Computer erg traag geworden

​Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\WINDOWS\SYSTEM32\DWRCS.EXE

C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure\Device Control\fsdevcon32.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe

C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files\F-Secure\Common\FSHDLL32.EXE

C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe

C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\INVENTORYCLIENT\client.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\CCM\CcmExec.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SYSTEM32\DWRCST.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\F-Secure\Common\FNRB32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

C:\Program Files\F-Secure\Common\FIH32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\F-Secure\Common\FSM32.EXE

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"

O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"

O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN

O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [installValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe -s

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files\PokerStars.EU\PokerStarsUpdate.exe (file missing)

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - ESC Trusted Zone: http://view.atdmt.com

O15 - ESC Trusted Zone: http://xenapp.cardo.net

O15 - ESC Trusted Zone: Microsoft's Premier Technical Learning Event | TechEd North America 2013

O15 - ESC Trusted Zone: http://www.facebook.com

O15 - ESC Trusted Zone: http://connect.facebook.net

O15 - ESC Trusted Zone: http://static.ak.fbcdn.net

O15 - ESC Trusted Zone: http://cdnt.meteorsolutions.com

O15 - ESC Trusted Zone: http://static.meteorsolutions.com

O15 - ESC Trusted Zone: TechEd | 2014

O15 - ESC Trusted Zone: http://view.atdmt.com (HKLM)

O15 - ESC Trusted Zone: http://xenapp.cardo.net (HKLM)

O15 - ESC Trusted Zone: Microsoft's Premier Technical Learning Event | TechEd North America 2013 (HKLM)

O15 - ESC Trusted Zone: http://www.facebook.com (HKLM)

O15 - ESC Trusted Zone: http://connect.facebook.net (HKLM)

O15 - ESC Trusted Zone: http://static.ak.fbcdn.net (HKLM)

O15 - ESC Trusted Zone: http://cdnt.meteorsolutions.com (HKLM)

O15 - ESC Trusted Zone: http://static.meteorsolutions.com (HKLM)

O15 - ESC Trusted Zone: TechEd | 2014 (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274095228406

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://84.54.135.77/activex/AMC.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cardo.net

O17 - HKLM\Software\..\Telephony: DomainName = cardo.net

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cardo.net

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cardo.net

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Opdracht op afstand iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Device Control Daemon (fsdevcon) - F-Secure Corporation - C:\Program Files\F-Secure\Device Control\\fsdevcon32.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks, Inc. - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: ProService for 8.3B (ProService8.3B) - Progress Software - C:\DLC\bin\ProSrvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Snow Inventory Client (SnowInventoryClient) - Snow Software AB - C:\Program Files\INVENTORYCLIENT\client.exe

--

End of file - 12982 bytes

Download MalwareBytes Anti-Malware bij voorkeur naar het bureaublad.

• Dubbelklik op mbam-setup-2.0.exe om de installatie van Malwarebytes Anti-Malware te starten.
  
• Volg de verdere aanwijzingen, de volledige installatieprocedure kunt u nalezen op de volgende link - Malwarebytes Anti-Malware installeren.
  

• Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
  
• Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
  
• De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.
  
• Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
  
  • Klik vervolgens op de knop Acties toepassen, bij de melding dat uw computer opnieuw opgestart moet worden klikt u op Nee.
    
  • Klik vervolgens op de knop Bekijk gedetailleerd logboek en klik op de knop exporteer en kies de optie tekstbestand (*.txt).
    
  • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog en klik vervolgens op de knop Opslaan.
    
  • Dit bestand zal standaard op uw bureaublad worden opgeslagen.
    

MalwareBytes' Anti-Malware logbestand plaatsen

• Voeg het logbestand wat u zojuist heeft opgeslagen als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in Malwarebytes Anti-Malware bij Historie > Programmalogboeken)
  
• Plaats de inhoud van dit logbestand in het volgende bericht.
  

Malwarebytes Anti-Malware

Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 20-5-2014

Scan Time: 10:36:47

Logfile: MBAMScanlog.txt

Administrator: Yes

Version: 2.00.1.1004

Malware Database: v2014.05.20.02

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: rokn01

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 383394

Time Elapsed: 20 min, 25 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is worden er twee kladblok bestanden geopend genaamd "Log.txt" en "Info.txt" .
  

