Ga naar inhoud

albada53

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    58

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Berichten die geplaatst zijn door albada53

    gravity space en its result hub

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Ik heb Microsoft Security Essentials op mijn computer geïnstalleerd en deze is actief, dus ik heb verder geen virusscanner meer geïnstalleerd.

    Bijgaand het logje van zoek.exe:

     

    Zoek.exe v5.0.0.0 Updated 04-May-2015
    Tool run by Windows7 on zo 23-08-2015 at 11:36:12,35.
    Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Users\Windows7\Downloads\zoek.exe    [scan all users] [script inserted] 
     
    ==== System Restore Info ======================
     
    23-8-2015 11:38:04 Zoek.exe System Restore Point Created Successfully.
     
    ==== Empty Folders Check ======================
     
    C:\PROGRA~2\MSXML 4.0 deleted successfully
    C:\PROGRA~3\ZoomBrowser deleted successfully
    C:\Users\Windows7\AppData\Roaming\ZoomBrowser EX deleted successfully
    C:\Users\Windows7\AppData\Local\Downloaded Installations deleted successfully
    C:\Users\Windows7\AppData\Local\EmieBrowserModeList deleted successfully
    C:\Users\Windows7\AppData\Local\EmieSiteList deleted successfully
    C:\Users\Windows7\AppData\Local\EmieUserList deleted successfully
     
    ==== Deleting CLSID Registry Keys ======================
     
     
    ==== Deleting CLSID Registry Values ======================
     
     
    ==== Deleting Services ======================
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GLogin deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GLogin deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\esgiguard deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\esgiguard deleted successfully
     
    ==== Deleting Files \ Folders ======================
     
    C:\PROGRA~2\Android Resource Navigator deleted
    C:\Program Files\Enigma Software Group\SpyHunter deleted
    C:\Logfile.txt deleted
    C:\Users\Windows7\AppData\Roaming\appdataFr2.bin deleted
    C:\Users\Windows7\AppData\Roaming\ARCompanion.log deleted
    C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Avkwctl.log deleted
    C:\Windows\SysNative\config\systemprofile\AppData\Roaming\gdfw.log deleted
    C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\gdscan.log deleted
    C:\PROGRA~3\Package Cache deleted
    C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
    C:\Windows\wininit.ini deleted
    "C:\Windows\Installer\11f0da.msi" deleted
    "C:\Windows\Installer\12bb46.msi" deleted
     
