Beste mensen,
Sinds laatse week is pc traag, en krijg ik steeds spontaan pop ups in beeld met spam reclame (zoveelste bezoeker , schijfruimte vol, pc geinfecteerd allemaal spam)
Mbam vond 1e keer paar treats vorige week maar laatste dagen vind hij niks, maar de spam houd maar niet op!! zomaar opent er tabblad en komt er reclame, kortom pc is besmet
Eset virusscanner vind ook niks. hieronder me logjes
Logfile of random's system information tool 1.09 (written by random/random)
Run by Supervisor at 2014-03-08 14:22:49
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 30 GB (30%) free of 102 GB
Total RAM: 4095 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:22:54, on 8-3-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Supervisor.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin
O4 - HKLM\..\Run: RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKUS\S-1-5-21-3116784316-362696581-2426180777-1004\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-3116784316-362696581-2426180777-1004\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)
O4 - Startup: Verzenden naar OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra ‘Tools’ menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/canvasx.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://navigram.com/engine/v1140/Navigram.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://fotosnelservice.hema.nl/xupload/XUpload.ocx
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys
O23 - Service: PCProtect - Objectify Media Inc - C:\Program Files (x86)\Web Protect\PCProtect.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\monitorsvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 16389 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
“C:\Windows\system32\nvvsvc.exe”
“C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe”
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2e0
“C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe”
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 28525120
\??\C:\Windows\system32\conhost.exe "-18568551301810563158-257360958-9601779641766516142-4186804571493890429938682
“C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe”
C:\Windows\system32\nvvsvc.exe -session -first
taskeng.exe {48E75DC7-B3CF-4E4A-B76C-BF3B40920D7C}
C:\Windows\System32\spoolsv.exe
C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
\??\C:\Windows\system32\conhost.exe "1788317502-7676916361879738829-17743956843094313441405937447183689-619780259
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
C:\Windows\system32\svchost.exe -k apphost
“C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe”
“taskhost.exe”
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
“C:\Program Files\Bonjour\mDNSResponder.exe”
“C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe”
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
“C:\Windows\WindowsMobile\wmdc.exe”
“C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice
“C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe”
“C:\Program Files (x86)\Samsung\Kies\Kies.exe” /preload
“C:/Program Files/NVIDIA Corporation/Display/nvtray.exe” -user_has_logged_in 1
“C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe” -s
“C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE” /tsr
“C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe” -r
“C:\Windows\System32\rundll32.exe” P17RunE.dll,RunDLLEntry
“C:\Program Files (x86)\Mobogenie\DaemonProcess.exe”
“C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe”
“C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe”
C:\monitor.exe
“C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe”
“C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe”
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
WLIDSvcM.exe 3232
“C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe” /TUStart /pid:3052
“C:\Program Files\Microsoft Office\Office15\MsoSync.exe”
