beaba

Helemaal in orde nu. Ik zal deze vraag markeren als opgelost. Nogmaals erg bedankt voor de moeite die je genomen hebt om mij te helpen. Super!

Ik heb ze verwijderd! Dankjewel voor je uitstekende hulp en begeleiding. Als laatste wil ik mijn bladwijzers nog even goed terugzetten. Ik had deze na het ordenen gelukkig een html bestand geëxporteerd. Is het verstandig om eerst alles stop te zetten en te wissen in Chrome sync? Daar staan er nu wel ontzettend veel in.

Tot slot, klopt dit nu in de bijlage?

Ik ga dat doen. Is jouw advies ook Comodo, zowel de firewall als het antivirusprogramma?

Eerlijk gezegd merk ik geen verschil. Ik maak me toch wel een beetje zorgen over Comodo nu.

Tijdens deze scan is er niets gevonden. Ik had op 5-9 algescand met Emsisoft en de gevonden items in quarantaine geplaatst. quarantine_140909-095025.txt

Misschien dat je hier iets aan kunt zien?

Ne, echt. Ik denk via deze site: Free Internet Security 2014 Download | Comodo Internet Security v6 Helemaal zeker ben ik er niet van maar het dit lijkt mij het meest logisch. Ik heb destijds de stappen gevolgd zoals Schoonepc het installeren van Comodo beschreef. Hoe herken je dat het een besmette versie is in mijn geval?

C:\\Program Files x86\\Eset\ Het logje. log.txt

Ik heb nog een vraagje. Twee dagen geleden heb ik al mijn bladwijzers opnieuw gerangschikt. De map andere bladwijzers was helemaal leeg. Nu staan de "oude bladwijzers" er weer. Kan ik dit nog makkelijk herstellen zonder dat ik weer alle bladwijzers door moet lopen?

Ik wist niet dat uitgeschakelde extensies hier invloed op hadden. Ik heb heb nu alle uitgeschakelde extensies en apps verwijder. Helaas merk ik nog geen of erg weinig verschil. Het laden van de extensie zoals bijvoorbeeld gmail en lastpass duurt nog steeds erg lang. Ik hoorde net van een kennis die ook de extensie App Launcher Customizer for Google™ gebruikt geen geel driehoekje in https te zien krijgt. Bij het opstarten net kreeg ik de melding "de volgende pagina's reageren niet..." Deze krijg ik dan ook tussendoor nog eens te zien.

Dat slotje komt voor zover ik kan beoordelen door deze extensie: https://chrome.google.com/webstore/detail/app-launcher-customizer-f/ponjkmladgjfjgllmhnkhgbgocdigcjm/details Heb er inmiddels een aantal verwijderd. Ik heb een afbeelding bijgevoegd van de extensies die actief zijn. Denk je dat dit er echt teveel zijn en het probleem veroorzaken?

Wat me wel opvalt is dat google.nl een geel slotje (deze pagina bevat ook bronnen die niet beveiligd zijn....)weergeeft als ik ben aangemeld in mijn account. Zoek ik Incognito of in mijn andere account dan is dat niet.

Dat begrijp ik niet helemaal. Office Editing... Zie hier: https://support.google.com/chromebook/answer/2481498?hl= Lazy Man = Chrome downloads stond tussen mijn extensies maar was niet ingeschakeld. Rechten hierbij: alleen browsergeschiedenis lezen... Speed Dial staat tussen mijn extensies maar was ook niet ingeschakeld, had dat ooit eens uitgeprobeerd. Maakt het verschil als ze uitstaan of dat je ze helemaal verwijderd dan? Ik had syncen aan staan in Chrome ivm meerdere computers. Ze staan er hierdoor weer in. Wil je me nog eens uitleggen dan waarom deze niet OK zijn volgens jou?

Ik ben benieuwd of je kunt ontdekken of Chrome besmet was. Dan hoor ik graag hoe dit zou kunnen komen. Extensie o.i.d. wellicht? zoek-results.txt

Het logbestand. Het valt me alleen nog op dat de laptop veel lawaai maakt zodra ik een programma start. Vorig jaar heb ik al een schoonmaakbeurt laten geven. Deze is al wel een jaar of 4 oud. Ook ben ik erg benieuwd of er jullie iets gevonden hebben wat het probleem veroorzaakte. AdwCleaner[S0].txt

De zoek-results.[ATTACH]35420[/ATTACH] zoek-results.txt

Hierbij het logbestand log.txt

Inmiddels heb ik nog een scan uitgevoerd met Emsisoft en heb de bestanden in quarantaine geplaatst. Daarna met Ccleaner het register opgeschoond en het lijkt weer sneller te werken. Mochten jullie nog iets ontdekken dan hoor ik dat alsnog graag.

Ik merk dat Chrome in Windows 7 de laatste tijd erg traag opstart. Ik heb een logje gemaakt en hoop dat jullie hier eens naar willen kijken. hijackthis.log

Ik wacht het even af de komende dagen. Is autoKMS nu verwijderd?

Scan is net klaar. Stond in program files x86. ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=72d0d752def0e547808a6ab8b3a40a54 # engine=16910 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-02-02 09:05:13 # local_time=2014-02-02 10:05:13 (+0100, West-Europa (standaardtijd)) # country="Netherlands" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3074 16777213 100 84 17017 25331153 0 0 # compatibility_mode=5893 16776574 100 94 1847801 143004963 0 0 # scanned=181472 # found=4 # cleaned=4 # scan_time=16629 sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bea\Downloads\ccsetup410 (1).exe" sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bea\Downloads\ccsetup410.exe" sh=13EE8C9FCE6F74512DCD188CCA0655C5EDE37612 ft=1 fh=756c61b76c471ca8 vn="MSIL/HackKMS.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\AutoKMS\AutoKMS.exe" sh=3F7F25A0628A731849E70F5C6A37B48F3CF431D0 ft=1 fh=6ca57a02b1c441c3 vn="a variant of Win32/Bundled.Toolbar.Ask.F application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\Installer\MSIE82F.tmp"

Het lijkt of Ccleaner nu ook veel langer draait dan voorheen. Een reactie versturen duurde net ook heel erg lang???

