-12 15:29:33 —-A—- C:\Windows\SYSWOW64\msrating.dll

    2014-02-12 15:29:33 —-A—- C:\Windows\SYSWOW64\ieui.dll

    2014-02-12 15:29:33 —-A—- C:\Windows\system32\msrating.dll

    2014-02-12 15:29:33 —-A—- C:\Windows\system32\ieui.dll

    2014-02-12 15:29:32 —-A—- C:\Windows\system32\iernonce.dll

    2014-02-12 15:29:32 —-A—- C:\Windows\system32\ieetwcollectorres.dll

    2014-02-12 15:29:32 —-A—- C:\Windows\system32\ie4uinit.exe

    2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\msfeeds.dll

    2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\jsproxy.dll

    2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe

    2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\iesetup.dll

    2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\iernonce.dll

    2014-02-12 15:29:31 —-A—- C:\Windows\system32\msfeeds.dll

    2014-02-12 15:29:31 —-A—- C:\Windows\system32\jsproxy.dll

    2014-02-12 15:29:31 —-A—- C:\Windows\system32\ieUnatt.exe

    2014-02-12 15:29:31 —-A—- C:\Windows\system32\iesetup.dll

    2014-02-12 15:29:30 —-A—- C:\Windows\SYSWOW64\ieetwproxystub.dll

    2014-02-12 15:29:30 —-A—- C:\Windows\system32\ieetwproxystub.dll

    2014-02-12 15:29:30 —-A—- C:\Windows\system32\ieetwcollector.exe

    2014-02-12 15:29:29 —-A—- C:\Windows\SYSWOW64\jscript9diag.dll

    2014-02-12 15:29:29 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll

    2014-02-12 15:29:29 —-A—- C:\Windows\system32\mshtml.dll

    2014-02-12 15:29:29 —-A—- C:\Windows\system32\jscript9diag.dll

    2014-02-12 15:29:29 —-A—- C:\Windows\system32\ieapfltr.dll

    2014-02-12 15:29:28 —-A—- C:\Windows\SYSWOW64\iertutil.dll

    2014-02-12 15:29:28 —-A—- C:\Windows\system32\iertutil.dll

    2014-02-12 15:29:27 —-A—- C:\Windows\SYSWOW64\wininet.dll

    2014-02-12 15:29:27 —-A—- C:\Windows\SYSWOW64\urlmon.dll

    2014-02-12 15:29:27 —-A—- C:\Windows\system32\wininet.dll

    2014-02-12 15:29:27 —-A—- C:\Windows\system32\urlmon.dll

    2014-02-12 15:29:25 —-A—- C:\Windows\system32\ieframe.dll

    2014-02-12 15:29:24 —-A—- C:\Windows\SYSWOW64\ieframe.dll

    2014-02-12 15:29:23 —-A—- C:\Windows\SYSWOW64\mshtml.dll

    2014-02-12 15:29:22 —-A—- C:\Windows\SYSWOW64\jscript9.dll

    2014-02-12 15:29:22 —-A—- C:\Windows\system32\jscript9.dll

    2014-02-12 09:27:57 —-A—- C:\Windows\SYSWOW64\msxml3r.dll

    2014-02-12 09:27:57 —-A—- C:\Windows\SYSWOW64\msxml3.dll

    2014-02-12 09:27:57 —-A—- C:\Windows\system32\msxml3r.dll

    2014-02-12 09:27:57 —-A—- C:\Windows\system32\msxml3.dll

    2014-02-12 09:27:49 —-A—- C:\Windows\SYSWOW64\RMActivate_isv.exe

    2014-02-12 09:27:49 —-A—- C:\Windows\system32\RMActivate_isv.exe

    2014-02-12 09:27:49 —-A—- C:\Windows\system32\RMActivate.exe

    2014-02-12 09:27:48 —-A—- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe

    2014-02-12 09:27:48 —-A—- C:\Windows\SYSWOW64\RMActivate_ssp.exe

    2014-02-12 09:27:48 —-A—- C:\Windows\SYSWOW64\RMActivate.exe

    2014-02-12 09:27:48 —-A—- C:\Windows\system32\RMActivate_ssp_isv.exe

    2014-02-12 09:27:48 —-A—- C:\Windows\system32\RMActivate_ssp.exe

    2014-02-12 09:27:47 —-A—- C:\Windows\SYSWOW64\secproc_isv.dll

    2014-02-12 09:27:47 —-A—- C:\Windows\SYSWOW64\secproc.dll

    2014-02-12 09:27:47 —-A—- C:\Windows\SYSWOW64\msdrm.dll

    2014-02-12 09:27:47 —-A—- C:\Windows\system32\secproc_ssp.dll

    2014-02-12 09:27:47 —-A—- C:\Windows\system32\secproc_isv.dll

    2014-02-12 09:27:47 —-A—- C:\Windows\system32\secproc.dll

    2014-02-12 09:27:47 —-A—- C:\Windows\system32\msdrm.dll

    2014-02-12 09:27:46 —-A—- C:\Windows\SYSWOW64\secproc_ssp_isv.dll

    2014-02-12 09:27:46 —-A—- C:\Windows\SYSWOW64\secproc_ssp.dll

    2014-02-12 09:27:46 —-A—- C:\Windows\system32\secproc_ssp_isv.dll

    2014-02-12 09:27:44 —-A—- C:\Windows\SYSWOW64\d3d10warp.dll

    2014-02-12 09:27:44 —-A—- C:\Windows\system32\d3d10warp.dll

    2014-02-12 09:27:43 —-A—- C:\Windows\SYSWOW64\d2d1.dll

    2014-02-12 09:27:43 —-A—- C:\Windows\system32\d2d1.dll

    2014-02-10 13:13:32 —-D—- C:\Users\Supervisor\AppData\Roaming\Usenet Collector v3