RSIT Logbestanden plaatsen

• Voeg het logbestand met de naam "Log.txt" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in de map ""C:\\rsit")
  
• Het logbestand met de naam "Info.txt" wat geminimaliseerd is hoeft u niet te plaatsen. (Dit logbestand wordt enkel de eerst keer bij het uitvoeren aangemaakt).
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
  

Bekijk ook de instructievideo.

Logfile of random's system information tool 1.09 (written by random/random)

Run by rokn01 at 2014-05-20 19:33:12

Microsoft Windows XP Professional Service Pack 3

System drive C: has 26 GB (34%) free of 76 GB

Total RAM: 2038 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:33:57, on 20-5-2014

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\WINDOWS\SYSTEM32\DWRCS.EXE

C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure\Device Control\fsdevcon32.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe

C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files\F-Secure\Common\FSHDLL32.EXE

C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\INVENTORYCLIENT\client.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\CCM\CcmExec.exe

C:\WINDOWS\SYSTEM32\DWRCST.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\Program Files\F-Secure\Common\FNRB32.EXE

C:\Program Files\F-Secure\Common\FIH32.EXE

C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\F-Secure\Common\FSM32.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Documents and Settings\rokn01\My Documents\Downloads\RSIT (1).exe

C:\Program Files\trend micro\rokn01.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"

O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"

O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN

O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [installValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe -s

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files\PokerStars.EU\PokerStarsUpdate.exe (file missing)

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - ESC Trusted Zone: http://view.atdmt.com

O15 - ESC Trusted Zone: http://xenapp.cardo.net

O15 - ESC Trusted Zone: Microsoft's Premier Technical Learning Event | TechEd North America 2013

O15 - ESC Trusted Zone: http://www.facebook.com

O15 - ESC Trusted Zone: http://connect.facebook.net

O15 - ESC Trusted Zone: http://static.ak.fbcdn.net

O15 - ESC Trusted Zone: http://cdnt.meteorsolutions.com

O15 - ESC Trusted Zone: http://static.meteorsolutions.com

O15 - ESC Trusted Zone: TechEd | 2014

O15 - ESC Trusted Zone: http://view.atdmt.com (HKLM)

O15 - ESC Trusted Zone: http://xenapp.cardo.net (HKLM)

O15 - ESC Trusted Zone: Microsoft's Premier Technical Learning Event | TechEd North America 2013 (HKLM)

O15 - ESC Trusted Zone: http://www.facebook.com (HKLM)

O15 - ESC Trusted Zone: http://connect.facebook.net (HKLM)

O15 - ESC Trusted Zone: http://static.ak.fbcdn.net (HKLM)

O15 - ESC Trusted Zone: http://cdnt.meteorsolutions.com (HKLM)

O15 - ESC Trusted Zone: http://static.meteorsolutions.com (HKLM)

O15 - ESC Trusted Zone: TechEd | 2014 (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274095228406

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://84.54.135.77/activex/AMC.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cardo.net

O17 - HKLM\Software\..\Telephony: DomainName = cardo.net

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cardo.net

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cardo.net

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Opdracht op afstand iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Device Control Daemon (fsdevcon) - F-Secure Corporation - C:\Program Files\F-Secure\Device Control\\fsdevcon32.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks, Inc. - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: ProService for 8.3B (ProService8.3B) - Progress Software - C:\DLC\bin\ProSrvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Snow Inventory Client (SnowInventoryClient) - Snow Software AB - C:\Program Files\INVENTORYCLIENT\client.exe

--

End of file - 12732 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{2BFC4E6F-924A-48AF-93FE-87A96F6D8FC7}.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{72015A0F-3E0B-49A9-825D-746A296A2E24}.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{8D4D68DF-33A1-4E5E-AEC5-902CCC0E324C}.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{F1EB52EA-AF37-4D99-A556-1A1E11AA03D9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2007-03-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 4220304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-12-03 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-12-03 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-12-03 79856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2009-12-03 176128]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-03-09 134656]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-03-09 166912]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-03-09 135680]

"Client Access Service"=C:\Program Files\IBM\Client Access\cwbsvstr.exe [2002-05-07 20530]

"Client Access Help Update"=C:\Program Files\IBM\Client Access\cwbinhlp.exe [2002-05-07 24626]