    ==== Files Recently Created / Modified ======================
     
    ====== C:\Windows ====
    2015-08-20 19:06:14 BC949EA893A9384070C31F083CCEFD26 3 ----a-w- C:\Windows\7Loader.TAG
    2015-08-16 19:44:48 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\notepad.exe
    2015-08-09 11:18:24 C71EBB0B33A178A572647F6BB0C9EB9B 10449 ----a-w- C:\Windows\diagerr.xml
    2015-08-09 11:18:24 692CA5EBC9E0CEF0A8D0BE4DF7400CEE 9528 ----a-w- C:\Windows\diagwrn.xml
    ====== C:\Users\Windows7\AppData\Local\Temp ====
    2015-08-14 12:29:20 5F09D271B8F4A62FC087E0D5452D2EC8 681097 ----a-w- C:\Users\Windows7\AppData\Local\Temp\sqlite3.dll
    ====== Java Cache =====
    ====== C:\Windows\SysWOW64 =====
    2015-08-21 08:19:35 A98799EBA5BAABF1AB2BAFCE488FC9F9 19871232 ----a-w- C:\Windows\SysWOW64\mshtml.dll
    2015-08-21 08:19:34 225DB7BABA68ED284693EAEE04E94EA1 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
    2015-08-16 20:03:24 4FA66A573E9A45D05AD5A25B1E76A35D 103120 ----a-w- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-08-16 19:49:18 90E480789256D852FA3EADD39D56FDDA 6131200 ----a-w- C:\Windows\SysWOW64\mstscax.dll
    2015-08-16 19:49:17 AF0EC95144F76EA4B40A7ED1DD34616C 856064 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll
    2015-08-16 19:49:16 A27593907607A692D0DE105DE29BBC33 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
    2015-08-16 19:48:54 DC18FFFF3175376ABD38E6D48309F7F9 3934656 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
    2015-08-16 19:48:54 5792E7C663FAA39335D4F787B9499490 1311768 ----a-w- C:\Windows\SysWOW64\ntdll.dll
    2015-08-16 19:48:53 6C95D6264810F816E92780E7DB81F7B1 3989952 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-08-16 19:48:52 A38E10B4143A19F32D64517B6A1FCB98 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
    2015-08-16 19:48:51 FC85BC746818EE9B5181EA0B1C882778 552960 ----a-w- C:\Windows\SysWOW64\kerberos.dll
    2015-08-16 19:48:49 FE748FEAA8A5A7677DA1C2C6CE405ADE 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll
    2015-08-16 19:48:49 15400F593C9023CDC1D144C30BBDA47A 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
    2015-08-16 19:48:48 650B603F5C040727788F19AD0B8D09BC 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
    2015-08-16 19:48:48 51C161D5638465251857B2207BD535CB 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
    2015-08-16 19:48:48 4C2D57F3DDBC07D3CC59160CDC400AC0 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
    2015-08-16 19:48:48 0A4CE9AAA18F9DE7414C1E7BE572F5FA 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
    2015-08-16 19:48:47 E70054ADA6AAB84659AB20D137747ACF 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll
    2015-08-16 19:48:47 A2C5FAE51BC43B29525AAA5BF0B31259 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe
    2015-08-16 19:48:47 086A1544FACAA91CD6F95FC4CDE16913 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
    2015-08-16 19:48:46 8A82C9C4A205266DC22BB1C8F2E1AB2D 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
    2015-08-16 19:48:46 75706C0F199BC7658A98BEE452964587 36864 ----a-w- C:\Windows\SysWOW64\cryptbase.dll
    2015-08-16 19:48:46 3982911B4C4F42B156D7347C1543CF9F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
    2015-08-16 19:48:46 37CE74C8094AD7D1D3B79A8D2849803E 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll
    2015-08-16 19:48:46 2506A1507B7CBFE069BC0289349786ED 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
    2015-08-16 19:48:45 DD8BCBBC1C383F38F284E25CE39C136C 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
    2015-08-16 19:48:45 9E94CD7C6CBDC2C9B6A87AD9D5E4EF80 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
    2015-08-16 19:48:42 C899E7E3A4F42B802DA1E97F9908BD26 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll
    2015-08-16 19:48:42 832494A551C2B2CCB616B2BE13A696A1 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
    2015-08-16 19:48:41 1EA1328207A915C9EB10AA1D102C0B52 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll
    2015-08-16 19:48:41 03A179385219FD37CDFB3E603F912CA7 2048 ----a-w- C:\Windows\SysWOW64\user.exe
    2015-08-16 19:48:40 D5F9C627C221A3B4B6944EDBE90D642C 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll
    2015-08-16 19:48:40 008BDC16E15B3B6EFB6E8B6684022F36 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll
    2015-08-16 19:46:09 C989240A97D4E0B4354679CCF7E66389 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll
    2015-08-16 19:46:09 BDC048308B74B2146495BBB8D4CD4974 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-08-16 19:46:08 FCDCEB29CD1129C6C86AD9700A7E5BD1 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
    2015-08-16 19:46:08 A37FEDFC0BC9E96AD3DFFF41D5805F04 2279424 ----a-w- C:\Windows\SysWOW64\iertutil.dll
    2015-08-16 19:46:07 C929BFB3FD2460B570553AE7344640BC 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-08-16 19:46:07 BD3E3A13423C40E8CF4BE531EE68BAF0 1310720 ----a-w- C:\Windows\SysWOW64\urlmon.dll
    2015-08-16 19:46:07 67DA0EE95026FB2D3577F664F2187F98 342736 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
    2015-08-16 19:46:07 358D91656E54B03B8FFE3CF4D535A6C8 504320 ----a-w- C:\Windows\SysWOW64\vbscript.dll
    2015-08-16 19:46:06 C98AF04E9FC94DBF57B29A9891597664 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
    2015-08-16 19:46:06 32664FC06B115923C449DC22D47CD8A6 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
    2015-08-16 19:46:05 728188684708FEF4F18E2CAB46C54DBB 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
    2015-08-16 19:46:05 0E9529DC8BA5AD3C06B99F115D0D804D 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll
    2015-08-16 19:46:04 D1D3DB57C68A2A62E03DD973F53CEA18 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
    2015-08-16 19:46:03 FB1B7D2B2D500E067B96C56EE0B4DDAD 664064 ----a-w- C:\Windows\SysWOW64\jscript.dll
    2015-08-16 19:46:03 D7FDD5E8B88ADE9107772B4C879FDF94 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
    2015-08-16 19:46:03 8B6B89D3FEDB34CA38055B82A790545F 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
    2015-08-16 19:46:03 1CB9D50EE52BED7DEBF394CEA8A971A5 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
    2015-08-16 19:46:02 793F71F873D106A611DB79741327038C 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
    2015-08-16 19:46:02 3E168B5E5FEE3D09C2D4E97861B5F4B3 479232 ----a-w- C:\Windows\SysWOW64\ieui.dll
    2015-08-16 19:46:00 3C74EA1EC43A694060F09B7D754446C6 12856832 ----a-w- C:\Windows\SysWOW64\ieframe.dll
    2015-08-16 19:45:57 AB6A3699E478DEF677D48B126B223C54 4520448 ----a-w- C:\Windows\SysWOW64\jscript9.dll
    2015-08-16 19:45:57 53DE75BD2C7A3EA29770147EAC8A8D5A 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-08-16 19:45:57 0AC8CD2138FD10C4A0E2FF08F892359C 1951232 ----a-w- C:\Windows\SysWOW64\wininet.dll
    2015-08-16 19:45:56 ECF459774AE6A273F0F59D7C072DB3C4 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
    2015-08-16 19:45:56 4D036506C8359185FC52EB49DB891743 341504 ----a-w- C:\Windows\SysWOW64\html.iec
    2015-08-16 19:45:56 445DB8651F05684F8259D4054A15BC50 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll
    2015-08-16 19:45:04 6B003E11CDBDA3B45A3D16E5A9D3F73B 82432 ----a-w- C:\Windows\SysWOW64\davclnt.dll
    2015-08-16 19:45:04 55C70654420DBF429604FD567E6F3CD3 206848 ----a-w- C:\Windows\SysWOW64\WebClnt.dll
    2015-08-16 19:45:00 EA1BE72A8CD5CEA7B6E6649D1FD78BA1 1241088 ----a-w- C:\Windows\SysWOW64\msxml3.dll
    2015-08-16 19:45:00 121E2E789BE080EB86DA71F95B611DF2 1390592 ----a-w- C:\Windows\SysWOW64\msxml6.dll
    2015-08-16 19:44:59 B6F9E4CDA3069B03F654B650A5379E60 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll
    2015-08-16 19:44:59 127EE7F36CEA127ECCA55BECBC230398 2048 ----a-w- C:\Windows\SysWOW64\msxml6r.dll
    2015-08-16 19:44:56 CE21524C53E9671A7108B28FB9B4E474 1251328 ----a-w- C:\Windows\SysWOW64\DWrite.dll
    2015-08-16 19:44:55 680D463893C9846CC6A1DA6012DD0FE5 299520 ----a-w- C:\Windows\SysWOW64\atmfd.dll
    2015-08-16 19:44:52 9E2F12744DD9810961031C56FBB691F4 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll
    2015-08-16 19:44:52 965CFC7687F0D188F215DC142FC8F6A1 1987584 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll
    2015-08-16 19:44:52 7983F3481E89B96074FAE9AFCC24079C 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll
    2015-08-16 19:44:52 520AEC6C64AF2CFD74B469DB98611D4A 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll
    2015-08-16 19:44:52 400C20D6967A83EA69D6953EBB8D3FA3 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll
    2015-08-16 19:44:48 A4F6DF0E33E644E802C8798ED94D80EA 179712 ----a-w- C:\Windows\SysWOW64\notepad.exe
    2015-08-16 19:44:44 4478348E3942AD9EED9AB263AFE7CD83 12875776 ----a-w- C:\Windows\SysWOW64\shell32.dll
    2015-08-16 19:43:57 A02515B58D318F427FBA64437FB0EDDF 566784 ----a-w- C:\Windows\SysWOW64\wuapi.dll
    2015-08-16 19:43:57 4447FD20A6B48D05E8392B6E18A194A8 173056 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
    2015-08-16 19:43:56 FBECE2B32A3658AEB609DC5A1021100F 30208 ----a-w- C:\Windows\SysWOW64\wups.dll
    2015-08-16 19:43:56 E96D0EEAAE0446F664EE15703BB32A34 93184 ----a-w- C:\Windows\SysWOW64\wudriver.dll
    2015-08-16 19:43:56 742AC3EF3C7C30F0EBF628D6D03BB399 34816 ----a-w- C:\Windows\SysWOW64\wuapp.exe
    ====== C:\Windows\SysWOW64\drivers =====
    ====== C:\Windows\Sysnative =====
    2015-08-21 08:19:35 E5F2BB962F84A8F8D996FEA33F4C817B 25191936 ----a-w- C:\Windows\Sysnative\mshtml.dll
    2015-08-21 08:19:35 4FD63532DBF78DC6B50078F769E7949F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
    2015-08-20 22:15:18 400E0B72AEB663360E1A3AB33DDD6A87 1116672 ----a-w- C:\Windows\Sysnative\appraiser.dll
    2015-08-20 22:15:17 EEAFBC5A31C68438AF67531C52410A3D 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll
    2015-08-20 22:15:17 EC9178A8037D3EF938F38B6793EAF990 774656 ----a-w- C:\Windows\Sysnative\invagent.dll
    2015-08-20 22:15:17 E99A30142A108B11381C47B0A30283B0 17344 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe
    2015-08-20 22:15:17 DD91D9EAAA415B26EB30EC9CF768BF03 743424 ----a-w- C:\Windows\Sysnative\generaltel.dll
    2015-08-20 22:15:17 A3D0A038A6C03E368E80CDDEFC473140 1148416 ----a-w- C:\Windows\Sysnative\aeinv.dll
    2015-08-20 22:15:17 4FEB4397B066DEEDDDED0D1CEDA1C887 69120 ----a-w- C:\Windows\Sysnative\acmigration.dll
    2015-08-20 22:15:17 36DA2E5BD218764CB48B8A13CF0B091F 437760 ----a-w- C:\Windows\Sysnative\devinv.dll
    2015-08-16 20:03:24 52ED64BF80D360B0EA2B6E5F1504CDFF 124624 ----a-w- C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll
    2015-08-16 19:49:19 C01DC60229F41D33AF2DF4162EDA0F44 7077376 ----a-w- C:\Windows\Sysnative\mstscax.dll
    2015-08-16 19:49:17 35A97817FDA4C8F421D8478DCCF045B1 1057792 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll
    2015-08-16 19:49:16 CDA122FCC691D14D3971A83AB035156D 62976 ----a-w- C:\Windows\Sysnative\tsgqec.dll
    2015-08-16 19:49:16 2686F572B3CAF633C4A350A3671835F2 429568 ----a-w- C:\Windows\Sysnative\wksprt.exe
    2015-08-16 19:48:55 B9A07A9807A4BAC067498CC8D77F3D4D 5568960 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
    2015-08-16 19:48:55 72585BDAF2EC5237EBD71D540657D6A2 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll
    2015-08-16 19:48:55 3F63C62D9183235792A46C0B66EAAD04 1730496 ----a-w- C:\Windows\Sysnative\ntdll.dll
    2015-08-16 19:48:54 2E730941CC5BF6200A4F56D1E9C24AAD 1743360 ----a-w- C:\Windows\Sysnative\sysmain.dll
    2015-08-16 19:48:52 DAF50D708FF79AC4AE0A1C256A9BEE33 243712 ----a-w- C:\Windows\Sysnative\wow64.dll
    2015-08-16 19:48:52 B892459EC8441FFB9E045CCE73862868 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll
    2015-08-16 19:48:52 AF249D7461E228EBBD1C7E98D99B3B12 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll
    2015-08-16 19:48:52 99D1FAA337A4EF3C33E256C79DC708F8 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe
    2015-08-16 19:48:51 E80CA72FA43BF258E72C408CEF9839BE 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
    2015-08-16 19:48:51 A0502BF52867F00FD9C67D1C355F6C91 1216512 ----a-w- C:\Windows\Sysnative\rpcrt4.dll
    2015-08-16 19:48:51 6DC249682EA708DA1C4B5CBD9C016F21 729088 ----a-w- C:\Windows\Sysnative\kerberos.dll
    2015-08-16 19:48:51 35766EDA62E3FA02B897182219EEDF8A 503808 ----a-w- C:\Windows\Sysnative\srcore.dll
    2015-08-16 19:48:49 D6431591DEED9D47E9266890FB2BFBBC 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll
    2015-08-16 19:48:49 6518A42BE5B157EF3DC3ED4F8BE4CA46 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll
    2015-08-16 19:48:49 53632BBEFB00BDA1DCFC9E155E0C6B53 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll
    2015-08-16 19:48:49 46041293D887F4D89979874015F26B30 342016 ----a-w- C:\Windows\Sysnative\schannel.dll
    2015-08-16 19:48:49 354D59027DE2BFB3A63E8E7DBAF081D8 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
    2015-08-16 19:48:48 E615E2FF68D64B52CEFDCD24332D61F5 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll
    2015-08-16 19:48:48 7245C8C33397B90E376B9BB54E2A96C8 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll
    2015-08-16 19:48:48 61024C6DE4EEBC6BCC92422F0AE3CE94 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
    2015-08-16 19:48:48 55C48343919A72B0C8F5C42E4C798FCA 112640 ----a-w- C:\Windows\Sysnative\smss.exe
    2015-08-16 19:48:48 0D48E93C6BE3143C0198CB252B992D16 31232 ----a-w- C:\Windows\Sysnative\lsass.exe
    2015-08-16 19:48:47 EBB9C6638109A3486EBA51D28837495C 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe
    2015-08-16 19:48:47 E6D24098FDB4A9C29007696B79389DB9 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
    2015-08-16 19:48:47 98AFEF63F857FA67FA1BDD3969F40366 50176 ----a-w- C:\Windows\Sysnative\srclient.dll
    2015-08-16 19:48:47 98432481E11B9EDB54A2B069E465D1CB 44032 ----a-w- C:\Windows\Sysnative\cryptbase.dll
    2015-08-16 19:48:46 7ADF0CB99051D1E0DB7F65DA1D8099F1 11264 ----a-w- C:\Windows\Sysnative\msmmsp.dll
    2015-08-16 19:48:46 77E88D36E88FDC825DCCBF269F81ED3E 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
    2015-08-16 19:48:46 219DF0B319E46EA2601D90101C4C330A 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll
    2015-08-16 19:48:46 1BE3823E3206785F2BA8F26B2FAD3FBE 28160 ----a-w- C:\Windows\Sysnative\secur32.dll
    2015-08-16 19:48:46 0797A4FDBA2766B88FB563BBB7646FCE 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
    2015-08-16 19:48:45 BD6BDB13F5D8FA13166CF8B3CBD6976A 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
    2015-08-16 19:48:42 BC48CD24D35FA0E18D66A97E502BFAE2 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll
    2015-08-16 19:48:41 25AADF664F576D1C264F8AC27B4838DF 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll
    2015-08-16 19:48:40 FFAD95FF2FE4B14F91E437E03D1F68BA 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll
    2015-08-16 19:48:40 46CB68A774B67187B722FA1156672A23 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll
    2015-08-16 19:47:20 168EA9CD9BD6056BB6F60B57D5304BBE 52736 ----a-w- C:\Windows\Sysnative\basesrv.dll
    2015-08-16 19:46:09 92E60B0F2E864336737091554370E658 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
    2015-08-16 19:46:09 4E37600CED71FFCE7EEBB129A90B3431 2885632 ----a-w- C:\Windows\Sysnative\iertutil.dll
    2015-08-16 19:46:08 890E3A6A6DB6D15EB242460D2353D39C 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
    2015-08-16 19:46:07 D0A52A4F631172E2AC35A84CCDF28FA4 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll
    2015-08-16 19:46:07 ACE8BB2BECFEC66A738EE3DDDFF0CA07 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
    2015-08-16 19:46:06 B2ADFD1217625A68A484E9838C608F51 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
    2015-08-16 19:46:05 9CAC3401B481383936A9D66EF1B80307 389840 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
    2015-08-16 19:46:04 B8322A1FCD5686F2D97B6BCA1862C9B8 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
    2015-08-16 19:46:04 158C1D034080B9DC0A9A2CD9E8DB0199 1545728 ----a-w- C:\Windows\Sysnative\urlmon.dll
    2015-08-16 19:46:03 427D40AF9BCAE05125F3513E770706E1 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
    2015-08-16 19:46:02 857D9F533F7F9838B68C2CEF8AB68412 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll
    2015-08-16 19:46:00 3E4568FFE110FE81CA1A75BF1149153B 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll
    2015-08-16 19:45:59 F9C6645800D1EDE9033858C60903F00C 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll
    2015-08-16 19:45:59 C580215DE134617942FF1740A1235CE4 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
    2015-08-16 19:45:58 43AF91A40E44205272335E33B7BBA4C3 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
    2015-08-16 19:45:57 95C5B29740852D171CA03BAE61B670FE 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
    2015-08-16 19:45:57 62FC1CC7DFC11B5F6A25763375F765BF 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll
    2015-08-16 19:45:57 39E11AA344781CD5773BE9E2472C84E4 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll
    2015-08-16 19:45:56 6E3D6B8844FF524D7B27EE7FFB3EF6F5 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
    2015-08-16 19:45:55 E892688BB1C8B0B485C27436F2B963CF 615936 ----a-w- C:\Windows\Sysnative\ieui.dll
    2015-08-16 19:45:55 AD31A019C2195C75B26DF3337EE8F9FE 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll
    2015-08-16 19:45:55 995797E4DE4215715CA2040BB81F4594 14451200 ----a-w- C:\Windows\Sysnative\ieframe.dll
    2015-08-16 19:45:54 ECA4CCA74F61C6288734B786089765B0 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
    2015-08-16 19:45:54 C6960223A6BAB3CF83DB09565D191844 5923328 ----a-w- C:\Windows\Sysnative\jscript9.dll
    2015-08-16 19:45:54 C555B5C8142844DED9E3BD94E6313000 2427904 ----a-w- C:\Windows\Sysnative\wininet.dll
    2015-08-16 19:45:54 9C7B3D3A9A945AED5CC97C6535C9D857 816640 ----a-w- C:\Windows\Sysnative\jscript.dll
    2015-08-16 19:45:54 56E1A08F9CDF246CCAB75EA32B87B2DA 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
    2015-08-16 19:45:53 77A4FEE4031F90DBB5C16F6A8FC855BC 417792 ----a-w- C:\Windows\Sysnative\html.iec
    2015-08-16 19:45:53 2D9A67695E80C889FAD5C92651D5E641 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
    2015-08-16 19:45:53 080E99BE131C2433FD7E6813F77F08FD 199680 ----a-w- C:\Windows\Sysnative\msrating.dll
    2015-08-16 19:45:04 4E89FC53493704BF835F0300DC201C34 260096 ----a-w- C:\Windows\Sysnative\WebClnt.dll
    2015-08-16 19:45:04 16FD9A0F6EDEF091A72D7D3B77574008 102912 ----a-w- C:\Windows\Sysnative\davclnt.dll
    2015-08-16 19:45:01 32A74A5BC52EF569BC65252AF6F28578 1887232 ----a-w- C:\Windows\Sysnative\msxml3.dll
    2015-08-16 19:45:00 40EA064E91C6A63FDBC83259FC5BD4F8 2004992 ----a-w- C:\Windows\Sysnative\msxml6.dll
    2015-08-16 19:44:59 99119778A8E44F077E46B0870B8DD6A8 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll
    2015-08-16 19:44:59 22DC6C17443DECC9EBE258220906DCAC 2048 ----a-w- C:\Windows\Sysnative\msxml6r.dll
    2015-08-16 19:44:56 F97A0CFC495C92FF2F6A03933157D115 3208192 ----a-w- C:\Windows\Sysnative\win32k.sys
    2015-08-16 19:44:56 F8C0AF84AB602D395FFC89BC7CF3CE18 372736 ----a-w- C:\Windows\Sysnative\atmfd.dll
    2015-08-16 19:44:56 DB94C47BD7F2AD9C58DEC46026D5FD08 1648128 ----a-w- C:\Windows\Sysnative\DWrite.dll
    2015-08-16 19:44:56 D5A775990A7C202A037378FDBCDB6141 1180160 ----a-w- C:\Windows\Sysnative\FntCache.dll
    2015-08-16 19:44:53 0365E7AED8A38CB5FFF1DFB4458C0593 41984 ----a-w- C:\Windows\Sysnative\lpk.dll
    2015-08-16 19:44:52 D4FB2E00F49711C9DD3E2C2646D7C767 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll
    2015-08-16 19:44:52 B45F7BC413F905ECA9DE679E3FF09472 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll
    2015-08-16 19:44:52 52DE81006E192EAA09B3BDE763D80BC8 14336 ----a-w- C:\Windows\Sysnative\dciman32.dll
    2015-08-16 19:44:52 15113A4CD09E0F06894495FCE8BF2BF8 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll
    2015-08-16 19:44:48 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\Sysnative\notepad.exe
    2015-08-16 19:44:45 733BC760342A816D3B5A8CE2C7EF1D92 14177280 ----a-w- C:\Windows\Sysnative\shell32.dll
    2015-08-16 19:43:57 C980982C7F8ECB462C52CBEC759CBBDC 3154944 ----a-w- C:\Windows\Sysnative\wucltux.dll
    2015-08-16 19:43:57 B0FBE5C8E18EB3BD677846DAB54037D5 696320 ----a-w- C:\Windows\Sysnative\wuapi.dll
    2015-08-16 19:43:57 6FDC1FAD277AEF0A89B0D28F5675679C 139776 ----a-w- C:\Windows\Sysnative\wuauclt.exe
    2015-08-16 19:43:57 499034D7F1F6AF49F9EE12F8822793CB 2606080 ----a-w- C:\Windows\Sysnative\wuaueng.dll
    2015-08-16 19:43:57 0F72B73EBE4F6F86EE569598D377165E 192000 ----a-w- C:\Windows\Sysnative\wuwebv.dll
    2015-08-16 19:43:56 DE1B5089D48291BD81F6A5CCFB832E53 36864 ----a-w- C:\Windows\Sysnative\wups.dll
    2015-08-16 19:43:56 D1E38F98DDA581BF70B6A89882E6E6F6 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll
    2015-08-16 19:43:56 C0DA341908CC3A0209A63FBD4B521C2A 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll
    2015-08-16 19:43:56 A6848EF3860E81A835AA4982ADBA1884 37888 ----a-w- C:\Windows\Sysnative\wups2.dll
    2015-08-16 19:43:56 7CFCC5210E226AA85F2A21098FA01F29 37376 ----a-w- C:\Windows\Sysnative\wuapp.exe
    2015-08-16 19:43:56 1956D89C3E24A8388840489371B3A428 98304 ----a-w- C:\Windows\Sysnative\wudriver.dll
    ====== C:\Windows\Sysnative\drivers =====
    2015-08-22 12:43:29 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
    2015-08-22 12:42:30 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
    2015-08-22 12:42:30 AE757332EA130E94E646621CC695B52A 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
    2015-08-22 12:42:30 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
    2015-08-16 19:48:53 67050452C0118BAF2883928E6FCCFE47 94656 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys
    2015-08-16 19:48:48 67A1743377EBB5D9A370A8C2086CFDCC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
    2015-08-16 19:48:48 522A1595D5701800DD41B2D472F5AAED 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
    2015-08-16 19:48:45 B2081803D510DCE174992BA880EDCA70 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys
    2015-08-16 19:48:45 97687971F9CB30E2633DE0F1296B9F61 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys
    2015-08-16 19:48:45 552FA62B0EFECD22D8D52499324BCA4F 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys
    ====== C:\Windows\Tasks ======
    2015-08-20 19:20:53 9A65CF43D5B10FFE35C419EEACE546A4 1056 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0db7d54cc35d1.job
    2015-08-20 19:20:53 34BF7035991B9E189CF6F2C096444079 1060 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0db7d5525056a.job
    2015-08-20 19:20:53 2BEEDBCD8DC441FA0BFA74BF23A5D69C 4056 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA1d0db7d5525056a
    2015-08-20 19:20:53 11F7F337F3C0B92AAD66D948D2245C6B 3804 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore1d0db7d54cc35d1
    2015-08-08 08:45:33 DECB49BCFAC93245C85DEE8C521AF5A1 4166 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
    2015-08-08 08:45:33 B5AB8999F9B0B3DE40A6C8A401A49931 1060 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-08-08 08:45:32 BAD8830A47958DCA039D057F699AD0CC 1056 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-08-08 08:45:32 9E388F1BD320BE8034052DFD11E7022F 3914 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
    ====== C:\Windows\Temp ======
    ======= C:\Program Files =====
    2015-07-29 17:46:46 -------- d-----w- C:\Program Files\Common Files\AV
    ======= C:\PROGRA~2 =====
    ======= C: =====
    2015-08-20 19:06:14 BC949EA893A9384070C31F083CCEFD26 3 --sha-r- C:\win7ldr
    2015-08-20 19:06:14 8B3E35F943CBF4CC2DE64A6DF8076525 203316 --sha-r- C:\grldr
    2015-08-09 11:27:07 93B885ADFE0DA089CDF634904FD59F71 1 --sha-w- C:\BOOTNXT
    ====== C:\Users\Windows7\AppData\Roaming ======
    2015-08-08 09:18:49 -------- d-s---w- C:\Windows\serviceprofiles\networkservice\AppData\Locallow\Microsoft
    ====== C:\Users\Windows7 ======
    2015-08-22 23:58:57 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Windows7\Downloads\RSITx64 (1).exe
    2015-08-22 12:40:50 D3B6FA14CB7E12B7FBC0B3AA26235898 24345872 ----a-w- C:\Users\Windows7\Downloads\mbam-setup-2.1.8.1057.exe
    2015-08-22 10:50:00 7E584580AE57FA86520F59343BF9A270 1605632 ----a-w- C:\Users\Windows7\Downloads\adwcleaner_5.003.exe
    2015-08-21 13:01:45 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Windows7\Downloads\RSITx64.exe
     