“C:\Program Files (x86)\Web Protect\PCProtect.exe”
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
“C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-675af72e-e19c-4093-933d-c89b74814739 -SystemEventPortName:HostProcess-1fd627ea-a69f-46b9-b662-915202818c47 -IoCancelEventPortName:HostProcess-a7af67e6-af47-4661-9d33-47084d931d4f -NonStateChangingEventPortName:HostProcess-7b0fbf0b-7477-40da-a599-cf1257691f9b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c0952260-4143-4632-b98c-a39fefe30582 -DeviceGroupId:WpdFsGroup
C:\Windows\servicing\TrustedInstaller.exe
“C:\Program Files\Internet Explorer\iexplore.exe”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:5420 CREDAT:144385 /prefetch:2
C:\Windows\system32\wbem\wmiprvse.exe
“C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE”
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe 1688 55041-00168-305-190595-03-1033-3790.0000-2692009
C:\Windows\system32\svchost.exe -k SDRSVC
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:5420 CREDAT:1324082 /prefetch:2
taskeng.exe {86B764D2-D962-417F-B1E0-BCEB22DB4AD2}
C:\Windows\system32\wbem\wmiprvse.exe
“C:\Users\Supervisor\Desktop\RSITx64.exe”
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
PrintEco - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader64.dll
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
PrintEco - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dll
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
“Windows Mobile Device Center”=C:\Windows\WindowsMobile\wmdc.exe
“AdobeAAMUpdater-1.0”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
“egui”=C:\Program Files\ESET\ESET Smart Security\egui.exe
“Nvtmru”=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
“KiesPreload”=C:\Program Files (x86)\Samsung\Kies\Kies.exe
“HDAudDeck”=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
“”=
“SwitchBoard”=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
“AdobeCS6ServiceManager”=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
“P17RunE”=RunDll32 P17RunE.dll,RunDLLEntry
“APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
“mobilegeni daemon”=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
“KiesTrayAgent”=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Sitecom Wireless Utility.lnk - C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe
C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Verzenden naar OneNote.lnk - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
C:\Windows\system32\igfxdev.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableSecureUIAPath”=1
“NoDrives”=0
“NoDrives”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave5”=wdmaud.drv
“midi5”=wdmaud.drv
“mixer5”=wdmaud.drv
“wave3”=wdmaud.drv
“midi3”=wdmaud.drv
“mixer3”=wdmaud.drv
“wave4”=wdmaud.drv
“midi4”=wdmaud.drv
“mixer4”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-03-08 14:22:49 —-D—- C:\rsit
2014-03-05 14:55:10 —-SHD—- C:\Config.Msi
2014-03-05 14:52:16 —-D—- C:\Program Files (x86)\PrintEco
2014-03-05 14:47:01 —-A—- C:\Windows\SYSWOW64\PCProtectOff.ini
2014-03-05 14:47:01 —-A—- C:\Windows\SYSWOW64\PCProtect.ini
2014-03-05 14:47:01 —-A—- C:\Windows\system32\PCProtectOff.ini
2014-03-05 14:46:53 —-A—- C:\Windows\system32\PCProtect64.dll
2014-03-05 14:46:51 —-A—- C:\Windows\SYSWOW64\PCProtect.dll
2014-03-05 14:46:07 —-D—- C:\Program Files (x86)\Web Protect
2014-02-25 17:36:16 —-D—- C:\Windows\Migration
2014-02-19 09:23:20 —-D—- C:\Program Files\CCleaner
2014-02-19 09:19:00 —-D—- C:\Program Files\WinZip
2014-02-13 15:12:36 —-A—- C:\monitor.exe
2014-02-13 14:43:24 —-A—- C:\monitorsvc.exe
2014-02-12 15:30:07 —-A—- C:\Windows\SYSWOW64\vbscript.dll
2014-02-12 15:30:07 —-A—- C:\Windows\system32\vbscript.dll
2014-02-12 15:29:33 —-A—- C:\Windows\SYSWOW64\msrating.dll
2014-02-12 15:29:33 —-A—- C:\Windows\SYSWOW64\ieui.dll
2014-02-12 15:29:33 —-A—- C:\Windows\system32\msrating.dll