"Client Access Check Version"=C:\Program Files\IBM\Client Access\cwbckver.exe [2002-05-07 45056]

"Client Access Express Welcome"=C:\Program Files\IBM\Client Access\cwbwlwiz.exe [2002-05-07 20530]

"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143360]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2012-10-25 421888]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]

"F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2014-02-28 348712]

"F-Secure TNB"=C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [2014-02-28 1879080]

"InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707"=C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe [2013-06-19 265096]

"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

"DameWare MRC Agent"=C:\WINDOWS\system32\DWRCST.exe [2009-02-04 78848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2009-03-09 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 4220304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=67108863

"NoDrives"=0

"NoBandCustomize"=0

"NoMovingBands"=0

"NoCloseDragDropBands"=0

"NoDriveTypeAutoRun"=323

"NoDesktopCleanupWizard"=1

"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDrives"=0

"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\AT&T Global Network Client\SwiApiMux.exe"="C:\Program Files\AT&T Global Network Client\SwiApiMux.exe:*:Enabled:SwiApiMux"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Documents and Settings\rokn01\Desktop\utorrent.exe"="C:\Documents and Settings\rokn01\Desktop\utorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\IBM\Client Access\cwbunnav.exe"="C:\Program Files\IBM\Client Access\cwbunnav.exe:*:Enabled:cwbunnav.exe"

"C:\Program Files\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe"="C:\Program Files\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe:*:Enabled:LEGO EV3"

"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"

"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"

"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Documents and Settings\rokn01\My Documents\Downloads\Adobe_Photoshop_CS4_Extended_[_FULL_VERSION_Crack_]_downloader.exe"="C:\Documents and Settings\rokn01\My Documents\Downloads\Adobe_Photoshop_CS4_Extended_[_FULL_VERSION_Crack_]_downloader.exe:*:Enabled:YourFile Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"

"C:\Program Files\AT&T Global Network Client\NetClient.exe"="C:\Program Files\AT&T Global Network Client\NetClient.exe:*:Enabled:Network access client"

"C:\Program Files\IBM\Client Access\cwbunnav.exe"="C:\Program Files\IBM\Client Access\cwbunnav.exe:*:Enabled:cwbunnav.exe"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Documents and Settings\rokn01\Application Data\Spotify\spotify.exe"="C:\Documents and Settings\rokn01\Application Data\Spotify\spotify.exe:*:Enabled:Spotify"

"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour-service"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-05-19 15:29:35 ----D---- C:\rsit

2014-05-18 16:13:51 ----D---- C:\Documents and Settings\All Users\Application Data\Max Secure

2014-05-18 16:00:44 ----D---- C:\Documents and Settings\rokn01\Application Data\GetRightToGo

2014-05-18 15:49:58 ----A---- C:\WINDOWS\system32\sqlite3.dll

2014-05-18 15:48:52 ----D---- C:\AdwCleaner

2014-05-18 14:14:56 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

2014-05-18 14:10:18 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys

2014-05-18 14:10:18 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2014-05-18 14:10:16 ----D---- C:\Program Files\Malwarebytes Anti-Malware

2014-05-18 13:10:26 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe

2014-05-01 09:21:40 ----D---- C:\Documents and Settings\All Users\Application Data\Mozilla

2014-04-28 17:35:12 ----D---- C:\Documents and Settings\rokn01\Application Data\No Company Name

2014-04-28 15:25:53 ----D---- C:\Program Files\Microsoft Synchronization Services

2014-04-28 15:25:49 ----D---- C:\Program Files\Common Files\DESIGNER

2014-04-28 15:24:33 ----D---- C:\Program Files\Microsoft Sync Framework

2014-04-28 15:24:33 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition

2014-04-28 15:18:47 ----D---- C:\Program Files\Microsoft Visual Studio 8

2014-04-28 15:14:54 ----D---- C:\Program Files\Microsoft Analysis Services

2014-04-28 15:13:13 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2014-04-28 15:11:51 ----RHD---- C:\MSOCache