    ====== C: exe-files ==
    2015-08-22 23:58:57 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Windows7\Downloads\RSITx64 (1).exe
    2015-08-22 12:40:50 D3B6FA14CB7E12B7FBC0B3AA26235898 24345872 ----a-w- C:\Users\Windows7\Downloads\mbam-setup-2.1.8.1057.exe
    2015-08-22 10:50:00 7E584580AE57FA86520F59343BF9A270 1605632 ----a-w- C:\Users\Windows7\Downloads\adwcleaner_5.003.exe
    2015-08-21 13:01:45 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Windows7\Downloads\RSITx64.exe
    2015-08-20 20:00:13 B1798BC27E40983B12FEFD0D85C05B3F 873800 ----a-w- C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\SwReporter\4.28.1\software_reporter_tool.exe
    2015-08-20 19:21:41 B03D87D080E98A6D872D8BAF9441C84B 48876624 ----a-w- C:\Program Files (x86)\Google\Update\Install\{902DD2AE-7F57-4401-84CA-FB4FE4B8A060}\44.0.2403.157_chrome64_installer.exe
    2015-08-20 19:21:39 B03D87D080E98A6D872D8BAF9441C84B 48876624 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\44.0.2403.157\44.0.2403.157_chrome64_installer.exe
    2015-08-20 19:20:52 E692507B6F9EE2E230B2557126983FA5 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleUpdateWebPlugin.exe
    2015-08-20 19:20:52 5EF88BA7321C634D5E9A7CAB3965001E 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleUpdateBroker.exe
    2015-08-20 19:20:52 323B9908034B25B3227494F781697EA5 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleUpdateOnDemand.exe
    2015-08-20 19:20:50 171E3EB5F07EA00E1F407897D0A6CCC6 931408 ----a-w- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleUpdateSetup.exe
    2015-08-20 19:20:48 7814A8ED32D5186BA651008AFFB55080 144200 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    2015-08-20 19:20:45 A560D240B9F64C9EC758510BDE008BE5 305992 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler64.exe
    2015-08-20 19:20:45 7814A8ED32D5186BA651008AFFB55080 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleUpdate.exe
    2015-08-20 19:20:45 673AD34FC250054DC780465662621669 130888 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleUpdateComRegisterShell64.exe
    2015-08-20 19:20:45 638E68043F19207226C6ABEB273D5FE7 245576 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler.exe
    2015-08-20 19:04:58 C5C9D23958596A941C5044B2B5919963 3541702 ----a-w- C:\Users\Windows7\Desktop\Nieuwe map\Windows 7 ULTIMATE activator by Lord Tidus.exe
    2015-08-16 19:46:07 F666B5E4A99DAE8E243189C89E9AFA74 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    2015-08-16 19:46:05 E595881896AA929A7FA8936DFCF8D3FE 473600 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
    2015-08-16 19:46:05 2B1D4B6004AE4BE9EB19CAD4AB924944 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
    2015-08-16 19:46:04 C2A6A7E10E872F62F261637B67AFB248 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    2015-08-16 19:45:58 AA12B1DD4C32F01995A07774D9A44C47 814288 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
    2015-08-16 19:45:58 66CD0B90DA1E7219759821F9846A29CB 491008 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
    2015-08-16 19:44:48 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\notepad.exe
    === C: other files ==
    2015-08-22 12:43:29 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2015-08-22 12:42:30 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2015-08-22 12:42:30 AE757332EA130E94E646621CC695B52A 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2015-08-22 12:42:30 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2015-08-20 19:14:59 602F0E7767955CED93A2B721A88120B5 958232 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507063.sys
    2015-08-20 19:14:59 3D39601F01B131CE1B08CB32540F1EF0 554840 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507063.sys
    2015-08-16 19:48:53 67050452C0118BAF2883928E6FCCFE47 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
    2015-08-16 19:48:48 67A1743377EBB5D9A370A8C2086CFDCC 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2015-08-16 19:48:48 522A1595D5701800DD41B2D472F5AAED 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2015-08-16 19:48:45 B2081803D510DCE174992BA880EDCA70 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2015-08-16 19:48:45 97687971F9CB30E2633DE0F1296B9F61 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2015-08-16 19:48:45 552FA62B0EFECD22D8D52499324BCA4F 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2015-08-16 19:44:56 F97A0CFC495C92FF2F6A03933157D115 3208192 ----a-w- C:\Windows\System32\win32k.sys
     
    ==== Startup Registry Enabled ======================
     
    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
     
    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
     
    [HKEY_USERS\S-1-5-21-1869362604-1768435415-2293966079-1000\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
    "Spotify Web Helper"="C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
     
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
     
    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"
     
    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"
     
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r"
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
    "Spotify Web Helper"="C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
     
    ==== Startup Registry Enabled x64 ======================
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe"
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
    "Persistence"="C:\Windows\system32\igfxpers.exe"
    "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
     
    ==== Startup Registry Disabled x64 ======================
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Spotify Web Helper"
    "hkey"="HKCU"
    "command"="\"C:\\Users\\Windows7\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\""
     
     
    ==== Task Scheduler Jobs ======================
     
    C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-07-2015 19:30]
    C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS\AutoKMS.exe [03-02-2013 10:52]
    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-08-2015 21:20]
    C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0db7d54cc35d1.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-08-2015 21:20]
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-08-2015 21:20]
    C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0db7d5525056a.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-08-2015 21:20]
     
    ==== Other Scheduled Tasks ======================
     
    "C:\Windows\SysNative\tasks\0" [c:\program files\internet explorer\iexplore.exe]
    "C:\Windows\SysNative\tasks\4983" [wscript.exe C:\Users\Windows7\AppData\Local\Temp\launchie.vbs //B]
    "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
    "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
    "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
    "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
    "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
    "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d0db7d54cc35d1" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
    "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
    "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d0db7d5525056a" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
    "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
    "C:\Windows\SysNative\tasks\{243725C8-E191-48A6-990A-59B2DD03BD84}" [C:\Program Files (x86)\Logitech\iTouch\iTouch.exe]
    "C:\Windows\SysNative\tasks\{6FF46B97-D352-4539-9FC2-8DC98768A89B}" [C:\Program Files (x86)\Logitech\iTouch\iTouch.exe]
    "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
    "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
    "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"]
    "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"]
    "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"]
     
    ==== Chromium Look ======================
     
    Google Chrome Version: 44.0.2403.157
     
     
     
    ==== Chromium Startpages ======================
     
    C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Preferences
    ries":"C7EC0723DF4ED6DD007C7C1E99263BD1269097FB5ECFF6C223091CAD84716A1A"}},"super_mac":"323E2EAB33F45A8516F4E1B71B71BE8649C517F291131D482C22B765EC126341"},"session":{"restore_on_startup":5,"startup_urls":["https://www.google.nl/]},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"},"sync":{"remaining_rollback_tries":0}}
     
     
    ==== Set IE to Default ======================
     
    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="res://ieframe.dll/tabswelcome.htm"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="res://ieframe.dll/tabswelcome.htm"
     
    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="about:newtab"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="about:newtab"
     
    ==== All HKCU SearchScopes ======================
     
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    "DefaultScope"="{BEDCB1EE-EBCC-455E-992E-6A6970810C32}"
    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
    {BEDCB1EE-EBCC-455E-992E-6A6970810C32} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE"
     
    ==== Deleting Registry Keys ======================
     
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\472EE7AF07377B34A9543AB971CCDC5C deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75932EE05AB03F84FAFA19C253187532 deleted successfully
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EE23957-0BA5-48F3-AFAF-912C35815723} deleted successfully
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\472EE7AF07377B34A9543AB971CCDC5C deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\75932EE05AB03F84FAFA19C253187532 deleted successfully
     
    ==== Empty IE Cache ======================
     
    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Windows7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Windows7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
     
    ==== Empty FireFox Cache ======================
     
    No FireFox Profiles found
     
    ==== Empty Chrome Cache ======================
     
    C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
     
    ==== Empty All Flash Cache ======================
     
    Flash Cache Emptied Successfully
     
    ==== Empty All Java Cache ======================
     
    No Java Cache Found
     
    ==== C:\zoek_backup content ======================
     
    C:\zoek_backup (files=51 folders=8 28827330 bytes)
     
    ==== Empty Temp Folders ======================
     
    C:\Users\Default\AppData\Local\Temp emptied successfully
    C:\Users\Default User\AppData\Local\Temp emptied successfully
    C:\Users\Windows7\AppData\Local\Temp will be emptied at reboot
    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
    C:\Windows\Temp will be emptied at reboot
     
    ==== After Reboot ======================
     
    ==== Empty Temp Folders ======================
     
    C:\Windows\Temp successfully emptied
    C:\Users\Windows7\AppData\Local\Temp successfully emptied
     
    ==== Empty Recycle Bin ======================
     
    C:\$RECYCLE.BIN successfully emptied
     
    ==== EOF on zo 23-08-2015 at 12:07:46,53 ======================

    gravity space en its result hub

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Bijgaand het nieuwe RSIT logje

     

    Logfile of random's system information tool 1.10 (written by random/random)
    Run by Windows7 at 2015-08-23 01:59:15
    Microsoft Windows 7 Ultimate  Service Pack 1
    System drive C: has 56 GB (47%) free of 119 GB
    Total RAM: 3837 MB (49% free)
     
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:59:27, on 23-8-2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17937)
    Boot mode: Normal
     
    Running processes:
    C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    C:\Program Files\trend micro\Windows7.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [spybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
     
    --
    End of file - 9246 bytes
     
    ======Listing Processes======
     
     
     
    \SystemRoot\System32\smss.exe
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    wininit.exe
    winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    "C:\Program Files\Microsoft Security Client\MsMpEng.exe"
    "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
     
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
    C:\Windows\System32\svchost.exe -k utcsvc
    "C:\Program Files (x86)\PasswordBox\pbbtnService.exe"
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
    "taskhost.exe"
    taskeng.exe {EA746169-07AF-4119-8530-4CF6AF7B4612}
    "C:\Windows\system32\Dwm.exe"
    "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
    C:\Windows\Explorer.EXE
    "C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe" -services -injection-server
    "C:\Windows\system32\GWX\GWX.exe" 
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\viakaraokesrv.exe
    "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
    "C:\Program Files (x86)\Canon\CAL\CALMAIN.exe"
    C:\Windows\system32\EscSvc64.exe
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
    WLIDSvcM.exe 2612
    C:\Windows\system32\sppsvc.exe
    "C:\Program Files\Microsoft Security Client\NisSrv.exe"
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe /Embedding
    "C:\Windows\System32\igfxtray.exe" 
    "C:\Windows\System32\hkcmd.exe" 
    "C:\Windows\System32\igfxpers.exe" 
    "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
    "C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe" 
    "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
    "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
    "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ec12fe78-0487-4bf3-97a9-d4bb6e5b9cfa -SystemEventPortName:HostProcess-fbac17a6-290c-4cbf-8df2-ccde78c3abee -IoCancelEventPortName:HostProcess-bf43dcf9-c5fe-4678-ac6c-2f1ef2c7e6ea -NonStateChangingEventPortName:HostProcess-7246f8ce-dc46-4a9b-86f0-3c625b2033c5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9be40953-ed8c-4c5e-8b3f-cc32138cb168 -DeviceGroupId:WpdFsGroup
    C:\Windows\system32\wbem\wmiprvse.exe
    "C:\Program Files\Windows Media Player\wmpnetwk.exe"
    C:\Windows\system32\wbem\wmiprvse.exe
    "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
    C:\Windows\servicing\TrustedInstaller.exe
    "C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516 
    "C:\Users\Windows7\Downloads\RSITx64 (1).exe" 
     
    ======Scheduled tasks folder======
     
    C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  
    C:\Windows\tasks\AutoKMS.job - C:\Windows\AutoKMS\AutoKMS.exe  
    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 
    C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0db7d54cc35d1.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 
    C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0db7d5525056a.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 
     
    ======Registry dump======
     
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328]
    "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584]
    "Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304]
    "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
    "Spotify Web Helper"=C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-08-15 2018360]
    "SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
     
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
    C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-08-15 2018360]
     
    [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2011-02-22 3019376]
    ""= []
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\Windows\system32\igfxdev.dll [2011-02-11 272896]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
     
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=credssp.dll
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
     
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=5
    "ConsentPromptBehaviorUser"=3
    "EnableUIADesktopToggle"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
     
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "ForceActiveDesktopOn"=0
     
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
     
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "vidc.mrle"=msrle32.dll
    "vidc.msvc"=msvidc32.dll
    "msacm.imaadpcm"=imaadp32.acm
    "msacm.msg711"=msg711.acm
    "msacm.msgsm610"=msgsm32.acm
    "msacm.msadpcm"=msadp32.acm
    "midimapper"=midimap.dll
    "wavemapper"=msacm32.drv
    "vidc.uyvy"=msyuv.dll
    "vidc.yuy2"=msyuv.dll
    "vidc.yvyu"=msyuv.dll
    "vidc.iyuv"=iyuv_32.dll
    "vidc.i420"=iyuv_32.dll
    "vidc.yvu9"=tsbyuv.dll
    "msacm.l3acm"=l3codecp.acm
    "VIDC.LAGS"=lagarith.dll
    "VIDC.FFDS"=ff_vfw.dll
    "wave"=wdmaud.drv
    "midi"=wdmaud.drv
    "mixer"=wdmaud.drv
    "aux"=wdmaud.drv
     
    ======File associations======
     
    .js - edit - C:\Windows\System32\Notepad.exe %1
    .js - open - C:\Windows\System32\WScript.exe "%1" %*
     