Emsisoft heb ik gisteren 2x laten scannen en nu scant deze nog een keer. Gisteren heeft deze 2 virussen gevonden. In ieder geval is na het opstarten in de veilige modus het één en ander veranderd op mijn bureaublad. De meldingen na de scan waren iets over win32:... en avira antivir. Die heb ik hiermee hoop ik verwijderd. MSE staat uit en hiervoor in de plaats gebruik ik Comodo antivirus en de firewall. Van Emsisoft heb ik deze nog gevonden: SQLite format 3 @ h I h -â% Î ûöñìçâÝØÓÎ ktableRMACListRMACListCREATE TABLE RMACList( ID INTEGER PRIMARY KEY, Date INTEGER, StrDate TEXT, Request INTEGER, MAC TEXT)=##‚AtableDBIntegrityDBIntegrityCREATE TABLE DBIntegrity( ID INTEGER PRIMARY KEY, TableName TEXT, Revision INTEGER NOT NULL DEFAUL ëÚÌ»©›zbI1 QLogs¸ QObjects¸ + USessionDetails¸ +USessionUpdates¸ + USessionModules¸ URequests¸ ULogs¸ ILogs¸ ScanLogs¸ IDSLogs¸ RLogs¸ RMACList¸ #DBIntegrity¸ U U¤ Q =##‚AtableDBIntegrityDBIntegrityCREATE TABLE DBIntegrity( ID INTEGER PRIMARY KEY, TableName TEXT, Revision INTEGER NOT NULL DEFAULT 1, RecordsLimit INTEGER NOT NULL DEFAULT 3000)ktableRMACListRMACListCREATE TABLE RMACList( ID INTEGER PRIMARY KEY, Date INTEGER, StrDate TEXT, Request INTEGER, MAC TEXT)„Y5ˆktriggerRMACList_AfterInsertRMACListCREATE TRIGGER RMACList_AfterInsert AFTER INSERT ON RMACList BEGIN UPDATE RMACList SET Date = CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, StrDate = DateTime(CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, 'unixepoch') WHERE ROWID = New.ROWID; DELETE FROM RMACList WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'RMACList') = 0 THEN 0 ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='RMACList') END; END È ˜0È f 3]! #Rî02014-02-02 11:46:28D830C033685FAEABA9CE786133DB22825892B6C1BEA-LAPTOP –;"Rì-1856061968f 3]! #Rí¥è2014-02-02 01:56:56D830C033685FAEABA9CE786133DB22825892B6C1BEA-LAPTOP –;"Rì-1856061968f 3]! #RíƒÆ2014-02-01 23:31:18D830C033685FAEABA9CE786133DB22825892B6C1BEA-LAPTOP –;"Rì-1856061968 . . ï3 >‚[tableRLogsRLogsCREATE TABLE RLogs( ID INTEGER PRIMARY KEY, Date INTEGER, StrDate TEXT, MKey TEXT, MName TEXT, LID INTEGER, Model INTEGER, Starts INTEGER, Ends TEXT)„A/ˆGtriggerRLogs_AfterInsertRLogsCREATE TRIGGER RLogs_AfterInsert AFTER INSERT ON RLogs BEGIN UPDATE RLogs SET Date = CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, StrDate = DateTime(CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, 'unixepoch') WHERE ROWID = New.ROWID; DELETE FROM RLogs WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'RLogs') = 0 THEN 0 ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='RLogs') END; ENDJ‚ktableIDSLogsIDSLogsCREATE TABLE IDSLogs( ID INTEGER PRIMARY KEY, Date INTEGER, StrDate TEXT, Event INTEGER, FileName TEXT, PID INTEGER, Infection INTEGER, Info TEXT, Unic TEXT) Ä Ä „Q3ˆ_triggerIDSLogs_AfterInsertIDSLogsCREATE TRIGGER IDSLogs_AfterInsert AFTER INSERT ON IDSLogs BEGIN UPDATE IDSLogs SET Date = CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, StrDate = DateTime(CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, 'unixepoch') WHERE ROWID = New.ROWID; DELETE FROM IDSLogs WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'IDSLogs') = 0 THEN 0 ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='IDSLogs') END; ENDeƒtableScanLogsScanLogs CREATE TABLE ScanLogs( ID INTEGER PRIMARY KEY, ScanDate INTEGER, StrScanDate TEXT, Method INTEGER, CountObj INTEGER, FoundObj INTEGER, Duration TEXT, FileName TEXT, ScanType INTEGER) o / R턬1-2-2014 23:35:08Š1:28:06C:\Users\Bea\Documents\Anti-Malware\Reports\a2scan_140201-233508.txt Â Â Ú r ƒCtableILogsILogsCREATE TABLE ILogs( ID INTEGER PRIMARY KEY, Name TEXT, Location TEXT, FileSize INTEGER, Date INTEGER, StrDate TEXT, InfectionType INTEGER, RiskLevel INTEGER, Action INTEGER, Source TEXT,‚F 5„EtriggerScanLogs_AfterInsertScanLogsCREATE TRIGGER ScanLogs_AfterInsert AFTER INSERT ON ScanLogs BEGIN DELETE FROM ScanLogs WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'ScanLogs') = 0 THEN 0 ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='ScanLogs') END; ENDr ƒCtableILogsILogsCREATE TABLE ILogs( ID INTEGER PRIMARY KEY, Name TEXT, Location TEXT, FileSize INTEGER, Date INTEGER, StrDate TEXT, InfectionType INTEGER, RiskLevel INTEGER, Action INTEGER, Source TEXT, Unic TEXT) Ï ƒÏ 1 C%3 YGen:Variant.Symmi.23019 (B)C:\ProgramData\Avira\AntiVir Desktop\INFECTED\587a4b63.qua -> (Quarantine-8)RíŠ32014-02-01 23:58:43{F5643B4D-6B82-4515-9EAA-8D7460F3D8C6}{ M13 YApplication.Win32.WebToolbar (A)C:\ProgramData\apnRírÄ2014-02-01 22:18:44{EED36024-6AE6-4CB7-8E72-6933780D715C} û û? „A/ˆGtriggerILogs_AfterInsertILogsCREATE TRIGGER ILogs_AfterInsert AFTER INSERT ON ILogs BEGIN UPDATE ILogs SET Date = CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, StrDate = DateTime(CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, 'unixepoch') WHERE ROWID = New.ROWID; DELETE FROM ILogs WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'ILogs') = 0 THEN 0 ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='ILogs') END; END>‚[tableULogsULogs CREATE TABLE ULogs( ID INTEGER PRIMARY KEY, AutoUpdate INTEGER, Started INTEGER, Finished INTEGER, FilesCount INTEGER, TotalSize INTEGER, Result INTEGER) Õ ëÕ Rî0"Rî0J Ì: RíƒÛRí„s« Í Í? É ‚; 1„9triggerULogs_BeforeDeleteULogsCREATE TRIGGER ULogs_BeforeDelete BEFORE DELETE ON ULogs BEGIN DELETE FROM URequests WHERE SessionID=old.ID; DELETE FROM USessionDetails WHERE SessionID=old.ID; DELETE FROM USessionModules WHERE SessionID=old.ID; DELETE FROM USessionUpdates WHERE SessionID=old.ID; END‚1/„'triggerULogs_AfterInsertULogsCREATE TRIGGER ULogs_AfterInsert AFTER INSERT ON ULogs BEGIN DELETE FROM ULogs WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'ULogs') = 0 THEN 0 ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='ULogs') END; END>‚KtableURequestsURequestsCREATE TABLE URequests( ID INTEGER PRIMARY KEY, Date INTEGER, StrDate TEXT, SessionID INTEGER, URL TEXT, ResponseCode INTEGER, ResponseText TEXT) û 2û ‚. 