    2014-02-10 13:13:32 —-D—- C:\Program Files\Usenet Collector v3

    ======List of files/folders modified in the last 1 month======

    2014-03-08 14:49:12 —-D—- C:\Windows\temp

    2014-03-08 14:49:12 —-D—- C:\Program Files\trend micro

    2014-03-08 14:47:33 —-D—- C:\Windows\system32\config

    2014-03-08 14:46:38 —-D—- C:\Windows

    2014-03-08 14:46:36 —-D—- C:\ProgramData\NVIDIA

    2014-03-08 06:46:26 —-D—- C:\Windows\inf

    2014-03-08 06:38:55 —-D—- C:\Windows\Prefetch

    2014-03-07 13:50:29 —-SHD—- C:\System Volume Information

    2014-03-06 16:06:40 —-D—- C:\Windows\SoftwareDistribution

    2014-03-06 16:05:40 —-D—- C:\Windows\system32\Tasks

    2014-03-06 15:28:39 —-D—- C:\Windows\System32

    2014-03-06 15:28:39 —-A—- C:\Windows\system32\PerfStringBackup.INI

    2014-03-05 14:55:55 —-SHD—- C:\Windows\Installer

    2014-03-05 14:55:47 —-D—- C:\Windows\SysWOW64

    2014-03-05 14:55:42 —-RD—- C:\Program Files (x86)

    2014-03-05 14:55:38 —-D—- C:\Program Files (x86)\TuneUp Utilities 2012

    2014-03-05 14:52:37 —-D—- C:\ProgramData

    2014-03-04 10:42:54 —-D—- C:\Users\Supervisor\AppData\Roaming\Media Player Classic

    2014-03-02 14:24:03 —-D—- C:\Program Files (x86)\Mobogenie

    2014-03-02 13:09:52 —-D—- C:\Users\Supervisor\AppData\Roaming\uTorrent

    2014-03-01 11:27:33 —-D—- C:\Windows\system32\catroot2

    2014-02-28 12:42:20 —-D—- C:\Windows\Microsoft.NET

    2014-02-26 15:30:19 —-D—- C:\Users\Supervisor\AppData\Roaming\Belastingdienst

    2014-02-26 14:30:50 —-D—- C:\Users\Supervisor\AppData\Roaming\Winamp

    2014-02-25 17:40:39 —-RSD—- C:\Windows\assembly

    2014-02-25 17:36:41 —-D—- C:\Windows\SYSWOW64\en-US

    2014-02-25 17:36:41 —-D—- C:\Windows\system32\en-US

    2014-02-25 17:36:16 —-SD—- C:\ProgramData\Microsoft

    2014-02-24 19:16:21 —-D—- C:\Windows\system32\catroot

    2014-02-23 15:59:28 —-D—- C:\Windows\system32\DriverStore

    2014-02-23 15:59:15 —-D—- C:\Windows\system32\drivers

    2014-02-22 12:10:16 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe

    2014-02-19 09:23:20 —-D—- C:\Program Files

    2014-02-19 09:19:21 —-D—- C:\ProgramData\WinZip

    2014-02-19 09:11:24 —-D—- C:\Program Files\WinRAR

    2014-02-17 11:27:34 —-D—- C:\Windows\debug

    2014-02-17 03:03:38 —-D—- C:\Windows\system32\MRT

    2014-02-17 03:01:06 —-A—- C:\Windows\system32\MRT.exe

    2014-02-15 10:18:49 —-D—- C:\Windows\rescache

    2014-02-13 10:04:31 —-D—- C:\Windows\winsxs

    2014-02-13 10:01:58 —-D—- C:\Windows\SYSWOW64\nl-NL

    2014-02-13 10:01:58 —-D—- C:\Windows\system32\nl-NL

    2014-02-13 10:01:56 —-D—- C:\Program Files\Internet Explorer

    2014-02-13 10:01:56 —-D—- C:\Program Files (x86)\Internet Explorer

    2014-02-09 21:03:58 —-D—- C:\Program Files (x86)\Usenet Collector

    2014-02-09 20:49:33 —-D—- C:\Windows\Usenet Collector

    2014-02-09 20:49:33 —-A—- C:\Windows\Usenet Collector.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys

    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys

    R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys

    R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys

    R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys

    R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys

    R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys

    R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys

    R3 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys

    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys

    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys

    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys

    R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys

    R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys

    R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr28ux.sys

    R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys

    R3 P17;SB 5.1 VX; C:\Windows\system32\drivers\P17.sys

    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys

    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys

    S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys

    S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys

    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys

    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys

    S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys

    S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys

    S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys

    S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys

    S3 Pcouffin64;Low level access layer for CD devices; C:\Windows\System32\Drivers\pcouffin64a.sys

    S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys

    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys

    S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys

    S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

    S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys

    S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys

    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys

    S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys

    S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys

    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys

    S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys

    S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\drivers\usb8023x.sys

    S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys

    S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys

    S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys

    S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys

    S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe

    R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe

    R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

    R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

    R2 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    R2 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe

    R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe

    R2 RalinkRegistryWriter64;Ralink Registry Writer 64; C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe

    R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe

    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

    R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe

    R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe

    R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe

    R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    S2 KMService;KMService; C:\Windows\syswow64\srvany.exe

    S2 PCLEPCI;PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys

    S2 ProtectMonitor;Protect Monitor; C:\monitorsvc.exe

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe

    S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

    S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe

    S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe

    S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

    S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    S3 PCProtect;PCProtect; C:\Program Files (x86)\Web Protect\PCProtect.exe

    S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe

    S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

    S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe

    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe

    S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    —————–EOF—————–

  • Ben

    Hallo,

    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.