    ======List of files/folders created in the last 1 month======
     
    2015-08-22 15:05:17 ----A---- C:\MBAM Scanlog.txt
    2015-08-22 14:43:29 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
    2015-08-22 14:42:30 ----A---- C:\Windows\system32\drivers\mwac.sys
    2015-08-22 14:42:30 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
    2015-08-22 14:42:30 ----A---- C:\Windows\system32\drivers\mbam.sys
    2015-08-22 14:42:29 ----D---- C:\ProgramData\Malwarebytes
    2015-08-22 14:42:29 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-08-22 12:52:27 ----D---- C:\AdwCleaner
    2015-08-21 10:19:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll
    2015-08-21 10:19:35 ----A---- C:\Windows\system32\mshtml.dll
    2015-08-21 00:15:18 ----A---- C:\Windows\system32\appraiser.dll
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\invagent.dll
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\generaltel.dll
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\devinv.dll
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\CompatTelRunner.exe
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\aepdu.dll
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\aeinv.dll
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\acmigration.dll
    2015-08-16 22:03:24 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-08-16 22:03:24 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-08-16 21:49:19 ----A---- C:\Windows\system32\mstscax.dll
    2015-08-16 21:49:18 ----A---- C:\Windows\SYSWOW64\mstscax.dll
    2015-08-16 21:49:17 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
    2015-08-16 21:49:17 ----A---- C:\Windows\system32\rdvidcrl.dll
    2015-08-16 21:49:16 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
    2015-08-16 21:49:16 ----A---- C:\Windows\system32\wksprt.exe
    2015-08-16 21:49:16 ----A---- C:\Windows\system32\tsgqec.dll
    2015-08-16 21:48:55 ----A---- C:\Windows\system32\ntoskrnl.exe
    2015-08-16 21:48:55 ----A---- C:\Windows\system32\ntdll.dll
    2015-08-16 21:48:55 ----A---- C:\Windows\system32\kernel32.dll
    2015-08-16 21:48:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
    2015-08-16 21:48:54 ----A---- C:\Windows\SYSWOW64\ntdll.dll
    2015-08-16 21:48:54 ----A---- C:\Windows\system32\sysmain.dll
    2015-08-16 21:48:53 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
    2015-08-16 21:48:53 ----A---- C:\Windows\system32\drivers\mountmgr.sys
    2015-08-16 21:48:52 ----A---- C:\Windows\SYSWOW64\kernel32.dll
    2015-08-16 21:48:52 ----A---- C:\Windows\system32\wow64.dll
    2015-08-16 21:48:52 ----A---- C:\Windows\system32\rstrui.exe
    2015-08-16 21:48:52 ----A---- C:\Windows\system32\lsasrv.dll
    2015-08-16 21:48:52 ----A---- C:\Windows\system32\KernelBase.dll
    2015-08-16 21:48:51 ----A---- C:\Windows\SYSWOW64\kerberos.dll
    2015-08-16 21:48:51 ----A---- C:\Windows\system32\winsrv.dll
    2015-08-16 21:48:51 ----A---- C:\Windows\system32\srcore.dll
    2015-08-16 21:48:51 ----A---- C:\Windows\system32\rpcrt4.dll
    2015-08-16 21:48:51 ----A---- C:\Windows\system32\kerberos.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\SYSWOW64\schannel.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\system32\wdigest.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\system32\schannel.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\system32\msv1_0.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\system32\csrsrv.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\system32\conhost.exe
    2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\wdigest.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\TSpkg.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\sspicli.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\smss.exe
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\ncrypt.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\lsass.exe
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\drivers\ksecdd.sys
    2015-08-16 21:48:47 ----A---- C:\Windows\SYSWOW64\srclient.dll
    2015-08-16 21:48:47 ----A---- C:\Windows\SYSWOW64\setup16.exe
    2015-08-16 21:48:47 ----A---- C:\Windows\SYSWOW64\auditpol.exe
    2015-08-16 21:48:47 ----A---- C:\Windows\system32\srclient.dll
    2015-08-16 21:48:47 ----A---- C:\Windows\system32\ntvdm64.dll
    2015-08-16 21:48:47 ----A---- C:\Windows\system32\cryptbase.dll
    2015-08-16 21:48:47 ----A---- C:\Windows\system32\auditpol.exe
    2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\secur32.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\credssp.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\system32\wow64win.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\system32\sspisrv.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\system32\secur32.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\system32\msmmsp.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\system32\credssp.dll
    2015-08-16 21:48:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-08-16 21:48:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-08-16 21:48:45 ----A---- C:\Windows\SYSWOW64\wow32.dll
    2015-08-16 21:48:45 ----A---- C:\Windows\SYSWOW64\sspicli.dll
    2015-08-16 21:48:45 ----A---- C:\Windows\system32\wow64cpu.dll
    2015-08-16 21:48:45 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
    2015-08-16 21:48:45 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
    2015-08-16 21:48:45 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-08-16 21:48:42 ----A---- C:\Windows\SYSWOW64\instnm.exe
    2015-08-16 21:48:42 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
    2015-08-16 21:48:42 ----A---- C:\Windows\system32\apisetschema.dll
    2015-08-16 21:48:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-08-16 21:48:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-08-16 21:48:41 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-08-16 21:48:41 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-08-16 21:48:41 ----A---- C:\Windows\SYSWOW64\user.exe
    2015-08-16 21:48:41 ----A---- C:\Windows\SYSWOW64\adtschema.dll
    2015-08-16 21:48:41 ----A---- C:\Windows\system32\adtschema.dll
    2015-08-16 21:48:40 ----A---- C:\Windows\SYSWOW64\msobjs.dll
    2015-08-16 21:48:40 ----A---- C:\Windows\SYSWOW64\msaudite.dll
    2015-08-16 21:48:40 ----A---- C:\Windows\system32\msobjs.dll
    2015-08-16 21:48:40 ----A---- C:\Windows\system32\msaudite.dll
    2015-08-16 21:47:20 ----A---- C:\Windows\system32\basesrv.dll
    2015-08-16 21:46:09 ----A---- C:\Windows\SYSWOW64\iernonce.dll
    2015-08-16 21:46:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
    2015-08-16 21:46:09 ----A---- C:\Windows\system32\iertutil.dll
    2015-08-16 21:46:09 ----A---- C:\Windows\system32\ieetwcollector.exe
    2015-08-16 21:46:08 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
    2015-08-16 21:46:08 ----A---- C:\Windows\SYSWOW64\iertutil.dll
    2015-08-16 21:46:08 ----A---- C:\Windows\system32\ieetwproxystub.dll
    2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\vbscript.dll
    2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll
    2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
    2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
    2015-08-16 21:46:07 ----A---- C:\Windows\system32\iernonce.dll
    2015-08-16 21:46:07 ----A---- C:\Windows\system32\ie4uinit.exe
    2015-08-16 21:46:06 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
    2015-08-16 21:46:06 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
    2015-08-16 21:46:06 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-08-16 21:46:05 ----A---- C:\Windows\SYSWOW64\iesetup.dll
    2015-08-16 21:46:05 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
    2015-08-16 21:46:05 ----A---- C:\Windows\system32\iedkcs32.dll
    2015-08-16 21:46:04 ----A---- C:\Windows\system32\urlmon.dll
    2015-08-16 21:46:04 ----A---- C:\Windows\system32\ieetwcollectorres.dll
    2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
    2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
    2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\jscript.dll
    2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
    2015-08-16 21:46:03 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-08-16 21:46:02 ----A---- C:\Windows\SYSWOW64\ieui.dll
    2015-08-16 21:46:02 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
    2015-08-16 21:46:02 ----A---- C:\Windows\system32\dxtrans.dll
    2015-08-16 21:46:00 ----A---- C:\Windows\SYSWOW64\ieframe.dll
    2015-08-16 21:46:00 ----A---- C:\Windows\system32\msfeeds.dll
    2015-08-16 21:45:59 ----A---- C:\Windows\system32\iesetup.dll
    2015-08-16 21:45:59 ----A---- C:\Windows\system32\ieapfltr.dll
    2015-08-16 21:45:57 ----A---- C:\Windows\SYSWOW64\wininet.dll
    2015-08-16 21:45:57 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
    2015-08-16 21:45:57 ----A---- C:\Windows\SYSWOW64\jscript9.dll
    2015-08-16 21:45:57 ----A---- C:\Windows\system32\vbscript.dll
    2015-08-16 21:45:57 ----A---- C:\Windows\system32\jsproxy.dll
    2015-08-16 21:45:57 ----A---- C:\Windows\system32\ieUnatt.exe
    2015-08-16 21:45:56 ----A---- C:\Windows\SYSWOW64\msrating.dll
    2015-08-16 21:45:56 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
    2015-08-16 21:45:56 ----A---- C:\Windows\system32\dxtmsft.dll
    2015-08-16 21:45:55 ----A---- C:\Windows\system32\mshtmled.dll
    2015-08-16 21:45:55 ----A---- C:\Windows\system32\ieui.dll
    2015-08-16 21:45:55 ----A---- C:\Windows\system32\ieframe.dll
    2015-08-16 21:45:54 ----A---- C:\Windows\system32\wininet.dll
    2015-08-16 21:45:54 ----A---- C:\Windows\system32\mshtmlmedia.dll
    2015-08-16 21:45:54 ----A---- C:\Windows\system32\jscript9diag.dll
    2015-08-16 21:45:54 ----A---- C:\Windows\system32\jscript9.dll
    2015-08-16 21:45:54 ----A---- C:\Windows\system32\jscript.dll
    2015-08-16 21:45:53 ----A---- C:\Windows\system32\msrating.dll
    2015-08-16 21:45:53 ----A---- C:\Windows\system32\MshtmlDac.dll
    2015-08-16 21:45:04 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
    2015-08-16 21:45:04 ----A---- C:\Windows\SYSWOW64\davclnt.dll
    2015-08-16 21:45:04 ----A---- C:\Windows\system32\WebClnt.dll
    2015-08-16 21:45:04 ----A---- C:\Windows\system32\davclnt.dll
    2015-08-16 21:45:01 ----A---- C:\Windows\system32\msxml3.dll
    2015-08-16 21:45:00 ----A---- C:\Windows\SYSWOW64\msxml6.dll
    2015-08-16 21:45:00 ----A---- C:\Windows\SYSWOW64\msxml3.dll
    2015-08-16 21:45:00 ----A---- C:\Windows\system32\msxml6.dll
    2015-08-16 21:44:59 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
    2015-08-16 21:44:59 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
    2015-08-16 21:44:59 ----A---- C:\Windows\system32\msxml6r.dll
    2015-08-16 21:44:59 ----A---- C:\Windows\system32\msxml3r.dll
    2015-08-16 21:44:56 ----A---- C:\Windows\SYSWOW64\DWrite.dll
    2015-08-16 21:44:56 ----A---- C:\Windows\system32\win32k.sys
    2015-08-16 21:44:56 ----A---- C:\Windows\system32\FntCache.dll
    2015-08-16 21:44:56 ----A---- C:\Windows\system32\DWrite.dll
    2015-08-16 21:44:56 ----A---- C:\Windows\system32\atmfd.dll
    2015-08-16 21:44:55 ----A---- C:\Windows\SYSWOW64\atmfd.dll
    2015-08-16 21:44:53 ----A---- C:\Windows\system32\lpk.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\lpk.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\fontsub.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\dciman32.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\atmlib.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\system32\fontsub.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\system32\dciman32.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\system32\d3d10warp.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\system32\atmlib.dll
    2015-08-16 21:44:48 ----A---- C:\Windows\SYSWOW64\notepad.exe
    2015-08-16 21:44:48 ----A---- C:\Windows\system32\notepad.exe
    2015-08-16 21:44:48 ----A---- C:\Windows\notepad.exe
    2015-08-16 21:44:45 ----A---- C:\Windows\system32\shell32.dll
    2015-08-16 21:44:44 ----A---- C:\Windows\SYSWOW64\shell32.dll
    2015-08-16 21:43:57 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
    2015-08-16 21:43:57 ----A---- C:\Windows\SYSWOW64\wuapi.dll
    2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuwebv.dll
    2015-08-16 21:43:57 ----A---- C:\Windows\system32\wucltux.dll
    2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuaueng.dll
    2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuauclt.exe
    2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuapi.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\SYSWOW64\wups.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\SYSWOW64\wudriver.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\SYSWOW64\wuapp.exe
    2015-08-16 21:43:56 ----A---- C:\Windows\system32\wups2.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\system32\wups.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\system32\wudriver.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\system32\wuapp.exe
    2015-08-16 21:43:56 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\system32\WinSetupUI.dll
    2015-08-16 21:24:19 ----HD---- C:\$Windows.~BT
    2015-08-16 21:07:57 ----ASH---- C:\pagefile.sys
    2015-08-16 21:07:54 ----ASH---- C:\hiberfil.sys
    2015-08-16 20:54:21 ----D---- C:\$SysReset
    2015-08-10 00:06:22 ----SHD---- C:\Recovery
    2015-07-29 19:46:46 ----D---- C:\Program Files\Common Files\AV
     
    ======List of files/folders modified in the last 1 month======
     
    2015-08-23 01:59:17 ----D---- C:\Program Files\trend micro
    2015-08-23 01:58:59 ----D---- C:\Windows\Temp
    2015-08-23 01:57:23 ----D---- C:\Windows\system32\config
    2015-08-23 01:52:58 ----D---- C:\Windows\system32\drivers
    2015-08-22 15:04:28 ----HD---- C:\ProgramData
    2015-08-22 15:04:26 ----D---- C:\Program Files (x86)\Common Files
    2015-08-22 15:04:26 ----D---- C:\Program Files (x86)\Android Resource Navigator
    2015-08-22 14:42:29 ----RD---- C:\Program Files (x86)
    2015-08-22 13:59:28 ----D---- C:\Windows\system32\Tasks
    2015-08-22 12:48:34 ----D---- C:\Windows\system32\FxsTmp
    2015-08-21 12:09:19 ----D---- C:\Windows\system32\drivers\etc
    2015-08-21 10:23:07 ----D---- C:\Windows\winsxs
    2015-08-21 10:20:56 ----SD---- C:\Windows\system32\CompatTel
    2015-08-21 10:20:56 ----D---- C:\Windows\SysWOW64
    2015-08-21 10:20:56 ----D---- C:\Windows\system32\appraiser
    2015-08-21 10:20:56 ----D---- C:\Windows\System32
    2015-08-21 10:20:56 ----D---- C:\Windows\AppPatch
    2015-08-21 10:19:25 ----SHD---- C:\System Volume Information
    2015-08-21 00:06:16 ----D---- C:\Windows
    2015-08-20 21:25:01 ----SHD---- C:\Windows\Installer
    2015-08-20 21:21:44 ----D---- C:\Program Files (x86)\Google
    2015-08-20 21:20:53 ----D---- C:\Windows\Tasks
    2015-08-20 21:04:32 ----D---- C:\Windows\inf
    2015-08-20 21:04:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2015-08-20 20:57:17 ----D---- C:\Windows\pss
    2015-08-20 19:44:27 ----D---- C:\Windows\rescache
    2015-08-20 18:55:27 ----D---- C:\Windows\Microsoft.NET
    2015-08-20 18:54:31 ----RSD---- C:\Windows\assembly
    2015-08-17 07:07:29 ----D---- C:\Boot
    2015-08-17 06:58:11 ----RSD---- C:\Windows\Media
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\zh-TW
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\zh-HK
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\zh-CN
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\tr-TR
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\sv-SE
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\ru-RU
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\pt-PT
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\pt-BR
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\pl-PL
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\nb-NO
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\migration
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\ko-KR
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\ja-JP
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\it-IT
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\hu-HU
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\fr-FR
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\fi-FI
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\es-ES
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\el-GR
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\de-DE
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\da-DK
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\cs-CZ
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\color
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\BioAPIFFDB
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\Atheros_L1e
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\Adobe
    2015-08-17 06:58:07 ----D---- C:\Windows\system32\zh-TW
    2015-08-17 06:58:07 ----D---- C:\Windows\system32\zh-HK
    2015-08-17 06:58:07 ----D---- C:\Windows\system32\zh-CN
    2015-08-17 06:58:07 ----D---- C:\Windows\system32\tr-TR
    2015-08-17 06:58:07 ----D---- C:\Windows\system32\sv-SE
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\ru-RU
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\pt-PT
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\pt-BR
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\pl-PL
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\NDF
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\nb-NO
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\migration
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\ko-KR
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\ja-JP
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\it-IT
    2015-08-17 06:58:03 ----DC---- C:\Windows\system32\DRVSTORE
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\hu-HU
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\fr-FR
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\fi-FI
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\es-ES
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\el-GR
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\de-DE
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\da-DK
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\cs-CZ
    2015-08-17 06:58:02 ----D---- C:\Windows\system32\appmgmt
    2015-08-17 06:58:02 ----D---- C:\Windows\ShellNew
    2015-08-17 06:58:01 ----D---- C:\Windows\PolicyDefinitions
    2015-08-17 06:58:00 ----D---- C:\Windows\nl
    2015-08-17 06:58:00 ----D---- C:\Windows\LiveKernelReports
    2015-08-17 06:57:56 ----RSD---- C:\Windows\Fonts
    2015-08-17 06:57:56 ----D---- C:\Windows\Downloaded Program Files
    2015-08-17 06:57:56 ----D---- C:\Windows\DigitalLocker
    2015-08-17 06:57:55 ----SD---- C:\ProgramData\Microsoft
    2015-08-17 06:57:52 ----D---- C:\Program Files (x86)\MSBuild
    2015-08-17 06:57:52 ----D---- C:\Program Files (x86)\Microsoft.NET
    2015-08-17 06:57:51 ----RD---- C:\Program Files
    2015-08-17 06:57:51 ----D---- C:\Program Files\Common Files\System
    2015-08-17 06:57:51 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2015-08-17 06:57:50 ----D---- C:\Windows\system32\Recovery
    2015-08-17 06:57:50 ----D---- C:\Program Files\Common Files
    2015-08-17 06:57:48 ----SD---- C:\Users\Windows7\AppData\Roaming\Microsoft
    2015-08-16 22:13:23 ----D---- C:\Windows\SYSWOW64\nl-NL
    2015-08-16 22:13:23 ----D---- C:\Windows\SYSWOW64\en-US
    2015-08-16 22:13:22 ----D---- C:\Windows\system32\nl-NL
    2015-08-16 22:13:22 ----D---- C:\Windows\system32\en-US
    2015-08-16 22:13:22 ----D---- C:\Windows\system32\drivers\nl-NL
    2015-08-16 22:13:22 ----D---- C:\Windows\system32\drivers\en-US
    2015-08-16 22:13:04 ----D---- C:\Program Files\Internet Explorer
    2015-08-16 22:12:58 ----D---- C:\Program Files (x86)\Internet Explorer
    2015-08-16 22:04:25 ----D---- C:\ProgramData\Microsoft Help
    2015-08-16 22:04:12 ----A---- C:\Windows\win.ini
    2015-08-16 22:03:47 ----D---- C:\Windows\system32\catroot2
    2015-08-16 21:41:49 ----D---- C:\Windows\Panther
    2015-08-15 21:31:11 ----D---- C:\Users\Windows7\AppData\Roaming\Spotify
    2015-08-15 20:38:54 ----D---- C:\Program Files (x86)\1Password 4
    2015-08-15 19:14:33 ----D---- C:\Program Files\Microsoft Silverlight
    2015-08-15 19:14:33 ----D---- C:\Program Files (x86)\Microsoft Silverlight
    2015-08-15 19:04:11 ----A---- C:\Windows\system32\MRT.exe
    2015-08-15 18:46:05 ----D---- C:\Users\Windows7\AppData\Roaming\Identities
    2015-08-09 14:34:49 ----D---- C:\Windows\registration
    2015-08-09 13:27:10 ----RASH---- C:\BOOTSECT.BAK
    2015-07-29 19:46:43 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-07-29 19:38:37 ----D---- C:\Windows\Logs
    2015-07-25 17:34:03 ----D---- C:\Program Files\CCleaner
    2015-07-25 16:48:03 ----SD---- C:\Windows\system32\GWX
     