3 „+Rí¥æ2014-02-02 01:56:54http://update.emsisoft.com/createkeyv3/?product=A2FR&mkey=2sdjImKsp11gpzaqwcysp3cYDiR6URnQlAhMBWdKykrNcErsKqizQTD7wcB3xXgYDC%2FyJ65UE70CIaixaQpEsY2QfqL5Ucs4RCscN3UZV1zPTlj1DeWQ1HVHLcFoC1KV5MXyZS9TCnT2KXTdNFdgWkEdPf%2FwMxh0jWWUyQLMbUY%3D&mname=BEA-LAPTOP ÈHTTP/1.1 200 OKF 3 ‚7+RíƒÜ2014-02-01 23:31:40http://update.emsisoft.com/checkupdatev3/?product=A2FR&key=TAP-RAB-VEV-563&mkey=D830C033685FAEABA9CE786133DB22825892B6C1&version=8.1β=0&lng=nl-nl ÈHTTP/1.1 200 OK) 3 }+RíƒÅ2014-02-01 23:31:17http://update.emsisoft.com/viewlicensev3/?product=A2FR&key=TAP-RAB-VEV-563&mkey=D830C033685FAEABA9CE786133DB22825892B6C1 ÈHTTP/1.1 200 OK‚: 3 „+RíƒÄ2014-02-01 23:31:16http://update.emsisoft.com/createkeyv3/?product=A2FR&mkey=GdFjV4qORSQkQHy0o30adHLOKP2XRHhFhrfvhe1DNFhtZYrMdlMcxIar%2F0ivgt1M3qiuByr9uNaA9FxxDZqhOJR46y0c6XGo3OuqOP5crcF5tWO6NE708T%2FnDW%2BK60M%2F%2B7ea9y2u%2FJWqGeUD%2B6zdZQIGXbM%2F6A2XLLjGj4doPHU%3D&mname=BEA-LAPTOP ÈHTTP/1.1 2 1 0 0”7 „a7ˆwtriggerURequests_AfterInsertURequestsCREATE TRIGGER URequests_AfterInsert AFTER INSERT ON URequests BEGIN UPDATE URequests SET Date = CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, StrDate = DateTime(CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, 'unixepoch') WHERE ROWID = New.ROWID; DELETE FROM URequests WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'URequests') = 0 THEN 0 ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='URequests') END; END ++wtableUSessionModulesUSessionModulesCREATE TABLE USessionModules( ID INTEGER PRIMARY KEY, SessionID INTEGER, Name TEXT, Version TEXT, MD5 TEXT)F++‚CtableUSessionUpdatesUSessionUpdatesCREATE TABLE USessionUpdates( ID INTEGER PRIMARY KEY, SessionID INTEGER, URL TEXT, Path TEXT, Name TEXT, Size INTEGER, MD5 TEXT, Desc TEXT) ì Iûöñì9ü½}B Ä † N 6 Ma2mor.dll6.5.0.111686738dd11317dc31fa064ce6fb476< 'Ma2hooks64.dll7.0.0.109138c1d281999712a68fcb96d6c75c618< 'Ma2hooks32.dll7.0.0.109c9a9b7c0beacc25df284fc50f7d4306d> -Ma2hijackfree.exe4.5.0.1059900a239e2e57ea6635ed984b31fe6c9 #Ma2guard.exe8.1.0.318d8f409361718b641de6be8d58799549> /Ma2framework64.dll8.1.0.2566b17621e35290482fd6df03dc086f5= +Ma2framework.dll8.1.0.31e1eaaca116eae3241872a5a67e3bb629; %Ma2engine.dll3.0.0.5964ceb7895b2a27e249e7557f4a72aef8aK #AMa2dix86.dll1.0.0.709 built by: WinDDKf83fb687fe3cb8908cd98b509dcb4ea6; %Ma2core64.dll7.0.0.11189b93237cb71628ba36b7dbb1215e318; %Ma2core32.dll7.0.0.1112a8dc74ccaef04bb2ac3e4a55050f450= -Ma2contmenu64.dll8.0.0.17b27fc1eb456620ce04935db672ec5c9; )Ma2contmenu.dll8.0.0.1cb0be635bfb53c812978d3b19cb7213a7 Ma2cmd.exe8.1.0.314d46c00fbbf2499a65334b70237b5402I AMa2acc.dll1.0.0.710 built by: WinDDKd9435da6b31a H< 0- / . !U EûöñìçâÝØÓÎÉÄ¿ºµ°«¦¡œ—’ˆƒ~ysmga[U ! 3!M-http://dl.emsisoft.com/updates/A84BB2B0AD2FF878E7066B817747E0D3.zip.datLanguages\vi-vn.lngVietnamese ØÛA84BB2B0AD2FF878E7066B817747E0D3Language Support5 3IM-http://dl.emsisoft.com/updates/EFB01C4720A0AA803985419178F20C32.zip.datLanguages\pt-br.lngPortuguese Brazil (Português) è¹EFB01C4720A0AA803985419178F20C32Language Support/ +MShttp://dl.emsisoft.com/updates/11686738DD11317DC31FA064CE6FB476.zip.data2mor.dllCleaning moduleÓ11686738DD11317DC31FA064CE6FB476Cleaning engine component - 5.6.0.1 '-M http://dl.emsisoft.com/updates/8E1B25B9E4A34E6F3B2A9F1900389460.zip.datvdbupdate.dllSignature update/8 D C B ? > = <} ;x :t 9o 8j 7f 6a 5] 4Y 3T -O ,J +E *A )< (8 '4 &/ %* $& #! " ! ÷ A÷íèãÞÙÔÏÊÅÀ»¶±¬§¢˜“Ž‰„zupkfa\WRMHC>94/*% ýøóîéäßÚÕÐËÆÁ¼·²*¨£ž™”Š…€{uoic]WQKE?93-'! ý÷ñëåßÙÓÍÇÁ»µ¯©£—‘‹…ysmga[UNG@92+$ ‡ † … „ ƒ ‚ €~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPO N M L K J I H G F E D C B A @ ? > = < ; : 9 8 7 6 5 4 3 2 1 0 / . - , + * ) ( ' & % $ # " ! @ J ‘pœ6 y?+indexUSessionUpdates_SessionIDUSessionUpdatesCREATE INDEX USessionUpdates_SessionID ON USessionUpdates(SessionID)\++‚otableUSessionDetailsUSessionDetailsCREATE TABLE USessionDetails( ID INTEGER PRIMARY KEY, SessionID INTEGER, Path TEXT, Size INTEGER, MD5 TEXT, Description TEXT, Downloaded INTEGER, Copyed INTEGER)‚)„%tableQObjectsQObjectsCREATE TABLE QObjects( ID INTEGER PRIMARY KEY, Name TEXT, Location TEXT, FileSize INTEGER, InfectionType TEXT, RiskLevel INTEGER, Quarantined INTEGER, Submitted INTEGER, Restored INTEGER, Removed INTEGER, SHA1 TEXT, Status INTEGER, Unic TEXT)b' indexQObjects_SHA1QObjectsCREATE UNIQUE INDEX QObjects_SHA1 ON QObjects(SHA1, Quarantined) û Gûh±P ç † h AMO Signatures\BD\emalware.522²ä8B230C600F1722839A451F9FBE4E69E1Malware signatures (emalware.522)_ 9MG Signatures\BD\jpeg.cvd«4126CDF0C0B40BC2314476BEA28CD9E9Malware signatures (jpeg.cvd)g AMO Signatures\BD\emalware.i35ú3F98992DB974810D5DDF7FA24A126737Malware signatures (emalware.i35)_ 9MG Signatures\BD\cran.ivd¼BE86C2E2801832757FA216B77BA955CEMalware signatures (cran.ivd)g AMO Signatures\BD\emalware.000[344E16009837E3F71BEC9A2CDBB6A7F7Malware signatures (emalware.000)L #M9 a2hosts.datÍCA64216AA8EAEF4F9E93BCCB2521B22CHost blocker blacklistb =MK Signatures\BD\update.txt[997DEB0A63D73B64D513332DDDB89635Malware signatures (update.txt)f AMO