    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

    Download Zoek.exe naar het bureaublad.

    * Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

    Zoek.exe uitvoeren

    Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

    * Dubbelklik vervolgens op Zoek.exe om de tool te starten.

    * Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

    * Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:

    * Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.

    firefoxlook;

    emptyclsid;

    torpigcheck;

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501};c

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501};c

    ;r

    @=-;r

    “mobilegeni daemon”=-;r

    C:\Program Files (x86)\Mobogenie;fs

    ;r

    C:\Windows\SYSWOW64\PCProtectOff.ini;f

    C:\Windows\SYSWOW64\PCProtect.ini;f

    C:\Windows\system32\PCProtectOff.ini;f

    C:\Windows\system32\PCProtect64.dll;f

    C:\Windows\SYSWOW64\PCProtect.dll;f

    C:\Program Files (x86)\Web Protect;fs

    emptyfolderscheck;delete

    chromelook;

    standardsearch;

    filesrcm;

    autoclean;

    startupall;

    * Klik nu op de knop "Run script".

    * Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    * Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    * Post het geopende logje in het volgende bericht.

  • jasper

    Zoek.exe v5.0.0.0 Updated 07-March-2014

    Tool run by Supervisor on za 08-03-2014 at 15:18:17,26.

    Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\Supervisor\Desktop\zoek.exe

    ===== Runcheck 15:21:49,15 =====

    — Create Environment Variables 15:21:50,50

    — Create System Restore Point 15:21:57,47

    — Checking Input 15:23:02,16

    — Torpig Check 15:23:10,95

    — AU AppData Check 15:23:13,63

    — Remove From Windows Installer 15:23:20,71

    — Empty Folders Check 15:24:54,72

    — IE Startpage Check 15:25:04,79

    — Program Files DB Check 15:25:59,88

    — C:\Users\Default\AppData\Roaming DB Check 15:26:33,39

    — C:\Users\Default User\AppData\Roaming DB Check 15:26:33,39

    — C:\Users\DefaultAppPool\AppData\Roaming DB Check 15:26:33,39

    — C:\Users\Supervisor\AppData\Roaming DB Check 15:26:33,39

    — C:\Users\UpdatusUser\AppData\Roaming DB Check 15:26:33,39

    — C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 15:26:33,39

    — C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 15:26:33,39

    — C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 15:26:33,39

    — C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 15:26:33,39

    — C:\Users\Supervisor DB Check 15:28:22,62

    — C:\PROGRA~3 DB Check 15:28:34,32

    — C:\Users\Default\AppData\Local DB Check 15:28:35,19

    — C:\Users\Default User\AppData\Local DB Check 15:28:35,19

    — C:\Users\DefaultAppPool\AppData\Local DB Check 15:28:35,19

    — C:\Users\Public\AppData\Local DB Check 15:28:35,19

    — C:\Users\Supervisor\AppData\Local DB Check 15:28:35,19

    — C:\Users\UpdatusUser\AppData\Local DB Check 15:28:35,19

    — C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 15:28:35,19

    — C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 15:28:35,19

    — C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 15:28:35,19

    — C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 15:28:35,19

    — C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 15:29:55,77

    — C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 15:30:01,68

    — Tasks DB Check 15:30:04,98

    — Downloads DB Check 15:30:07,36

    — C:\Users\DefaultAppPool\AppData\LocalLow DB Check 15:30:12,93

    — C:\Users\Supervisor\AppData\LocalLow DB Check 15:30:12,93

    — C:\Users\UpdatusUser\AppData\LocalLow DB Check 15:30:12,93

    — C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 15:30:12,93

    — C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 15:30:12,93

    — C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 15:30:12,93

    — C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 15:30:12,93

    — Tasks2 DB Check 15:31:12,27

    — Documents DB Check 15:31:26,64

    hij staat hier al tijd op stil? is deze nu klaar?

  • Ben

    Hallo,

    Nee hij is nog niet klaar het kan 45 min duren.

  • jasper

    hij staat nog steeds op zelfde stukje..zijn nu 5 kwartier verder?

    nog steeds laten staan maar?

    groeten

  • Ben

    Hallo,

    Dan gaan we het anders doen;

    Download de

    Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links

    Farbar Recovery Scan Tool 32 bit (x86)

    Farbar Recovery Scan Tool 64 bit (x64)

    Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

    Farbar Recovery Scan Tool uitvoeren

    Dubbelklik op FRST.exe om de tool te starten.

    Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

    Als het programma is geopend klik Yes (Ja) bij de disclaimer.

    Druk vervolgens op de Scan knop, er zal nu eerst een back-up van het register worden gemaakt.

    Wanneer de scan gereed is worden er twee logbestanden aangemaakt met de naam (FRST.txt) & (Addition.txt) op dezelfde plaats vanwaar de ‘tool’ is gestart.

    Voeg dit logbestand (FRST.txt) toe aan het volgende bericht.

  • jasper

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01

    Ran by Supervisor (administrator) on SUPERVISOR-PC on 08-03-2014 17:03:14

    Running from C:\Users\Supervisor\Desktop

    Windows 7 Ultimate Service Pack 1 (X64) OS Language: Dutch Standard

    Internet Explorer Version 11

    Boot Mode: Normal

    The only official download link for FRST:

    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

    Download link from any site other than Bleeping Computer is unpermitted or outdated.