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
     
    R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376]
    R0 RapportHades64;RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [2015-07-29 139896]
    R0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2015-07-29 394584]
    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
    R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
    R1 RapportCerberus_1507063;RapportCerberus_1507063; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507063.sys [2015-08-20 958232]
    R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-07-29 500088]
    R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-07-29 489240]
    R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
    R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
    R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-06-18 25816]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2011-02-17 2153072]
    S1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys []
    S1 GLogin;GLogin; C:\Windows\system32\drivers\GLogin.sys []
    S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
    S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-06-18 63704]
    S3 netr28ux;Sweex Wireless USB Adapter Driver; C:\Windows\system32\DRIVERS\netr28ux.sys [2010-07-27 1241952]
    S3 NMgamingmsFltr;USB Optical Mouse; C:\Windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]
    S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
    S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2011-08-11 694376]
    S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
    S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
    S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
    S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
    S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
    S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
    S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
    S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
     
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
     
    R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
    R2 CCALib8;Canon Camera Access Library 8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
    R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
    R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
    R2 EpsonScanSvc;Epson Scanner Service; C:\Windows\system32\EscSvc64.exe [2011-12-12 135824]
    R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816]
    R2 PasswordBox;PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-05-14 67584]
    R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-07-29 2255128]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
    R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2011-02-17 27760]
    R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
    R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544]
    R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
    S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20 144200]
    S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14 268976]
    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
    S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20 144200]
    S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-16 114688]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
    S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-02-02 1255736]
    S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
    S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
    S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
    S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
     
    -----------------EOF-----------------

    gravity space en its result hub

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Bijgaand het MBAM logbestand:

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scandatum: 22-8-2015
    Scantijd: 14:44
    Logboekbestand: MBAM Scanlog.txt
    Beheerder: Ja
     
    Versie: 2.1.8.1057
    Malware-database: v2015.08.22.02
    Rootkit-database: v2015.08.16.01
    Licentie: Gratis
    Malware-bescherming: Uitgeschakeld
    Bescherming tegen kwaadaardige websites: Uitgeschakeld
    Zelfbescherming: Uitgeschakeld
     
    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: Windows7
     
    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten gescand: 349411
    Verstreken tijd: 18 min, 47 sec
     
    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld
     
    Processen: 0
    (Geen kwaadaardige items gedetecteerd)
     
    Modules: 0
    (Geen kwaadaardige items gedetecteerd)
     
    Registersleutels: 3
    PUP.Optional.GravitySpace.A, HKLM\SOFTWARE\WOW6432NODE\GravitySpace, In quarantaine, [3f9b3ecd4b40211579611a05c340926e], 
    PUP.Optional.ItsResultsHub.A, HKLM\SOFTWARE\WOW6432NODE\ItsResultsHub, In quarantaine, [37a363a8becd1521f5fd882a7094916f], 
    PUP.Optional.Conduit.A, HKU\S-1-5-21-1869362604-1768435415-2293966079-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{951AA42A-7E13-44E8-9D49-B9609A3CB09D}, In quarantaine, [a13982897f0c0432e7e2bc69e71c1ce4], 
     
    Registerwaarden: 3
    PUP.Optional.Conduit.A, HKU\S-1-5-21-1869362604-1768435415-2293966079-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{951AA42A-7E13-44E8-9D49-B9609A3CB09D}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN38681808413092588&UM=2, In quarantaine, [a13982897f0c0432e7e2bc69e71c1ce4]
    PUP.Optional.Conduit.A, HKU\S-1-5-21-1869362604-1768435415-2293966079-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{951AA42A-7E13-44E8-9D49-B9609A3CB09D}|SuggestionsURL_JSON, http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, In quarantaine, [0fcb6ba0a5e674c2b8110a1b55aea55b]
    PUP.Optional.Conduit.A, HKU\S-1-5-21-1869362604-1768435415-2293966079-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{951AA42A-7E13-44E8-9D49-B9609A3CB09D}|FaviconURL, http://search.conduit.com/favicon.ico, In quarantaine, [b624fe0d1d6ea78f0abf0e174cb7d828]
     
    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)
     
    Mappen: 46
    PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb, In quarantaine, [b723e922ef9c89ad1628307351b3a759], 
    PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater, In quarantaine, [b723e922ef9c89ad1628307351b3a759], 
    PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a, In quarantaine, [e5f5c249b0db87aff747772c5ea6768a], 
    PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a\updater, In quarantaine, [e5f5c249b0db87aff747772c5ea6768a], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\10, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\10bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12\resources, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12bak\resources, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\2, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\2bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\3, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\3bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\4, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\4bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\5, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\5bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7\resources, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7bak\resources, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\8, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\8bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugincontainer, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\10, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\10bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\2, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\2bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\5, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\5bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\6, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\6bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\resources, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7bak\resources, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\8, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\8bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
     
    Bestanden: 65
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer.bak, In quarantaine, [eeec8e7deba032045a985f2b7a8b16ea], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer.exe, In quarantaine, [e7f3f4179eed95a11ad8c4c6d035d22e], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\10\Plugin.exe, In quarantaine, [fedc5caf1b7062d4bf33b5d52ed7a15f], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\10bak\Plugin.exe, In quarantaine, [b327fe0d6c1fa88efdf56e1c8e77f10f], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12\Plugin.exe, In quarantaine, [31a9a665553674c24aa8eb9fc83de21e], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12\resources\plugin.dll, In quarantaine, [24b621eae4a7a59124cefb8f848158a8], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12bak\Plugin.exe, In quarantaine, [d505ac5f9cef3204b53d24662bdaa45c], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12bak\resources\plugin.dll, In quarantaine, [dbffda31d2b90531866c7b0fd23304fc], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\2\Plugin.exe, In quarantaine, [13c76e9dc8c388ae2bc7f09a6d9833cd], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\2bak\Plugin.exe, In quarantaine, [36a4f417ef9cdd59876b0a80a85d2ed2], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\3\Plugin.exe, In quarantaine, [9545d338800b211509e9d7b33bcaf40c], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\3bak\Plugin.exe, In quarantaine, [e4f654b73556cc6af5fdec9ea26307f9], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\4\Plugin.exe, In quarantaine, [35a524e7f398fb3b5c96ee9cd1349e62], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\4bak\Plugin.exe, In quarantaine, [af2bef1c4e3dae8829c998f212f3ec14], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\5\Plugin.exe, In quarantaine, [77636f9c6a2164d28f636c1edf261de3], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\5bak\Plugin.exe, In quarantaine, [b4262fdcf3986accea082664bc49857b], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7\Plugin.exe, In quarantaine, [3d9de72436552c0a20d2d7b3ad58da26], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7\resources\38.0.5.dll, In quarantaine, [6f6bfd0e355642f45d95d3b7de27c838], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7\resources\39.0.0.dll, In quarantaine, [1bbf84872863b581b83a4545bb4a42be], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7\resources\40.0.0.dll, In quarantaine, [a6348487731872c482702763b3523ec2], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7bak\Plugin.exe, In quarantaine, [78629e6db4d741f59a58058514f17090], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7bak\resources\38.0.5.dll, In quarantaine, [2baf7f8c6328e45247ab325827de5ca4], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7bak\resources\39.0.0.dll, In quarantaine, [776355b63a51e94d07ebe6a4a4612cd4], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7bak\resources\40.0.0.dll, In quarantaine, [26b4fc0f94f7300690624941db2ad927], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\8\Plugin.exe, In quarantaine, [4e8c68a3c2c99a9c5e94cebc6a9b18e8], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\8bak\Plugin.exe, In quarantaine, [6c6ef01b058671c5638ff694ca3bdd23], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugincontainer.bak, In quarantaine, [825854b7246788aeaf52f49920e53bc5], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugincontainer.exe, In quarantaine, [23b734d7d8b3f0461ee3721b6e9746ba], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\10\Plugin.exe, In quarantaine, [984230db8ffcf6405aa7eca131d4f010], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\10bak\Plugin.exe, In quarantaine, [2ab0c942cfbcc175778a0588f70e21df], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\2\Plugin.exe, In quarantaine, [14c60b00bfccfb3b5ea33e4f897c6d93], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\2bak\Plugin.exe, In quarantaine, [677312f9d1ba0f27fc05f895e71ecb35], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3\Plugin.exe, In quarantaine, [ac2e76957c0fa19509f81d701ee7c838], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3bak\Plugin.exe, In quarantaine, [fedc4ac1c0cbd85e09f86d2039cc14ec], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\5\Plugin.exe, In quarantaine, [10ca818a107b7eb85ea35f2eab5a41bf], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\5bak\Plugin.exe, In quarantaine, [edede328bbd01f17827f721bb64fd828], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\6\Plugin.exe, In quarantaine, [01d9dc2f8ffccb6b20e1e1ac1beabb45], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\6bak\Plugin.exe, In quarantaine, [499167a4bdce280ed8295c31788d57a9], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\Plugin.exe, In quarantaine, [b4262ae11279f6407a87731a897c8779], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\resources\38.0.5.dll, In quarantaine, [5b7fcc3fc3c8cd698c75dbb233d2f10f], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\resources\39.0.0.dll, In quarantaine, [736724e733583df9d0318c0164a129d7], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\resources\40.0.0.dll, In quarantaine, [0bcf000b82091f17679afc917293ff01], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7bak\Plugin.exe, In quarantaine, [03d7ab60fb9058decc35e8a59d680df3], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7bak\resources\38.0.5.dll, In quarantaine, [4a90b358b6d55ed820e199f47a8b4bb5], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7bak\resources\39.0.0.dll, In quarantaine, [756532d9424938fe3fc2cbc2a4617e82], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7bak\resources\40.0.0.dll, In quarantaine, [1bbf010afe8d74c2758c721be2236b95], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\8\Plugin.exe, In quarantaine, [8357bc4fef9c1422fc056924937212ee], 
    PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\8bak\Plugin.exe, In quarantaine, [e3f75bb063281c1aa160f7969174837d], 
    PUP.Optional.Multiplug.A, C:\Program Files (x86)\Android Resource Navigator\Android Resource Navigator.exe, In quarantaine, [9644b952cbc069cd19ea8befa65bc53b], 
    PUP.Optional.GravitySpace.A, C:\Users\Windows7\AppData\Local\Temp\{386A8078-9B0C-4E21-AF9C-0763C4143330}.dll, In quarantaine, [be1c8784bfcc6dc9935f04862bda22de], 
    PUP.Optional.GravitySpace.A, C:\Users\Windows7\AppData\Local\Temp\{A68B0999-E601-42FA-B937-E3257121D458}.dll, In quarantaine, [d802e92257342e08ad45f1997f8617e9], 
    PUP.Optional.GravitySpace.A, C:\Users\Windows7\AppData\Local\Temp\{AD002073-2619-498A-9649-D83E0DCEB12A}.dll, In quarantaine, [0ccebe4dfc8f03334ca6deac09fc2bd5], 
    PUP.Optional.GravitySpace.A, C:\Users\Windows7\AppData\Local\Temp\{BE7CBEB9-9C0A-48ED-89FB-3A974B872CD9}.dll, In quarantaine, [27b3fc0f5c2fe15548aa1674c34256aa], 
    PUP.Optional.GravitySpace.A, C:\Users\Windows7\AppData\Local\Temp\{DCD9AC96-E60D-4F14-B793-B29FDD1D65D9}.dll, In quarantaine, [16c4da315e2d95a11cd69febc243d32d], 
    PUP.Optional.GravitySpace.A, C:\Users\Windows7\AppData\Local\Temp\{FBE0EE50-EF8A-4BA6-81BA-F5F399FE0272}.dll, In quarantaine, [81591cef1e6dad893cb608829a6b34cc], 
    PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater.exe, In quarantaine, [b723e922ef9c89ad1628307351b3a759], 
    PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater.bak, In quarantaine, [b723e922ef9c89ad1628307351b3a759], 
    PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a\updater.exe, In quarantaine, [e5f5c249b0db87aff747772c5ea6768a], 
    PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a\updater.bak, In quarantaine, [e5f5c249b0db87aff747772c5ea6768a], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\temp, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12.zip, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\2.zip, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\4.zip, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\8.zip, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], 
    PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\temp, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], 
     
    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)

    gravity space en its result hub

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Bijgaand het logbestand:

     

    # AdwCleaner v5.003 - Logbestand aangemaakt 22/08/2015 op 13:55:26
    # Laatste update 20/08/2015 door Xplode
    # Database : 2015-08-20.1 [server]
    # Besturingssysteem : Windows 7 Ultimate Service Pack 1 (x64)
    # Gebruikersnaam : Windows7 - WINDOWS7-PC
    # Gestart vanuit : C:\Users\Windows7\Downloads\adwcleaner_5.003.exe
    # Optie : Verwijderen
     
    ***** [ Services ] *****
     
    [-] Service Verwijderd : Service Mgr GravitySpace
    [-] Service Verwijderd : Service Mgr ItsResultsHub
    [-] Service Verwijderd : Update Mgr GravitySpace
    [-] Service Verwijderd : Update Mgr ItsResultsHub
    [-] Service Verwijderd : ba96e052
     
    ***** [ Mappen ] *****
     
    [-] Map Verwijderd : C:\Program Files (x86)\DealExpreess
    [-] Map Verwijderd : C:\Program Files (x86)\Gravity Space
    [-] Map Verwijderd : C:\Program Files (x86)\Its Results Hub
    [-] Map Verwijderd : C:\ProgramData\Conduit
    [-] Map Verwijderd : C:\ProgramData\Tarma Installer
    [-] Map Verwijderd : C:\ProgramData\Innovative Solutions
    [-] Map Verwijderd : C:\ProgramData\9362275760275399918
    [-] Map Verwijderd : C:\ProgramData\{29248ef6-e2ae-4fb9-2924-48ef6e2a3bdb}
    [-] Map Verwijderd : C:\ProgramData\{e66a1256-a48f-ba52-e66a-a1256a48495a}
    [-] Map Verwijderd : C:\ProgramData\{f2250c9f-26f3-fc3d-f225-50c9f26f327c}
    [-] Map Verwijderd : C:\ProgramData\{f29e2a13-9ed9-d039-f29e-e2a139eda84e}
    [-] Map Verwijderd : C:\Users\Windows7\AppData\Local\AVG Secure Search
    [-] Map Verwijderd : C:\Users\Windows7\AppData\Local\Innovative Solutions
    [-] Map Verwijderd : C:\Users\Windows7\AppData\LocalLow\Conduit
    [-] Map Verwijderd : C:\Users\Windows7\AppData\LocalLow\PriceGong
    [-] Map Verwijderd : C:\Users\Windows7\AppData\Roaming\OpenCandy
     