======List of files/folders modified in the last 1 month======

2014-05-20 19:33:23 ----D---- C:\Program Files\Trend Micro

2014-05-20 19:33:03 ----D---- C:\WINDOWS\Prefetch

2014-05-20 19:27:53 ----D---- C:\WINDOWS\Temp

2014-05-20 19:26:10 ----A---- C:\WINDOWS\SMSCFG.ini

2014-05-20 19:24:24 ----D---- C:\WINDOWS\system32\CatRoot2

2014-05-20 19:22:38 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt

2014-05-20 10:43:54 ----A---- C:\WINDOWS\SchedLgU.Txt

2014-05-20 10:03:52 ----D---- C:\WINDOWS\system32\drivers

2014-05-20 09:49:46 ----D---- C:\WINDOWS

2014-05-19 14:59:14 ----SHD---- C:\WINDOWS\Installer

2014-05-19 14:59:14 ----SD---- C:\Documents and Settings\rokn01\Application Data\Microsoft

2014-05-19 14:59:14 ----D---- C:\Config.Msi

2014-05-19 14:45:39 ----RD---- C:\Program Files

2014-05-18 16:40:31 ----D---- C:\WINDOWS\system32

2014-05-18 16:40:26 ----D---- C:\WINDOWS\system32\drivers\etc

2014-05-18 16:18:59 ----RSD---- C:\WINDOWS\Fonts

2014-05-18 15:40:52 ----HD---- C:\WINDOWS\inf

2014-05-18 14:48:36 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt

2014-05-18 14:45:21 ----D---- C:\WINDOWS\Cursors

2014-05-18 14:44:58 ----SD---- C:\WINDOWS\Tasks

2014-05-18 14:10:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2014-05-18 13:50:19 ----D---- C:\Documents and Settings\rokn01\Application Data\Mozilla

2014-05-18 13:25:09 ----RSD---- C:\WINDOWS\assembly

2014-05-18 13:23:24 ----D---- C:\WINDOWS\Microsoft.NET

2014-05-18 13:18:13 ----RASH---- C:\boot.ini

2014-05-18 13:10:46 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2014-05-18 13:09:33 ----D---- C:\Documents and Settings\rokn01\Application Data\uTorrent

2014-05-10 14:38:14 ----D---- C:\Documents and Settings\rokn01\Application Data\Adobe

2014-05-10 14:38:03 ----D---- C:\Program Files\Common Files\Adobe

2014-05-10 14:28:08 ----D---- C:\Program Files\WinRAR

2014-05-02 11:22:25 ----D---- C:\WINDOWS\Debug

2014-05-01 20:44:52 ----D---- C:\CALC

2014-04-28 17:41:31 ----D---- C:\WINDOWS\WinSxS

2014-04-28 17:39:53 ----D---- C:\Program Files\Adobe

2014-04-28 15:37:09 ----A---- C:\WINDOWS\win.ini

2014-04-28 15:36:23 ----D---- C:\Program Files\Common Files\Microsoft Shared

2014-04-28 15:35:55 ----D---- C:\WINDOWS\SHELLNEW

2014-04-28 15:29:55 ----D---- C:\WINDOWS\system32\config

2014-04-28 15:26:57 ----D---- C:\Program Files\MSBuild

2014-04-28 15:25:49 ----D---- C:\Program Files\Common Files

2014-04-28 15:24:38 ----D---- C:\Program Files\Microsoft Office

2014-04-28 15:24:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2014-04-28 15:24:33 ----D---- C:\Program Files\Microsoft.NET

2014-04-23 17:48:57 ----D---- C:\Program Files\F-Secure

2014-04-23 15:54:11 ----D---- C:\Documents and Settings\rokn01\Application Data\Google

2014-04-23 15:52:58 ----D---- C:\Program Files\Google

2014-04-23 15:36:06 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure

2014-04-23 15:34:36 ----D---- C:\Documents and Settings\All Users\Application Data\fssg

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]

R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]

R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]

R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]

R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]

R0 fsbts;fsbts; C:\WINDOWS\system32\Drivers\fsbts.sys [2014-04-23 44240]

R0 FSFW;F-Secure Firewall Driver; C:\WINDOWS\System32\drivers\fsdfw.sys [2014-02-28 83464]

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\System32\Drivers\iaStor.sys [2009-02-11 329752]

R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]

R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]

R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver; C:\WINDOWS\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]

R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys []

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]

R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2009-11-24 154672]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]

R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-12-10 187392]

R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]

R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2012-08-24 26624]

