Ga naar inhoud

Terugkerende melding op mijn scherm


ameulenkamp

Aanbevolen berichten

Beste mensen.

Ik krijg met regelmaat de onderstaande melding.

C:\Users\Fons\AppData\Roaming\loadit.exe

The NTVDM CPU has encountered an illegal instruction.

CS:0581 IP:01bb OP:63 68 61 72 73 Choose 'Close' to terminate the application.

Hoe kan ik dit oplossen?

Mijn besturingsystem is Windows ultimate 7.

mt.vr.gr.

Fons

Link naar reactie
Delen op andere sites

Download 51a5f5d096dae-icon_RSIT.pngRSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

Dubbelklik op RSIT.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  • Plaats de inhoud hiervan in het volgende bericht.

Bekijk ook de instructievideo.

Link naar reactie
Delen op andere sites

Beste forum leden.

Hier het gevraagde RSI 32 bits log bestand.

Logfile of random's system information tool 1.09 (written by random/random)

Run by Fons at 2014-02-06 20:57:23

Microsoft Windows 7 Ultimate Service Pack 1

System drive C: has 173 GB (73%) free of 238 GB

Total RAM: 3549 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:57:42, on 6-2-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe

C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe

C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\phonostar-Player\phonostarTimer.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe

C:\Program Files\ScanWizard 5\ScannerFinder.exe

C:\Users\Fons\Documents\Usenext\wizard\Musitek SmartScore X2 Professional Edition v10 - R (2)\Musitek_SmartScore_X2_Professional_Edition_v10.5.4-RBS.exe

C:\Program Files\WinZip System Utilities Suite\WINZIPSS.exe

C:\Program Files\Microsoft Office\Office15\MsoSync.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe

C:\Program Files\PrivaZer\privazer.exe

C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Fons\Downloads\RSIT.exe

C:\Program Files\trend micro\Fons.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

O2 - BHO: Search Assistant BHO - {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL

O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

O2 - BHO: Toolbar BHO - {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbar.dll

O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)

O3 - Toolbar: Allin1Convert - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [OV3_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe" /OS

O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"

O4 - HKLM\..\Run: [Allin1Convert_8h Browser Plugin Loader] C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe

O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"

O4 - HKLM\..\Run: [EaseUs TB Tray Agent] "C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [OV3_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe"

O4 - HKCU\..\Run: [] C:\Users\Fons\AppData\Roaming\epelnu\\

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [phonostar-PlayerTimer] "C:\Program Files\phonostar-Player\phonostarTimer.exe"

O4 - HKCU\..\Run: [okuoud.exe] C:\Users\Fons\AppData\Roaming\elnude\\okuoud.exe

O4 - HKCU\..\Run: [awelnu.exe] C:\Users\Fons\AppData\Roaming\ujawke\\awelnu.exe

O4 - HKCU\..\Run: [jaujla.exe] C:\Users\Fons\AppData\Roaming\epelnu\\jaujla.exe

O4 - HKCU\..\Run: [udbuja.exe] C:\Users\Fons\AppData\Roaming\ewbuas\\udbuja.exe

O4 - HKCU\..\Run: [sjawe.exe] C:\Users\Fons\AppData\Roaming\ewbuas\\sjawe.exe

O4 - HKCU\..\Run: [epweok.exe] C:\Users\Fons\AppData\Roaming\ujawke\\epweok.exe

O4 - HKCU\..\Run: [nuewab.exe] C:\Users\Fons\AppData\Roaming\ujawke\\nuewab.exe

O4 - HKCU\..\Run: [ujpuel.exe] C:\Users\Fons\AppData\Roaming\ujawke\\ujpuel.exe

O4 - HKCU\..\Run: [oknuud.exe] C:\Users\Fons\AppData\Roaming\ewbuas\\oknuud.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: AutoStarter.lnk = Fons\Documents\Usenext\wizard\Musitek SmartScore X2 Professional Edition v10 - R (2)\Musitek_SmartScore_X2_Professional_Edition_v10.5.4-RBS.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe

O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll

O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll

O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

O23 - Service: Adobe Active File Monitor V12 (AdobeActiveFileMonitor12.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Allin1ConvertService (Allin1Convert_8hService) - COMPANYVERS_NAME - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbarsvc.exe

O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe

O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: PRTG Core Server Service (PRTGCoreService) - Paessler AG - C:\Program Files\PRTG Network Monitor\PRTG Server.exe

O23 - Service: PRTG Probe Service (PRTGProbeService) - Paessler AG - C:\Program Files\PRTG Network Monitor\PRTG Probe.exe

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: WINZIPSSDiskOptimizer - WinZip Computing, S.L. (WinZip Computing) - C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe

--

End of file - 13155 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job

C:\Windows\tasks\WINZIPSS-WINZIPSSOneClickCare.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Fons\AppData\Roaming\Mozilla\Firefox\Profiles\sv3giimt.default

"web2pdfextension@web2pdf.adobedotcom"=C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

"tmbepff@trendmicro.com"=C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\firefoxextension

"{22C7F6C6-8D67-4534-92B5-529A0EC09405}"=C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\

"{22181a4d-af90-4ca3-a569-faed9118d6bc}"=C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension

"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.7.700.224 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Allin1Convert_8h.com/Plugin]

"Description"=Allin1Convert Plugin

"Path"=C:\Program Files\Allin1Convert_8h\bar\1.bin\NP8hStub.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@dymo.com/DymoLabelFramework]

"Description"=DYMO Label Framework Plugin

"Path"=C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/Lync,version=15.0]

"Description"=Microsoft Lync Plug-in for Firefox

"Path"=C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51]

"Description"=RealPlayer LiveConnect-Enabled Plug-In

"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3]

"Description"=RealNetworks RealDownloader Chrome Background Extension Plug-In

"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3]

"Description"=RealNetworks RealDownloader HTML5VideoShim Plug-In

"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3]

"Description"=RealNetworks RealDownloader Peppe rFlash Video Shim Plug-In

"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51]

"Description"=RealPlayer Download Plugin

"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@realnetworks.com/npdlplugin;version=1]

"Description"=RealDownloader Plugin

"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Acrobat]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]

"Description"=

"Path"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

C:\Program Files\Mozilla Firefox\plugins\

npMeetingJoinPluginOC.dll

nppdf32.NLD

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}]

TmIEPlugInBHO Class - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll [2013-07-10 332824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14 542376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]

Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-10-17 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797}]

Search Assistant BHO - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll [2014-01-23 140360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-12 194128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe Acrobat Create PDF Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2013-09-13 705240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]

TmBpIeBHO Class - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll [2013-12-17 1376792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]

Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2013-11-02 1727176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]

Adobe Acrobat Create PDF from Selection - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}]

Toolbar BHO - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbar.dll [2014-01-23 859720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-12 194128]

{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}

{cd1a63ba-a08c-431b-9a34-f240aadc728d} - Allin1Convert - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll [2014-01-23 859720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-04-11 56080]

"OV3_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe [2013-07-29 55656]

"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10 1313640]

"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-12-11 311152]

"Trend Micro Client Framework"=C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [2013-10-09 143792]

"EaseUs Tray"=C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe [2013-09-04 1372232]

"Allin1Convert_8h Browser Plugin Loader"=C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe [2014-01-23 61512]

"EaseUs Watch"=C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe [2013-09-04 70728]

"EaseUs TB Tray Agent"=C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe [2013-09-04 253512]

"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2013-12-12 295512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2013-08-27 248208]

"OV3_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe [2013-07-29 420200]

""=C:\Users\Fons\AppData\Roaming\epelnu\\ []

"KiesPreload"=C:\Program Files\Samsung\Kies\Kies.exe [2013-12-11 1564528]

"KiesAirMessage"=C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup []

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2013-08-25 39408]

"phonostar-PlayerTimer"=C:\Program Files\phonostar-Player\phonostarTimer.exe [2013-04-25 42496]

"okuoud.exe"=C:\Users\Fons\AppData\Roaming\elnude\\okuoud.exe [2013-12-26 72513080]

"awelnu.exe"=C:\Users\Fons\AppData\Roaming\ujawke\\awelnu.exe []

"jaujla.exe"=C:\Users\Fons\AppData\Roaming\epelnu\\jaujla.exe []

"udbuja.exe"=C:\Users\Fons\AppData\Roaming\ewbuas\\udbuja.exe [2013-12-26 72513080]

"sjawe.exe"=C:\Users\Fons\AppData\Roaming\ewbuas\\sjawe.exe []

"epweok.exe"=C:\Users\Fons\AppData\Roaming\ujawke\\epweok.exe [2013-12-26 72513080]

"nuewab.exe"=C:\Users\Fons\AppData\Roaming\ujawke\\nuewab.exe []

"ujpuel.exe"=C:\Users\Fons\AppData\Roaming\ujawke\\ujpuel.exe []

"oknuud.exe"=C:\Users\Fons\AppData\Roaming\ewbuas\\oknuud.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2012-09-23 3477640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03 472984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allin1Convert EPM Support]

C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hmedint.exe [2014-01-23 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allin1Convert Home Page Guard 32 bit]

C:\PROGRA~1\ALLIN1~2\bar\1.bin\AppIntegrator.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allin1Convert Search Scope Monitor]

C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hsrchmn.exe [2014-01-23 55368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Everything]

C:\Program Files\Everything\Everything.exe [2009-03-13 602624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Greenshot]

C:\Program Files\Greenshot\Greenshot.exe [2013-12-12 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]

C:\Program Files\KeePass Password Safe 2\KeePass.exe [2013-11-03 2065408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-12-11 311152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive]

C:\Users\Fons\AppData\Roaming\newnext.me\nengine.dll [2013-11-14 1283584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]

C:\Program Files\PC Speed Up\PCSUNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostar-PlayerTimer]

C:\Program Files\phonostar-Player\phonostarTimer.exe [2013-04-25 42496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]

C:\Program Files\phonostar-Player\phonostarTimer.exe [2013-04-25 42496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2013-08-25 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Real\RealPlayer\update\realsched.exe [2013-12-12 295512]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe

Scanner Finder.lnk - C:\Program Files\ScanWizard 5\ScannerFinder.exe

C:\Users\Fons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

AutoStarter.lnk - C:\Users\Fons\Documents\Usenext\wizard\Musitek SmartScore X2 Professional Edition v10 - R (2)\Musitek_SmartScore_X2_Professional_Edition_v10.5.4-RBS.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Users\Fons\AppData\Roaming\elnude\okuoud.exe"="C:\Users\Fons\AppData\Roaming\elnude\okuoud.exe:*:Enabled:okuoud"

"C:\Users\Fons\AppData\Roaming\epelnu\awelnu.exe"="C:\Users\Fons\AppData\Roaming\epelnu\awelnu.exe:*:Enabled:awelnu"

"C:\Users\Fons\AppData\Roaming\ujawke\epweok.exe"="C:\Users\Fons\AppData\Roaming\ujawke\epweok.exe:*:Enabled:epweok"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2014-02-06 20:45:04 ----D---- C:\rsit

2014-02-06 20:42:12 ----A---- C:\Users\Fons\AppData\Roaming\loadit.exe

2014-02-02 17:36:35 ----D---- C:\Users\Fons\AppData\Roaming\WinZip

2014-02-02 17:36:11 ----A---- C:\Windows\system32\WPRO_41_2001woem.tmp

2014-02-02 17:28:09 ----A---- C:\Windows\system32\roboot.exe

2014-02-02 17:28:08 ----A---- C:\Windows\system32\sasnative32.exe

2014-02-02 17:27:53 ----D---- C:\Program Files\WinZip System Utilities Suite

2014-02-02 17:00:38 ----D---- C:\Program Files\WinZip

2014-02-01 16:09:05 ----A---- C:\Windows\system32\drivers\WPRO_41_2001.sys

2014-02-01 14:49:17 ----D---- C:\ProgramData\WinZip

2014-01-29 18:58:11 ----D---- C:\Program Files\Musitek

2014-01-29 10:14:51 ----D---- C:\Users\Fons\AppData\Roaming\ujawke

2014-01-29 10:13:04 ----D---- C:\Users\Fons\AppData\Roaming\ewbuas

2014-01-29 10:01:36 ----D---- C:\Users\Fons\AppData\Roaming\epelnu

2014-01-29 10:01:03 ----D---- C:\Users\Fons\AppData\Roaming\elnude

2014-01-28 19:01:52 ----D---- C:\Program Files\VideoLAN

2014-01-28 19:01:37 ----D---- C:\Program Files\eMule

2014-01-28 19:01:27 ----D---- C:\Program Files\VS Revo Group

2014-01-28 19:01:20 ----D---- C:\ProgramData\Mozilla

2014-01-28 19:01:18 ----D---- C:\Program Files\Mozilla Maintenance Service

2014-01-28 18:30:39 ----D---- C:\Users\Fons\AppData\Roaming\Malwarebytes

2014-01-28 18:30:28 ----D---- C:\ProgramData\Malwarebytes

2014-01-28 18:30:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2014-01-28 18:30:26 ----A---- C:\Windows\system32\drivers\mbam.sys