    ***** [ Bestanden ] *****
     
     
    ***** [ Snelkoppelingen ] *****
     
     
    ***** [ geplande taken ] *****
     
    [-] Taak Verwidjerd : Express FilesUpdate
     
    ***** [ Register ] *****
     
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\Prod.cap
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\speedupmypc
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\ffe234b3-ae3a-7f66-5965-f0d45f30d325
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{14df11ed}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ba96e052}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    [!] Sleutel Niet Verwidjerd : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{99415057-7C50-439D-AA20-02D83C071B61}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{2a361efd-fb26-4d2c-82ef-2535d46b8c07}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{8788dd2d-bed5-4071-8439-c822cef57bc8}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\TypeLib\{5DEBC66A-136E-4F2C-84CC-8A984EBA1195}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\TypeLib\{829DD016-D322-481B-8BA3-10064B09EAC4}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\TypeLib\{67B87BDE-141A-4CB3-AC00-49501C139D4A}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\TypeLib\{F895EF08-C980-4DFC-A0C8-C40E25D66ADF}
    [-] Sleutel Verwidjerd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    [-] Sleutel Verwidjerd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Sleutel Verwidjerd : HKCU\Software\AppDataLow\Software\Conduit
    [-] Sleutel Verwidjerd : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    [-] Sleutel Verwidjerd : HKCU\Software\AppDataLow\Software\PriceGong
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Conduit
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Uniblue
    [!] Sleutel Niet Verwidjerd : HKLM\SOFTWARE\Uniblue\DriverScanner
    [-] Sleutel Verwidjerd : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    [-] Sleutel Verwidjerd : [x64] HKLM\SOFTWARE\Tarma Installer
     
    ***** [ Internetbrowsers ] *****
     
    [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : start.facemoods.com
    [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : r
    [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : toolbar.ask.com
    [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : search.conduit.com
    [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : isearch.avg.com
    [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : search.babylon.com
    [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : utorrent.nl.softonic.com
     
    *************************
     
    :: Proxy instellingen gereset
    :: Winsock instellingen gereset
    :: Chrome policies verwijderd
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5883 bytes] ##########

    gravity space en its result hub

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Bijgaand het logbestand:

     

     

    Logfile of random's system information tool 1.10 (written by random/random)
    Run by Windows7 at 2015-08-21 15:02:21
    Microsoft Windows 7 Ultimate  Service Pack 1
    System drive C: has 57 GB (48%) free of 119 GB
    Total RAM: 3837 MB (54% free)
     
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:02:34, on 21-8-2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17937)
    Boot mode: Normal
     
    Running processes:
    C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\plugin.exe
    C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3\plugin.exe
    C:\Program Files\trend micro\Windows7.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [spybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file)
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: Service Mgr GravitySpace - Unknown owner - C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer.exe
    O23 - Service: Service Mgr ItsResultsHub - Unknown owner - C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugincontainer.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Update Mgr GravitySpace - Unknown owner - C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater.exe
    O23 - Service: Update Mgr ItsResultsHub - Unknown owner - C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a\updater.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
     
    --
    End of file - 9822 bytes
     
    ======Listing Processes======
     
     
     
    \SystemRoot\System32\smss.exe
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    wininit.exe
    winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    "C:\Program Files\Microsoft Security Client\MsMpEng.exe"
    "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
     
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
    "taskhost.exe"
    taskeng.exe {C224045E-9219-4873-A700-1015A5DB18FC}
    "C:\Windows\system32\Dwm.exe"
    C:\Windows\Explorer.EXE
    "C:\Windows\System32\igfxtray.exe" 
    "C:\Windows\System32\hkcmd.exe" 
    "C:\Windows\System32\igfxpers.exe" 
    "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
    "C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe" 
    C:\Windows\System32\svchost.exe -k utcsvc
    "C:\Program Files (x86)\PasswordBox\pbbtnService.exe"
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
    "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
    "C:\Windows\system32\GWX\GWX.exe" 
    "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugincontainer.exe"
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    "C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe" -services -injection-server
    "C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater.exe"
    "C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a\updater.exe"
    C:\Windows\system32\viakaraokesrv.exe
    "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
    WLIDSvcM.exe 2664
    "C:\Program Files (x86)\Canon\CAL\CALMAIN.exe"
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\EscSvc64.exe
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\SearchIndexer.exe /Embedding
    "C:\Program Files\Microsoft Security Client\NisSrv.exe"
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-df44b463-1e02-423b-b923-d63e0e993532 -SystemEventPortName:HostProcess-aa644b8b-4303-4c01-b695-a0739716f5aa -IoCancelEventPortName:HostProcess-a45469d6-6b03-4f69-9584-b265221e3169 -NonStateChangingEventPortName:HostProcess-ef6b513c-6628-4778-8696-535d534ca7c3 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:dc3c264f-6a9c-41f8-88f5-2ce8ea95874b -DeviceGroupId:WpdFsGroup
    "C:\Program Files\Windows Media Player\wmpnetwk.exe"
    C:\Windows\system32\wbem\wmiprvse.exe
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" 
    "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --profile-directory=Default
    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4268.0.903073285\815527494" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,9,22,45 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x2e32 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2302 --ignored=" --type=renderer " /prefetch:822062411
    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_31/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4268.1.25992095\1455480068" --font-cache-shared-handle=2024 /prefetch:673131151
    "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\10\plugin.exe"
    "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\6\plugin.exe"
    "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\5\plugin.exe"
    "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\8\plugin.exe"
    "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\2\plugin.exe"
    "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3\plugin.exe"
    "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\plugin.exe" u
    "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\plugin.exe"
    "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3\plugin.exe"
    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Enabled/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_31/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4268.4.1957876780\195253755" --font-cache-shared-handle=2464 /prefetch:673131151
    "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
    "C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516 
    "C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer.exe"
    "C:\Users\Windows7\Downloads\RSITx64.exe" 
    "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
     
    ======Scheduled tasks folder======
     
    C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  
    C:\Windows\tasks\AutoKMS.job - C:\Windows\AutoKMS\AutoKMS.exe  
    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 
    C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0db7d54cc35d1.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 
    C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0db7d5525056a.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 
     
    ======Registry dump======
     
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328]
    "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584]
    "Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304]
    "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000]
     
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
    "Spotify Web Helper"=C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-08-15 2018360]
    "SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
     
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
    C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-08-15 2018360]
     
    [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2011-02-22 3019376]
    ""= []
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=" "
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\Windows\system32\igfxdev.dll [2011-02-11 272896]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
     
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=credssp.dll
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
     
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorAdmin"=5
    "ConsentPromptBehaviorUser"=3
    "EnableUIADesktopToggle"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
     
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "ForceActiveDesktopOn"=0
     
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
     
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "vidc.mrle"=msrle32.dll
    "vidc.msvc"=msvidc32.dll
    "msacm.imaadpcm"=imaadp32.acm
    "msacm.msg711"=msg711.acm
    "msacm.msgsm610"=msgsm32.acm
    "msacm.msadpcm"=msadp32.acm
    "midimapper"=midimap.dll
    "wavemapper"=msacm32.drv
    "vidc.uyvy"=msyuv.dll
    "vidc.yuy2"=msyuv.dll
    "vidc.yvyu"=msyuv.dll
    "vidc.iyuv"=iyuv_32.dll
    "vidc.i420"=iyuv_32.dll
    "vidc.yvu9"=tsbyuv.dll
    "msacm.l3acm"=l3codecp.acm
    "VIDC.LAGS"=lagarith.dll
    "VIDC.FFDS"=ff_vfw.dll
    "wave"=wdmaud.drv
    "midi"=wdmaud.drv
    "mixer"=wdmaud.drv
    "aux"=wdmaud.drv
     
    ======File associations======
     
    .js - edit - C:\Windows\System32\Notepad.exe %1
    .js - open - C:\Windows\System32\WScript.exe "%1" %*
     
    ======List of files/folders created in the last 1 month======
     
    2015-08-21 14:59:06 ----D---- C:\Program Files (x86)\Its Results Hub
    2015-08-21 14:59:06 ----D---- C:\Program Files (x86)\Gravity Space
    2015-08-21 10:19:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll
    2015-08-21 10:19:35 ----A---- C:\Windows\system32\mshtml.dll
    2015-08-21 00:15:18 ----A---- C:\Windows\system32\appraiser.dll
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\invagent.dll
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\generaltel.dll
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\devinv.dll
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\CompatTelRunner.exe
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\aepdu.dll
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\aeinv.dll
    2015-08-21 00:15:17 ----A---- C:\Windows\system32\acmigration.dll
    2015-08-16 22:03:24 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-08-16 22:03:24 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-08-16 21:49:19 ----A---- C:\Windows\system32\mstscax.dll
    2015-08-16 21:49:18 ----A---- C:\Windows\SYSWOW64\mstscax.dll
    2015-08-16 21:49:17 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
    2015-08-16 21:49:17 ----A---- C:\Windows\system32\rdvidcrl.dll
    2015-08-16 21:49:16 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
    2015-08-16 21:49:16 ----A---- C:\Windows\system32\wksprt.exe
    2015-08-16 21:49:16 ----A---- C:\Windows\system32\tsgqec.dll
    2015-08-16 21:48:55 ----A---- C:\Windows\system32\ntoskrnl.exe
    2015-08-16 21:48:55 ----A---- C:\Windows\system32\ntdll.dll
    2015-08-16 21:48:55 ----A---- C:\Windows\system32\kernel32.dll
    2015-08-16 21:48:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
    2015-08-16 21:48:54 ----A---- C:\Windows\SYSWOW64\ntdll.dll
    2015-08-16 21:48:54 ----A---- C:\Windows\system32\sysmain.dll
    2015-08-16 21:48:53 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
    2015-08-16 21:48:53 ----A---- C:\Windows\system32\drivers\mountmgr.sys
    2015-08-16 21:48:52 ----A---- C:\Windows\SYSWOW64\kernel32.dll
    2015-08-16 21:48:52 ----A---- C:\Windows\system32\wow64.dll
    2015-08-16 21:48:52 ----A---- C:\Windows\system32\rstrui.exe
    2015-08-16 21:48:52 ----A---- C:\Windows\system32\lsasrv.dll
    2015-08-16 21:48:52 ----A---- C:\Windows\system32\KernelBase.dll
    2015-08-16 21:48:51 ----A---- C:\Windows\SYSWOW64\kerberos.dll
    2015-08-16 21:48:51 ----A---- C:\Windows\system32\winsrv.dll
    2015-08-16 21:48:51 ----A---- C:\Windows\system32\srcore.dll
    2015-08-16 21:48:51 ----A---- C:\Windows\system32\rpcrt4.dll
    2015-08-16 21:48:51 ----A---- C:\Windows\system32\kerberos.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\SYSWOW64\schannel.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\system32\wdigest.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\system32\schannel.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\system32\msv1_0.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\system32\csrsrv.dll
    2015-08-16 21:48:49 ----A---- C:\Windows\system32\conhost.exe
    2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\wdigest.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\TSpkg.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\sspicli.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\smss.exe
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\ncrypt.dll
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\lsass.exe
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
    2015-08-16 21:48:48 ----A---- C:\Windows\system32\drivers\ksecdd.sys
    2015-08-16 21:48:47 ----A---- C:\Windows\SYSWOW64\srclient.dll
    2015-08-16 21:48:47 ----A---- C:\Windows\SYSWOW64\setup16.exe
    2015-08-16 21:48:47 ----A---- C:\Windows\SYSWOW64\auditpol.exe
    2015-08-16 21:48:47 ----A---- C:\Windows\system32\srclient.dll
    2015-08-16 21:48:47 ----A---- C:\Windows\system32\ntvdm64.dll
    2015-08-16 21:48:47 ----A---- C:\Windows\system32\cryptbase.dll
    2015-08-16 21:48:47 ----A---- C:\Windows\system32\auditpol.exe
    2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\secur32.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\credssp.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\system32\wow64win.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\system32\sspisrv.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\system32\secur32.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\system32\msmmsp.dll
    2015-08-16 21:48:46 ----A---- C:\Windows\system32\credssp.dll
    2015-08-16 21:48:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-08-16 21:48:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-08-16 21:48:45 ----A---- C:\Windows\SYSWOW64\wow32.dll
    2015-08-16 21:48:45 ----A---- C:\Windows\SYSWOW64\sspicli.dll
    2015-08-16 21:48:45 ----A---- C:\Windows\system32\wow64cpu.dll
    2015-08-16 21:48:45 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
    2015-08-16 21:48:45 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
    2015-08-16 21:48:45 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-08-16 21:48:42 ----A---- C:\Windows\SYSWOW64\instnm.exe
    2015-08-16 21:48:42 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
    2015-08-16 21:48:42 ----A---- C:\Windows\system32\apisetschema.dll
    2015-08-16 21:48:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-08-16 21:48:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-08-16 21:48:41 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-08-16 21:48:41 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-08-16 21:48:41 ----A---- C:\Windows\SYSWOW64\user.exe
    2015-08-16 21:48:41 ----A---- C:\Windows\SYSWOW64\adtschema.dll
    2015-08-16 21:48:41 ----A---- C:\Windows\system32\adtschema.dll
    2015-08-16 21:48:40 ----A---- C:\Windows\SYSWOW64\msobjs.dll
    2015-08-16 21:48:40 ----A---- C:\Windows\SYSWOW64\msaudite.dll
    2015-08-16 21:48:40 ----A---- C:\Windows\system32\msobjs.dll
    2015-08-16 21:48:40 ----A---- C:\Windows\system32\msaudite.dll
    2015-08-16 21:47:20 ----A---- C:\Windows\system32\basesrv.dll
    2015-08-16 21:46:09 ----A---- C:\Windows\SYSWOW64\iernonce.dll
    2015-08-16 21:46:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
    2015-08-16 21:46:09 ----A---- C:\Windows\system32\iertutil.dll
    2015-08-16 21:46:09 ----A---- C:\Windows\system32\ieetwcollector.exe
    2015-08-16 21:46:08 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
    2015-08-16 21:46:08 ----A---- C:\Windows\SYSWOW64\iertutil.dll
    2015-08-16 21:46:08 ----A---- C:\Windows\system32\ieetwproxystub.dll
    2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\vbscript.dll
    2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll
    2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
    2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
    2015-08-16 21:46:07 ----A---- C:\Windows\system32\iernonce.dll
    2015-08-16 21:46:07 ----A---- C:\Windows\system32\ie4uinit.exe
    2015-08-16 21:46:06 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
    2015-08-16 21:46:06 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
    2015-08-16 21:46:06 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-08-16 21:46:05 ----A---- C:\Windows\SYSWOW64\iesetup.dll
    2015-08-16 21:46:05 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
    2015-08-16 21:46:05 ----A---- C:\Windows\system32\iedkcs32.dll
    2015-08-16 21:46:04 ----A---- C:\Windows\system32\urlmon.dll
    2015-08-16 21:46:04 ----A---- C:\Windows\system32\ieetwcollectorres.dll
    2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
    2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
    2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\jscript.dll
    2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
    2015-08-16 21:46:03 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-08-16 21:46:02 ----A---- C:\Windows\SYSWOW64\ieui.dll
    2015-08-16 21:46:02 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
    2015-08-16 21:46:02 ----A---- C:\Windows\system32\dxtrans.dll
    2015-08-16 21:46:00 ----A---- C:\Windows\SYSWOW64\ieframe.dll
    2015-08-16 21:46:00 ----A---- C:\Windows\system32\msfeeds.dll
    2015-08-16 21:45:59 ----A---- C:\Windows\system32\iesetup.dll
    2015-08-16 21:45:59 ----A---- C:\Windows\system32\ieapfltr.dll
    2015-08-16 21:45:57 ----A---- C:\Windows\SYSWOW64\wininet.dll
    2015-08-16 21:45:57 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
    2015-08-16 21:45:57 ----A---- C:\Windows\SYSWOW64\jscript9.dll
    2015-08-16 21:45:57 ----A---- C:\Windows\system32\vbscript.dll
    2015-08-16 21:45:57 ----A---- C:\Windows\system32\jsproxy.dll
    2015-08-16 21:45:57 ----A---- C:\Windows\system32\ieUnatt.exe
    2015-08-16 21:45:56 ----A---- C:\Windows\SYSWOW64\msrating.dll
    2015-08-16 21:45:56 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
    2015-08-16 21:45:56 ----A---- C:\Windows\system32\dxtmsft.dll
    2015-08-16 21:45:55 ----A---- C:\Windows\system32\mshtmled.dll
    2015-08-16 21:45:55 ----A---- C:\Windows\system32\ieui.dll
    2015-08-16 21:45:55 ----A---- C:\Windows\system32\ieframe.dll
    2015-08-16 21:45:54 ----A---- C:\Windows\system32\wininet.dll
    2015-08-16 21:45:54 ----A---- C:\Windows\system32\mshtmlmedia.dll
    2015-08-16 21:45:54 ----A---- C:\Windows\system32\jscript9diag.dll
    2015-08-16 21:45:54 ----A---- C:\Windows\system32\jscript9.dll
    2015-08-16 21:45:54 ----A---- C:\Windows\system32\jscript.dll
    2015-08-16 21:45:53 ----A---- C:\Windows\system32\msrating.dll
    2015-08-16 21:45:53 ----A---- C:\Windows\system32\MshtmlDac.dll
    2015-08-16 21:45:04 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
    2015-08-16 21:45:04 ----A---- C:\Windows\SYSWOW64\davclnt.dll
    2015-08-16 21:45:04 ----A---- C:\Windows\system32\WebClnt.dll
    2015-08-16 21:45:04 ----A---- C:\Windows\system32\davclnt.dll
    2015-08-16 21:45:01 ----A---- C:\Windows\system32\msxml3.dll
    2015-08-16 21:45:00 ----A---- C:\Windows\SYSWOW64\msxml6.dll
    2015-08-16 21:45:00 ----A---- C:\Windows\SYSWOW64\msxml3.dll
    2015-08-16 21:45:00 ----A---- C:\Windows\system32\msxml6.dll
    2015-08-16 21:44:59 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
    2015-08-16 21:44:59 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
    2015-08-16 21:44:59 ----A---- C:\Windows\system32\msxml6r.dll
    2015-08-16 21:44:59 ----A---- C:\Windows\system32\msxml3r.dll
    2015-08-16 21:44:56 ----A---- C:\Windows\SYSWOW64\DWrite.dll
    2015-08-16 21:44:56 ----A---- C:\Windows\system32\win32k.sys
    2015-08-16 21:44:56 ----A---- C:\Windows\system32\FntCache.dll
    2015-08-16 21:44:56 ----A---- C:\Windows\system32\DWrite.dll
    2015-08-16 21:44:56 ----A---- C:\Windows\system32\atmfd.dll
    2015-08-16 21:44:55 ----A---- C:\Windows\SYSWOW64\atmfd.dll
    2015-08-16 21:44:53 ----A---- C:\Windows\system32\lpk.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\lpk.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\fontsub.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\dciman32.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\atmlib.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\system32\fontsub.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\system32\dciman32.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\system32\d3d10warp.dll
    2015-08-16 21:44:52 ----A---- C:\Windows\system32\atmlib.dll
    2015-08-16 21:44:48 ----A---- C:\Windows\SYSWOW64\notepad.exe
    2015-08-16 21:44:48 ----A---- C:\Windows\system32\notepad.exe
    2015-08-16 21:44:48 ----A---- C:\Windows\notepad.exe
    2015-08-16 21:44:45 ----A---- C:\Windows\system32\shell32.dll
    2015-08-16 21:44:44 ----A---- C:\Windows\SYSWOW64\shell32.dll
    2015-08-16 21:43:57 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
    2015-08-16 21:43:57 ----A---- C:\Windows\SYSWOW64\wuapi.dll
    2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuwebv.dll
    2015-08-16 21:43:57 ----A---- C:\Windows\system32\wucltux.dll
    2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuaueng.dll
    2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuauclt.exe
    2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuapi.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\SYSWOW64\wups.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\SYSWOW64\wudriver.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\SYSWOW64\wuapp.exe
    2015-08-16 21:43:56 ----A---- C:\Windows\system32\wups2.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\system32\wups.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\system32\wudriver.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\system32\wuapp.exe
    2015-08-16 21:43:56 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
    2015-08-16 21:43:56 ----A---- C:\Windows\system32\WinSetupUI.dll
    2015-08-16 21:24:19 ----HD---- C:\$Windows.~BT
    2015-08-16 21:07:57 ----ASH---- C:\pagefile.sys
    2015-08-16 21:07:54 ----ASH---- C:\hiberfil.sys
    2015-08-16 20:54:21 ----D---- C:\$SysReset
    2015-08-10 00:06:22 ----SHD---- C:\Recovery
    2015-08-04 19:38:54 ----D---- C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a
    2015-08-04 19:38:08 ----D---- C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb
    2015-07-31 21:32:16 ----D---- C:\ProgramData\{29248ef6-e2ae-4fb9-2924-48ef6e2a3bdb}
    2015-07-29 19:46:46 ----D---- C:\Program Files\Common Files\AV
    2015-07-27 09:32:07 ----D---- C:\ProgramData\{e66a1256-a48f-ba52-e66a-a1256a48495a}
     