Signatures\BD\emalware.000°5340980E252938B75E22D434A40ADF9CMalware signatures (emalware.000)b =MK Signatures\BD\e_spyw.i10B36AFD9AAA7704CFD6E883E737EC7B8CMalware signatures (e_spyw.i10)f AMO Signatures\BD\emalware.522OR683C8DE6FBAA02579D62425DED80D8F7Malware signatures (emalware F E E 8 C ] YGen:Variant.Symmi.23019 (B)C:\ProgramData\Avira\AntiVir Desktop\INFECTED\587a4b63.qua1Rí™cFDD9B5D5-5377-4C99-BEFD-9F4CF8743B84.EQF{F5643B4D-6B82-4515-9EAA-8D7460F3D8C6} Ï Ï 0] FDD9B5D5-5377-4C99-BEFD-9F4CF8743B84.EQFRí™c : :¿9 ƒ;…7triggerQObjects_UpdateOfStatusQObjectsCREATE TRIGGER QObjects_UpdateOfStatus UPDATE OF Status ON QObjects WHEN New.Status IN (2, 3, 11) BEGIN INSERT INTO QLogs(ObjectID, Date, Event) ƒ;…7triggerQObjects_UpdateOfStatusQObjectsCREATE TRIGGER QObjects_UpdateOfStatus UPDATE OF Status ON QObjects WHEN New.Status IN (2, 3, 11) BEGIN INSERT INTO QLogs(ObjectID, Date, Event) VALUES(New.ID, CASE WHEN New.Restored IS NOT NULL THEN New.Restored ELSE New.Removed END, CASE WHEN New.Status = 3 THEN 8 WHEN New.Status = 2 THEN 9 WHEN New.Status = 11 THEN 7 END); END‚>1„9triggerQObjects_UpdateOfRQObjectsCREATE TRIGGER QObjects_UpdateOfR UPDATE OF Restored, Removed ON QObjects BEGIN INSERT INTO QLogs(ObjectID, Date, Event) VALUES(New.ID, CASE WHEN New.Restored IS NOT NULL THEN New.Restored ELSE New.Removed END, CASE WHEN New.Restored IS NOT NULL THEN 4 ELSE 5 END); END k k2t D1‚EtriggerQObjects_UpdateOfSQObjectsCREATE TRIGGER QObjects_UpdateOfS UPDATE OF Submitted ON QObjects BEGIN INSERT INTO QLogs(ObjectID, Date, Event) VALUES(New.ID, New.Submitted, 6); END‚?5„7triggerQObjects_AfterInsertQObjectsCREATE TRIGGER QObjects_AfterInsert AFTER INSERT ON QObjects BEGIN INSERT INTO QLogs(ObjectID, Date, Event) VALUES(New.ID, New.Quarantined, CASE WHEN New.Status = 3 THEN 8 WHEN New.Status = 2 THEN 9 WHEN New.Status = 11 THEN 7 WHEN New.Status = 12 THEN 3 ELSE 2 END); END qtableQLogsQLogsCREATE TABLE QLogs( ID INTEGER PRIMARY KEY, ObjectID INTEGER, Date INTEGER, StrDate TEXT, Event INTEGER) à à 3Rí™c2014-02-02 01:03:31 ^ ¼^ \#indexQLogs_EventQLogsCREATE UNIQUE INDEX QLogs_Event ON QLogs(ObjectID, Date, Event)„A/ˆGtriggerQLogs_AfterInsertQLogsCREATE TRIGGER QLogs_AfterInsert AFTER INSERT ON QLogs BEGIN UPDATE QLogs SET Date = CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, StrDate = DateTime(CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, 'unixepoch') WHERE ROWID = New.ROWID; DELETE FROM QLogs WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'QLogs') = 0 THEN 0 ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='QLogs') END; END õ õ Rí™c Ó tá/w Ó ! 3!M-http://dl.emsisoft.com/updates/A84BB2B0AD2FF878E7066B817747E0D3.zip.datLanguages\vi-vn.lngVietnamese ØÛA84BB2B0AD2FF878E7066B817747E0D3Language Support5 3IM-http://dl.emsisoft.com/updates/EFB01C4720A0AA803985419178F20C32.zip.datLanguages\pt-br.lngPortuguese Brazil (Português) è¹EFB01C4720A0AA803985419178F20C32Language Support/ +MShttp://dl.emsisoft.com/updates/11686738DD11317DC31FA064CE6FB476.zip.data2mor.dllCleaning moduleÓ11686738DD11317DC31FA064CE6FB476Cleaning engine component - 5.6.0.1 '-M http://dl.emsisoft.com/updates/8E1B25B9E4A34E6F3B2A9F1900389460.zip.datvdbupdate.dllSignature update/8E1B25B9E4A34E6F3B2A9F1900389460 -M http://dl.emsisoft.com/updates/8E1B25B9E4A34E6F3B2A9F1900389460.zip.datt3.dllSignature update/8E1B25B9E4A34E6F3B2A9F1900389460 -Ý. 3M-http://dl.emsisoft.com/updates/F68342529AA3FF13922534408F2B97D6.zip.datLanguages\gr-gr.lngGreekKF68342529AA3FF13922534408F2B97D6Language Support, 37M-http://dl.emsisoft.com/updates/5BFF4E992DE2EB0C1486BC637A6107E1.zip.datLanguages\sl-si.lngSlovenian (Slovenski) ä]5BFF4E992DE2EB0C1486BC637A6107E1Language Support! %M=http://dl.emsisoft.com/updates/DF9D07240BA93E43EB824057C64ED8FB.zip.datru-ru.chmRussian Help õDF9D07240BA93E43EB824057C64ED8FBRussian online help file) 31M-http://dl.emsisoft.com/updates/0D586810C687E7D3FB682CD60EEEE469.zip.datLanguages\zh-cn.lngChinese Simplified ·³0D586810C687E7D3FB682CD60EEEE469Language SupportP -!Mhttp://dl.emsisoft.com/updates/59900A239E2E57EA6635ED984B31FE6C.zip.data2HiJackFree.exeHiJackFreeV‘59900A239E2E57EA6635ED984B31FE6CSystem analysis and management tool for advanced users - 4.5.0.10 C†· è G /;Mchttp://dl.emsisoft.com/updates/566B17621E35290482FD6DF03DC086F5.zip.data2framework64.dllService Framework (x64)#£.566B17621E35290482FD6DF03DC086F5Service component for x64 systems - 8.1.0.2L %=Mwhttp://dl.emsisoft.com/updates/D27A8B7BB0E15DFBFC6B4E774EE17AD9.zip.data2ddax64.sysScan engine module (x64)4¿D27A8B7BB0E15DFBFC6B4E774EE17AD9Direct disk access module for x64 systems - 1.0.0.659L %=Mwhttp://dl.emsisoft.com/updates/B0CC0B50441372157F31C4C023D43A3E.zip.data2ddax86.sysScan engine module (x86)03B0CC0B50441372157F31C4C023D43A3EDirect disk access module for x86 systems - 1.0.0.659: !+Mghttp://dl.emsisoft.com/updates/1755023407FDE00D9916505A557569D5.zip.datbdcore.dllScan Engine ( ÛÝ1755023407FDE00D9916505A557569D5Scan Engine Component (bdcore.dll) - 11.0.1.6: #+Mghttp://dl.emsisoft.com/updates/ADF9F919E10832746ED516230420F749.zip.datavxdisk.dllScan Engine (B)d&ADF9F919E10832746ED516230420F749Scan Engine Component (avxdisk.dll) - 1.4.0.0 ¹ 2Š ¹ N %;M}http://dl.emsisoft.com/updates/ED7BC428D411F386C5CD7818C67E5AFB.zip.data2accx86.sysFile guard module (x86)rCED7BC428D411F386C5CD7818C67E5AFBFile guard protection module for x86 systems - 1.0.0.705% #)M=http://dl.emsisoft.com/updates/9E28CAA559C533A531CCEE624DA8C64E.zip.datevcdiff.dllDiff component†™9E28CAA559C533A531CCEE624DA8C64EDiff component - 1.0.0.1` )3M!http://dl.emsisoft.com/updates/CB0BE635BFB53C812978D3B19CB7213A.zip.data2contmenu.dllContext menu module¯(CB0BE635BFB53C812978D3B19CB7213AExplorer context menu to scan files or folders with Anti-Malware - 8.0.0.1h -3M-http://dl.emsisoft.com/updates/7B27FC1EB456620CE04935DB672EC5C9.zip.data2contmenu64.dllContext menu module<7B27FC1EB456620CE04935DB672EC5C9Explorer context menu to scan files or folders with Anti-Malware (x64) - 8.0.0.1 ‚ .