Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Frans
Goedendag,
Sinds vorig weekend heeft mijn provider (tomaatnet) mijn mail geblokeerd omdat er spam berichten zouden worden verzonden vanaf mijn mailbox.
Ik moest eerst kijken of er malware o.i.d. op mijn PC zit voordat ze mijn mailbox weer vrijgeven.
Ik heb via deze pagina dan ook alle stappen uitgevoerd maar volgens mij is er geen bedreiging te vinden.
Wil iemand even naar mijn logjes kijken zodat ik straks gewoon weer bij mijn mailbox kan komen.
Alvast bedankt voor de genomen moeite.
Frans
Mbamlog
Malwarebytes Anti-Malware
www.malwarebytes.org
Scandatum: 23-7-2014
Scantijd: 8:46:54
Logbestand: mbam log.txt
Beheerder: Ja
Versie: 2.00.2.1012
Malwaredatabase: v2014.07.23.02
Rootkitdatabase: v2014.07.17.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Self-protection: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Frans
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 311075
Verstreken Tijd: 8 m, 48 s
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristics: Ingeschakeld
POP: Waarschuwen
POA: Ingeschakeld
Processen: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registersleutels: 0
(No malicious items detected)
Registerwaardes: 0
(No malicious items detected)
Registerdata: 0
(No malicious items detected)
Mappen: 0
(No malicious items detected)
Bestanden: 0
(No malicious items detected)
Fysieke Sectoren: 0
(No malicious items detected)
(end)
RSIT log
Logfile of random's system information tool 1.10 (written by random/random)
Run by Frans at 2014-07-23 09:01:39
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 552 GB (59%) free of 941 GB
Total RAM: 6071 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:01:43, on 23-7-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Sitecom\Common\RaUI.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\trend micro\Frans.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2014\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
O4 - HKUS\S-1-5-18\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: “C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe” (User ‘Default user’)
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\RaUI.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra ‘Tools’ menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 11329 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=0e88eb17-cc82-4a5c-8e2d-95381aace620 /coreSdkOptions=4382 /logConfFile=“C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\1964ba7a-349b-496e-9cbc-b048f2919332-198-oopp.tmp” /loggerName=AVG.RS.Core /binaryPath=“C:\Program Files (x86)\AVG\AVG2014\” /tempPath=“C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\” /logPath=“C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\log\”
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 23333424
\??\C:\Windows\system32\conhost.exe "131357856914404772761377018324223212589-534553092-1208419768785152766-1459990140
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe”
“C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe”
“taskhost.exe”
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k netsvcs
“C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe”
“C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe”
“C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe”
“C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe”
“C:\Program Files (x86)\AVG\AVG2014\avgemca.exe”
“c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe”
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
“C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe”
“C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe”
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-0c31c052-2385-42c1-8310-35db2cf012c0 -SystemEventPortName:HostProcess-cc85c81b-2370-431b-b252-81c70a2baf14 -IoCancelEventPortName:HostProcess-69ec52c2-cc1b-43c2-9e6f-814fdb5fe4ce -NonStateChangingEventPortName:HostProcess-4d76e822-3b3a-4547-a728-5492482710f4 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0d6a1ad8-0436-430f-8846-d2b47d553066 -DeviceGroupId:WpdFsGroup
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
“C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe” /background
“C:\Program Files\Logitech\SetPointP\SetPoint.exe” /launchGaming
“C:\Program Files\Windows Sidebar\sidebar.exe” /autoRun
“C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe”