2014-01-28 17:04:25 ----D---- C:\ProgramData\McAfee Security Scan

2014-01-28 17:04:25 ----D---- C:\ProgramData\McAfee

2014-01-28 17:04:16 ----D---- C:\Program Files\McAfee Security Scan

2014-01-26 18:15:44 ----D---- C:\ProgramData\TweakBit

2014-01-26 18:15:34 ----D---- C:\Program Files\TweakBit

2014-01-26 17:01:15 ----D---- C:\Users\Fons\AppData\Roaming\No Company Name

2014-01-24 18:42:40 ----D---- C:\Users\Fons\AppData\Roaming\DonationCoder

2014-01-23 17:25:48 ----D---- C:\Program Files\Allin1Convert_8h

2014-01-20 10:07:19 ----D---- C:\Program Files\Dialexicon

2014-01-20 10:07:03 ----N---- C:\Windows\Setup1.exe

2014-01-20 10:07:02 ----A---- C:\Windows\ST6UNST.EXE

2014-01-17 19:23:44 ----D---- C:\Program Files\Greenshot

2014-01-16 10:19:25 ----A---- C:\Windows\system32\win32k.sys

2014-01-16 10:19:23 ----A---- C:\Windows\system32\drivers\netio.sys

2014-01-16 10:19:22 ----A---- C:\Windows\system32\drivers\usbuhci.sys

2014-01-16 10:19:22 ----A---- C:\Windows\system32\drivers\usbport.sys

2014-01-16 10:19:22 ----A---- C:\Windows\system32\drivers\usbohci.sys

2014-01-16 10:19:22 ----A---- C:\Windows\system32\drivers\usbhub.sys

2014-01-16 10:19:22 ----A---- C:\Windows\system32\drivers\usbehci.sys

2014-01-16 10:19:22 ----A---- C:\Windows\system32\drivers\usbd.sys

2014-01-16 10:19:22 ----A---- C:\Windows\system32\drivers\usbccgp.sys

2014-01-14 18:32:05 ----RASH---- C:\MSDOS.SYS

2014-01-14 18:32:05 ----RASH---- C:\IO.SYS

2014-01-14 18:31:47 ----D---- C:\Users\Fons\AppData\Roaming\Winamp

2014-01-14 18:31:47 ----D---- C:\Program Files\Winamp

2014-01-11 12:39:10 ----ASH---- C:\EUMONBMP.SYS

2014-01-11 11:22:48 ----D---- C:\My Backups

2014-01-11 11:22:44 ----A---- C:\Windows\system32\drivers\EuFdDisk.sys

2014-01-11 11:22:43 ----A---- C:\Windows\system32\drivers\eudskacs.sys

2014-01-11 11:22:43 ----A---- C:\Windows\system32\drivers\eubakup.sys

2014-01-11 11:22:42 ----A---- C:\Windows\system32\drivers\EUBKMON.sys

2014-01-11 11:20:25 ----A---- C:\Windows\system32\fbnative.exe

2014-01-11 11:19:36 ----D---- C:\Program Files\EaseUS

2014-01-04 16:51:17 ----A---- C:\Windows\system32\dgderapi.dll

2014-01-04 16:32:10 ----A---- C:\Windows\system32\drivers\ssudmdm.sys

2014-01-04 16:32:10 ----A---- C:\Windows\system32\drivers\ssudbus.sys

2014-01-04 16:30:27 ----A---- C:\Windows\system32\drivers\ssadwhnt.sys

2014-01-04 16:30:27 ----A---- C:\Windows\system32\drivers\ssadmdm.sys

2014-01-04 16:30:26 ----A---- C:\Windows\system32\drivers\ssadserd.sys

2014-01-04 16:30:26 ----A---- C:\Windows\system32\drivers\ssadmdfl.sys

2014-01-04 16:30:26 ----A---- C:\Windows\system32\drivers\ssadcmnt.sys

2014-01-04 16:30:26 ----A---- C:\Windows\system32\drivers\ssadbus.sys

2014-01-04 16:30:26 ----A---- C:\Windows\system32\drivers\ssadadb.sys

2013-12-25 19:05:06 ----D---- C:\Users\Fons\AppData\Roaming\AIMP3

2013-12-25 19:05:02 ----D---- C:\Program Files\AIMP3

2013-12-20 20:01:28 ----D---- C:\Program Files\phonostar-Player

2013-12-17 20:02:38 ----D---- C:\Users\Fons\AppData\Roaming\Geek Uninstaller

2013-12-12 10:14:52 ----D---- C:\Users\Fons\AppData\Roaming\newnext.me

2013-12-12 10:08:25 ----D---- C:\Users\Fons\AppData\Roaming\COWON

2013-12-12 10:05:05 ----D---- C:\Program Files\Common Files\COWON

2013-12-12 10:05:03 ----D---- C:\Program Files\JetAudio

2013-12-12 10:03:38 ----D---- C:\Program Files\MyPC Backup

2013-12-12 09:36:56 ----D---- C:\Users\Fons\AppData\Roaming\RealNetworks

2013-12-12 09:36:26 ----D---- C:\Program Files\RealNetworks

2013-12-12 09:36:22 ----D---- C:\ProgramData\RealNetworks

2013-12-12 09:36:10 ----D---- C:\Program Files\Common Files\xing shared

2013-12-12 09:36:00 ----A---- C:\Windows\system32\rmoc3260.dll

2013-12-12 09:35:53 ----A---- C:\Windows\system32\pndx5032.dll

2013-12-12 09:35:53 ----A---- C:\Windows\system32\pndx5016.dll

2013-12-12 09:35:53 ----A---- C:\Windows\system32\pncrt.dll

2013-12-12 09:35:44 ----D---- C:\Program Files\Real

2013-12-12 09:35:21 ----D---- C:\Users\Fons\AppData\Roaming\Real

2013-12-12 09:34:44 ----D---- C:\ProgramData\Real

2013-12-11 15:26:10 ----A---- C:\Windows\system32\jsproxy.dll

2013-12-11 15:26:10 ----A---- C:\Windows\system32\ie4uinit.exe

2013-12-11 15:26:09 ----A---- C:\Windows\system32\jscript9diag.dll

2013-12-11 15:26:09 ----A---- C:\Windows\system32\ieui.dll

2013-12-11 15:26:09 ----A---- C:\Windows\system32\iesetup.dll

2013-12-11 15:26:09 ----A---- C:\Windows\system32\iernonce.dll

2013-12-11 15:26:09 ----A---- C:\Windows\system32\ieetwcollectorres.dll

2013-12-11 15:26:09 ----A---- C:\Windows\system32\ieapfltr.dll

2013-12-11 15:26:08 ----A---- C:\Windows\system32\ieUnatt.exe

2013-12-11 15:26:08 ----A---- C:\Windows\system32\ieetwproxystub.dll

2013-12-11 15:26:08 ----A---- C:\Windows\system32\ieetwcollector.exe

2013-12-11 15:26:07 ----A---- C:\Windows\system32\wininet.dll

2013-12-11 15:26:07 ----A---- C:\Windows\system32\urlmon.dll

2013-12-11 15:26:07 ----A---- C:\Windows\system32\iertutil.dll

2013-12-11 15:26:06 ----A---- C:\Windows\system32\ieframe.dll

2013-12-11 15:26:05 ----A---- C:\Windows\system32\mshtml.dll

2013-12-11 15:26:05 ----A---- C:\Windows\system32\jscript9.dll

2013-12-11 15:19:18 ----A---- C:\Windows\system32\wmp.dll

2013-12-11 15:19:17 ----A---- C:\Windows\system32\wmploc.DLL

2013-12-11 14:01:00 ----A---- C:\Windows\system32\WMPhoto.dll

2013-12-11 14:01:00 ----A---- C:\Windows\system32\msieftp.dll

2013-12-11 14:00:59 ----A---- C:\Windows\system32\wscript.exe

2013-12-11 14:00:59 ----A---- C:\Windows\system32\scrrun.dll

2013-12-11 14:00:59 ----A---- C:\Windows\system32\imagehlp.dll

2013-12-11 14:00:59 ----A---- C:\Windows\system32\cscript.exe

2013-12-11 14:00:56 ----A---- C:\Windows\system32\tzres.dll

2013-12-11 14:00:54 ----A---- C:\Windows\system32\drivers\portcls.sys

2013-12-11 14:00:54 ----A---- C:\Windows\system32\drivers\drmk.sys

2013-12-10 19:24:40 ----D---- C:\Users\Fons\AppData\Roaming\pdf995

2013-12-10 19:07:40 ----D---- C:\ProgramData\pdf995

2013-12-10 19:07:39 ----A---- C:\Windows\system32\pdfmona.dll

2013-12-10 19:07:39 ----A---- C:\Windows\system32\pdf995mon.dll

2013-12-10 19:07:22 ----D---- C:\pdf995

======List of files/folders modified in the last 2 months======

2014-02-06 20:57:26 ----D---- C:\Program Files\Trend Micro

2014-02-06 20:57:21 ----D---- C:\Windows\Prefetch

2014-02-06 20:55:02 ----SHD---- C:\System Volume Information

2014-02-06 20:48:18 ----D---- C:\Windows\Temp

2014-02-06 20:41:42 ----D---- C:\Windows\system32\config

2014-02-06 20:37:05 ----D---- C:\Windows\system32\Tasks

2014-02-06 20:36:37 ----D---- C:\Program Files\PRTG Network Monitor

2014-02-06 20:36:36 ----AD---- C:\ProgramData\TEMP

2014-02-06 20:36:11 ----D---- C:\Windows\Tasks

2014-02-06 20:36:11 ----D---- C:\Windows\system32\wfp

2014-02-06 20:36:08 ----D---- C:\Windows\system32\wbem

2014-02-06 20:36:08 ----D---- C:\Windows

2014-02-06 20:35:22 ----SHD---- C:\Windows\Installer

2014-02-06 20:35:22 ----D---- C:\Windows\system32\NDF

2014-02-06 20:35:22 ----D---- C:\Windows\system32\DriverStore

2014-02-06 20:35:22 ----D---- C:\Windows\system32\drivers

2014-02-06 20:35:22 ----D---- C:\Windows\system32\catroot2

2014-02-06 20:35:22 ----D---- C:\Windows\system32\catroot

2014-02-06 20:35:22 ----D---- C:\Windows\System32

2014-02-06 20:35:22 ----D---- C:\Windows\inf

2014-02-06 20:35:21 ----D---- C:\Windows\AppCompat

2014-02-06 20:35:21 ----D---- C:\Users\Fons\AppData\Roaming\uTorrent

2014-02-06 20:35:21 ----D---- C:\Users\Fons\AppData\Roaming\Greenshot

2014-02-06 20:35:21 ----D---- C:\ProgramData\Trend Micro

2014-02-06 20:35:20 ----HD---- C:\ProgramData

2014-02-06 20:35:20 ----D---- C:\ProgramData\Licenses

2014-02-06 20:35:19 ----RD---- C:\Program Files

2014-02-06 20:35:19 ----D---- C:\Program Files\Common Files\PX Storage Engine

2014-02-06 20:35:17 ----D---- C:\Program Files\Adobe

2014-02-06 20:35:14 ----D---- C:\gensdatapro

2014-02-06 20:35:05 ----D---- C:\Windows\registration

2014-02-06 20:34:36 ----D---- C:\ProgramData\Adobe

2014-02-06 20:34:14 ----D---- C:\Program Files\Common Files\Adobe

2014-02-06 20:32:51 ----RHD---- C:\MSOCache

2014-02-06 18:35:11 ----D---- C:\Users\Fons\AppData\Roaming\UseNeXT

2014-02-02 18:17:29 ----D---- C:\Windows\Minidump

2014-02-02 16:55:40 ----D---- C:\Program Files\PrivaZer

2014-02-01 15:00:51 ----A---- C:\Windows\RegBootClean.exe

2014-01-29 19:09:42 ----RSD---- C:\Windows\Fonts

2014-01-29 18:58:57 ----A---- C:\Windows\SSB2.ini

2014-01-29 18:42:10 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-01-29 18:40:14 ----D---- C:\Windows\system32\LogFiles

2014-01-29 12:10:45 ----D---- C:\Users\Fons\AppData\Roaming\tixati

2014-01-28 19:51:35 ----D---- C:\Users\Fons\AppData\Roaming\Mozilla

2014-01-28 19:07:52 ----D---- C:\Program Files\Google

2014-01-28 19:01:24 ----D---- C:\Program Files\WinRAR

2014-01-28 19:01:12 ----D---- C:\Program Files\Mozilla Firefox

2014-01-28 18:47:09 ----D---- C:\Windows\Branding

2014-01-26 18:34:17 ----D---- C:\Windows\debug

2014-01-26 17:51:50 ----D---- C:\Users\Fons\AppData\Roaming\Adobe

2014-01-26 17:51:47 ----D---- C:\ProgramData\regid.1986-12.com.adobe

2014-01-26 16:58:02 ----RSD---- C:\Windows\assembly

2014-01-16 10:53:44 ----D---- C:\Windows\winsxs

2014-01-16 10:29:14 ----A---- C:\Windows\win.ini

2014-01-16 10:29:13 ----D---- C:\ProgramData\Microsoft Help

2014-01-16 10:28:34 ----D---- C:\Windows\system32\MRT

2014-01-16 10:25:46 ----A---- C:\Windows\system32\MRT.exe

2014-01-04 17:26:04 ----D---- C:\Windows\Microsoft.NET

2014-01-04 16:51:09 ----HD---- C:\Program Files\InstallShield Installation Information

2014-01-04 16:51:02 ----D---- C:\ProgramData\Samsung

2014-01-04 16:50:58 ----D---- C:\Program Files\Samsung

2014-01-04 16:42:41 ----D---- C:\Users\Fons\AppData\Roaming\Samsung

2014-01-03 18:10:04 ----D---- C:\Windows\system32\drivers\UMDF

2013-12-20 19:41:22 ----D---- C:\Users\Fons\AppData\Roaming\KeePass

2013-12-12 10:05:05 ----D---- C:\Program Files\Common Files

2013-12-12 09:57:54 ----D---- C:\Program Files\Everything

2013-12-12 09:35:49 ----A---- C:\Windows\system32\msvcr71.dll

2013-12-12 09:35:49 ----A---- C:\Windows\system32\msvcp71.dll

2013-12-11 20:39:12 ----D---- C:\Windows\rescache

2013-12-11 18:04:18 ----D---- C:\Program Files\Internet Explorer

2013-12-11 18:04:17 ----D---- C:\Windows\system32\nl-NL

2013-12-11 18:04:17 ----D---- C:\Windows\system32\en-US

2013-12-11 18:04:17 ----D---- C:\Windows\system32\de-DE

2013-12-11 18:04:16 ----D---- C:\Program Files\Windows Media Player

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 EUBAKUP;EUBAKUP; C:\Windows\system32\drivers\eubakup.sys [2013-09-04 51784]

R0 EUBKMON;EUBKMON; C:\Windows\system32\drivers\EUBKMON.sys [2013-09-04 41544]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2013-07-19 46096]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]

R0 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2013-09-04 288840]

R0 TMEBC;TMEBC; C:\Windows\system32\DRIVERS\TMEBC32.sys [2013-07-01 40736]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]

R1 EUDSKACS;EUDSKACS; \??\C:\Windows\system32\drivers\eudskacs.sys [2013-09-04 15944]

R1 EUFDDISK;EUFDDISK; \??\C:\Windows\system32\drivers\EuFdDisk.sys [2013-09-04 186952]

R1 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2013-09-04 102904]

R1 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2013-09-04 83352]

R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2012-05-02 92304]

R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]

R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2011-08-10 45288]

R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\Windows\system32\DRIVERS\hcwPP2.sys [2005-12-14 160256]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]

R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2011-08-10 21784]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

R3 tmeevw;tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [2013-06-13 85280]

R3 tmnciesc;tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [2013-05-22 282272]

R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001); C:\Windows\system32\drivers\WPRO_41_2001.sys [2014-02-06 35088]

S2 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys []

S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2013-08-21 32064]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-08-21 84248]

S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2008-12-29 30096]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]

S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2013-08-21 136904]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2013-08-21 17864]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2013-08-21 153672]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2013-08-21 130248]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-08-21 182680]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]

S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-20 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 24064]

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 49664]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]

S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 36352]

S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []

S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]

S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12; C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [2013-09-25 181152]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]

R2 Allin1Convert_8hService;Allin1ConvertService; C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbarsvc.exe [2014-01-23 88648]

R2 Amsp;Trend Micro Solution Platform; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-07-15 287256]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 DymoPnpService;DYMO PnP Service; C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe [2013-03-05 33072]

R2 EaseUS Agent;EaseUS Agent Service; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [2013-10-11 69192]

R2 Guard Agent;Guard Agent Service; C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe [2013-09-04 23624]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 PRTGCoreService;PRTG Core Server Service; C:\Program Files\PRTG Network Monitor\PRTG Server.exe [2013-10-29 7232736]

R2 PRTGProbeService;PRTG Probe Service; C:\Program Files\PRTG Network Monitor\PRTG Probe.exe [2013-10-29 8814304]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]