…Ó/ ‚ * 33M-http://dl.emsisoft.com/updates/BA4422CE25DE1A93E2EC5447EB4FF71B.zip.datLanguages\zh-tw.lngChinese Traditional »BA4422CE25DE1A93E2EC5447EB4FF71BLanguage Support! %M=http://dl.emsisoft.com/updates/17E7CCC37E341FB56FFBD358171F28C9.zip.daten-us.chmEnglish Help c17E7CCC37E341FB56FFBD358171F28C9English online help file/ 3=M-http://dl.emsisoft.com/updates/57D107BDB46B50C3675FDC230D9FD037.zip.datLanguages\hu-hu.lngHungarian (magyar nyelv) ôz57D107BDB46B50C3675FDC230D9FD037Language support& 3+M-http://dl.emsisoft.com/updates/65D05D5BCC856E05EE07D0732C34D0BD.zip.datLanguages\fi-fi.lngFinnish (Suomi) ñP65D05D5BCC856E05EE07D0732C34D0BDLanguage supportO %;M}http://dl.emsisoft.com/updates/797E1068EE061C5DEE668F0DC6B3C601.zip.data2accx64.sysFile guard module (x64) ‰Û797E1068EE061C5DEE668F0DC6B3C601File guard protection module for x64 systems - 1.0.0.705 ¸ &L ¸ F )=Mghttp://dl.emsisoft.com/updates/429E208432A0D5342FA84D8C700423CE.zip.datlicense_de.rtfLicense Agreement German9l429E208432A0D5342FA84D8C700423CEEmsisoft License Agreement in German languageH )?Mihttp://dl.emsisoft.com/updates/547CF66ABE97308CD3046A5057E46980.zip.datlicense_en.rtfLicense Agreement English6S547CF66ABE97308CD3046A5057E46980Emsisoft License Agreement in English languageW 'MMyhttp://dl.emsisoft.com/updates/138C1D281999712A68FCB96D6C75C618.zip.data2hooks64.dllBehavior blocker component (x64)…ú138C1D281999712A68FCB96D6C75C618Behavior blocker component for x64 systems - 7.0.0.109W 'MMyhttp://dl.emsisoft.com/updates/C9A9B7C0BEACC25DF284FC50F7D4306D.zip.data2hooks32.dllBehavior blocker component (x86)i«C9A9B7C0BEACC25DF284FC50F7D4306DBehavior blocker component for x86 systems - 7.0.0.109 £ 7–öE £ ! #M;http://dl.emsisoft.com/updates/FF8541E8860EFF595F4B514C2FE2AC4F.zip.datde-de.chmGerman HelpíFF8541E8860EFF595F4B514C2FE2AC4FGerman online help file. 3;M-http://dl.emsisoft.com/updates/D5E8A740E2C9D1445E0F4B67FDED25B7.zip.datLanguages\pt-pt.lngPortuguese (Português) ïÒD5E8A740E2C9D1445E0F4B67FDED25B7Language Support 3M-http://dl.emsisoft.com/updates/DF05B946C963F316CE4D3B8F461FB2FA.zip.datLanguages\ar-sa.lngArabic æWDF05B946C963F316CE4D3B8F461FB2FALanguage Support 3M-http://dl.emsisoft.com/updates/3A2E74BCEC6DF428CB6EDC8A3E250821.zip.datLanguages\ru-ru.lngRussian ߶3A2E74BCEC6DF428CB6EDC8A3E250821Language SupportF )=Mghttp://dl.emsisoft.com/updates/16A574ABE4FB8D72CBC91C9F677C270F.zip.datlicense_fr.rtfLicense Agreement French=Ô16A574ABE4FB8D72CBC91C9F677C270FEmsisoft License Agreement in French language È ^µi È & 3M-http://dl.emsisoft.com/updates/1E3A940E96F5F6B241A679947C51E306.zip.datLanguages\fa-ir.lngPersian ã51E3A940E96F5F6B241A679947C51E306Language Support)% 31M-http://dl.emsisoft.com/updates/3C7263E33FA6646EA5564B726E074AC2.zip.datLanguages\nl-nl.lngDutch (Nederlands) ék3C7263E33FA6646EA5564B726E074AC2Language Support$ 3M-http://dl.emsisoft.com/updates/A4DCB0BE672B2D4A2A475AD56B987522.zip.datLanguages\ko-kr.lngKorean ʯA4DCB0BE672B2D4A2A475AD56B987522Language Support 3+M-http://dl.emsisoft.com/updates/002D1A219A1E255B96C2BD7AA07827F4.zip.datLanguages\pl-pl.lngPolish (Polski) ó 002D1A219A1E255B96C2BD7AA07827F4Language Support" #M;http://dl.emsisoft.com/updates/44E591B51DA1445C0FB560F68B44CD6D.zip.datfr-fr.chmFrench Help344E591B51DA1445C0FB560F68B44CD6DFrench online help file £ Ga‰ £ c* #[Mhttp://dl.emsisoft.com/updates/720AEB9F18D76BE49DE86C8B25A9FC38.zip.data2dix86.sysBackground guard driver component (x86)N2720AEB9F18D76BE49DE86C8B25A9FC38Background guard driver component for x86 systems - 1.0.0.709U) #MMyhttp://dl.emsisoft.com/updates/F83FB687FE3CB8908CD98B509DCB4EA6.zip.data2dix86.dllBackground guard component (x86) ‘ûF83FB687FE3CB8908CD98B509DCB4EA6Background guard component for x86 systems - 1.0.0.709c( #[Mhttp://dl.emsisoft.com/updates/05936579605018BD2BC528FF2C1AD95F.zip.data2dix64.sysBackground guard driver component (x64)\œ05936579605018BD2BC528FF2C1AD95FBackground guard driver component for x64 systems - 1.0.0.6576' /M]http://dl.emsisoft.com/updates/D9435DA6B31A7D552EA8B4CDAF2980C2.zip.data2acc.dllFile guard module ”¾D9435DA6B31A7D552EA8B4CDAF2980C2File guard protection module - 1.0.0.710 @ TªÐ ö @ 3/ %+MUhttp://dl.emsisoft.com/updates/8B619F3CE4DD663440E2EC744E883573.zip.datresource.dllResource Module+³8B619F3CE4DD663440E2EC744E883573Additional data resources - 8.1.0.31W. %CMhttp://dl.emsisoft.com/updates/89B93237CB71628BA36B7DBB1215E318.zip.data2core64.dllBehavior blocker core (x64) •L89B93237CB71628BA36B7DBB1215E318Behavior blocker core component for x64 systems - 7.0.0.111W- %CMhttp://dl.emsisoft.com/updates/2A8DC74CCAEF04BB2AC3E4A55050F450.zip.data2core32.dllBehavior blocker core (x86) ˆ_2A8DC74CCAEF04BB2AC3E4A55050F450Behavior blocker core component for x86 systems - 7.0.0.111', 3-M-http://dl.emsisoft.com/updates/7EEF6792D8AF293A9F60FF5FFA34E990.zip.datLanguages\de-de.lngGerman (Deutsch) ñò7EEF6792D8AF293A9F60FF5FFA34E990Language Support)+ 31M-http://dl.emsisoft.com/updates/07E9D1CA0AAE489D2874B5319DF5834D.zip.datLanguages\fr-fr.lngFrench (Français) ý“07E9D1CA0AAE489D2874B5319DF5834DLanguage Support j VÁ j )4 #+MChttp://dl.emsisoft.com/updates/1958483F6E5D831F92475E199BA2750C.zip.datclean32.dllCleaning engine´1958483F6E5D831F92475E199BA2750CCleaning engine - 1.0.0.163(3 1M?http://dl.emsisoft.com/updates/C61694310D85F74584C6CE29822FB85B.zip.datclean.datCleaning resources Ý C61694310D85F74584C6CE29822FB85BCleaning engine componentY2 ;Mhttp://dl.emsisoft.com/updates/4D46C00FBBF2499A65334B70237B5402.zip.data2cmd.exeCommandline Scanner 8.1.