    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

    (Microsoft Corporation) C:\Windows\system32\WLANExt.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    () C:\Windows\AutoKMS\AutoKMS.exe

    (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

    (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

    (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

    (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    (Sitecom Europe BV.) C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

    (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

    () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    () C:\monitor.exe

    (Ralink Technology, Corp.) C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe

    (Ralink Technology, Corp.) C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe

    (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe

    (Objectify Media Inc) C:\Program Files (x86)\Web Protect\PCProtect.exe

    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    (Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MsoSync.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\…\Run: - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

    HKLM\…\Run: - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

    HKLM\…\Run: - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

    HKLM\…\Run: - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)

    HKLM-x32\…\Run: - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

    HKLM-x32\…\Run: -

    HKLM-x32\…\Run: - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

    HKLM-x32\…\Run: - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

    HKLM-x32\…\Run: - RunDll32 P17RunE.dll,RunDLLEntry

    HKLM-x32\…\Run: - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

    HKLM-x32\…\Run: - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()

    HKLM-x32\…\Run: - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

    HKU\S-1-5-21-3116784316-362696581-2426180777-1001\…\Run: - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)

    Startup: C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk

    ShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8BA8CA53B0D5CA01

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl

    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0CtDtB0CzzzyyCtB0F0AtN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1454746493

    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0CtDtB0CzzzyyCtB0F0AtN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1454746493

    SearchScopes: HKCU - DefaultScope {379DBD7E-977B-39DF-F6CF-2E7F16248A13} URL = http://www.google.nl/search?hl=nl&q={searchTerms}&rlz=1I7MXGB_nlNL564

    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovigo.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP24A12E28-1BC7-4376-9234-344CB5C3099F&q={searchTerms}&SSPV=

    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CE71000CF6A4E242&affID=120684&tsp=5035

    SearchScopes: HKCU - {379DBD7E-977B-39DF-F6CF-2E7F16248A13} URL = http://www.google.nl/search?hl=nl&q={searchTerms}&rlz=1I7MXGB_nlNL564

    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

    BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

    BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader64.dll ()

    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

    BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

    BHO-x32: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

    BHO-x32: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dll ()

    BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    DPF: HKLM-x32 {28B66320-9687-4B13-8757-36F901887AB5} http://foto.hema.nl/ips-opdata/layout/hema/objects/canvasx.cab

    DPF: HKLM-x32 {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab

    DPF: HKLM-x32 {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

    DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

    DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} http://navigram.com/engine/v1140/Navigram.cab

    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

    DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab

    DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

    DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab

    DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab

    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

    DPF: HKLM-x32 {E87F6C8E-16C0-11D3-BEF7-009027438003} http://fotosnelservice.hema.nl/xupload/XUpload.ocx

    DPF: HKLM-x32 {EDFCB7CB-942C-4822-AF14-F0B687409848} http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

    DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab

    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - No File

    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

    Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

    Winsock: Catalog9-x64 01 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    Winsock: Catalog9-x64 02 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    Winsock: Catalog9-x64 03 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    Winsock: Catalog9-x64 04 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    Winsock: Catalog9-x64 15 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    Tcpip\Parameters: 192.168.0.1

    FireFox:

    ========

    FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

    FF Plugin: @microsoft.com/GENUINE - disabled No File

    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)

    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

    FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

    FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

    FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Supervisor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

    FF Extension: No Name - C:\Users\Supervisor\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions

    FF HKLM\…\Thunderbird\Extensions: - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

    FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

    FF HKLM-x32\…\Firefox\Extensions: - C:\Program Files (x86)\PrintEco\PrintEco Office\firefox@printecosoftware.com.xpi

    FF Extension: PrintEco - C:\Program Files (x86)\PrintEco\PrintEco Office\firefox@printecosoftware.com.xpi

    FF HKLM-x32\…\Thunderbird\Extensions: - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

    FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

    Chrome:

    =======

    CHR HomePage: http:\/\/www.google.com\/

    CHR DefaultSearchKeyword: conduit.search

    CHR Extension: (Docs) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

    CHR Extension: (Google Drive) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

    CHR Extension: (YouTube) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

    CHR Extension: (Google Search) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

    CHR Extension: (Google Wallet) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

    CHR Extension: (Gmail) - C:\Users\Supervisor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

    CHR HKLM-x32\…\Chrome\Extension: - C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx

    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)

    S2 KMService; C:\Windows\SysWOW64\srvany.exe ()

    S2 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys (Pinnacle Systems GmbH)

    R3 PCProtect; C:\Program Files (x86)\Web Protect\PCProtect.exe (Objectify Media Inc)

    S2 ProtectMonitor; C:\monitorsvc.exe ()

    R2 RalinkRegistryWriter; C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe (Ralink Technology, Corp.)

    R2 RalinkRegistryWriter64; C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe (Ralink Technology, Corp.)

    R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)

    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    R3 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys (ESET)

    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys (ESET)

    R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys (ESET)

    R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys (ESET)

    R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys (ESET)

    R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys ()

    S3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys (VSO Software)

    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)

    S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys ()

    R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)

    S3 catchme; \??\C:\ComboFix\catchme.sys

    S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys

    S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys

    S3 ssudmdm; system32\DRIVERS\ssudmdm.sys

    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys

    S3 tsusbhub; system32\drivers\tsusbhub.sys

    S3 VGPU; System32\drivers\rdvgkmd.sys

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2014-03-08 17:03 - 2014-03-08 17:03 - 00020873 _____ () C:\Users\Supervisor\Desktop\FRST.txt

    2014-03-08 17:02 - 2014-03-08 17:03 - 00000000 ____D () C:\FRST

    2014-03-08 17:01 - 2014-03-08 17:01 - 00000000 ____D () C:\ProgramData\Ralink

    2014-03-08 17:00 - 2014-03-08 17:00 - 00000330 _____ () C:\Windows\PFRO.log

    2014-03-08 16:58 - 2014-03-08 16:58 - 02156544 _____ (Farbar) C:\Users\Supervisor\Desktop\FRST64.exe