R3 DwMirror;DwMirror; C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys []

R3 fsni;fsni; \??\C:\Program Files\F-Secure\NIF\bin\fsnixp32.sys []

R3 fsnitdi;fsnitdi; \??\C:\Program Files\F-Secure\NIF\bin\fsnitdi32.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]

R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAudN.sys [2007-04-27 666112]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-03-25 988032]

R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-03-25 210688]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-03-09 6278016]

R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-06-01 21424]

R3 LenovoRd;LenovoRd; C:\WINDOWS\System32\Drivers\LenovoRd.sys [2007-06-08 81280]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys []

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-11-27 2236544]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]

R3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]

R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]

R3 smsmdd;smsmdd; C:\WINDOWS\system32\DRIVERS\smsmdm.sys [2008-10-20 12448]

R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2007-03-14 40848]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-03-25 731136]

R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]

S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []

S3 avpnnic;AGN Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2009-10-08 11392]

S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]

S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]

S3 catchme;catchme; \??\C:\DOCUME~1\rokn01\LOCALS~1\Temp\catchme.sys []

S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ewusbnet.sys [2009-07-23 112640]

S3 gtermddo;gtermddo; \??\C:\DOCUME~1\rokn01\LOCALS~1\Temp\gtermddo.sys []

S3 GTF32BUS;GT F32 BUS; C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2008-02-13 35200]

S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2008-02-13 8064]

S3 GTSCSER;GT SC SER; C:\WINDOWS\system32\DRIVERS\gtscser.sys [2008-02-13 21248]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-07-10 49920]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-07-10 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-10 21568]

S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys []

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-07-23 102528]

S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys [2009-07-23 100480]

S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [2008-11-04 7680]

S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []

S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]

S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]

S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]

S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]

S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]

S3 swmsflt;swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [2008-08-22 26760]

S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys []

S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-03-21 364629]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2009-09-18 764768]

R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2013-07-29 684136]

R2 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\SYSTEM32\DWRCS.EXE [2009-02-04 234496]

R2 fsdevcon;F-Secure Device Control Daemon; C:\Program Files\F-Secure\Device Control\\fsdevcon32.exe [2014-02-28 408616]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [2014-02-28 224296]

R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure\Common\FSMA32.EXE [2014-02-28 206888]

R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-06-01 36400]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-12-03 153584]

R2 JuniperAccessService;Juniper Unified Network Service; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2012-08-22 158832]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-04-03 1809720]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2014-04-03 857912]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2007-03-22 322120]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 SnowInventoryClient;Snow Inventory Client; C:\Program Files\INVENTORYCLIENT\client.exe [2013-10-28 3359744]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [2014-02-28 556072]

R3 F-Secure Network Request Broker;F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [2014-02-28 217128]

R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\F-Secure\ORSP Client\fsorsp.exe [2013-06-06 60352]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-13 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18 257712]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 Cwbrxd;Opdracht op afstand iSeries Access for Windows; C:\WINDOWS\CWBRXD.EXE [2002-02-04 53296]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-13 136176]

S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 ProService8.3B;ProService for 8.3B; C:\DLC\bin\ProSrvc.exe [1999-01-30 30208]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]

S3 smstsmgr;SMS Task Sequence Agent; C:\WINDOWS\system32\CCM\TSManager.exe [2009-09-18 246624]

S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]

S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Ga naar Java en download daar de correcte Java versie.

• Klik op "Gratis Java-download".
  
• Ga akkoord met de licentiebepalingen en klik op de button voor de gratis download.
  
• Het bestand JavaSetup wordt aangeboden - kies hier voor "bestand opslaan".
  
• Sluit alle programma's die eventueel open zijn - zeker je web browser!
  
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  
• Vink alles aan met Java Runtime Environment (JRE of J2SE of JAVA) in de naam.
  
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  
• Herhaal dit tot alle oudere versies verdwenen zijn.
  
• Na het verwijderen van alle oudere versies, herstart je pc.
  
• Klik vervolgens op JavaSetup om de nieuwste versie van Java te installeren.
  
• Vink de installatie van de Ask toolbar uit en ga dan verder met de installatie.
  

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  {07BA1DA9-F501-4796-8728-74D1B91A6CD5};c
 C:\Program Files\PokerStars.EU;fs
 emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "More options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht als bijlage.
  