R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2013-08-27 93072]

R2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer; C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe [2013-02-13 268072]

R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 150648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-25 136176]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-25 136176]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-08-25 194032]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 108032]

S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-05 119408]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 4846168]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-08-21 1343400]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Link naar reactie
Delen op andere sites

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download 51a612a8b27e2-Zoek.pngZoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4};c
 C:\Program Files\Allin1Convert_8h;fs
 {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797};c
 {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d};c
 {10EDB994-47F8-43F7-AE96-F2EA63E9F90F};c
 {cd1a63ba-a08c-431b-9a34-f240aadc728d};c
 Allin1Convert_8h Browser Plugin Loader;s
 C:\Users\Fons\AppData\Roaming\epelnu;fs
 okuoud.exe;s 
 awelnu.exe] 
 jaujla.exe;s
 udbuja.exe;s  
 sjawe.exe;s  
 epweok.exe;s  
 nuewab.exe;s   
 ujpuel.exe;s  
 oknuud.exe;s  
 C:\Users\Fons\AppData\Roaming\elnude\\okuoud.exe;f
 C:\Users\Fons\AppData\Roaming\epelnu\\jaujla.exe;f
 C:\Users\Fons\AppData\Roaming\ujawke\\awelnu.exe;f
 C:\Users\Fons\AppData\Roaming\ewbuas\\udbuja.exe;f
 C:\Users\Fons\AppData\Roaming\ewbuas\\sjawe.exe;f
 C:\Users\Fons\AppData\Roaming\ujawke\\epweok.exe;f
 C:\Users\Fons\AppData\Roaming\ujawke\\nuewab.exe;f
 C:\Users\Fons\AppData\Roaming\ujawke\\ujpuel.exe;f
 C:\Users\Fons\AppData\Roaming\ewbuas\\oknuud.exe;f
 Allin1Convert_8hService;s
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797}];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}];r
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
 "Allin1Convert_8h Browser Plugin Loader"=-;r
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
 "okuoud.exe"=-;r
"awelnu.exe"=-;r
"jaujla.exe"=-;r
"udbuja.exe"=-;r
"sjawe.exe"=-;r
"epweok.exe"=-;r
"nuewab.exe"=-;r
 "ujpuel.exe"=-;r
"oknuud.exe"=-;r
 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allin1Convert EPM Support];r
 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allin1Convert Home Page Guard 32 bit];r
 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allin1Convert Search Scope Monitor];r
 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive];r
 C:\Users\Fons\AppData\Roaming\ujawke;fs
 C:\Users\Fons\AppData\Roaming\ewbuas;fs
 C:\Users\Fons\AppData\Roaming\epelnu;fs
 C:\Users\Fons\AppData\Roaming\elnude;fs
 C:\Program Files\Allin1Convert_8h;fs
 C:\Users\Fons\AppData\Roaming\newnext.me;fs
 C:\Program Files\MyPC Backup;fs
 emptyfolderscheck;delete 
startupall; 
filesrcm;

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.
  • Do a Deep Scan

  • Auto Clean
  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Beste forum leden.

Hierbij het zoek resultaat.

Zoek.exe v5.0.0.0 Updated 31-January-2014

Tool run by Fons on vr 07-02-2014 at 15:52:52,25.

Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Fons\Downloads\zoek.exe [scan all users] [Checkboxes used]

==== System Restore Info ======================

7-2-2014 15:55:11 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample_07-02-2014_1607.zip ======================

Process iexplore.exe killed

Copied file C:\Users\Fons\AppData\Roaming\loadit.exe to sample\loadit.exe

sample\loadit.exe renamed to 7A0244B2B9F5A61C26B68D2C7EA51EAB

C:\Users\Public\Desktop\sample_07-02-2014_1607.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully

HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully

HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B560EC3F-0150-4D57-B9B4-B5FC5E91013C} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully

==== Running Processes ======================

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbarsvc.exe

C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\WinZip System Utilities Suite\WINZIPSSSystemProtector.exe

C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\PRTG Network Monitor\PRTG Server.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe

C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe

C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe

C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\phonostar-Player\phonostarTimer.exe

C:\Program Files\WinZip System Utilities Suite\WINZIPSS.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe

C:\Program Files\ScanWizard 5\ScannerFinder.exe

C:\Users\Fons\Documents\Usenext\wizard\Musitek SmartScore X2 Professional Edition v10 - R (2)\Musitek_SmartScore_X2_Professional_Edition_v10.5.4-RBS.exe

C:\Program Files\PRTG Network Monitor\PRTG Enterprise Console.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\PRTG Network Monitor\PRTG Probe.exe

C:\Users\Fons\Downloads\zoek.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k regsvc

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Allin1Convert_8hService deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Allin1Convert_8hService deleted successfully

==== Deleting Files \ Folders ======================

C:\Users\Fons\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WinZip System Utilities Suite.lnk deleted

C:\Users\Public\Desktop\WinZip System Utilities Suite.lnk deleted

C:\Users\Fons\appdata\locallow\Allin1Convert_8h deleted

C:\Users\Fons\AppData\Local\genienext deleted

C:\Users\Fons\daemonprocess.txt deleted

C:\Users\Fons\.android deleted

C:\Program Files\Conduit deleted

C:\Program Files\MyFree Codec deleted

C:\Program Files\MyPC Backup deleted

C:\Users\Fons\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url deleted

C:\Users\Fons\AppData\Roaming\newnext.me deleted

C:\Users\Fons\AppData\Roaming\ValueApps deleted

C:\Users\Fons\AppData\Roaming\ParetoLogic deleted

C:\Users\Fons\AppData\Roaming\DriverCure deleted

C:\ProgramData\Conduit deleted

C:\ProgramData\ParetoLogic deleted

C:\Users\Fons\AppData\Local\Mobogenie deleted

C:\Users\Fons\AppData\Local\cache deleted

C:\Users\Fons\AppData\Local\Conduit deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted

C:\Users\Fons\Downloads\tb_free_installer (1).exe deleted

C:\Users\Fons\Downloads\SoftonicDownloader_voor_7-zip.exe deleted

C:\Users\Fons\Downloads\SoftonicDownloader_voor_phonostar-player.exe deleted

C:\Users\Fons\Downloads\SoftonicDownloader_voor_screenshot-captor.exe deleted

C:\Users\Fons\AppData\LocalLow\PriceGong deleted

C:\Users\Fons\AppData\LocalLow\Conduit deleted

C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar deleted

C:\Windows\system32\tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days deleted

C:\Windows\tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job deleted

C:\Windows\system32\tasks\WINZIPSS-WINZIPSSOneClickCare deleted

C:\Windows\tasks\WINZIPSS-WINZIPSSOneClickCare.job deleted

C:\Windows\system32\sasnative32.exe deleted

C:\Windows\system32\roboot.exe deleted

C:\Users\Fons\Documents\Mobogenie deleted

C:\Users\Fons\AppData\Roaming\loadit.exe deleted

"C:\Windows\System32\WPRO_41_2001woem.tmp" deleted

"C:\Program Files\WinZip System Utilities Suite\asohtm.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\asores.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\aspcomm.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\mfc90u.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\Microsoft.Win32.TaskScheduler.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\msvcp90.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\msvcr90.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\System.Data.SQLite.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\unrar.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\WINZIPSS.exe" deleted

"C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe" deleted

"C:\Program Files\WinZip System Utilities Suite\WINZIPSSHelper.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\WINZIPSSSecureShell.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\WINZIPSSSystemProtector.exe" deleted

"C:\Program Files\WinZip System Utilities Suite\wzpsssys.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\Xceed.Compression.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\Xceed.FileSystem.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\Xceed.Zip.dll" deleted

"C:\Program Files\WinZip System Utilities Suite\xmllite.dll" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\T8RES.DLL" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin\T8RES.DLL" deleted

"C:\Program Files\Allin1Convert_8h" deleted

"C:\Program Files\WinZip System Utilities Suite" not deleted

"C:\Program Files\Allin1Convert_8h" deleted

"C:\Program Files\Allin1Convert_8h\bar" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin" deleted

"C:\Program Files\Allin1Convert_8h\bar" deleted

"C:\Program Files\Allin1Convert_8h\bar\1.bin" deleted

==== System Specs ======================

Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601)

Memory (RAM): 3550 MB

CPU Info: Intel® Core2 Duo CPU E7500 @ 2.93GHz

CPU Speed: 2985,6 MHz

Sound Card: Luidsprekers (High Definition A |

Digitale audio (S/PDIF) (High D |

Display Adapters: Intel® G45/G43 Express Chipset (Microsoft Corporation - WDDM 1.1) | Intel® G45/G43 Express Chipset (Microsoft Corporation - WDDM 1.1) | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Algemeen PnP-beeldscherm |

Screen Resolution: 1280 X 1024 - 32 bit

Network: Network Present

Network Adapters: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)

CD / DVD Drives: 1x (E: | ) E: Optiarc DVD RW AD-5240S

Ports: COM1 LPT1

Mouse: 16 Button Wheel Mouse Present

Hard Disks: C: 232,3GB | D: 233,3GB

Hard Disks - Free: C: 178,5GB | D: 139,8GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 08/24/09 | A_M_I_ - 8000924

Time Zone: West-Europa (standaardtijd)

Motherboard *: ASUSTeK Computer INC. P5QL-CM

Country: Nederland

Language: NLD

==== System Specs (Software) ======================

Anti-Virus: Trend Micro Titanium Internet Security On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: Trend Micro Titanium Internet Security disabled (Outdated)

Default Browser: Google Chrome 32.0.1700.107

Internet Explorer Version: 11.0.9600.16476

Mozilla Firefox version: 26.0 (x86 nl)

Google Chrome version: 32.0.1700.107

Flash Player version: 11.7.700.224

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2014-01-20 09:07:03 E40041E0CA436C712332EDAA9DB7DF08 286720 ------w- C:\Windows\Setup1.exe

2014-01-20 09:07:02 996F83E516552CA3B51445BB994A6D38 73216 ----a-w- C:\Windows\ST6UNST.EXE

====== C:\Users\Fons\AppData\Local\Temp ====

2014-01-28 18:07:34 ECA0A1B9869AF0EE9D28BEC3A13F270B 7877632 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll

2014-01-28 18:07:33 FCF71EB3367B39EDE69F60C6297BA6D3 1392312 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\Leap.dll

2014-01-28 18:07:33 FCF71EB3367B39EDE69F60C6297BA6D3 1392312 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Leap.dll

2014-01-28 18:07:33 ECA0A1B9869AF0EE9D28BEC3A13F270B 7877632 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll

2014-01-28 18:07:33 E3C817F7FE44CC870ECDBCBC3EA36132 421200 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll

2014-01-28 18:07:33 E3C817F7FE44CC870ECDBCBC3EA36132 421200 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll

2014-01-28 18:07:33 C469CE60EE54CF6604E9859C6DC31BC8 59392 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll

2014-01-28 18:07:33 C469CE60EE54CF6604E9859C6DC31BC8 59392 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll

2014-01-28 18:07:33 BF38660A9125935658CFA3E53FDC7D65 773968 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll

2014-01-28 18:07:33 BF38660A9125935658CFA3E53FDC7D65 773968 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll

2014-01-28 18:07:33 B754524BC1770F2DC2C634DD56A794DA 18944 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll

2014-01-28 18:07:33 B754524BC1770F2DC2C634DD56A794DA 18944 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll

2014-01-28 18:07:33 AB46B5ED48D5D6CFB8108F9A9668F72C 6174208 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll

2014-01-28 18:07:33 AB46B5ED48D5D6CFB8108F9A9668F72C 6174208 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll

2014-01-28 18:07:33 A725A2C0DD788A02A32BDE1DD9C72880 1777664 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll

2014-01-28 18:07:33 A725A2C0DD788A02A32BDE1DD9C72880 1777664 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll

2014-01-28 18:07:33 A4C63C679F9726858DDCFC48B70B2FC5 519168 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll

2014-01-28 18:07:33 A4C63C679F9726858DDCFC48B70B2FC5 519168 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll

2014-01-28 18:07:33 7301C1E86530ABAC37A34185B7B28CBF 290816 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll

2014-01-28 18:07:33 7301C1E86530ABAC37A34185B7B28CBF 290816 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll

2014-01-28 18:07:33 6FD84FAA5E911290B691C202B4E3642D 1405952 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll

2014-01-28 18:07:33 63FC0E0BB048DA44C35CDA51598C74BB 885248 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll

2014-01-28 18:07:33 5B92CB0A3EEE50F6B9AE036B4F9B0F0C 923648 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll

2014-01-28 18:07:33 4E4629F35DF9274D40A32375537EF327 1393664 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll

2014-01-28 18:07:33 20AB4A282C807E95374E36CC52E520BD 518656 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll

2014-01-28 18:07:33 20AB4A282C807E95374E36CC52E520BD 518656 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll

2014-01-28 18:07:33 0F739BF9F4ACF621CB0348EEDE3B1061 158208 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll

2014-01-28 18:07:33 0F739BF9F4ACF621CB0348EEDE3B1061 158208 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll

2014-01-28 18:07:32 61572891377238DE88D219ECFC648225 1393664 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll

2014-01-28 18:07:32 61572891377238DE88D219ECFC648225 1393664 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll

2014-01-28 18:07:32 61572891377238DE88D219ECFC648225 1393664 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll

2014-01-28 18:07:32 61572891377238DE88D219ECFC648225 1393664 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll

2014-01-28 18:07:32 5562D0C6D78A5EB832F34DB71D77A210 1050624 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll

2014-01-28 18:07:32 5562D0C6D78A5EB832F34DB71D77A210 1050624 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll

2014-01-28 18:07:32 4E4629F35DF9274D40A32375537EF327 1393664 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll

2014-01-28 18:07:32 3F07CB6466279A809A2A9977784B6C18 145408 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll

2014-01-28 18:07:32 3F07CB6466279A809A2A9977784B6C18 145408 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll

2014-01-28 18:07:32 2AE5771C4C414316B22165D26F4CD971 3105280 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll

2014-01-28 18:07:32 2ADDE7A820E75DF261DA622CD7FA6DCF 631808 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll

2014-01-28 18:07:32 2ADDE7A820E75DF261DA622CD7FA6DCF 631808 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll

2014-01-28 18:07:31 C35243A826964A115500B6B301F606E1 751104 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll

2014-01-28 18:07:31 C35243A826964A115500B6B301F606E1 751104 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll

2014-01-28 18:07:31 6DD0A58C130A79D7C4D5783631F615D8 1224192 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll

2014-01-28 18:07:31 6DD0A58C130A79D7C4D5783631F615D8 1224192 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll

2014-01-28 18:07:31 6B4CD508390953D6EC8D540DC7CEBB77 751104 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll

2014-01-28 18:07:31 6B4CD508390953D6EC8D540DC7CEBB77 751104 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll

2014-01-28 18:07:31 6B4CD508390953D6EC8D540DC7CEBB77 751104 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll

2014-01-28 18:07:31 6B4CD508390953D6EC8D540DC7CEBB77 751104 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll

2014-01-28 18:07:31 4475305A7F73EB8AE47E3B73C08E3DB4 3148288 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll

2014-01-28 18:07:31 4475305A7F73EB8AE47E3B73C08E3DB4 3148288 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll

2014-01-28 18:07:31 4475305A7F73EB8AE47E3B73C08E3DB4 3148288 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll

2014-01-28 18:07:31 4475305A7F73EB8AE47E3B73C08E3DB4 3148288 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll

2014-01-28 18:07:31 360B5E2C91140CCA141B5CF51969F5B0 9843200 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll

2014-01-28 18:07:31 2FBB97BD0DD258E1DDF093682B929DA6 726016 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll

2014-01-28 18:07:31 2FBB97BD0DD258E1DDF093682B929DA6 726016 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll

2014-01-28 18:07:31 2AE5771C4C414316B22165D26F4CD971 3105280 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll

2014-01-28 18:07:30 5F22869442F9B6BB9918D403E14DF9D5 17652224 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll

2014-01-28 18:07:30 360B5E2C91140CCA141B5CF51969F5B0 9843200 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll

2014-01-28 18:07:29 D1F060242851EE7F5407359D2F8CF3B7 15872 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll

2014-01-28 18:07:29 D1F060242851EE7F5407359D2F8CF3B7 15872 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll

2014-01-28 18:07:29 A9BFB5A8A75FA0D3C0CAF9BE03D51802 86528 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll

2014-01-28 18:07:29 A9BFB5A8A75FA0D3C0CAF9BE03D51802 86528 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll

2014-01-28 18:07:29 86E39E9161C3D930D93822F1563C280D 1998168 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll

2014-01-28 18:07:29 86E39E9161C3D930D93822F1563C280D 1998168 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll

2014-01-28 18:07:29 6A9B8D02C6EBF22ED5AEAC9ACF193967 1207296 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\GoogleEarth.exe

2014-01-28 18:07:29 5F22869442F9B6BB9918D403E14DF9D5 17652224 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll

2014-01-28 18:07:29 52347385EB760EAF8B1C56A1EB59C5B1 18944 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll

2014-01-28 18:07:29 52347385EB760EAF8B1C56A1EB59C5B1 18944 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll

2014-01-28 18:07:29 479D8C124562F49C83FC9150635962E9 208384 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe

2014-01-28 18:07:29 479D8C124562F49C83FC9150635962E9 208384 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe

2014-01-28 18:07:29 1C9B45E87528B8BB8CFA884EA0099A85 2106216 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll

2014-01-28 18:07:29 1C9B45E87528B8BB8CFA884EA0099A85 2106216 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll

2014-01-28 18:07:29 10840B6059E7FBB29BF0787B00FD0E12 301056 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe

2014-01-28 18:07:28 EE6719E48BF2E094683B05655AE7A024 1319936 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\Google Earth.msi

2014-01-28 18:07:28 2B30226A9C3A529BC98F0D1AFCC27333 51712 ----a-w- C:\Users\Fons\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe

2014-01-28 16:10:34 60610E5F78A1327982CC2AA0D0841DC0 17496456 ----a-w- C:\Users\Fons\AppData\Local\Temp\pc-suite-setup.exe

====== C:\Windows\system32 =====

2014-02-07 10:50:44 509DDAE12A61D4AA6B7972D0C4430D97 96784 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmpsearch

====== C:\Windows\system32\drivers =====

2014-02-07 14:44:12 47CC68138DADC5A0680ACDEDC7A924CF 35088 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys

2014-01-28 17:30:26 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-01-16 09:19:23 5DBD4F73E2A52FEED61DBAB3752E329C 240576 ----a-w- C:\Windows\System32\drivers\netio.sys

2014-01-16 09:19:22 EDF2DF71C4F1E13A6AC75F5224DE655A 258560 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2014-01-16 09:19:22 EC2C5AF37B76D7B58C642CB74423DB7A 284672 ----a-w- C:\Windows\System32\drivers\usbport.sys

2014-01-16 09:19:22 D40855F89B69305140BBD7E9A3BA2DA6 43520 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2014-01-16 09:19:22 9828C8D14CC2676421778F0DE638CF97 20480 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2014-01-16 09:19:22 800AABFD625EEFF899F7E5496BDE37AB 24064 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2014-01-16 09:19:22 74F805AB12EB0E3E49E469F19FF02640 6016 ----a-w- C:\Windows\System32\drivers\usbd.sys

2014-01-16 09:19:22 0803FBA9FE829D61AE26EC0BCC910C46 76288 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2014-01-11 10:22:44 D14960E39B570AAB8C58EC54A94D217D 186952 ----a-w- C:\Windows\System32\drivers\EuFdDisk.sys

2014-01-11 10:22:43 828BD9826072BC10A20093BE4CD560F3 51784 ----a-w- C:\Windows\System32\drivers\eubakup.sys

2014-01-11 10:22:43 52D87663A265D135CF8F0E76A427C2FD 15944 ----a-w- C:\Windows\System32\drivers\eudskacs.sys