    ======List of files/folders modified in the last 1 month======
     
    2015-08-21 15:02:28 ----D---- C:\Windows\Temp
    2015-08-21 15:02:24 ----D---- C:\Program Files\trend micro
    2015-08-21 14:59:06 ----RD---- C:\Program Files (x86)
    2015-08-21 13:54:59 ----D---- C:\Windows\system32\config
    2015-08-21 12:09:19 ----D---- C:\Windows\system32\drivers\etc
    2015-08-21 10:23:07 ----D---- C:\Windows\winsxs
    2015-08-21 10:20:56 ----SD---- C:\Windows\system32\CompatTel
    2015-08-21 10:20:56 ----D---- C:\Windows\SysWOW64
    2015-08-21 10:20:56 ----D---- C:\Windows\system32\appraiser
    2015-08-21 10:20:56 ----D---- C:\Windows\System32
    2015-08-21 10:20:56 ----D---- C:\Windows\AppPatch
    2015-08-21 10:19:25 ----SHD---- C:\System Volume Information
    2015-08-21 00:06:16 ----D---- C:\Windows
    2015-08-20 21:25:01 ----SHD---- C:\Windows\Installer
    2015-08-20 21:21:44 ----D---- C:\Program Files (x86)\Google
    2015-08-20 21:20:53 ----D---- C:\Windows\Tasks
    2015-08-20 21:20:53 ----D---- C:\Windows\system32\Tasks
    2015-08-20 21:04:32 ----D---- C:\Windows\inf
    2015-08-20 21:04:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2015-08-20 20:57:17 ----D---- C:\Windows\pss
    2015-08-20 19:44:27 ----D---- C:\Windows\rescache
    2015-08-20 18:55:27 ----D---- C:\Windows\Microsoft.NET
    2015-08-20 18:54:31 ----RSD---- C:\Windows\assembly
    2015-08-17 07:07:29 ----D---- C:\Boot
    2015-08-17 06:58:11 ----RSD---- C:\Windows\Media
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\zh-TW
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\zh-HK
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\zh-CN
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\tr-TR
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\sv-SE
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\ru-RU
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\pt-PT
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\pt-BR
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\pl-PL
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\nb-NO
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\migration
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\ko-KR
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\ja-JP
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\it-IT
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\hu-HU
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\fr-FR
    2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\fi-FI
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\es-ES
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\el-GR
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\de-DE
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\da-DK
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\cs-CZ
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\color
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\BioAPIFFDB
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\Atheros_L1e
    2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\Adobe
    2015-08-17 06:58:07 ----D---- C:\Windows\system32\zh-TW
    2015-08-17 06:58:07 ----D---- C:\Windows\system32\zh-HK
    2015-08-17 06:58:07 ----D---- C:\Windows\system32\zh-CN
    2015-08-17 06:58:07 ----D---- C:\Windows\system32\tr-TR
    2015-08-17 06:58:07 ----D---- C:\Windows\system32\sv-SE
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\ru-RU
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\pt-PT
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\pt-BR
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\pl-PL
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\NDF
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\nb-NO
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\migration
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\ko-KR
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\ja-JP
    2015-08-17 06:58:04 ----D---- C:\Windows\system32\it-IT
    2015-08-17 06:58:03 ----DC---- C:\Windows\system32\DRVSTORE
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\hu-HU
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\fr-FR
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\fi-FI
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\es-ES
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\el-GR
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\de-DE
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\da-DK
    2015-08-17 06:58:03 ----D---- C:\Windows\system32\cs-CZ
    2015-08-17 06:58:02 ----D---- C:\Windows\system32\appmgmt
    2015-08-17 06:58:02 ----D---- C:\Windows\ShellNew
    2015-08-17 06:58:01 ----D---- C:\Windows\PolicyDefinitions
    2015-08-17 06:58:00 ----D---- C:\Windows\nl
    2015-08-17 06:58:00 ----D---- C:\Windows\LiveKernelReports
    2015-08-17 06:57:56 ----RSD---- C:\Windows\Fonts
    2015-08-17 06:57:56 ----D---- C:\Windows\Downloaded Program Files
    2015-08-17 06:57:56 ----D---- C:\Windows\DigitalLocker
    2015-08-17 06:57:55 ----SD---- C:\ProgramData\Microsoft
    2015-08-17 06:57:55 ----HD---- C:\ProgramData
    2015-08-17 06:57:52 ----D---- C:\Program Files (x86)\MSBuild
    2015-08-17 06:57:52 ----D---- C:\Program Files (x86)\Microsoft.NET
    2015-08-17 06:57:52 ----D---- C:\Program Files (x86)\Common Files
    2015-08-17 06:57:51 ----RD---- C:\Program Files
    2015-08-17 06:57:51 ----D---- C:\Program Files\Common Files\System
    2015-08-17 06:57:51 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2015-08-17 06:57:50 ----D---- C:\Windows\system32\Recovery
    2015-08-17 06:57:50 ----D---- C:\Program Files\Common Files
    2015-08-17 06:57:48 ----SD---- C:\Users\Windows7\AppData\Roaming\Microsoft
    2015-08-16 22:13:23 ----D---- C:\Windows\SYSWOW64\nl-NL
    2015-08-16 22:13:23 ----D---- C:\Windows\SYSWOW64\en-US
    2015-08-16 22:13:22 ----D---- C:\Windows\system32\nl-NL
    2015-08-16 22:13:22 ----D---- C:\Windows\system32\en-US
    2015-08-16 22:13:22 ----D---- C:\Windows\system32\drivers\nl-NL
    2015-08-16 22:13:22 ----D---- C:\Windows\system32\drivers\en-US
    2015-08-16 22:13:21 ----D---- C:\Windows\system32\drivers
    2015-08-16 22:13:04 ----D---- C:\Program Files\Internet Explorer
    2015-08-16 22:12:58 ----D---- C:\Program Files (x86)\Internet Explorer
    2015-08-16 22:04:25 ----D---- C:\ProgramData\Microsoft Help
    2015-08-16 22:04:12 ----A---- C:\Windows\win.ini
    2015-08-16 22:03:47 ----D---- C:\Windows\system32\catroot2
    2015-08-16 21:41:49 ----D---- C:\Windows\Panther
    2015-08-16 21:36:49 ----D---- C:\ProgramData\{f2250c9f-26f3-fc3d-f225-50c9f26f327c}
    2015-08-15 21:31:11 ----D---- C:\Users\Windows7\AppData\Roaming\Spotify
    2015-08-15 20:38:54 ----D---- C:\Program Files (x86)\1Password 4
    2015-08-15 19:14:33 ----D---- C:\Program Files\Microsoft Silverlight
    2015-08-15 19:14:33 ----D---- C:\Program Files (x86)\Microsoft Silverlight
    2015-08-15 19:04:11 ----A---- C:\Windows\system32\MRT.exe
    2015-08-15 18:46:05 ----D---- C:\Users\Windows7\AppData\Roaming\Identities
    2015-08-09 14:34:49 ----D---- C:\Windows\registration
    2015-08-09 13:27:10 ----RASH---- C:\BOOTSECT.BAK
    2015-08-05 17:50:20 ----D---- C:\ProgramData\9362275760275399918
    2015-07-29 19:46:43 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-07-29 19:38:37 ----D---- C:\Windows\Logs
    2015-07-25 17:34:03 ----D---- C:\Program Files\CCleaner
    2015-07-25 16:58:10 ----D---- C:\ProgramData\{f29e2a13-9ed9-d039-f29e-e2a139eda84e}
    2015-07-25 16:48:03 ----SD---- C:\Windows\system32\GWX
     
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
     
    R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376]
    R0 RapportHades64;RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [2015-07-29 139896]
    R0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2015-07-29 394584]
    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
    R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
    R1 RapportCerberus_1507063;RapportCerberus_1507063; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507063.sys [2015-08-20 958232]
    R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-07-29 500088]
    R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-07-29 489240]
    R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
    R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2011-02-17 2153072]
    S1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys []
    S1 GLogin;GLogin; C:\Windows\system32\drivers\GLogin.sys []
    S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
    S3 netr28ux;Sweex Wireless USB Adapter Driver; C:\Windows\system32\DRIVERS\netr28ux.sys [2010-07-27 1241952]
    S3 NMgamingmsFltr;USB Optical Mouse; C:\Windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]
    S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
    S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2011-08-11 694376]
    S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
    S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
    S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
    S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
    S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
    S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
    S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
    S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
     
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
     
    R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
    R2 CCALib8;Canon Camera Access Library 8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
    R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
    R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
    R2 EpsonScanSvc;Epson Scanner Service; C:\Windows\system32\EscSvc64.exe [2011-12-12 135824]
    R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816]
    R2 PasswordBox;PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-05-14 67584]
    R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-07-29 2255128]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
    R2 Service Mgr GravitySpace;Service Mgr GravitySpace; C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer.exe [2015-08-21 1189648]
    R2 Service Mgr ItsResultsHub;Service Mgr ItsResultsHub; C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugincontainer.exe [2015-08-21 1192720]
    R2 Update Mgr GravitySpace;Update Mgr GravitySpace; C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater.exe [2015-08-21 702224]
    R2 Update Mgr ItsResultsHub;Update Mgr ItsResultsHub; C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a\updater.exe [2015-08-21 708880]
    R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2011-02-17 27760]
    R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
    R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544]
    R3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S2 ba96e052;SystemPlus; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
    S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20 144200]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14 268976]
    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
    S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20 144200]
    S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-16 114688]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
    S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-02-02 1255736]
    S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
    S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
    S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
    S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
     
    -----------------EOF-----------------

    gravity space en its result hub

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Ik krijg steeds de programma's: Gravity Space en Its Result Hub op mijn programma. Ik heb begrepen dat dit Addware is. Ik heb in de instellingen van Google Chrome bij extensions alles teruggezet naar de standaardwaarden maar toch komen deze 2 programma's bij het opstarten mee met de browser. Hoe kan ik deze programma's definitief verwijderen? En zijn deze programma's schadelijk?

    win32.downloader.gen

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Dank voor uw bericht. Bijgaand de inhoud van de log van RSIT. Ik heb inmiddels op de C-schijf bestanden verwijderd die betrekking hadden op de toolbar en kom nu ook geen melding van malware meer tegen met Spybot&Search:

    Logfile of random's system information tool 1.09 (written by random/random)

    Run by Windows7 at 2014-01-12 20:57:57

    Microsoft Windows 7 Ultimate Service Pack 1

    System drive C: has 68 GB (57%) free of 119 GB

    Total RAM: 3837 MB (60% free)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 20:58:17, on 12-1-2014

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.16428)

    Boot mode: Normal

    Running processes:

    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe

    C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe

    C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\trend micro\Windows7.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    F2 - REG:system.ini: UserInit=userinit.exe