Zoek.exe logbestand plaatsen

• Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
  

Zoek.exe v5.0.0.0 Updated 21-05-2014

Tool run by rokn01 on wo 21-05-2014 at 11:35:54,46.

Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\rokn01\My Documents\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

21-5-2014 11:38:51 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Documents and Settings\rokn01\Local Settings\Application Data\Secunia PSI deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2781560043-2945397114-2333775007-4818\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07BA1DA9-F501-4796-8728-74D1B91A6CD5} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{07BA1DA9-F501-4796-8728-74D1B91A6CD5} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Program Files\PokerStars.EU not found

C:\Documents and Settings\rokn01\Application Data\GetRightToGo deleted

C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\rokn01\LOCALS~1\Temp ====

====== Java Cache =====

2014-05-21 09:04:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Documents and Settings\rokn01\Local Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-49389a76

====== C:\WINDOWS\system32 =====

2014-05-21 09:34:34 DAB02E4C509EBAA96C6F3BFABCCF37F9 145408 ----a-w- C:\WINDOWS\System32\javacpl.cpl

2014-05-21 09:34:34 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\WINDOWS\System32\javaws.exe

2014-05-21 09:34:24 B42338F92D3BDADA79B6BE553E72587C 94632 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll

2014-05-21 09:34:24 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\WINDOWS\System32\java.exe

2014-05-21 09:34:24 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\WINDOWS\System32\javaw.exe

2014-05-18 13:49:58 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\WINDOWS\System32\sqlite3.dll

2014-05-18 11:10:26 5B26FF5D3FA607CDC89EA6AAA8BF76A1 17352880 ----a-w- C:\WINDOWS\System32\FlashPlayerInstaller.exe

====== C:\WINDOWS\system32\drivers =====

2014-05-18 12:14:56 661B911FA04E73FB073FF9B1C9BD2E05 107736 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

2014-05-18 12:10:18 5F7B035B533B87EA936F8B04493879CC 50648 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys

2014-05-18 12:10:18 0C6EA0109CFEDF441F06D031E9A8D1A9 23256 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

====== C:\WINDOWS\Tasks ======

2014-05-20 19:38:53 34018B6E10F31A560FFC918D3287340D 284 ----a-w- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

2014-05-21 09:34:42 -------- d-----w- C:\Program Files\Common Files\Java

2014-05-21 09:09:59 -------- d-----w- C:\Program Files\QuickTime

2014-05-20 19:38:45 -------- d-----w- C:\Program Files\Apple Software Update

2014-05-20 19:36:27 -------- d-----w- C:\Program Files\Common Files\Apple

2014-05-20 19:20:54 -------- d-----w- C:\Program Files\Secunia

2014-04-28 13:25:53 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2014-04-28 13:25:49 -------- d-----w- C:\Program Files\Common Files\DESIGNER

2014-04-28 13:24:33 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2014-04-28 13:18:47 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8

2014-04-28 13:14:54 -------- d-----w- C:\Program Files\Microsoft Analysis Services

======= C: =====

====== C:\Documents and Settings\rokn01\Application Data ======

2014-05-21 09:05:26 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Apple Computer

2014-05-21 09:03:57 -------- d-----w- C:\Documents and Settings\rokn01\Local Settings\Application Data\Sun

2014-05-20 19:38:52 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Apple

2014-05-20 19:33:50 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

2014-05-20 19:33:48 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\Adobe

2014-05-10 12:28:08 -------- d-----w- C:\Documents and Settings\rokn01\Start Menu\Programs\WinRAR

2014-05-01 09:22:50 -------- d-----w- C:\Documents and Settings\rokn01\Local Settings\Application Data\StickyNotes

2014-05-01 07:23:12 -------- d-----w- C:\Documents and Settings\rokn01\Local Settings\Application Data\Mozilla

2014-04-28 15:35:12 -------- d-----w- C:\Documents and Settings\rokn01\Application Data\No Company Name

2014-04-28 13:13:44 -------- d-----w- C:\Documents and Settings\rokn01\Local Settings\Application Data\Microsoft Help

====== C:\Documents and Settings\rokn01 ======

2014-05-20 19:41:46 -------- d--h--r- C:\Documents and Settings\rokn01\Recent

====== C: exe-files ==

2014-05-21 09:33:55 FB67D8F555AA8E847DC6D7BFFF69C1C1 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe

2014-05-21 09:33:55 67E721D8CA3F26695C2836870FF395E0 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe

2014-05-21 09:33:53 B1CE4931FCA0E9D6493F18440A492472 49576 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe

2014-05-21 09:33:53 829199AE07062FE066CCD037190B4D04 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe

2014-05-21 09:33:53 7151FDB921CC188833E69690E969616A 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe

2014-05-21 09:33:53 3B8C2991462B84868BB04C67E197CFC1 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe

2014-05-21 09:33:53 21190A2C683911E97E6484632F0A11AF 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe

2014-05-21 09:33:52 5F32AD07982BE93452A755CE94F130BA 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe

2014-05-21 09:33:52 3DAA029309C13F0A8DFB839372A3E8D3 16296 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe

2014-05-21 09:33:51 B863FBED45DA51498B42DEAE76006D94 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe

2014-05-21 09:33:50 E788AC8198E99F9DA268A35719462DEF 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe

2014-05-21 09:33:50 CA8C3C3510377A38A0FD0386B1C8700D 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe

2014-05-21 09:33:50 C38B939945B2357D56B105C8F8FE7C45 52648 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe

2014-05-21 09:33:50 77430E8234A0050ECCC5E2F5B30A7BEF 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe

2014-05-21 09:33:50 0F298580559EE0929C572CFEB99B5AAA 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe

2014-05-21 09:33:46 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Program Files\Java\jre7\bin\java.exe

2014-05-21 09:33:46 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe

2014-05-21 09:33:46 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe

2014-05-21 09:33:46 00F5108D91D768CA9D4ABC5E5053F50F 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe

2014-05-21 09:33:45 FBC892A1196A03F695F112A5EDE032DC 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe

2014-05-21 09:33:45 58B60ED489B1EDFA2BCDCAAF90B5EDD8 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe

2014-05-21 09:32:54 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Documents and Settings\rokn01\Application Data\Sun\Java\jre1.7.0_55\lzma.exe

2014-05-21 09:17:55 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc4.exe

2014-05-21 09:17:54 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc3.exe

2014-05-21 09:04:17 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc2.exe

2014-05-21 09:02:43 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\Documents and Settings\rokn01\My Documents\Downloads\chromeinstall-7u55 (1).exe

2014-05-21 09:01:50 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc5.exe

2014-05-20 19:33:37 C3E4419CD96A80693E52DCAC54F166B4 96768 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe

2014-05-20 19:33:37 ACEB3F702F3CC057C2894AB603785A52 59392 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe

2014-05-20 19:33:37 5D576B7CC0A128364B544389E497E89A 130208 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe

2014-05-20 19:33:37 3A78A7BE5EFC451F6CAE86254F575A3D 54432 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe

2014-05-20 19:33:37 3A78A7BE5EFC451F6CAE86254F575A3D 54432 ----a-w- C:\Program Files\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe

2014-05-20 19:19:50 D8B9844FDFD05CD495F110FFF11C1EE5 5329480 ----a-w- C:\Documents and Settings\rokn01\My Documents\Downloads\PSISetup.exe

2014-05-20 17:31:33 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc25.exe

2014-05-20 07:55:40 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Documents and Settings\rokn01\My Documents\Downloads\mbam-setup-2.0.0.1000.exe

2014-05-19 13:32:20 5272726DBB7A409A2F4E55356E335128 1328723 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc15.exe

2014-05-19 13:26:26 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\rokn01\My Documents\Downloads\RSIT.exe

2014-05-18 14:01:01 34FE1E227C2B2F2B9F0EDA027FCEC482 610798 ----a-w- C:\Documents and Settings\rokn01\Desktop\Downloads\MaxSDDMnew.exe

2014-05-18 14:00:09 F8ACF6FD6A3077B02B4528B25664D24F 368256 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc6.exe

2014-05-18 13:47:46 9C038759E5993C0B3BFD8F2192C12747 1325827 ----a-w- C:\Documents and Settings\rokn01\My Documents\Downloads\AdwCleaner.exe

2014-05-18 12:15:09 9C038759E5993C0B3BFD8F2192C12747 1325827 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc13.exe