    2014-03-08 15:21 - 2014-03-08 15:24 - 00001805 _____ () C:\zoek-results.log

    2014-03-08 15:18 - 2014-03-08 15:31 - 00002984 _____ () C:\runcheck.txt

    2014-03-08 15:15 - 2014-03-08 15:16 - 00000000 ____D () C:\zoek_backup

    2014-03-08 15:15 - 2014-03-08 15:15 - 01285120 _____ () C:\Users\Supervisor\Desktop\zoek.exe

    2014-03-08 14:46 - 2014-03-08 17:01 - 00001512 _____ () C:\Windows\setupact.log

    2014-03-08 14:46 - 2014-03-08 14:46 - 00000000 _____ () C:\Windows\setuperr.log

    2014-03-08 14:42 - 2014-03-08 14:42 - 00186880 _____ (CEXX.ORG) C:\Users\Supervisor\Desktop\LSPFix.exe

    2014-03-08 14:22 - 2014-03-08 14:23 - 00000000 ____D () C:\rsit

    2014-03-08 14:18 - 2014-03-08 14:18 - 00935175 _____ () C:\Users\Supervisor\Desktop\RSITx64.exe

    2014-03-05 14:52 - 2014-03-06 09:59 - 00000000 ____D () C:\Users\Supervisor\Documents\Add-in Express

    2014-03-05 14:52 - 2014-03-05 14:52 - 00000000 ____D () C:\Program Files (x86)\PrintEco

    2014-03-05 14:48 - 2011-07-19 04:05 - 00000046 _____ () C:\Program Files (x86)\Falco.url

    2014-03-05 14:47 - 2014-03-05 14:47 - 00003976 _____ () C:\Windows\SysWOW64\PCProtect.ini

    2014-03-05 14:47 - 2014-03-05 14:47 - 00002184 _____ () C:\Windows\SysWOW64\PCProtectOff.ini

    2014-03-05 14:47 - 2014-03-05 14:47 - 00002184 _____ () C:\Windows\system32\PCProtectOff.ini

    2014-03-05 14:46 - 2014-03-05 14:48 - 00000000 ____D () C:\Program Files (x86)\Web Protect

    2014-03-05 14:46 - 2014-01-08 07:08 - 00330624 _____ (Objectify Media Inc) C:\Windows\system32\PCProtect64.dll

    2014-03-05 14:46 - 2014-01-08 07:08 - 00293984 _____ (Objectify Media Inc) C:\Windows\SysWOW64\PCProtect.dll

    2014-02-28 12:10 - 2014-03-08 16:59 - 00833972 _____ () C:\Windows\WindowsUpdate.log

    2014-02-19 09:23 - 2014-02-19 09:23 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

    2014-02-19 09:23 - 2014-02-19 09:23 - 00000000 ____D () C:\Program Files\CCleaner

    2014-02-19 09:19 - 2014-02-19 09:19 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\WinZip

    2014-02-19 09:19 - 2014-02-19 09:19 - 00000000 ____D () C:\Program Files\WinZip

    2014-02-19 09:11 - 2014-02-19 09:11 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

    2014-02-13 15:12 - 2014-02-13 15:12 - 00487517 _____ () C:\monitor.exe

    2014-02-13 14:43 - 2014-02-13 14:43 - 00034244 _____ () C:\monitorsvc.exe

    2014-02-12 15:30 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

    2014-02-12 15:30 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

    2014-02-12 15:29 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

    2014-02-12 15:29 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

    2014-02-12 15:29 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

    2014-02-12 15:29 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

    2014-02-12 15:29 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

    2014-02-12 15:29 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

    2014-02-12 15:29 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

    2014-02-12 15:29 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

    2014-02-12 15:29 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

    2014-02-12 15:29 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

    2014-02-12 15:29 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

    2014-02-12 15:29 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

    2014-02-12 15:29 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

    2014-02-12 15:29 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

    2014-02-12 15:29 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

    2014-02-12 15:29 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

    2014-02-12 15:29 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

    2014-02-12 15:29 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

    2014-02-12 15:29 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

    2014-02-12 15:29 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

    2014-02-12 15:29 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

    2014-02-12 15:29 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

    2014-02-12 15:29 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

    2014-02-12 15:29 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

    2014-02-12 15:29 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

    2014-02-12 15:29 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

    2014-02-12 15:29 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

    2014-02-12 15:29 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

    2014-02-12 15:29 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

    2014-02-12 15:29 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

    2014-02-12 15:29 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

    2014-02-12 15:29 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

    2014-02-12 15:29 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

    2014-02-12 15:29 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

    2014-02-12 15:29 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

    2014-02-12 15:29 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

    2014-02-12 15:29 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

    2014-02-12 15:29 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

    2014-02-12 15:29 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

    2014-02-12 09:27 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls

    2014-02-12 09:27 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls

    2014-02-12 09:27 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

    2014-02-12 09:27 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

    2014-02-12 09:27 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

    2014-02-12 09:27 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

    2014-02-12 09:27 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

    2014-02-12 09:27 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

    2014-02-12 09:27 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

    2014-02-12 09:27 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

    2014-02-12 09:27 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

    2014-02-12 09:27 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

    2014-02-12 09:27 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

    2014-02-12 09:27 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

    2014-02-12 09:27 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

    2014-02-12 09:27 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

    2014-02-12 09:27 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe

    2014-02-12 09:27 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll

    2014-02-12 09:27 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll

    2014-02-12 09:27 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll

    2014-02-12 09:27 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll

    2014-02-12 09:27 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll

    2014-02-12 09:27 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe

    2014-02-12 09:27 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe

    2014-02-12 09:27 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe

    2014-02-12 09:27 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

    2014-02-12 09:27 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

    2014-02-12 09:27 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

    2014-02-10 13:13 - 2014-02-10 13:13 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Usenet Collector v3