    O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

    O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll

    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

    O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe

    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files (x86)\Logitech\iTouch\iTouch.exe

    O4 - HKLM\..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe

    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')

    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

    O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe

    O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: G Data Backup Service (GDBackupSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe

    O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe

    O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

    O23 - Service: G Data Tuner Service (GDTunerSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: G Data Datasafeservice (TSNxGService) - G Data Software - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: vToolbarUpdater17.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --

    End of file - 8870 bytes

    ======Listing Processes======

    \SystemRoot\System32\smss.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    wininit.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    winlogon.exe

    C:\Windows\system32\services.exe

    C:\Windows\system32\lsass.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    "C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe"

    "C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe"

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

    "taskhost.exe"

    "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe"

    "C:\Windows\system32\Dwm.exe"

    C:\Windows\Explorer.EXE

    "C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe"

    "C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe"

    "C:\Program Files (x86)\PasswordBox\pbbtnService.exe"

    C:\Windows\system32\svchost.exe -k imgsvc

    "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe"

    C:\Windows\system32\viakaraokesrv.exe

    "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe"

    "C:\Windows\System32\igfxtray.exe"

    "C:\Windows\System32\hkcmd.exe"

    "C:\Windows\System32\igfxpers.exe"

    "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

    "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe" 72648 "C:\ProgramData\AVG SafeGuard toolbar\Logger\logger.properties"

    \??\C:\Windows\system32\conhost.exe "-1458266172-1641278595-4726277001464456352-2014956984-1539071642-17810601041741051306

    "C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe"

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r

    "C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe"

    "C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe"

    "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    "C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe"

    "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dd5edb54-99cd-4470-b4ee-f87e98c29800 -SystemEventPortName:HostProcess-af256238-d5c9-44b5-a5b8-443adc2f9023 -IoCancelEventPortName:HostProcess-395d8718-2891-45f3-bc01-ecf5a73b59b3 -NonStateChangingEventPortName:HostProcess-58abe0e8-449f-474d-bda1-c678337cd266 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0f3edae2-9766-4f9b-ad55-b8cf290d4680 -DeviceGroupId:WpdFsGroup

    C:\Windows\system32\SearchIndexer.exe /Embedding

    "C:\Program Files\Windows Media Player\wmpnetwk.exe"

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Windows\System32\svchost.exe -k secsvcs

    "C:\Program Files\Internet Explorer\iexplore.exe"

    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4964 CREDAT:267521 /prefetch:2

    C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe -Embedding

    "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe" -Embedding

    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4964 CREDAT:922926 /prefetch:2

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\sppsvc.exe

    "C:\Users\Windows7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZRG0869\RSITx64.exe"

    ======Scheduled tasks folder======

    C:\Windows\tasks\Adobe Flash Player Updater.job

    C:\Windows\tasks\AutoKMS.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

    Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-08 6669000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

    Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5DB69B97-934B-451D-94DB-32EF802A01CD}]

    PasswordBox Helper - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2013-12-23 129032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

    Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-08 4171464]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

    AVG SafeGuard toolbar - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll [2014-01-10 3349528]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

    Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

    {95B7759C-8C7F-4BF1-B163-73684A933233} - AVG SafeGuard toolbar - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll [2014-01-10 3349528]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328]

    "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584]

    "Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304]

    "BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]

    [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

    "HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2011-02-22 3019376]

    ""= []

    "GDFirewallTray"=C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe [2013-03-22 1854928]

    "zBrowser Launcher"=C:\Program Files (x86)\Logitech\iTouch\iTouch.exe [2002-11-23 631362]

    "G Data AntiVirus Tray"=C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe [2013-08-21 1444472]

    "vProt"=C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2014-01-10 2486296]

    "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

    C:\Windows\system32\igfxdev.dll [2011-02-11 272896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-08 6669000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-08 4171464]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

    "SecurityProviders"=credssp.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    "ConsentPromptBehaviorAdmin"=5

    "ConsentPromptBehaviorUser"=3

    "EnableUIADesktopToggle"=0

    "dontdisplaylastusername"=0

    "legalnoticecaption"=

    "legalnoticetext"=

    "shutdownwithoutlogon"=1

    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "NoActiveDesktop"=1

    "NoActiveDesktopChanges"=1

    "ForceActiveDesktopOn"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

    "vidc.mrle"=msrle32.dll

    "vidc.msvc"=msvidc32.dll

    "msacm.imaadpcm"=imaadp32.acm

    "msacm.msg711"=msg711.acm

    "msacm.msgsm610"=msgsm32.acm

    "msacm.msadpcm"=msadp32.acm

    "midimapper"=midimap.dll

    "wavemapper"=msacm32.drv

    "vidc.uyvy"=msyuv.dll

    "vidc.yuy2"=msyuv.dll

    "vidc.yvyu"=msyuv.dll

    "vidc.iyuv"=iyuv_32.dll

    "vidc.i420"=iyuv_32.dll

    "vidc.yvu9"=tsbyuv.dll

    "msacm.l3acm"=l3codecp.acm

    "VIDC.LAGS"=lagarith.dll

    "VIDC.FFDS"=ff_vfw.dll

    "wave"=wdmaud.drv

    "midi"=wdmaud.drv

    "mixer"=wdmaud.drv

    "aux"=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    .js - open - C:\Windows\System32\WScript.exe "%1" %*

    ======List of files/folders created in the last 1 month======

    2014-01-12 20:57:58 ----D---- C:\Program Files\trend micro

    2014-01-12 20:57:57 ----D---- C:\rsit

    2014-01-04 20:27:38 ----A---- C:\autoexec.bat

    2014-01-04 20:24:28 ----D---- C:\Program Files\Enigma Software Group

    2014-01-04 20:23:41 ----D---- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP

    2014-01-04 17:17:27 ----D---- C:\Windows\SYSWOW64\SearchProtect

    2014-01-04 17:15:35 ----D---- C:\ProgramData\Conduit

    2014-01-04 17:14:27 ----D---- C:\Users\Windows7\AppData\Roaming\OpenCandy

    2014-01-01 16:13:13 ----D---- C:\Windows\system32\appmgmt

    2014-01-01 16:05:34 ----A---- C:\Windows\SYSWOW64\drmclien.dll

    2014-01-01 15:35:05 ----N---- C:\Windows\SYSWOW64\MultiSZ.dll

    2014-01-01 15:35:02 ----A---- C:\Windows\SYSWOW64\TwnLib20.dll

    2014-01-01 15:35:02 ----A---- C:\Windows\SYSWOW64\picn20.dll

    2014-01-01 15:35:02 ----A---- C:\Windows\SYSWOW64\imagx5.dll

    2014-01-01 15:35:01 ----A---- C:\Windows\SYSWOW64\ImagXpr5.dll

    2014-01-01 15:35:01 ----A---- C:\Windows\SYSWOW64\imagr5.dll

    2014-01-01 15:34:24 ----D---- C:\Program Files (x86)\Ahead

    2014-01-01 15:34:24 ----A---- C:\Windows\SYSWOW64\NeroCheck.exe

    2014-01-01 14:42:31 ----A---- C:\Windows\SYSWOW64\ShellManager10E2D762.dll

    2014-01-01 14:42:31 ----A---- C:\Windows\SYSWOW64\NEROINSTAEC43759.DB

    2013-12-31 16:37:46 ----D---- C:\ProgramData\Ahead

    ======List of files/folders modified in the last 1 month======

    2014-01-12 20:58:03 ----D---- C:\Windows\Temp

    2014-01-12 20:57:58 ----RD---- C:\Program Files

    2014-01-12 20:48:30 ----D---- C:\Windows\system32\config

    2014-01-10 12:16:48 ----SHD---- C:\System Volume Information

    2014-01-10 12:13:21 ----D---- C:\ProgramData\AVG SafeGuard toolbar

    2014-01-10 12:13:17 ----D---- C:\Program Files (x86)\AVG SafeGuard toolbar

    2014-01-08 11:17:53 ----SHD---- C:\#GDATA.Trash.Store#

    2014-01-08 11:17:46 ----D---- C:\Windows\SysWOW64

    2014-01-07 13:03:19 ----D---- C:\Windows\system32\catroot2

    2014-01-07 11:36:38 ----D---- C:\Windows\system32\NDF

    2014-01-05 22:26:55 ----D---- C:\Users\Windows7\AppData\Roaming\uTorrent

    2014-01-05 12:35:26 ----D---- C:\Windows

    2014-01-05 11:08:01 ----D---- C:\ProgramData\Spybot - Search & Destroy

    2014-01-05 10:41:08 ----RD---- C:\Program Files (x86)

    2014-01-05 10:13:02 ----SHD---- C:\Windows\Installer

    2014-01-05 10:13:02 ----SD---- C:\Users\Windows7\AppData\Roaming\Microsoft

    2014-01-04 20:23:39 ----D---- C:\Program Files (x86)\Common Files

    2014-01-04 17:44:45 ----D---- C:\Windows\system32\Tasks

    2014-01-04 17:44:44 ----D---- C:\Windows\Tasks

    2014-01-04 17:15:35 ----HD---- C:\ProgramData

    2014-01-01 16:42:20 ----D---- C:\ProgramData\Adobe

    2014-01-01 16:42:19 ----D---- C:\Program Files (x86)\Adobe

    2014-01-01 16:23:22 ----D---- C:\Windows\inf

    2014-01-01 16:14:58 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

    2014-01-01 16:13:13 ----D---- C:\Windows\System32

    2014-01-01 16:12:05 ----D---- C:\Windows\SYSWOW64\Adobe

    2014-01-01 16:12:05 ----D---- C:\Program Files\Internet Explorer

    2014-01-01 16:05:34 ----D---- C:\Windows\system32\catroot

    2014-01-01 15:02:54 ----D---- C:\Windows\ehome

    2013-12-31 12:23:29 ----D---- C:\Users\Windows7\AppData\Roaming\Ahead

    2013-12-31 11:47:13 ----A---- C:\Windows\system32\PerfStringBackup.INI

    2013-12-29 12:44:44 ----D---- C:\Program Files (x86)\Internet Explorer

    2013-12-26 18:57:10 ----D---- C:\Program Files (x86)\PasswordBox

    2013-12-14 18:35:56 ----D---- C:\Windows\debug

    2013-12-14 16:07:20 ----D---- C:\Windows\rescache

    2013-12-14 09:54:30 ----D---- C:\Windows\system32\MRT

    2013-12-14 09:53:03 ----A---- C:\Windows\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 GDBehave;GDBehave; C:\Windows\system32\drivers\GDBehave.sys [2013-11-24 60248]

    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]

    R0 TS4NT;TS4nt driver; C:\Windows\System32\Drivers\TS4nt.sys [2013-11-24 98760]

    R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-11-21 46368]

    R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]

    R1 gddcv;G Data DCV Driver; \??\C:\Windows\system32\drivers\gddcv64.sys [2013-11-24 59736]

    R1 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [2013-11-24 130392]

    R1 gdwfpcd;G Data WFP CD; C:\Windows\system32\drivers\gdwfpcd64.sys [2013-11-24 64856]

    R1 GRD;G Data Rootkit Detector Driver; \??\C:\Windows\system32\drivers\GRD.sys [2013-11-24 106272]

    R1 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [2013-11-24 65368]

    R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

    R3 gddcd;G Data DCD Driver; \??\C:\Windows\system32\drivers\gddcd64.sys [2013-11-24 79704]

    R3 GDPkIcpt;GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [2013-11-24 63320]

    R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640]

    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]

    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2011-02-17 2153072]

    S1 GLogin;GLogin; C:\Windows\system32\drivers\GLogin.sys []

    S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

    S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []

    S3 netr28ux;Sweex Wireless USB Adapter Driver; C:\Windows\system32\DRIVERS\netr28ux.sys [2010-07-27 1241952]

    S3 NMgamingmsFltr;USB Optical Mouse; C:\Windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]

    S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

    S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]

    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]

    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2011-08-11 694376]

    S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]

    S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]

    S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]

    S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]

    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

    S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

    S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

    S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []

    S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]

    S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

    S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-05 65640]

    R2 AVKProxy;G Data AntiVirus Proxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2013-08-26 1970296]

    R2 AVKService;G Data Scheduler; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [2013-08-21 635000]

    R2 AVKWCtl;G Data Bestandssysteembewaker; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe [2013-10-15 2562208]

    R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]

    R2 GDBackupSvc;G Data Backup Service; C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2013-08-21 1947768]

    R2 PasswordBox;PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-11-01 67584]

    R2 TSNxGService;G Data Datasafeservice; C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [2013-09-17 255608]

    R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2011-02-17 27760]

    R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-01-10 1771544]

    R3 GDFwSvc;G Data Personal Firewall; C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [2013-10-17 2942808]

    R3 GDScan;G Data Scanner; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2013-08-22 695416]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]

    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]

    S3 GDTunerSvc;G Data Tuner Service; C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [2013-02-25 1711568]

    S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]

    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-03-08 50921648]

    S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

    S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

    S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-02-02 1255736]

    S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]

    S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

    S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

    S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

    -----------------EOF-----------------

    win32.downloader.gen

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Hi.

    Ik had een gratis DVD-brand programma gedownload(IBGBurner) en vervolgens blijkt, dat er een zoekmachine was geInstalleerd, n.l. Itrusted. Ik heb alle programma.s verwijderd, maar met SpyBotSearch blijkt er mallware op de computer te staan, genaamd Win32.downloader. gen. Ik krijg het niet via SpyBotSearch verwijderd. Mijn virusscanner(G-Data) heeft het wel geisoleerd.

    Hoe krijg ik deze malware nu verwijderd van mijn computer? Ik heb begrepen, dat dit malware is die gevaarlijk is .

    Bij voorbaat dank voor jullie hulp!

    problemen met Outlook

    in Archief Internet & Netwerk

    Geplaatst:

    Het is niet gelukt. Ik heb het geprobeerd via Start- Mijn programma's- Windows Office Hulpprogramma's, maar daar vond ik niet de diagnostische gegevens. Vervolgens heb ik in Outlook, via Help, analyse en herstel gedaan, maar daar moest ik vervolgens de cd rom plaatsen. Deze heb ik echter niet meer. Ik kon ook bladeren naar SBERET.MSI maar deze heb ik nergens kunnen vinden. Weet nu niet wat te doen.

    - - - Updated - - -

    Het is niet gelukt. Ik heb het geprobeerd via Start- Mijn programma's- Windows Office Hulpprogramma's, maar daar vond ik niet de diagnostische gegevens. Vervolgens heb ik in Outlook, via Help, analyse en herstel gedaan, maar daar moest ik vervolgens de cd rom plaatsen. Deze heb ik echter niet meer. Ik kon ook bladeren naar SBERET.MSI maar deze heb ik nergens kunnen vinden. Weet nu niet wat te doen.

    - - - Updated - - -

    Ik gebruik Windows XP

    problemen met Outlook

    in Archief Internet & Netwerk

    Geplaatst:

    Ik heb sinds enige tijd problemen met Microsoft Outlook. M.n. bij het opslaan van bijlagen blijft de computer hangen en krijg ik de melding "reageert niet"Na enige tijd lukt het alsnog. Ook herkent Outlook soms niet een veelgebruikt adres, zodat ik het handmatig moet invoeren.

    Ik weet niet wat ik hieraan moet doen. Volgens mijn provider ligt het aan de computer. Ik hoop, dat u mij kunt helpen.

    Met vriendelijke groet

    snap do

    in Archief Bestrijding malware & virussen

    Geplaatst:

    Ok. ik heb het gedaan, maar het blijft. Boven, onder gestand, in de werkbalk staat snap do-pagina 3. Ik kom het niet op andere sites tegen en ook niet meer als zoekmachine. Kan het kwaad als het zo blijft?

    - - - Updated - - -

    Het komt tevoorschijn op deze site als ik naar mijn discussie ga, niet bij andere tabbladen op deze site. Het lijkt aan mijn gebruikersnaam te hangen

Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.