2014-05-18 12:10:02 9C038759E5993C0B3BFD8F2192C12747 1325827 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc14.exe

2014-05-18 12:09:02 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc11.exe

2014-05-18 12:08:46 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\RECYCLER\S-1-5-21-2781560043-2945397114-2333775007-4818\Dc1.exe

2014-05-18 11:07:39 A742CCF738AEFEF3078683BD0E803215 739808 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.137\34.0.1847.137_34.0.1847.131_chrome_updater.exe

=== C: other files ==

2014-05-21 09:33:56 D95F1D4129F0CB2F7626CDCBAC2F512B 18636 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip

2014-05-18 12:14:56 661B911FA04E73FB073FF9B1C9BD2E05 107736 ----a-w- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

2014-05-18 12:10:18 5F7B035B533B87EA936F8B04493879CC 50648 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys

2014-05-18 12:10:18 0C6EA0109CFEDF441F06D031E9A8D1A9 23256 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-2781560043-2945397114-2333775007-4818\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName"

"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe"

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"

"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe"

"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe"

"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe LOGIN"

"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe"

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"

"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE /splash"

"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW"

"InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707"="C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe -s"

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime"

"DameWare MRC Agent"="C:\WINDOWS\system32\DWRCST.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"Synchronization Manager"="%SystemRoot%\system32\mobsync.exe /logon"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]

C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe []

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [13-04-2011 21:29]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [13-04-2011 21:29]

C:\WINDOWS\tasks\User_Feed_Synchronization-{2BFC4E6F-924A-48AF-93FE-87A96F6D8FC7}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 05:31]

C:\WINDOWS\tasks\User_Feed_Synchronization-{72015A0F-3E0B-49A9-825D-746A296A2E24}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 05:31]

C:\WINDOWS\tasks\User_Feed_Synchronization-{8D4D68DF-33A1-4E5E-AEC5-902CCC0E324C}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 05:31]

C:\WINDOWS\tasks\User_Feed_Synchronization-{F1EB52EA-AF37-4D99-A556-1A1E11AA03D9}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 05:31]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [30-06-2009 17:33]

==== Chrome Look ======================

AdBlock - rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Google Wallet - rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\exzamo01\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\jebr02\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LocalAdmin\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\rokn01\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Documents and Settings\rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=173 folders=47 19222293 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrator\Local Settings\temp emptied successfully

C:\Documents and Settings\Default User\Local Settings\temp emptied successfully

C:\Documents and Settings\exzamo01\Local Settings\temp emptied successfully

C:\Documents and Settings\itsp01\Local Settings\temp emptied successfully

C:\Documents and Settings\jebr02\Local Settings\temp emptied successfully

C:\Documents and Settings\LocalAdmin\Local Settings\temp emptied successfully

C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully

C:\Documents and Settings\rokn01\Local Settings\Temp will be emptied at reboot

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\rokn01\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Documents and Settings\rokn01\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on wo 21-05-2014 at 14:51:27,73 ======================

Download AdwCleaner by Xplode naar het bureaublad.

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op Scan.
  
• Klik vervolgens op Clean als er items zijn gevonden.
  
• Klik bij Herstarten Noodzakelijk op OK
  

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[s0].txt.

Logbestand plaatsen

• Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[s0].txt als bijlage toe aan het volgende bericht.
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
  

# AdwCleaner v3.210 - Report created 22/05/2014 at 09:35:56

# Updated 19/05/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : rokn01 - LT21776

# Running from : C:\Documents and Settings\rokn01\My Documents\Downloads\adwcleaner_3.210.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v34.0.1847.137

[ File : C:\Documents and Settings\rokn01\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3152 octets] - [18/05/2014 15:49:08]

AdwCleaner[R1].txt - [1092 octets] - [19/05/2014 15:33:18]

AdwCleaner[R2].txt - [1073 octets] - [22/05/2014 09:33:59]

AdwCleaner[s0].txt - [3259 octets] - [18/05/2014 15:50:46]

AdwCleaner[s1].txt - [1158 octets] - [19/05/2014 15:35:20]

AdwCleaner[s2].txt - [996 octets] - [22/05/2014 09:35:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1055 octets] ##########

Dat ziet er erg netjes uit. Hoe staat het nu met de snelheid van de computer ?