    2014-02-10 13:13 - 2014-02-10 13:13 - 00000000 ____D () C:\Program Files\Usenet Collector v3

    2014-02-07 11:46 - 2014-02-09 21:03 - 00000000 ____D () C:\Program Files (x86)\Usenet Collector

    2014-02-07 11:46 - 2014-02-09 20:49 - 00000061 _____ () C:\Windows\Usenet Collector.ini

    2014-02-07 11:46 - 2014-02-09 20:49 - 00000000 ____D () C:\Windows\Usenet Collector

    2014-02-07 11:46 - 2014-02-09 20:49 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Usenet Collector

    ==================== One Month Modified Files and Folders =======

    2014-03-08 17:03 - 2014-03-08 17:03 - 00020873 _____ () C:\Users\Supervisor\Desktop\FRST.txt

    2014-03-08 17:03 - 2014-03-08 17:02 - 00000000 ____D () C:\FRST

    2014-03-08 17:03 - 2013-12-31 15:43 - 00005090 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Supervisor-PC-Supervisor Supervisor-PC

    2014-03-08 17:01 - 2014-03-08 17:01 - 00000000 ____D () C:\ProgramData\Ralink

    2014-03-08 17:01 - 2014-03-08 14:46 - 00001512 _____ () C:\Windows\setupact.log

    2014-03-08 17:01 - 2014-01-28 13:18 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2014-03-08 17:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

    2014-03-08 17:00 - 2014-03-08 17:00 - 00000330 _____ () C:\Windows\PFRO.log

    2014-03-08 17:00 - 2010-06-23 10:07 - 00000000 ____D () C:\ProgramData\NVIDIA

    2014-03-08 16:59 - 2014-02-28 12:10 - 00833972 _____ () C:\Windows\WindowsUpdate.log

    2014-03-08 16:58 - 2014-03-08 16:58 - 02156544 _____ (Farbar) C:\Users\Supervisor\Desktop\FRST64.exe

    2014-03-08 16:45 - 2010-05-04 21:54 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\CrashDumps

    2014-03-08 16:29 - 2014-01-28 13:18 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2014-03-08 16:10 - 2012-03-31 14:25 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

    2014-03-08 15:31 - 2014-03-08 15:18 - 00002984 _____ () C:\runcheck.txt

    2014-03-08 15:26 - 2009-07-14 05:45 - 00021616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2014-03-08 15:26 - 2009-07-14 05:45 - 00021616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2014-03-08 15:24 - 2014-03-08 15:21 - 00001805 _____ () C:\zoek-results.log

    2014-03-08 15:16 - 2014-03-08 15:15 - 00000000 ____D () C:\zoek_backup

    2014-03-08 15:15 - 2014-03-08 15:15 - 01285120 _____ () C:\Users\Supervisor\Desktop\zoek.exe

    2014-03-08 14:49 - 2013-08-05 21:38 - 00000000 ____D () C:\Program Files\trend micro

    2014-03-08 14:46 - 2014-03-08 14:46 - 00000000 _____ () C:\Windows\setuperr.log

    2014-03-08 14:42 - 2014-03-08 14:42 - 00186880 _____ (CEXX.ORG) C:\Users\Supervisor\Desktop\LSPFix.exe

    2014-03-08 14:23 - 2014-03-08 14:22 - 00000000 ____D () C:\rsit

    2014-03-08 14:18 - 2014-03-08 14:18 - 00935175 _____ () C:\Users\Supervisor\Desktop\RSITx64.exe

    2014-03-08 06:43 - 2013-10-24 20:57 - 00000000 ____D () C:\Users\Supervisor\Downloads\Incompleet

    2014-03-07 13:52 - 2010-04-06 21:03 - 00000000 ___RD () C:\Users\Supervisor\Desktop\Jasper

    2014-03-06 16:05 - 2013-06-23 08:49 - 00003486 _____ () C:\Windows\System32\Tasks\AutoKMS

    2014-03-06 15:28 - 2009-07-14 10:16 - 06299512 _____ () C:\Windows\system32\perfh013.dat

    2014-03-06 15:28 - 2009-07-14 10:16 - 01940624 _____ () C:\Windows\system32\perfc013.dat

    2014-03-06 15:28 - 2009-07-14 06:13 - 00006934 _____ () C:\Windows\system32\PerfStringBackup.INI

    2014-03-06 14:46 - 2011-02-23 15:15 - 00000000 ____D () C:\Users\Supervisor\Desktop\Annemarie

    2014-03-06 12:15 - 2012-11-11 11:00 - 00001456 _____ () C:\Users\Supervisor\AppData\Local\Adobe Opslaan voor web 13.0 Prefs

    2014-03-06 09:59 - 2014-03-05 14:52 - 00000000 ____D () C:\Users\Supervisor\Documents\Add-in Express

    2014-03-05 14:55 - 2012-06-19 08:45 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2012

    2014-03-05 14:52 - 2014-03-05 14:52 - 00000000 ____D () C:\Program Files (x86)\PrintEco

    2014-03-05 14:48 - 2014-03-05 14:46 - 00000000 ____D () C:\Program Files (x86)\Web Protect

    2014-03-05 14:47 - 2014-03-05 14:47 - 00003976 _____ () C:\Windows\SysWOW64\PCProtect.ini