2014-01-11 10:22:42 994A95AD44D20D32D8C81D7AA16D3DB4 41544 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys

====== C:\Windows\Tasks ======

2014-02-06 20:38:49 F66C4AE0128EEA1CFFA8B3D67A712C1B 3116 ----a-w- C:\Windows\system32\Tasks\WSUS-System Protector_startup

2014-01-28 18:11:16 ACB93B2B0B9357F6523465DFD826A278 3346 ----a-w- C:\Windows\system32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2139244297-3979779918-2535287518-1001

2014-01-28 18:11:13 9102268F815A6C24EE9A4E52E7FE2006 3366 ----a-w- C:\Windows\system32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2139244297-3979779918-2535287518-1001

2014-01-27 17:31:10 0660DF2A05842A0A8FF0C178E26A751B 3324 ----a-w- C:\Windows\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2139244297-3979779918-2535287518-1001

2014-01-26 16:51:46 001BBE6749E9C4F35266368ECDE3EC52 3486 ----a-w- C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-Fons-PC-Fons

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-02-02 16:27:53 -------- d-----w- C:\Program Files\WinZip System Utilities Suite

2014-02-02 16:00:38 -------- d-----w- C:\Program Files\WinZip

2014-01-29 17:58:11 -------- d-----w- C:\Program Files\Musitek

2014-01-28 18:01:52 -------- d-----w- C:\Program Files\VideoLAN

2014-01-28 18:01:37 -------- d-----w- C:\Program Files\eMule

2014-01-28 18:01:27 -------- d-----w- C:\Program Files\VS Revo Group

2014-01-28 18:01:18 -------- d-----w- C:\Program Files\Mozilla Maintenance Service

2014-01-26 17:15:34 -------- d-----w- C:\Program Files\TweakBit

2014-01-20 09:07:19 -------- d-----w- C:\Program Files\Dialexicon

2014-01-17 18:23:44 -------- d-----w- C:\Program Files\Greenshot

2014-01-14 17:31:47 -------- d-----w- C:\Program Files\Winamp

2014-01-11 10:19:36 -------- d-----w- C:\Program Files\EaseUS

======= C: =====

2014-02-02 16:58:52 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\StartUpManager_scandataOUTPUT.xml

2014-02-02 16:58:51 50A3353C0F4F50EF30DC10E8B19B3243 5634 ----a-w- C:\StartUpManager_scandataINPUT.xml

2014-01-14 17:32:05 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\MSDOS.SYS

2014-01-14 17:32:05 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\IO.SYS

2014-01-11 12:03:05 4C9B20B5C39798A54E000842E8A10445 4096 --sha-w- C:\{06FD95A0-5002-4C9A-8891-3B7978EA55CA}.CBM

2014-01-11 11:39:10 D442C87E5055F3EAE363F24A76F04702 476672 --sha-w- C:\EUMONBMP.SYS

====== C:\Users\Fons\AppData\Roaming ======

2014-02-02 16:36:35 -------- d-----w- C:\Users\Fons\AppData\Roaming\WinZip

2014-02-02 16:01:31 -------- d-----w- C:\Users\Fons\AppData\Local\WinZip

2014-01-29 09:14:51 -------- d-----w- C:\Users\Fons\AppData\Roaming\ujawke

2014-01-29 09:13:04 -------- d-----w- C:\Users\Fons\AppData\Roaming\ewbuas

2014-01-29 09:01:36 -------- d-----w- C:\Users\Fons\AppData\Roaming\epelnu

2014-01-29 09:01:03 -------- d-----w- C:\Users\Fons\AppData\Roaming\elnude

2014-01-28 18:51:35 -------- d-----w- C:\Users\Fons\AppData\Local\Mozilla

2014-01-28 18:01:27 -------- d-----w- C:\Users\Fons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

2014-01-26 16:57:04 -------- d-----w- C:\Users\Fons\AppData\Local\Diagnostics

2014-01-26 16:01:15 -------- d-----w- C:\Users\Fons\AppData\Roaming\No Company Name

2014-01-24 17:42:40 CE54B9B341D1CA852910E1E5169C00B7 58 ----a-w- C:\Users\Fons\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat

2014-01-24 17:42:40 -------- d-----w- C:\Users\Fons\AppData\Roaming\DonationCoder

2014-01-14 17:31:47 -------- d-----w- C:\Users\Fons\AppData\Roaming\Winamp

====== C:\Users\Fons ======

2014-02-06 19:56:31 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Fons\Downloads\RSIT.exe

2014-02-02 16:28:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip System Utilities Suite

2014-02-02 16:00:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

2014-02-01 13:49:17 -------- d-----w- C:\ProgramData\WinZip

2014-02-01 13:48:07 85BE8E2F3473441E72FFB10789B7DF0F 14166656 ----a-w- C:\Users\Fons\Downloads\wzsus18.exe

2014-01-29 18:09:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartScore X2 Pro

2014-01-28 18:08:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

2014-01-28 18:02:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2014-01-28 18:01:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule

2014-01-28 18:01:20 -------- d-----w- C:\ProgramData\Mozilla

2014-01-28 18:00:36 EDCAFA798D6BA668D54C64DB3384AB52 265752 ----a-w- C:\Users\Fons\Downloads\Ninite 7Zip Chrome Firefox Google Earth Greenshot Installer.exe

2014-01-26 17:15:44 -------- d-----w- C:\ProgramData\TweakBit

2014-01-26 17:15:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit

2014-01-26 17:14:59 F4805CA813F12E6AF9AE36C7FE79547A 14802656 ----a-w- C:\Users\Fons\Downloads\pc-speed-up-setup.exe

2014-01-20 09:07:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dialexicon

2014-01-17 18:23:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot

2014-01-14 17:32:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp

2014-01-11 10:22:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 6.1

====== C: exe-files ==

2014-02-07 14:44:50 4336FBC3A8A75922456D194391A5999C 36528344 ----a-w- C:\Program Files\Google\Update\Install\{ED13EE1C-75C7-40A4-8645-502DBF88087F}\32.0.1700.107_chrome_installer.exe

2014-02-07 14:44:48 4336FBC3A8A75922456D194391A5999C 36528344 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.107\32.0.1700.107_chrome_installer.exe

2014-02-07 10:49:52 6DF2A0656058A87DD0816E1BAF38B206 25624 ------w- C:\Program Files\Trend Micro\AMSP\module\10012\1.7.1008\1.7.1008\DREBoot.exe

2014-02-07 10:49:51 AC4BF5D916C4CAB6760CCF8BF574E472 222232 ------w- C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmExtIns.exe

2014-02-07 10:49:51 A640306D84D986E40256ADCBA9A9F5A2 54296 ------w- C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmopHookMgrHelper32.exe

2014-02-07 10:49:49 F0256DB33C5B7BF4251DE5290F9892F0 14872 ------w- C:\Program Files\Trend Micro\AMSP\module\10017\2.2.1045\2.2.1045\CheckUI.exe

2014-02-06 20:29:58 BA7524A2D91F895CE7502C78B6A4CBAF 732888 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.107\32.0.1700.107_32.0.1700.102_chrome_updater.exe

2014-02-06 19:56:31 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Fons\Downloads\RSIT.exe

2014-02-06 19:45:04 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\Fons.exe

2014-02-02 16:08:57 4DFB1F866A02D338E3B60002C96EA34B 14268880 ----a-r- C:\Users\Fons\Downloads\WinZip System Utilities Suite 2.0.648.14990 Final Multilanguage - SceneDL (PimpRG)\WinZipSystemUtilitiesSuite.exe

2014-02-02 16:08:05 8DB6AED096DF2B69945F2C62973D8063 19264130 ----a-r- C:\Users\Fons\Downloads\WinZip System Utilities Suite v2.0.648.14990 + Crack [ChattChitto RG]\WinZip System Utilities Suite v2.0.648.14990 + Crack [ChattChitto RG].exe

2014-02-02 15:50:18 B3CA16C61AD26A1006C888910B1905C5 12504936 ----a-w- C:\Users\Fons\Downloads\WinZip Pro 18 Build 10661 [x86x64] DC 12.12.13+Key-Lz0\CRACK\64BIT\WINZIP64.EXE

2014-02-02 15:50:14 9D1420902A7BC23D2321ED076C475410 10295656 ----a-w- C:\Users\Fons\Downloads\WinZip Pro 18 Build 10661 [x86x64] DC 12.12.13+Key-Lz0\CRACK\32BIT\WINZIP32.EXE

2014-02-01 13:48:07 85BE8E2F3473441E72FFB10789B7DF0F 14166656 ----a-w- C:\Users\Fons\Downloads\wzsus18.exe

=== C: other files ==

2014-02-07 15:08:18 BBAA3D0301391D8C620F962439D155A2 14297 ----a-w- C:\Users\Public\Desktop\sample_07-02-2014_1607.zip

2014-02-07 14:50:39 56F21B384E4FF2BB285424DF67737FF8 8688 ----a-w- C:\ProgramData\WinZip\System Protector\updates\1671update.zip

2014-02-07 14:44:12 47CC68138DADC5A0680ACDEDC7A924CF 35088 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys

2014-02-07 10:50:38 15FD4DD5B389EAC280A9242F980C7835 15070 ----a-w- C:\ProgramData\WinZip\System Protector\updates\1670update.zip

2014-02-07 10:49:52 11AEBCD1166F484CB93617BB6F9F5AD7 312148 ------w- C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\chrome_tmbep.crx

2014-02-07 10:49:51 EE80A6D966630DF258A0E4179FA05F10 151308 ------w- C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\ChromeExtension\tmNSCchromeExt.crx

2014-02-06 13:26:43 8AB174E3490A7AEEB29DF18AAFA28264 24435 ----a-w- C:\ProgramData\WinZip\System Protector\updates\1669update.zip

2014-02-06 13:26:43 8034A8F0F1C2A6D4B0553021127196B0 30250 ----a-w- C:\ProgramData\WinZip\System Protector\updates\1668update.zip

2014-02-05 18:01:33 F51F666E95F689D5A46ECCF2FBCB36E3 13819902 ----a-r- C:\Users\Fons\Downloads\Photoshop Elements 12\PSE 12\ElementsSTIInstaller\payloads\ElementsCameraRaw8.0All\Assets1_1.zip