“C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe”
“C:\Program Files (x86)\Sitecom\Common\RaUI.exe” -s
“C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe”
“C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe”
“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
taskeng.exe {8BC02F71-7595-45AE-941C-317A32FAA86E}
“c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe”
“C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe”
KHALMNPR.EXE /API
C:\Windows\system32\SearchIndexer.exe /Embedding
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
“C:\Program Files (x86)\AVG\AVG2014\avgui.exe” /TRAYONLY
“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
“C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe” Local\{31828F96-4AE3-409C-BCDF-F78C74E10D70}
ctfmon.exe
“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM”
“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe” 0
“C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe”
“C:\Windows\system32\wuauclt.exe”
taskeng.exe {F9777348-E82E-4DEA-91ED-F610CEB581EC}
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”
“C:\Windows\system32\SearchFilterHost.exe” 0 528 532 540 65536 536
“F:\RSITx64.exe”
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HP Photo Creations Messager.job - C:\ProgramData\HP Photo Creations\MessageCheck.exe
C:\Windows\tasks\HPCeeScheduleForFRANS-PC$.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForFRANS-PC$ (null)
C:\Windows\tasks\PCDRScheduledMaintenance.job - C:\Program Files\PC-Doctor for Windows\pcdrcui.exe -fh scripts\monthly.xml -st PCDRScheduledMaintenance
=========Mozilla firefox=========
ProfilePath - C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default
prefs.js - “browser.startup.homepage” - “http://www.geocaching.com/”
prefs.js - “extensions.enabledItems” - “{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3, DeviceDetection@logitech.com:1.20.0.66, avg@igeared:6.103.018.001, {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15”
“Description”=Adobe® Flash® Player 14.0.0.145 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
“Description”=Canon MycameraPlugin
“Path”=C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
“Description”=Garmin GPS Control for Firefox
“Path”=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
“Description”=Google Earth in your browser
“Path”=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
“Description”=
“Path”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
“Description”=
“Path”=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
“Description”=Adobe® Flash® Player 14.0.0.145 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
“Description”=
“Path”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
“Description”=
“Path”=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\extensions\
DeviceDetection@logitech.com
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\searchplugins\
Startpins.xml
======Registry dump======
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
“SmartMenu”=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
“PC-Doctor for Windows localizer”=C:\Program Files\PC-Doctor for Windows\localizer.exe
“AdobeAAMUpdater-1.0”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
“EvtMgr6”=C:\Program Files\Logitech\SetPointP\SetPoint.exe
“NCPluginUpdater”=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe
“GarminExpressTrayApp”=C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
“hpsysdrv”=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
“IAStorIcon”=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
“StartCCC”=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
“Easybits Recovery”=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
“RoxWatchTray”=C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
“SwitchBoard”=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
“AdobeCS6ServiceManager”=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“AVG_UI”=C:\Program Files (x86)\AVG\AVG2014\avgui.exe
“SunJavaUpdateSched”=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Sitecom Wireless Utility.lnk - C:\Program Files (x86)\Sitecom\Common\RaUI.exe
Spyder3Utility.lnk - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableSecureUIAPath”=1
“NoDrives”=0
“NoDrives”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“aux2”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-07-23 09:01:39 —-D—- C:\rsit