    2014-03-05 14:47 - 2014-03-05 14:47 - 00002184 _____ () C:\Windows\SysWOW64\PCProtectOff.ini

    2014-03-05 14:47 - 2014-03-05 14:47 - 00002184 _____ () C:\Windows\system32\PCProtectOff.ini

    2014-03-04 19:03 - 2009-07-14 06:08 - 00032526 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

    2014-03-02 14:26 - 2013-12-20 09:45 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\Mobogenie

    2014-03-02 14:24 - 2013-12-20 09:45 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\cache

    2014-03-02 14:24 - 2013-12-20 09:45 - 00000000 ____D () C:\Program Files (x86)\Mobogenie

    2014-03-02 13:09 - 2010-04-08 11:09 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\uTorrent

    2014-02-26 15:30 - 2011-03-16 19:10 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Belastingdienst

    2014-02-26 14:30 - 2010-04-06 18:56 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Winamp

    2014-02-22 12:10 - 2012-03-31 14:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

    2014-02-22 12:10 - 2012-03-31 14:25 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

    2014-02-22 12:10 - 2011-06-12 10:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    2014-02-19 09:23 - 2014-02-19 09:23 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

    2014-02-19 09:23 - 2014-02-19 09:23 - 00000000 ____D () C:\Program Files\CCleaner

    2014-02-19 09:19 - 2014-02-19 09:19 - 00000000 ____D () C:\Users\Supervisor\AppData\Local\WinZip

    2014-02-19 09:19 - 2014-02-19 09:19 - 00000000 ____D () C:\Program Files\WinZip

    2014-02-19 09:19 - 2010-04-08 11:17 - 00000000 ____D () C:\ProgramData\WinZip

    2014-02-19 09:19 - 2010-04-06 18:36 - 00000000 ____D () C:\Users\Supervisor

    2014-02-19 09:11 - 2014-02-19 09:11 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

    2014-02-19 09:11 - 2013-11-30 08:48 - 00000000 ____D () C:\Program Files\WinRAR

    2014-02-17 09:24 - 2014-01-28 13:18 - 00004060 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

    2014-02-17 09:24 - 2014-01-28 13:18 - 00003808 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    2014-02-17 03:03 - 2013-07-13 02:01 - 00000000 ____D () C:\Windows\system32\MRT

    2014-02-17 03:01 - 2010-04-06 21:07 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    2014-02-15 10:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

    2014-02-13 15:12 - 2014-02-13 15:12 - 00487517 _____ () C:\monitor.exe

    2014-02-13 14:43 - 2014-02-13 14:43 - 00034244 _____ () C:\monitorsvc.exe

    2014-02-10 13:13 - 2014-02-10 13:13 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Usenet Collector v3

    2014-02-10 13:13 - 2014-02-10 13:13 - 00000000 ____D () C:\Program Files\Usenet Collector v3

    2014-02-09 21:03 - 2014-02-07 11:46 - 00000000 ____D () C:\Program Files (x86)\Usenet Collector

    2014-02-09 20:49 - 2014-02-07 11:46 - 00000061 _____ () C:\Windows\Usenet Collector.ini

    2014-02-09 20:49 - 2014-02-07 11:46 - 00000000 ____D () C:\Windows\Usenet Collector

    2014-02-09 20:49 - 2014-02-07 11:46 - 00000000 ____D () C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Usenet Collector

    2014-02-06 13:16 - 2014-02-12 15:29 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

    2014-02-06 12:30 - 2014-02-12 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

    2014-02-06 12:30 - 2014-02-12 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

    2014-02-06 12:12 - 2014-02-12 15:29 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

    2014-02-06 12:07 - 2014-02-12 15:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

    2014-02-06 12:06 - 2014-02-12 15:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

    2014-02-06 11:57 - 2014-02-12 15:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

    2014-02-06 11:56 - 2014-02-12 15:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

    2014-02-06 11:52 - 2014-02-12 15:29 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

    2014-02-06 11:49 - 2014-02-12 15:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

    2014-02-06 11:48 - 2014-02-12 15:29 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

    2014-02-06 11:48 - 2014-02-12 15:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

    2014-02-06 11:38 - 2014-02-12 15:29 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

    2014-02-06 11:32 - 2014-02-12 15:29 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

    2014-02-06 11:20 - 2014-02-12 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

    2014-02-06 11:17 - 2014-02-12 15:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

    2014-02-06 11:11 - 2014-02-12 15:29 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

    2014-02-06 11:01 - 2014-02-12 15:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

    2014-02-06 11:00 - 2014-02-12 15:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

    2014-02-06 10:57 - 2014-02-12 15:29 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

    2014-02-06 10:57 - 2014-02-12 15:29 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

    2014-02-06 10:52 - 2014-02-12 15:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

    2014-02-06 10:52 - 2014-02-12 15:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

    2014-02-06 10:50 - 2014-02-12 15:29 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

    2014-02-06 10:49 - 2014-02-12 15:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

    2014-02-06 10:47 - 2014-02-12 15:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

    2014-02-06 10:46 - 2014-02-12 15:29 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

    2014-02-06 10:25 - 2014-02-12 15:29 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

    2014-02-06 10:25 - 2014-02-12 15:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

    2014-02-06 10:24 - 2014-02-12 15:29 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

    2014-02-06 10:22 - 2014-02-12 15:29 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

    2014-02-06 10:13 - 2014-02-12 15:29 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

    2014-02-06 10:09 - 2014-02-12 15:29 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

    2014-02-06 10:03 - 2014-02-12 15:29 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

    2014-02-06 09:55 - 2014-02-12 15:29 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

    2014-02-06 09:41 - 2014-02-12 15:29 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

    2014-02-06 09:40 - 2014-02-12 15:29 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