‡4D46C00FBBF2499A65334B70237B5402Console application using command line parameters to scan - 8.1.0.3161 +;MEhttp://dl.emsisoft.com/updates/E1EAACA116EAE3241872A5A67E3BB629.zip.data2framework.dllService Framework (x86)WME1EAACA116EAE3241872A5A67E3BB629Service component - 8.1.0.31'0 %)M?http://dl.emsisoft.com/updates/11D313BFFD2BAB07257935EA475157FF.zip.data2update.dllUpdater moduleì«11D313BFFD2BAB07257935EA475157FFUpdater module - 8.1.0.31 à *Z‘ à K8 !?Muhttp://dl.emsisoft.com/updates/1E370D588367AE396EAFF9D34BD15149.zip.datfrme32.dllCleaning engine componentp1E370D588367AE396EAFF9D34BD15149Cleaning engine file and registry module - 1.0.0.478F7 )KMWhttp://dl.emsisoft.com/updates/725E5A19B34061BDD5A5F5720A4D9022.zip.datcleanhlp32.dllCleaning engine component (x86) –Ã725E5A19B34061BDD5A5F5720A4D9022Cleaning engine component - 1.0.0.149M6 )SM_http://dl.emsisoft.com/updates/DBC8CDAFC84E96E894C3BAAED9B30F47.zip.datcleanhlp32.sysCleaning engine helper driver (x86)b)DBC8CDAFC84E96E894C3BAAED9B30F47Cleaning engine helper driver - 1.0.0.149S5 )SMkhttp://dl.emsisoft.com/updates/B794DCF38C965FA2F93C45A7C3D582C5.zip.datcleanhlp64.sysCleaning engine helper driver (x64)kÝB794DCF38C965FA2F93C45A7C3D582C5Cleaning engine helper driver (x64) - 1.0.0.149 å J¤ å << 'Muhttp://dl.emsisoft.com/updates/6FD8F474D031AE49BBD4CF1098F36C47.zip.data2service.exeServiceÿ^6FD8F474D031AE49BBD4CF1098F36C47Service application for non admin support - 8.1.0.33X; #?Mhttp://dl.emsisoft.com/updates/E529485E177539A5000C85692F840A13.zip.data2start.exeEmsisoft Anti-Malware 8.1&ÞOE529485E177539A5000C85692F840A13Main application including scanner and configuration - 8.1.0.33H: %7Mshttp://dl.emsisoft.com/updates/7C83894193504D4AC6B3D999FB24144A.zip.data2wizard.exeSecurity Setup Wizard"iJ7C83894193504D4AC6B3D999FB24144ATool to setup the security configuration - 8.1.0.3139 #)MYhttp://dl.emsisoft.com/updates/180947F97163C012576419D9C28ABEA0.zip.datlogging.dllLogging module ÷>180947F97163C012576419D9C28ABEA0Debug logging helper module - 8.1.0.31 N rÀ N GA ))M{http://dl.emsisoft.com/updates/3D7E47A121A58F7E1E639419E7CB28C0.zip.datBlitzBlank.exeBlitzBlank 1.0 õ3D7E47A121A58F7E1E639419E7CB28C0Removes infections that nothing else removes - 1.0.0.32%@ )MAhttp://dl.emsisoft.com/updates/139D664E42F8F5A849F4F5069769595D.zip.dathu-hu.chmHungarian helpca139D664E42F8F5A849F4F5069769595DHungarian online help file/? !M]http://dl.emsisoft.com/updates/F432EB8D1D84A565167107E2EF001473.zip.data2wsc.dllWSC moduleª®F432EB8D1D84A565167107E2EF001473Windows Security Center module - 6.5.0.2'> 3-M-http://dl.emsisoft.com/updates/49430175DECDF78AA27506D09C2EEF9E.zip.datLanguages\cz-cz.lngCzech (CeÅ¡tina) ºd49430175DECDF78AA27506D09C2EEF9ELanguage supporta= #-M/http://dl.emsisoft.com/updates/8D8F409361718B641DE6BE8D58799549.zip.data2guard.exeProtection GuardÁ*8D8F409361718B641DE6BE8D58799549Background guard with file guard, behavior blocker and surf protection - 8.1.0.31 › 09B › $E #+M9http://dl.emsisoft.com/updates/CA64216AA8EAEF4F9E93BCCB2521B22C.zip.data2hosts.datHosts blacklist0CA64216AA8EAEF4F9E93BCCB2521B22CHost blocker blacklisttD %kMhttp://dl.emsisoft.com/updates/8DEA3FE12A6686573F16A06AD95D7AB9.zip.data2util32.sysBackground guard utility driver component (x86)ï8DEA3FE12A6686573F16A06AD95D7AB9Background guard utility driver component for x86 systems - 1.0.0.661tC %kMhttp://dl.emsisoft.com/updates/0932B29AA1B9372FFE6D3AF8BA2ABA3A.zip.data2util64.sysBackground guard utility driver component (x64)#œ0932B29AA1B9372FFE6D3AF8BA2ABA3ABackground guard utility driver component for x64 systems - 1.0.0.661MB -AMmhttp://dl.emsisoft.com/updates/CDECBEC73B9681E13AB06ECA3AB8606A.zip.data2cmd_readme.txtCommandline Scanner Readme¸CDECBEC73B9681E13AB06ECA3AB8606AReadme and help file for the commandline scanner © M¬U © )J 31M-http://dl.emsisoft.com/updates/7BF17EFD40FF6878E54D6EC64D3C3F9A.zip.datLanguages\it-it.lngItalian (Italiano) éó7BF17EFD40FF6878E54D6EC64D3C3F9ALanguage Support)I 31M-http://dl.emsisoft.com/updates/F4EF042CB0F0FA3EAAF3D002914AF5C0.zip.datLanguages\tr-tr.lngTurkish (Türkçe) îÿF4EF042CB0F0FA3EAAF3D002914AF5C0Language Support(H 3/M-http://dl.emsisoft.com/updates/142B0DD7D276FB9DA679E0F24F04B920.zip.datLanguages\sv-se.lngSwedish (Svenska) è142B0DD7D276FB9DA679E0F24F04B920Language SupportG 3M-http://dl.emsisoft.com/updates/8F7EA25FCE90A392080BA92A653A273B.zip.datLanguages\en-us.lngEnglish Ö²8F7EA25FCE90A392080BA92A653A273BLanguage Support0F %+MOhttp://dl.emsisoft.com/updates/4CEB7895B2A27E249E7557F4A72AEF8A.zip.data2engine.dllScan Engine (A)Uë4CEB7895B2A27E249E7557F4A72AEF8AScan Engine Component - 3.0.0.596 U©ð- O -M http://dl.emsisoft.com/updates/8E1B25B9E4A34E6F3B2A9F1900389460.zip.datt3.dllSignature update/8E1B25B9E4A34E6F3B2A9F1900389460@N #9Mchttp://dl.emsisoft.com/updates/CA647DFCB936CABCE4737B85BDBBA86B.zip.data2trust.datTrust check signatures ¦HCA647DFCB936CABCE4737B85BDBBA86BSignatures to verify digitally signed files6M 5MYhttp://dl.emsisoft.com/updates/9A6DB2ABAF92FE86CB629282C3D0AEB8.zip.data2wl.datWhitelist