2014-07-23 08:46:45 —-A—- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-07-23 08:45:27 —-D—- C:\Program Files\CCleaner
2014-07-23 08:44:37 —-D—- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-23 08:44:37 —-A—- C:\Windows\system32\drivers\mwac.sys
2014-07-23 08:44:37 —-A—- C:\Windows\system32\drivers\mbamchameleon.sys
2014-07-21 10:42:06 —-A—- C:\Windows\SYSWOW64\javaws.exe
2014-07-21 10:42:00 —-A—- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-07-21 10:42:00 —-A—- C:\Windows\SYSWOW64\javaw.exe
2014-07-21 10:42:00 —-A—- C:\Windows\SYSWOW64\java.exe
2014-07-11 11:33:07 —-A—- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2014-07-10 23:37:37 —-A—- C:\Windows\system32\aepdu.dll
2014-07-10 23:37:29 —-A—- C:\Windows\system32\aeinv.dll
2014-07-10 23:37:16 —-A—- C:\Windows\system32\win32k.sys
2014-07-10 23:37:15 —-A—- C:\Windows\SYSWOW64\qedit.dll
2014-07-10 23:37:15 —-A—- C:\Windows\SYSWOW64\osk.exe
2014-07-10 23:37:15 —-A—- C:\Windows\system32\qedit.dll
2014-07-10 23:37:15 —-A—- C:\Windows\system32\osk.exe
2014-07-10 23:37:15 —-A—- C:\Windows\system32\drivers\afd.sys
2014-07-10 23:37:06 —-A—- C:\Windows\SYSWOW64\wdigest.dll
2014-07-10 23:37:06 —-A—- C:\Windows\SYSWOW64\TSpkg.dll
2014-07-10 23:37:06 —-A—- C:\Windows\SYSWOW64\schannel.dll
2014-07-10 23:37:06 —-A—- C:\Windows\SYSWOW64\ncrypt.dll
2014-07-10 23:37:06 —-A—- C:\Windows\SYSWOW64\msv1_0.dll
2014-07-10 23:37:06 —-A—- C:\Windows\SYSWOW64\kerberos.dll
2014-07-10 23:37:06 —-A—- C:\Windows\system32\wdigest.dll
2014-07-10 23:37:06 —-A—- C:\Windows\system32\TSpkg.dll
2014-07-10 23:37:06 —-A—- C:\Windows\system32\schannel.dll
2014-07-10 23:37:06 —-A—- C:\Windows\system32\ncrypt.dll
2014-07-10 23:37:06 —-A—- C:\Windows\system32\msv1_0.dll
2014-07-10 23:37:06 —-A—- C:\Windows\system32\kerberos.dll
2014-07-10 23:37:06 —-A—- C:\Windows\system32\credssp.dll
2014-07-10 23:37:05 —-A—- C:\Windows\SYSWOW64\credssp.dll
2014-07-10 23:36:59 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2014-07-10 23:36:59 —-A—- C:\Windows\SYSWOW64\mshtmled.dll
2014-07-10 23:36:59 —-A—- C:\Windows\SYSWOW64\jscript9diag.dll
2014-07-10 23:36:59 —-A—- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-07-10 23:36:59 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2014-07-10 23:36:59 —-A—- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-07-10 23:36:59 —-A—- C:\Windows\system32\iernonce.dll
2014-07-10 23:36:58 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2014-07-10 23:36:58 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2014-07-10 23:36:58 —-A—- C:\Windows\SYSWOW64\dxtmsft.dll
2014-07-10 23:36:58 —-A—- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 23:36:58 —-A—- C:\Windows\system32\ieetwproxystub.dll
2014-07-10 23:36:58 —-A—- C:\Windows\system32\iedkcs32.dll
2014-07-10 23:36:57 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2014-07-10 23:36:57 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2014-07-10 23:36:57 —-A—- C:\Windows\system32\urlmon.dll
2014-07-10 23:36:56 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2014-07-10 23:36:56 —-A—- C:\Windows\SYSWOW64\ieui.dll
2014-07-10 23:36:56 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2014-07-10 23:36:56 —-A—- C:\Windows\SYSWOW64\iedkcs32.dll
2014-07-10 23:36:56 —-A—- C:\Windows\SYSWOW64\dxtrans.dll
2014-07-10 23:36:56 —-A—- C:\Windows\system32\msfeeds.dll
2014-07-10 23:36:56 —-A—- C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 23:36:56 —-A—- C:\Windows\system32\ieetwcollector.exe
2014-07-10 23:36:56 —-A—- C:\Windows\system32\dxtmsft.dll
2014-07-10 23:36:55 —-A—- C:\Windows\system32\iesetup.dll
2014-07-10 23:36:55 —-A—- C:\Windows\system32\ie4uinit.exe
2014-07-10 23:36:54 —-A—- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-07-10 23:36:54 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2014-07-10 23:36:54 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe
2014-07-10 23:36:54 —-A—- C:\Windows\system32\iertutil.dll
2014-07-10 23:36:53 —-A—- C:\Windows\SYSWOW64\wininet.dll
2014-07-10 23:36:53 —-A—- C:\Windows\SYSWOW64\vbscript.dll
2014-07-10 23:36:53 —-A—- C:\Windows\SYSWOW64\msrating.dll
2014-07-10 23:36:53 —-A—- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-07-10 23:36:53 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll
2014-07-10 23:36:53 —-A—- C:\Windows\system32\jsproxy.dll