2014-02-05 18:01:13 02A688BF0EC5B20FFD94D3CC8A44FDDC 252 ----a-r- C:\Users\Fons\Downloads\Photoshop Elements 12\PSE 12\ElementsSTIInstaller\payloads\PSE12STIInstaller\Assets1_1.zip

2014-02-05 18:01:12 DAB69C9561342FA47A83CA6AC3A5B8F7 740 ----a-r- C:\Users\Fons\Downloads\Photoshop Elements 12\PSE 12\SupportFiles\payloads\PSE12AMTLibSupport\Assets1_1.zip

2014-02-05 18:01:12 08A359E831B5DFF9D725B76026560E38 717 ----a-r- C:\Users\Fons\Downloads\Photoshop Elements 12\PSE 12\ElementsOrganizer\SupportFiles\payloads\EO12AMTLibSupport\Assets1_1.zip

2014-02-05 18:00:35 1C86F49CDCA28773CFE78C817246F3CB 14535520 ----a-r- C:\Users\Fons\Downloads\Photoshop Elements 12\PSE 12\ElementsSTIInstaller\payloads\ElementsCameraRaw8.0All-x64\Assets1_1.zip

2014-02-05 18:00:32 48181888C1B1A3009C892FFCFAEE6975 114265531 ----a-r- C:\Users\Fons\Downloads\Photoshop Elements 12\PSE 12\ElementsSTIInstaller\payloads\AdobeCameraRawProfile8.0All\Assets1_1.zip

2014-02-05 15:30:07 CF33F46A41237540C5B5F352AC9C4508 1484 ----a-w- C:\ProgramData\WinZip\System Protector\updates\1665update.zip

2014-02-05 15:30:07 3F83470E5B4C337A46F8A288732AF454 58459 ----a-w- C:\ProgramData\WinZip\System Protector\updates\1666update.zip

2014-02-05 15:30:07 2428D64A753C593BCDBE759030F2E608 44550 ----a-w- C:\ProgramData\WinZip\System Protector\updates\1667update.zip

2014-02-05 15:30:04 3D042A26739B843AE416ADE9DD343C2D 16045039 ----a-w- C:\ProgramData\WinZip\System Protector\updates\1664mupdate.zip

2014-02-05 15:30:02 BBE9229D5C64DB6A669C0B0618725E40 12472047 ----a-w- C:\ProgramData\WinZip\System Protector\updates\1545completedatabase.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

"OV3_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe"

"KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload"

"KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"phonostar-PlayerTimer"="C:\Program Files\phonostar-Player\phonostarTimer.exe"

"okuoud.exe"="C:\Users\Fons\AppData\Roaming\elnude\\okuoud.exe"

"awelnu.exe"="C:\Users\Fons\AppData\Roaming\ujawke\\awelnu.exe"

"jaujla.exe"="C:\Users\Fons\AppData\Roaming\epelnu\\jaujla.exe"

"udbuja.exe"="C:\Users\Fons\AppData\Roaming\ewbuas\\udbuja.exe"

"sjawe.exe"="C:\Users\Fons\AppData\Roaming\ewbuas\\sjawe.exe"

"epweok.exe"="C:\Users\Fons\AppData\Roaming\ujawke\\epweok.exe"

"nuewab.exe"="C:\Users\Fons\AppData\Roaming\ujawke\\nuewab.exe"

"ujpuel.exe"="C:\Users\Fons\AppData\Roaming\ujawke\\ujpuel.exe"

"oknuud.exe"="C:\Users\Fons\AppData\Roaming\ewbuas\\oknuud.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"

"OV3_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe /OS"

"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe"

"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe"

"Trend Micro Client Framework"="C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

"EaseUs Tray"="C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"

"Allin1Convert_8h Browser Plugin Loader"="C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe"

"EaseUs Watch"="C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"

"EaseUs TB Tray Agent"="C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe"

"TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe -osboot"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

"OV3_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe"

"KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload"

"KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"phonostar-PlayerTimer"="C:\Program Files\phonostar-Player\phonostarTimer.exe"

"okuoud.exe"="C:\Users\Fons\AppData\Roaming\elnude\\okuoud.exe"

"awelnu.exe"="C:\Users\Fons\AppData\Roaming\ujawke\\awelnu.exe"

"jaujla.exe"="C:\Users\Fons\AppData\Roaming\epelnu\\jaujla.exe"

"udbuja.exe"="C:\Users\Fons\AppData\Roaming\ewbuas\\udbuja.exe"

"sjawe.exe"="C:\Users\Fons\AppData\Roaming\ewbuas\\sjawe.exe"

"epweok.exe"="C:\Users\Fons\AppData\Roaming\ujawke\\epweok.exe"

"nuewab.exe"="C:\Users\Fons\AppData\Roaming\ujawke\\nuewab.exe"

"ujpuel.exe"="C:\Users\Fons\AppData\Roaming\ujawke\\ujpuel.exe"

"oknuud.exe"="C:\Users\Fons\AppData\Roaming\ewbuas\\oknuud.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Acrobat Assistant 8.0"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Adobe\\Acrobat 11.0\\Acrobat\\Acrotray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeAAMUpdater-1.0"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Allin1Convert EPM Support]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Allin1Convert EPM Support"

"hkey"="HKLM"

"command"="\"C:\\PROGRA~1\\ALLIN1~2\\bar\\1.bin\\8hmedint.exe\" T8EPMSUP.DLL,S"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Allin1Convert Home Page Guard 32 bit]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Allin1Convert Home Page Guard 32 bit"

"hkey"="HKLM"

"command"="\"C:\\PROGRA~1\\ALLIN1~2\\bar\\1.bin\\AppIntegrator.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Allin1Convert Search Scope Monitor]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Allin1Convert Search Scope Monitor"

"hkey"="HKLM"

"command"="\"C:\\PROGRA~1\\ALLIN1~2\\bar\\1.bin\\8hsrchmn.exe\" /m=2 /w /h"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Everything]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Everything"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Everything\\Everything.exe\" -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Greenshot]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Greenshot"

"hkey"="HKLM"

"command"="C:\\Program Files\\Greenshot\\Greenshot.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KeePass 2 PreLoad]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="KeePass 2 PreLoad"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\KeePass Password Safe 2\\KeePass.exe\" --preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="KiesTrayAgent"

"hkey"="HKLM"

"command"="C:\\Program Files\\Samsung\\Kies\\KiesTrayAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NextLive"

"hkey"="HKCU"

"command"="C:\\Windows\\system32\\rundll32.exe \"C:\\Users\\Fons\\AppData\\Roaming\\newnext.me\\nengine.dll\",EntryPoint -m l"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSpeedUp]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PCSpeedUp"

"hkey"="HKCU"

"command"="C:\\Program Files\\PC Speed Up\\PCSUNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\phonostar-PlayerTimer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="phonostar-PlayerTimer"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\phonostar-Player\\phonostarTimer.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\phonostarTimer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="phonostarTimer"

"hkey"="HKCU"

"command"="C:\\Program Files\\phonostar-Player\\phonostarTimer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="swg"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="TkBellExe"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Real\\RealPlayer\\update\\realsched.exe\" -osboot"

==== Startup Folders ======================

2014-01-29 11:02:44 1515 ----a-w- C:\Users\Fons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk

2014-02-06 20:34:32 2096 ----a-w- C:\Users\Fons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PRTG Enterprise Console.lnk

2014-01-28 16:04:16 2040 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

2014-01-26 17:28:25 1924 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [25-08-2013 15:55]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [25-08-2013 15:55]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-Fons-PC-Fons" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]

"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "RoboForm Tutorials"]

"C:\Windows\system32\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2139244297-3979779918-2535287518-1001" [C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe]

"C:\Windows\system32\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2139244297-3979779918-2535287518-1001" [C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe]

"C:\Windows\system32\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2139244297-3979779918-2535287518-1001" [C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe]

"C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2139244297-3979779918-2535287518-1001" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]

"C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2139244297-3979779918-2535287518-1001" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]

"C:\Windows\system32\tasks\Run RoboForm Process" [C:\Users\Fons\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe]

"C:\Windows\system32\tasks\Titanium BTC" [C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe]

"C:\Windows\system32\tasks\WSUS-System Protector_startup" [C:\Program Files\WinZip System Utilities Suite\WINZIPSSSystemProtector.exe]

"C:\Windows\system32\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe]

"C:\Windows\system32\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe]

"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [12-12-2013 09:36]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Fons\AppData\Roaming\Mozilla\Firefox\Profiles\sv3giimt.default

3A9E1940B4459CC97FDCBB24FCB69004 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)

0FCEAA7D12B7B0BA825E5C770B1DCA48 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin

C36444D7301A8C881FC7296B092609C7 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update

CBFE3156904AB2D1A097F5E74A6C62F3 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

D6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In

3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash

BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)

EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)

96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)

F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin

B939F44C81A6C6B722E2AB19568733DE - C:\Program Files\phonostar-Player\npphonostarDetectNP.dll - phonostar Detector

4ABE7FADC6E7D30418638FEC7DDC79CA - C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll - DYMO Label Framework

21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\browser\nppdf32.dll - Adobe Acrobat

E0BCE90537E4A41AF36D5BDD5963A09D - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll - Adobe Acrobat

F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect

41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect

B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bmiabdepfhhiieiipmeecdmeljggmfee - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\chrome_tmbep.crx[17-12-2013 04:49]

dflinnddekagfkncpgojoppgnppfkbkj - C:\Program Files\Trend Micro\AMSP\module\20004\ChromeExt\chromeextension\TmNSCChromeExt.crx[10-07-2013 11:58]

efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[23-09-2012 20:43]

idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14-08-2013 15:24]

Google Translate - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

Google Docs - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

TrendMicro BEP Extension - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee

The Piratebay Forwarder - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\cloklogdjmmcmimeccogjmnebmjeolhn

Google Search - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Trend Micro NSC Chrome Extension - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\dflinnddekagfkncpgojoppgnppfkbkj

Adobe Acrobat - Create PDF - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj

Silver Bird - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic

Facebook for Chrome - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp

RealDownloader - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji

Adblock for Pirate Bay - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd

Spell Checker for Chrome - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpdnkkdgghlpdgldicfgnnnkhdfhocg

My Browser Page - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg

Pirate Bay Search - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkhblhgagmibjakfdplikmkmobiield

Value apps - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon

Google Wallet - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Fons\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully

C:\Users\Fons\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully

C:\Users\Fons\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully

C:\Users\Fons\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully

C:\Users\Fons\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully

C:\Users\Fons\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully

C:\Users\Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon deleted successfully

C:\Users\Fons\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcnnhcneegeeojhgpfijnlnocjdmlaon_0.localstorage deleted successfully

C:\Users\Fons\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcnnhcneegeeojhgpfijnlnocjdmlaon_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search"

{8FE7D950-23AA-4643-88E7-5BB38E24249E} GenealogieOnline Url="Zoekresultaten » Genealogie Online"

{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully

HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully

HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully

HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully

HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully

HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully

HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1 deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allin1Convert EPM Support deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allin1Convert Home Page Guard 32 bit deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allin1Convert Search Scope Monitor deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp deleted successfully

==== HijackThis Entries ======================

C:\Users\Fons\Documents\Usenext\wizard\Musitek SmartScore X2 Professional Edition v10 - R (2)\Musitek_SmartScore_X2_Professional_Edition_v10.5.4-RBS.exe

R3 - URLSearchHook: (no name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL

O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [OV3_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe" /OS

O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"

O4 - HKLM\..\Run: [Allin1Convert_8h Browser Plugin Loader] C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe

O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"

O4 - HKLM\..\Run: [EaseUs TB Tray Agent] "C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [OV3_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe"

O4 - HKCU\..\Run: [] C:\Users\Fons\AppData\Roaming\epelnu\\

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [phonostar-PlayerTimer] "C:\Program Files\phonostar-Player\phonostarTimer.exe"

O4 - HKCU\..\Run: [okuoud.exe] C:\Users\Fons\AppData\Roaming\elnude\\okuoud.exe

O4 - HKCU\..\Run: [awelnu.exe] C:\Users\Fons\AppData\Roaming\ujawke\\awelnu.exe

O4 - HKCU\..\Run: [jaujla.exe] C:\Users\Fons\AppData\Roaming\epelnu\\jaujla.exe

O4 - HKCU\..\Run: [udbuja.exe] C:\Users\Fons\AppData\Roaming\ewbuas\\udbuja.exe

O4 - HKCU\..\Run: [sjawe.exe] C:\Users\Fons\AppData\Roaming\ewbuas\\sjawe.exe

O4 - HKCU\..\Run: [epweok.exe] C:\Users\Fons\AppData\Roaming\ujawke\\epweok.exe

O4 - HKCU\..\Run: [nuewab.exe] C:\Users\Fons\AppData\Roaming\ujawke\\nuewab.exe

O4 - HKCU\..\Run: [ujpuel.exe] C:\Users\Fons\AppData\Roaming\ujawke\\ujpuel.exe

O4 - HKCU\..\Run: [oknuud.exe] C:\Users\Fons\AppData\Roaming\ewbuas\\oknuud.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: AutoStarter.lnk = Fons\Documents\Usenext\wizard\Musitek SmartScore X2 Professional Edition v10 - R (2)\Musitek_SmartScore_X2_Professional_Edition_v10.5.4-RBS.exe

O4 - Startup: PRTG Enterprise Console.lnk = C:\Program Files\PRTG Network Monitor\PRTG Enterprise Console.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe

O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll

O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll

O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

O23 - Service: Adobe Active File Monitor V12 (AdobeActiveFileMonitor12.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe

O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: PRTG Core Server Service (PRTGCoreService) - Paessler AG - C:\Program Files\PRTG Network Monitor\PRTG Server.exe

O23 - Service: PRTG Probe Service (PRTGProbeService) - Paessler AG - C:\Program Files\PRTG Network Monitor\PRTG Probe.exe

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: WINZIPSSDiskOptimizer - Unknown owner - C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe (file missing)

==== Empty IE Cache ======================

C:\Users\Fons\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Fons\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Fons\AppData\Local\Mozilla\Firefox\Profiles\sv3giimt.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Fons\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1928 folders=227 199700705 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Fons\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Fons\AppData\Local\Temp successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\System32\WPRO_41_2001woem.tmpsearch" not found

"C:\Program Files\WinZip System Utilities Suite" not found

==== EOF on vr 07-02-2014 at 16:19:50,30 ======================

Link naar reactie
Delen op andere sites

Dubbelklik op Zoek.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  C:\Users\Fons\AppData\Roaming\ujawke;fs
 C:\Users\Fons\AppData\Roaming\ewbuas;fs
 C:\Users\Fons\AppData\Roaming\epelnu;fs
 C:\Users\Fons\AppData\Roaming\elnude;fs
 [HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Microsoft\Windows\CurrentVersion\Run];r
 “okuoud.exe"=-;r
 "awelnu.exe"=-;r
 "jaujla.exe"=-;r
 "udbuja.exe"=-;r
 "sjawe.exe"=-;r
 "epweok.exe"=-;r
 "nuewab.exe"=-;r
 "ujpuel.exe"=-;r
 "oknuud.exe"=-;r
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
 "Allin1Convert_8h Browser Plugin Loader"=-;r
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
 "okuoud.exe"=-;r
"awelnu.exe"=-;r
"jaujla.exe"=-;r
"udbuja.exe"=-;r
"sjawe.exe"=-;r
"epweok.exe"=-;r
"nuewab.exe"=-;r
"ujpuel.exe"=-;r
"oknuud.exe"=-;r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Allin1Convert EPM Support];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Allin1Convert Home Page Guard 32 bit];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Allin1Convert Search Scope Monitor];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive];r
 {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4};c
 autoclean;

  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Beste forum medewerker.

Hierbij het resultaat.

Zoek.exe v5.0.0.0 Updated 07-February-2014

Tool run by Fons on vr 07-02-2014 at 20:50:04,21.

Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Fons\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-02-07-151950.log 71972 bytes

==== Creating Sample_07-02-2014_2102.zip ======================

Process iexplore.exe killed

Copied file C:\Users\Fons\AppData\Roaming\loadit.exe to sample\loadit.exe

sample\loadit.exe renamed to 4996855F8A9B110D4D47211E9072F526

C:\Users\Public\Desktop\sample_07-02-2014_2102.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} deleted successfully

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-2139244297-3979779918-2535287518-1001\Software\Microsoft\Windows\CurrentVersion\Run]

“okuoud.exe"=-

"awelnu.exe"=-

"jaujla.exe"=-

"udbuja.exe"=-

"sjawe.exe"=-

"epweok.exe"=-

"nuewab.exe"=-

"ujpuel.exe"=-

"oknuud.exe"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Allin1Convert_8h Browser Plugin Loader"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"okuoud.exe"=-

"awelnu.exe"=-

"jaujla.exe"=-

"udbuja.exe"=-

"sjawe.exe"=-

"epweok.exe"=-

"nuewab.exe"=-

"ujpuel.exe"=-

"oknuud.exe"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Allin1Convert EPM Support]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Allin1Convert Home Page Guard 32 bit]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Allin1Convert Search Scope Monitor]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive]

==== Deleting Files \ Folders ======================

C:\Users\Fons\AppData\Roaming\ujawke deleted

C:\Users\Fons\AppData\Roaming\ewbuas deleted

C:\Users\Fons\AppData\Roaming\epelnu deleted

C:\Users\Fons\AppData\Roaming\elnude deleted

C:\Windows\tasks\Torntv V6.0-chromeinstaller.job deleted

C:\Windows\system32\tasks\Torntv V6.0-chromeinstaller deleted

C:\Users\Fons\AppData\Roaming\loadit.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [07-02-2014 19:06]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Fons\AppData\Roaming\Mozilla\Firefox\Profiles\sv3giimt.default

BA2D1C9CD426FEA1DAE5A133BF6F3075 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)

B0BB120C94262686B7772CA71CEBD364 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin

C36444D7301A8C881FC7296B092609C7 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update

CBFE3156904AB2D1A097F5E74A6C62F3 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

D6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In

3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash

BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)

EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)

96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)

F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin

B939F44C81A6C6B722E2AB19568733DE - C:\Program Files\phonostar-Player\npphonostarDetectNP.dll - phonostar Detector

4ABE7FADC6E7D30418638FEC7DDC79CA - C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll - DYMO Label Framework

21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\browser\nppdf32.dll - Adobe Acrobat

E0BCE90537E4A41AF36D5BDD5963A09D - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll - Adobe Acrobat

F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect

41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect

B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bmiabdepfhhiieiipmeecdmeljggmfee - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\chrome_tmbep.crx[17-12-2013 04:49]

dflinnddekagfkncpgojoppgnppfkbkj - C:\Program Files\Trend Micro\AMSP\module\20004\ChromeExt\chromeextension\TmNSCChromeExt.crx[10-07-2013 11:58]

efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[23-09-2012 20:43]

idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14-08-2013 15:24]

Google Translate - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

Torntv V6.0 - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim

TrendMicro BEP Extension - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee

The Piratebay Forwarder - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\cloklogdjmmcmimeccogjmnebmjeolhn

Trend Micro NSC Chrome Extension - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\dflinnddekagfkncpgojoppgnppfkbkj

Silver Bird - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic

Facebook for Chrome - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp

RealDownloader - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji

Adblock for Pirate Bay - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd

Pirate Bay Search - Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkhblhgagmibjakfdplikmkmobiield

==== Chrome Fix ======================

C:\Users\Fons\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search"

{8FE7D950-23AA-4643-88E7-5BB38E24249E} GenealogieOnline Url="Zoekresultaten » Genealogie Online"

==== Empty IE Cache ======================

C:\Users\Fons\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Fons\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Fons\AppData\Local\Mozilla\Firefox\Profiles\sv3giimt.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Fons\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2013 folders=242 490492295 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Fons\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== EOF on vr 07-02-2014 at 21:10:46,26 ======================

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.