2014-02-12 15:29:33 —-A—- C:\Windows\system32\ieui.dll
2014-02-12 15:29:32 —-A—- C:\Windows\system32\iernonce.dll
2014-02-12 15:29:32 —-A—- C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 15:29:32 —-A—- C:\Windows\system32\ie4uinit.exe
2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe
2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2014-02-12 15:29:31 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2014-02-12 15:29:31 —-A—- C:\Windows\system32\msfeeds.dll
2014-02-12 15:29:31 —-A—- C:\Windows\system32\jsproxy.dll
2014-02-12 15:29:31 —-A—- C:\Windows\system32\ieUnatt.exe
2014-02-12 15:29:31 —-A—- C:\Windows\system32\iesetup.dll
2014-02-12 15:29:30 —-A—- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-02-12 15:29:30 —-A—- C:\Windows\system32\ieetwproxystub.dll
2014-02-12 15:29:30 —-A—- C:\Windows\system32\ieetwcollector.exe
2014-02-12 15:29:29 —-A—- C:\Windows\SYSWOW64\jscript9diag.dll
2014-02-12 15:29:29 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll
2014-02-12 15:29:29 —-A—- C:\Windows\system32\mshtml.dll
2014-02-12 15:29:29 —-A—- C:\Windows\system32\jscript9diag.dll
2014-02-12 15:29:29 —-A—- C:\Windows\system32\ieapfltr.dll
2014-02-12 15:29:28 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2014-02-12 15:29:28 —-A—- C:\Windows\system32\iertutil.dll
2014-02-12 15:29:27 —-A—- C:\Windows\SYSWOW64\wininet.dll
2014-02-12 15:29:27 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2014-02-12 15:29:27 —-A—- C:\Windows\system32\wininet.dll
2014-02-12 15:29:27 —-A—- C:\Windows\system32\urlmon.dll
2014-02-12 15:29:25 —-A—- C:\Windows\system32\ieframe.dll
2014-02-12 15:29:24 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2014-02-12 15:29:23 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2014-02-12 15:29:22 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2014-02-12 15:29:22 —-A—- C:\Windows\system32\jscript9.dll
2014-02-12 09:27:57 —-A—- C:\Windows\SYSWOW64\msxml3r.dll
2014-02-12 09:27:57 —-A—- C:\Windows\SYSWOW64\msxml3.dll
2014-02-12 09:27:57 —-A—- C:\Windows\system32\msxml3r.dll
2014-02-12 09:27:57 —-A—- C:\Windows\system32\msxml3.dll
2014-02-12 09:27:49 —-A—- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-02-12 09:27:49 —-A—- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 09:27:49 —-A—- C:\Windows\system32\RMActivate.exe
2014-02-12 09:27:48 —-A—- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-02-12 09:27:48 —-A—- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-02-12 09:27:48 —-A—- C:\Windows\SYSWOW64\RMActivate.exe
2014-02-12 09:27:48 —-A—- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 09:27:48 —-A—- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 09:27:47 —-A—- C:\Windows\SYSWOW64\secproc_isv.dll
2014-02-12 09:27:47 —-A—- C:\Windows\SYSWOW64\secproc.dll
2014-02-12 09:27:47 —-A—- C:\Windows\SYSWOW64\msdrm.dll
2014-02-12 09:27:47 —-A—- C:\Windows\system32\secproc_ssp.dll
2014-02-12 09:27:47 —-A—- C:\Windows\system32\secproc_isv.dll
2014-02-12 09:27:47 —-A—- C:\Windows\system32\secproc.dll
2014-02-12 09:27:47 —-A—- C:\Windows\system32\msdrm.dll
2014-02-12 09:27:46 —-A—- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-02-12 09:27:46 —-A—- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-02-12 09:27:46 —-A—- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 09:27:44 —-A—- C:\Windows\SYSWOW64\d3d10warp.dll
2014-02-12 09:27:44 —-A—- C:\Windows\system32\d3d10warp.dll
2014-02-12 09:27:43 —-A—- C:\Windows\SYSWOW64\d2d1.dll
2014-02-12 09:27:43 —-A—- C:\Windows\system32\d2d1.dll
2014-02-10 13:13:32 —-D—- C:\Users\Supervisor\AppData\Roaming\Usenet Collector v3
2014-02-10 13:13:32 —-D—- C:\Program Files\Usenet Collector v3
======List of files/folders modified in the last 1 month======
2014-03-08 14:22:53 —-D—- C:\Program Files\trend micro
2014-03-08 14:22:51 —-D—- C:\Windows\temp
2014-03-08 14:19:07 —-D—- C:\Windows