2014-07-10 23:36:53 —-A—- C:\Windows\system32\dxtrans.dll
2014-07-10 23:36:52 —-A—- C:\Windows\system32\mshtmlmedia.dll
2014-07-10 23:36:52 —-A—- C:\Windows\system32\mshtmled.dll
2014-07-10 23:36:52 —-A—- C:\Windows\system32\jscript9diag.dll
2014-07-10 23:36:52 —-A—- C:\Windows\system32\ieUnatt.exe
2014-07-10 23:36:52 —-A—- C:\Windows\system32\ieui.dll
2014-07-10 23:36:52 —-A—- C:\Windows\system32\ieframe.dll
2014-07-10 23:36:51 —-A—- C:\Windows\system32\wininet.dll
2014-07-10 23:36:51 —-A—- C:\Windows\system32\vbscript.dll
2014-07-10 23:36:51 —-A—- C:\Windows\system32\MshtmlDac.dll
2014-07-10 23:36:51 —-A—- C:\Windows\system32\jscript9.dll
2014-07-10 23:36:51 —-A—- C:\Windows\system32\ieapfltr.dll
2014-07-10 23:36:50 —-A—- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 23:36:50 —-A—- C:\Windows\system32\msrating.dll
2014-07-10 23:36:50 —-A—- C:\Windows\system32\mshtml.dll
2014-07-10 23:36:38 —-A—- C:\Windows\system32\lsasrv.dll
2014-07-10 23:36:37 —-A—- C:\Windows\SYSWOW64\sspicli.dll
2014-07-10 23:36:37 —-A—- C:\Windows\SYSWOW64\secur32.dll
======List of files/folders modified in the last 1 month======
2014-07-23 09:01:43 —-D—- C:\Windows\Prefetch
2014-07-23 09:01:42 —-D—- C:\Program Files\trend micro
2014-07-23 08:56:10 —-D—- C:\Windows\Temp
2014-07-23 08:51:33 —-D—- C:\Windows\system32\config
2014-07-23 08:51:26 —-D—- C:\Windows\winsxs
2014-07-23 08:46:45 —-D—- C:\Windows\system32\drivers
2014-07-23 08:45:48 —-D—- C:\Windows\Panther
2014-07-23 08:45:48 —-D—- C:\Windows\inf
2014-07-23 08:45:46 —-D—- C:\Windows\Logs
2014-07-23 08:45:46 —-D—- C:\Windows\debug
2014-07-23 08:45:46 —-D—- C:\Windows
2014-07-23 08:45:28 —-D—- C:\Windows\system32\Tasks
2014-07-23 08:45:27 —-RD—- C:\Program Files
2014-07-23 08:45:23 —-D—- C:\ProgramData\MFAData
2014-07-23 08:44:41 —-D—- C:\ProgramData\Malwarebytes
2014-07-23 08:44:37 —-RD—- C:\Program Files (x86)
2014-07-22 15:50:06 —-SHD—- C:\System Volume Information
2014-07-22 15:16:46 —-D—- C:\Garmin
2014-07-22 15:16:45 —-D—- C:\Windows\SysWOW64
2014-07-22 13:09:36 —-SHD—- C:\Windows\Installer
2014-07-22 13:09:27 —-SD—- C:\ProgramData\Microsoft
2014-07-22 13:09:27 —-D—- C:\Program Files (x86)\Microsoft
2014-07-21 11:35:18 —-D—- C:\Windows\system32\catroot
2014-07-21 11:35:17 —-D—- C:\Windows\system32\catroot2
2014-07-21 10:43:49 —-A—- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-21 10:42:50 —-D—- C:\Users\Frans\AppData\Roaming\HpUpdate
2014-07-21 10:42:50 —-D—- C:\Users\Frans\AppData\Roaming\HP Support Assistant
2014-07-21 10:42:31 —-D—- C:\ProgramData\Oracle
2014-07-21 10:42:10 —-D—- C:\Program Files (x86)\Common Files
2014-07-21 10:42:00 —-D—- C:\Program Files (x86)\Java
2014-07-15 18:01:17 —-D—- C:\Windows\System32
2014-07-15 18:01:17 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-07-12 18:08:02 —-D—- C:\Windows\rescache
2014-07-11 11:33:13 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-07-11 10:53:44 —-D—- C:\Program Files\Windows Journal
2014-07-11 10:53:43 —-SD—- C:\Windows\system32\CompatTel
2014-07-11 10:53:42 —-D—- C:\Windows\SYSWOW64\Dism
2014-07-11 10:53:41 —-D—- C:\Windows\system32\Dism
2014-07-11 10:53:38 —-D—- C:\Windows\ehome
2014-07-11 10:53:34 —-D—- C:\Windows\system32\nl-NL
2014-07-11 10:53:33 —-D—- C:\Program Files\Internet Explorer
2014-07-11 10:53:31 —-D—- C:\Windows\SYSWOW64\en-US
2014-07-11 10:53:28 —-D—- C:\Windows\system32\en-US
2014-07-11 10:53:26 —-D—- C:\Program Files (x86)\Internet Explorer
2014-07-11 00:14:52 —-D—- C:\Windows\system32\MRT
2014-07-11 00:13:17 —-A—- C:\Windows\system32\MRT.exe
2014-07-11 00:12:45 —-D—- C:\ProgramData\Microsoft Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys
R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys
R2 Sentinel64;Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\Windows\system32\DRIVERS\SNTUSB64.SYS
R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\drivers\serscan.sys
S1 A2DDA;A2 Direct Disk Access Support Driver; \??\K:\EmsisoftEmergencyKit\Run\a2ddax64.sys
S1 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 Spyder3;Datacolor Spyder3; C:\Windows\system32\DRIVERS\Spyder3.sys
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe
R2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
R2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
R3 RoxMediaDB10;RoxMediaDB10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