    2014-02-06 09:36 - 2014-02-12 15:29 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

    2014-02-06 09:34 - 2014-02-12 15:29 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

    Some content of TEMP:

    ====================

    C:\Users\Supervisor\AppData\Local\Temp\7za.exe

    C:\Users\Supervisor\AppData\Local\Temp\hijackthis.exe

    C:\Users\Supervisor\AppData\Local\Temp\NirCmd.exe

    C:\Users\Supervisor\AppData\Local\Temp\PEVZ.EXE

    C:\Users\Supervisor\AppData\Local\Temp\remove.exe

    C:\Users\Supervisor\AppData\Local\Temp\sed.exe

    C:\Users\Supervisor\AppData\Local\Temp\shortcut.exe

    C:\Users\Supervisor\AppData\Local\Temp\swreg.exe

    C:\Users\Supervisor\AppData\Local\Temp\swxcacls.exe

    C:\Users\Supervisor\AppData\Local\Temp\wget.exe

    C:\Users\Supervisor\AppData\Local\Temp\zoek-delete.exe

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\SysWOW64\wininit.exe => MD5 is legit

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\SysWOW64\explorer.exe => MD5 is legit

    C:\Windows\System32\svchost.exe => MD5 is legit

    C:\Windows\SysWOW64\svchost.exe => MD5 is legit

    C:\Windows\System32\services.exe => MD5 is legit

    C:\Windows\System32\User32.dll => MD5 is legit

    C:\Windows\SysWOW64\User32.dll => MD5 is legit

    C:\Windows\System32\userinit.exe => MD5 is legit

    C:\Windows\SysWOW64\userinit.exe => MD5 is legit

    C:\Windows\System32\rpcss.dll => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-02-28 12:56

    ==================== End Of Log ============================

  • Ben

    Hallo,

    Open Kladblok. Klik op Start → Alle Programma's → Bureau-Accessoires → Kladblok.

    Kopieer onderstaande vet gedrukte code:

    start

    () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

    () C:\monitor.exe

    (Objectify Media Inc) C:\Program Files (x86)\Web Protect\PCProtect.exe

    HKLM-x32\…\Run: -

    HKLM-x32\…\Run: - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8BA8CA53B0D5CA01

    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = {searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0CtDtB0CzzzyyCtB0F0AtN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1454746493

    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = {searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0CtDtB0CzzzyyCtB0F0AtN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1454746493

    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = {searchTerms}&SSPV=

    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = {searchTerms}&babsrc=SP_ss&mntrId=CE71000CF6A4E242&affID=120684&tsp=5035

    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - No File

    Winsock: Catalog9-x64 01 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    Winsock: Catalog9-x64 02 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    Winsock: Catalog9-x64 03 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    Winsock: Catalog9-x64 04 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    Winsock: Catalog9-x64 15 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    CHR DefaultSearchKeyword: conduit.search

    CHR HKLM-x32\…\Chrome\Extension: - C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx

    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    R3 PCProtect; C:\Program Files (x86)\Web Protect\PCProtect.exe (Objectify Media Inc)

    S2 ProtectMonitor; C:\monitorsvc.exe ()

    2014-03-05 14:47 - 2014-03-05 14:47 - 00003976 _____ () C:\Windows\SysWOW64\PCProtect.ini

    2014-03-05 14:47 - 2014-03-05 14:47 - 00002184 _____ () C:\Windows\SysWOW64\PCProtectOff.ini

    2014-03-05 14:47 - 2014-03-05 14:47 - 00002184 _____ () C:\Windows\system32\PCProtectOff.ini

    2014-03-05 14:46 - 2014-03-05 14:48 - 00000000 ____D () C:\Program Files (x86)\Web Protect

    2014-03-05 14:46 - 2014-01-08 07:08 - 00330624 _____ (Objectify Media Inc) C:\Windows\system32\PCProtect64.dll

    2014-03-05 14:46 - 2014-01-08 07:08 - 00293984 _____ (Objectify Media Inc) C:\Windows\SysWOW64\PCProtect.dll

    C:\Users\Supervisor\AppData\Local\Temp\7za.exe

    C:\Users\Supervisor\AppData\Local\Temp\hijackthis.exe

    C:\Users\Supervisor\AppData\Local\Temp\NirCmd.exe

    C:\Users\Supervisor\AppData\Local\Temp\PEVZ.EXE

    C:\Users\Supervisor\AppData\Local\Temp\remove.exe

    C:\Users\Supervisor\AppData\Local\Temp\sed.exe

    C:\Users\Supervisor\AppData\Local\Temp\shortcut.exe

    C:\Users\Supervisor\AppData\Local\Temp\swreg.exe

    C:\Users\Supervisor\AppData\Local\Temp\swxcacls.exe

    C:\Users\Supervisor\AppData\Local\Temp\wget.exe

    C:\Users\Supervisor\AppData\Local\Temp\zoek-delete.exe

    end

    Ga naar Bestand - Opslaan als.

    Bij “Opslaan in” kies je: Bureaublad.

    Bij “Bestandsnaam” typ je :fixlist.txt.

    Bij “Opslaan als type” selecteer je: Alle bestanden (*.*).

    Klik op de knop Opslaan.

    Belangrijk zorg dus dat het fixlist.txt op je bureaublad staat waar ook FRST.exe aanwezig is.

    Dubbelklik op FRST.exe om de tool te starten.

    Als het programma is geopend klik Yes (Ja) bij de disclaimer.

    Druk op de Fix knop

    Er zal u een logbestand aangemaakt worden (fixlog.txt) op dezelfde plaats vanwaar de ‘tool’ is gestart.

    Voeg dit logbestand toe aan het volgende bericht..

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.