2014-03-08 14:13:23 —-D—- C:\Windows\system32\config
2014-03-08 14:11:35 —-D—- C:\ProgramData\NVIDIA
2014-03-08 06:46:26 —-D—- C:\Windows\inf
2014-03-08 06:38:55 —-D—- C:\Windows\Prefetch
2014-03-07 13:50:29 —-SHD—- C:\System Volume Information
2014-03-06 16:06:40 —-D—- C:\Windows\SoftwareDistribution
2014-03-06 16:05:40 —-D—- C:\Windows\system32\Tasks
2014-03-06 15:28:39 —-D—- C:\Windows\System32
2014-03-06 15:28:39 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-03-05 14:55:55 —-SHD—- C:\Windows\Installer
2014-03-05 14:55:47 —-D—- C:\Windows\SysWOW64
2014-03-05 14:55:42 —-RD—- C:\Program Files (x86)
2014-03-05 14:55:38 —-D—- C:\Program Files (x86)\TuneUp Utilities 2012
2014-03-05 14:52:37 —-D—- C:\ProgramData
2014-03-04 10:42:54 —-D—- C:\Users\Supervisor\AppData\Roaming\Media Player Classic
2014-03-02 14:24:03 —-D—- C:\Program Files (x86)\Mobogenie
2014-03-02 13:09:52 —-D—- C:\Users\Supervisor\AppData\Roaming\uTorrent
2014-03-01 11:27:33 —-D—- C:\Windows\system32\catroot2
2014-02-28 12:42:20 —-D—- C:\Windows\Microsoft.NET
2014-02-26 15:30:19 —-D—- C:\Users\Supervisor\AppData\Roaming\Belastingdienst
2014-02-26 14:30:50 —-D—- C:\Users\Supervisor\AppData\Roaming\Winamp
2014-02-25 17:40:39 —-RSD—- C:\Windows\assembly
2014-02-25 17:36:41 —-D—- C:\Windows\SYSWOW64\en-US
2014-02-25 17:36:41 —-D—- C:\Windows\system32\en-US
2014-02-25 17:36:16 —-SD—- C:\ProgramData\Microsoft
2014-02-24 19:16:21 —-D—- C:\Windows\system32\catroot
2014-02-23 15:59:28 —-D—- C:\Windows\system32\DriverStore
2014-02-23 15:59:15 —-D—- C:\Windows\system32\drivers
2014-02-22 12:10:16 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-02-19 09:23:20 —-D—- C:\Program Files
2014-02-19 09:19:21 —-D—- C:\ProgramData\WinZip
2014-02-19 09:11:24 —-D—- C:\Program Files\WinRAR
2014-02-17 11:27:34 —-D—- C:\Windows\debug
2014-02-17 03:03:38 —-D—- C:\Windows\system32\MRT
2014-02-17 03:01:06 —-A—- C:\Windows\system32\MRT.exe
2014-02-15 10:18:49 —-D—- C:\Windows\rescache
2014-02-13 10:04:31 —-D—- C:\Windows\winsxs
2014-02-13 10:01:58 —-D—- C:\Windows\SYSWOW64\nl-NL
2014-02-13 10:01:58 —-D—- C:\Windows\system32\nl-NL
2014-02-13 10:01:56 —-D—- C:\Program Files\Internet Explorer
2014-02-13 10:01:56 —-D—- C:\Program Files (x86)\Internet Explorer
2014-02-09 21:03:58 —-D—- C:\Program Files (x86)\Usenet Collector
2014-02-09 20:49:33 —-D—- C:\Windows\Usenet Collector
2014-02-09 20:49:33 —-A—- C:\Windows\Usenet Collector.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys
R3 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr28ux.sys
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys
R3 P17;SB 5.1 VX; C:\Windows\system32\drivers\P17.sys
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 Pcouffin64;Low level access layer for CD devices; C:\Windows\System32\Drivers\pcouffin64a.sys
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys
S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\drivers\usb8023x.sys
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
R2 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
R2 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
R2 RalinkRegistryWriter64;Ralink Registry Writer 64; C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 KMService;KMService; C:\Windows\syswow64\srvany.exe
S2 PCLEPCI;PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys
S2 ProtectMonitor;Protect Monitor; C:\monitorsvc.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe
S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
S3 PCProtect;PCProtect; C:\Program Files (x86)\Web Protect\PCProtect.exe
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2014.03.05.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Supervisor :: SUPERVISOR-PC
8-3-2014 14:16:50
mbam-log-2014-03-08 (14-16-50).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 278882
Verstreken tijd: 5 minuut/minuten, 1 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)