signatures %`9A6DB2ABAF92FE86CB629282C3D0AEB8Signatures for known good applications)L 31M-http://dl.emsisoft.com/updates/8D9919F38F138B0E590BBF5D7C7176B2.zip.datLanguages\es-es.lngSpanish (Español) ñ¥8D9919F38F138B0E590BBF5D7C7176B2Language Support(K 3/M-http://dl.emsisoft.com/updates/A96996423A03152BA14FCF5F59C76EA6.zip.datLanguages\ca-es.lngCatalan (Català ) òA96996423A03152BA14FCF5F59C76EA6Language Support N µ|? Æ9ü½}B Ä † N 6 Ma2mor.dll6.5.0.111686738dd11317dc31fa064ce6fb476< 'Ma2hooks64.dll7.0.0.109138c1d281999712a68fcb96d6c75c618< 'Ma2hooks32.dll7.0.0.109c9a9b7c0beacc25df284fc50f7d4306d> -Ma2hijackfree.exe4.5.0.1059900a239e2e57ea6635ed984b31fe6c9 #Ma2guard.exe8.1.0.318d8f409361718b641de6be8d58799549> /Ma2framework64.dll8.1.0.2566b17621e35290482fd6df03dc086f5= +Ma2framework.dll8.1.0.31e1eaaca116eae3241872a5a67e3bb629; %Ma2engine.dll3.0.0.5964ceb7895b2a27e249e7557f4a72aef8aK #AMa2dix86.dll1.0.0.709 built by: WinDDKf83fb687fe3cb8908cd98b509dcb4ea6; %Ma2core64.dll7.0.0.11189b93237cb71628ba36b7dbb1215e318; %Ma2core32.dll7.0.0.1112a8dc74ccaef04bb2ac3e4a55050f450= -Ma2contmenu64.dll8.0.0.17b27fc1eb456620ce04935db672ec5c9; )Ma2contmenu.dll8.0.0.1cb0be635bfb53c812978d3b19cb7213a7 Ma2cmd.exe8.1.0.314d46c00fbbf2499a65334b70237b5402I AMa2acc.dll1.0.0.710 built by: WinDDKd9435da6b31a7d552ea8b4cdaf2980c2 M ÈLØžd&êš` Ù “ M D 9Moutlook2007scanner.dll1.0.0.517e06d7b491b66d6e1961ae8140400681D 9Moutlook2003scanner.dll1.0.0.51815ae19a385c980e98e6792f17617fc09 #Mlogging.dll8.1.0.31180947f97163c012576419d9c28abea0J !AMfrme32.dll1.0.0.478 built by: WinDDK1e370d588367ae396eaff9d34bd151498 #Mevcdiff.dll1.0.0.19e28caa559c533a531ccee624da8c64eN )AMcleanhlp32.dll1.0.0.149 built by: WinDDK725e5a19b34061bdd5a5f5720a4d9022: #Mclean32.dll1.0.0.1631958483f6e5d831f92475e199ba2750c< )Mblitzblank.exe1,0,0,323d7e47a121a58f7e1e639419e7cb28c08 !Mbdcore.dll11.0.1.61755023407fde00d9916505a557569d58 #Mavxdisk.dll1.4.0.0adf9f919e10832746ed516230420f7496 Ma2wsc.dll6.5.0.2f432eb8d1d84a565167107e2ef001473: %Ma2wizard.exe8.1.0.317c83894193504d4ac6b3d999fb24144a: %Ma2update.dll8.1.0.3111d313bffd2bab07257935ea475157ff9 #Ma2start.exe8.1.0.33e529485e177539a5000c85692f840a13; 'Ma2service.exe8.1.0.336fd8f474d031ae49bbd4cf1098f36c47 , ºr4ø¹m3õµw9 ë * m , ?- /Ma2framework64.dll8.1.0.2566b17621e35290482fd6df03dc086f5>, +Ma2framework.dll8.1.0.31e1eaaca116eae3241872a5a67e3bb629<+ %Ma2engine.dll3.0.0.5964ceb7895b2a27e249e7557f4a72aef8aL* #AMa2dix86.dll1.0.0.709 built by: WinDDKf83fb687fe3cb8908cd98b509dcb4ea6<) %Ma2core64.dll7.0.0.11189b93237cb71628ba36b7dbb1215e318<( %Ma2core32.dll7.0.0.1112a8dc74ccaef04bb2ac3e4a55050f450>' -Ma2contmenu64.dll8.0.0.17b27fc1eb456620ce04935db672ec5c9<& )Ma2contmenu.dll8.0.0.1cb0be635bfb53c812978d3b19cb7213a8% Ma2cmd.exe8.1.0.314d46c00fbbf2499a65334b70237b5402J$ AMa2acc.dll1.0.0.710 built by: WinDDKd9435da6b31a7d552ea8b4cdaf2980c2=# %#Munins000.exe51.1052.0.067fc5f2f794a32c6d6c77ac0e31966e8:" %Mresource.dll8.1.0.318b619f3ce4dd663440e2ec744e883573<! )Mquarantine.dll7.0.0.139bf2f24c1392cc93d3f4c00132c5454fF =Moutlook2010scanner64.dll1.0.0.82df33586a63c6cda88165f8929a5fb552D 9Moutlook2010scanner.dll1.0.0.8250c44e197eb6849822ba4260a09ddcc6 ÃN ‚. 3 „+Rí¥æ2014-02-02 01:56:54http://update.emsisoft.com/createkeyv3/?product=A2FR&mkey=2sdjImKsp11gpzaqwcysp3cYDiR6URnQlAhMBWdKykrNcErsKqizQTD7wcB3xXgYDC%2FyJ65UE70CIaixaQpEsY2QfqL5Ucs4RCscN3UZV1zPTlj1DeWQ1HVHLcFoC1KV5MXyZS9TCnT2KXTdNFdgWkEdPf%2FwMxh0jWWUyQLMbUY%3D&mname=BEA-LAPTOP ÈHTTP/1.1 200 OKF 3 ‚7+RíƒÜ2014-02-01 23:31:40http://update.emsisoft.com/checkupdatev3/?product=A2FR&key=TAP-RAB-VEV-563&mkey=D830C033685FAEABA9CE786133DB22825892B6C1&version=8.1β=0&lng=nl-nl ÈHTTP/1.1 200 OK) 3 }+RíƒÅ2014-02-01 23:31:17http://update.emsisoft.com/viewlicensev3/?product=A2FR&key=TAP-RAB-VEV-563&mkey=D830C033685FAEABA9CE786133DB22825892B6C1 ÈHTTP/1.1 200 OK‚: 3 „+RíƒÄ2014-02-01 23:31:16http://update.emsisoft.com/createkeyv3/?product=A2FR&mkey=GdFjV4qORSQkQHy0o30adHLOKP2XRHhFhrfvhe1DNFhtZYrMdlMcxIar%2F0ivgt1M3qiuByr9uNaA9FxxDZqhOJR46y0c6XGo3OuqOP5crcF5tWO6NE708T%2FnDW%2BK60M%2F%2B7ea9y2u%2FJWqGeUD%2B6zdZQIGXbM%2F6A2XLLjGj4doPHU%3D&mname=BEA-LAPTOP ÈHTTP/1.1 200 OK § Tq § G 3‚7+Rî0"2014-02-02 11:46:42http://update.emsisoft.com/checkupdatev3/?product=A2FR&key=TAP-RAB-VEV-563&mkey=D830C033685FAEABA9CE786133DB22825892B6C1&version=8.1β=0&lng=nl-nl ÈHTTP/1.1 200 OK) 3 }+Rî02014-02-02 11:46:28http://update.emsisoft.com/viewlicensev3/?product=A2FR&key=TAP-RAB-VEV-563&mkey=D830C033685FAEABA9CE786133DB22825892B6C1 ÈHTTP/1.1 200 OK‚4 3 „+Rî02014-02-02 11:46:26http://update.emsisoft.com/createkeyv3/?product=A2FR&mkey=0jaGVDxoY2sRq4dIo7gUUl4mDhRVDLXRI%2B3R%2Bg5bvfQcid9%2FLkripAbqkx%2Fh4NUdOPe5nf1nri1E82dgDY8M9ecDndKIFSuNotlUc27WgEDN%2BTXmcyfn3Aj3KyZ0k2Z9TTh6H3mHjNc78yXq6J4VF0S8eqGEWL5diLQJziWdZ2k%3D&mname=BEA-LAPTOP ÈHTTP/1.1 200 OK) 3 }+Rí¥è2014-02-02 01:56:56http://update.emsisoft.com/viewlicensev3/?product=A2FR&key=TAP-RAB-VEV-563&mkey=D830C033685FAEABA9CE786133DB22825892B6C1 ÈHTTP/1.1 200 OK ‡ l¹ [ ‡ QT -!Mhttp://dl.emsisoft.com/updates/59900A239E2E57EA6635ED984B31FE6C.zip.data2HiJackFree.exeHiJackFreeV‘59900A239E2E57EA6635ED984B31FE6CSystem analysis and management tool for advanced users - 4.5.0.10"S 3!M-http://dl.emsisoft.com/updates/A84BB2B0AD2FF878E7066B817747E0D3.zip.datLanguages\vi-vn.lngVietnamese ØÛA84BB2B0AD2FF878E7066B817747E0D3Language Support6R 3IM-http://dl.emsisoft.com/updates/EFB01C4720A0AA803985419178F20C32.zip.datLanguages\pt-br.lngPortuguese Brazil (Português) è¹EFB01C4720A0AA803985419178F20C32Language Support0Q +MShttp://dl.emsisoft.com/updates/11686738DD11317DC31FA064CE6FB476.zip.data2mor.dllCleaning moduleÓ11686738DD11317DC31FA064CE6FB476Cleaning engine component - 5.6.0.1P '-M http://dl.emsisoft.com/updates/8E1B25B9E4A34E6F3B2A9F1900389460.zip.datvdbupdate.dllSignature update/8E1B25B9E4A34E6F3B2A9F1900389460 S®þ^ ;Y #+Mghttp://dl.emsisoft.com/updates/ADF9F919E10832746ED516230420F749.zip.datavxdisk.dllScan Engine (B)d&ADF9F919E10832746ED516230420F749Scan Engine Component (avxdisk.dll) - 1.4.0.0X 3M-http://dl.emsisoft.com/updates/F68342529AA3FF13922534408F2B97D6.zip.datLanguages\gr-gr.lngGreekKF68342529AA3FF13922534408F2B97D6Language Support-W 37M-http://dl.emsisoft.com/updates/5BFF4E992DE2EB0C1486BC637A6107E1.zip.datLanguages\sl-si.lngSlovenian (Slovenski) ä]5BFF4E992DE2EB0C1486BC637A6107E1Language Support"V %M=http://dl.emsisoft.com/updates/DF9D07240BA93E43EB824057C64ED8FB.zip.datru-ru.chmRussian Help õDF9D07240BA93E43EB824057C64ED8FBRussian online help file*U 31M-http://dl.emsisoft.com/updates/0D586810C687E7D3FB682CD60EEEE469.zip.datLanguages\zh-cn.lngChinese Simplified ·³0D586810C687E7D3FB682CD60EEEE469Language Support × Br¢ × H] /;Mchttp://dl.emsisoft.com/updates/566B17621E35290482FD6DF03DC086F5.zip.data2framework64.dllService Framework (x64)#£.566B17621E35290482FD6DF03DC086F5Service component for x64 systems - 8.1.0.2M\ %=Mwhttp://dl.emsisoft.com/updates/D27A8B7BB0E15DFBFC6B4E774EE17AD9.zip.data2ddax64.sysScan engine module (x64)4¿D27A8B7BB0E15DFBFC6B4E774EE17AD9Direct disk access module for x64 systems - 1.0.0.659M[ %=Mwhttp://dl.emsisoft.com/updates/B0CC0B50441372157F31C4C023D43A3E.zip.data2ddax86.sysScan engine module (x86)03B0CC0B50441372157F31C4C023D43A3EDirect disk access module for x86 systems - 1.0.0.659;Z !+Mghttp://dl.emsisoft.com/updates/1755023407FDE00D9916505A557569D5.zip.datbdcore.dllScan Engine ( ÛÝ1755023407FDE00D9916505A557569D5Scan Engine Component (bdcore.dll) - 11.0.1.6 µ 0‡ µ Oa %;M}http://dl.emsisoft.com/updates/ED7BC428D411F386C5CD7818C67E5AFB.zip.data2accx86.sysFile guard module (x86)rCED7BC428D411F386C5CD7818C67E5AFBFile guard protection module for x86 systems - 1.0.0.705&` #)M=http://dl.emsisoft.com/updates/9E28CAA559C533A531CCEE624DA8C64E.zip.datevcdiff.dllDiff component†™9E28CAA559C533A531CCEE624DA8C64EDiff component - 1.0.0.1a_ )3M!http://dl.emsisoft.com/updates/CB0BE635BFB53C812978D3B19CB7213A.zip.data2contmenu.dllContext menu module¯(CB0BE635BFB53C812978D3B19CB7213AExplorer context menu to scan files or folders with Anti-Malware - 8.0.0.1i^ -3M-http://dl.emsisoft.com/updates/7B27FC1EB456620CE04935DB672EC5C9.zip.data2contmenu64.dllContext menu module<7B27FC1EB456620CE04935DB672EC5C9Explorer context menu to scan files or folders with Anti-Malware (x64) - 8.0.0.1 } -ƒÐ+ } +f 33M-http://dl.emsisoft.com/updates/BA4422CE25DE1A93E2EC5447EB4FF71B.zip.datLanguages\zh-tw.lngChinese Traditional »BA4422CE25DE1A93E2EC5447EB4FF71BLanguage Support"e %M=http://dl.emsisoft.com/updates/17E7CCC37E341FB56FFBD358171F28C9.zip.daten-us.chmEnglish Help c17E7CCC37E341FB56FFBD358171F28C9English online help file0d 3=M-http://dl.emsisoft.com/updates/57D107BDB46B50C3675FDC230D9FD037.zip.datLanguages\hu-hu.lngHungarian (magyar nyelv) ôz57D107BDB46B50C3675FDC230D9FD037Language support'c 3+M-http://dl.emsisoft.com/updates/65D05D5BCC856E05EE07D0732C34D0BD.zip.datLanguages\fi-fi.lngFinnish (Suomi) ñP65D05D5BCC856E05EE07D0732C34D0BDLanguage supportPb %;M}http://dl.emsisoft.com/updates/797E1068EE061C5DEE668F0DC6B3C601.zip.data2accx64.sysFile guard module (x64) ‰Û797E1068EE061C5DEE668F0DC6B3C601File guard protection module for x64 systems - 1.0.0.705 ´ %J~ ´ Gj )=Mghttp://dl.emsisoft.com/updates/429E208432A0D5342FA84D8C700423CE.zip.datlicense_de.rtfLicense Agreement German9l429E208432A0D5342FA84D8C700423CEEmsisoft License Agreement in German languageIi )?Mihttp://dl.emsisoft.com/updates/547CF66ABE97308CD3046A5057E46980.zip.datlicense_en.rtfLicense Agreement English6S547CF66ABE97308CD3046A5057E46980Emsisoft License Agreement in English languageXh 'MMyhttp://dl.emsisoft.com/updates/138C1D281999712A68FCB96D6C75C618.zip.data2hooks64.dllBehavior blocker component (x64)…ú138C1D281999712A68FCB96D6C75C618Behavior blocker component for x64 systems - 7.0.0.109Xg 'MMyhttp://dl.emsisoft.com/updates/C9A9B7C0BEACC25DF284FC50F7D4306D.zip.data2hooks32.dllBehavior blocker component (x86)i«C9A9B7C0BEACC25DF284FC50F7D4306DBehavior blocker component for x86 systems - 7.0.0.109 ž 6”óA ž o #M;http://dl.emsisoft.com/updates/FF8541E8860EFF595F4B514C2FE2AC4F.zip.datde-de.chmGerman HelpíFF8541E8860EFF595F4B514C2FE2AC4FGerman online help file/n 3;M-http://dl.emsisoft.com/updates/D5E8A740E2C9D1445E0F4B67FDED25B7.zip.datLanguages\pt-pt.lngPortuguese (Português) ïÒD5E8A740E2C9D1445E0F4B67FDED25B7Language Supportm 3M-http://dl.emsisoft.com/updates/DF05B946C963F316CE4D3B8F461FB2FA.zip.datLanguages\ar-sa.lngArabic æWDF05B946C963F316CE4D3B8F461FB2FALanguage Supportl 3M-http://dl.emsisoft.com/updates/3A2E74BCEC6DF428CB6EDC8A3E250821.zip.datLanguages\ru-ru.lngRussian ߶3A2E74BCEC6DF428CB6EDC8A3E250821Language SupportGk )=Mghttp://dl.emsisoft.com/updates/16A574ABE4FB8D72CBC91C9F677C270F.zip.datlicense_fr.rtfLicense Agreement French=Ô16A574ABE4FB8D72CBC91C9F677C270FEmsisoft License Agreement in French language à ]³e à t 3M-http://dl.emsisoft.com/updates/1E3A940E96F5F6B241A679947C51E306.zip.datLanguages\fa-ir.lngPersian ã51E3A940E96F5F6B241A679947C51E306Language Support*s 31M-http://dl.emsisoft.com/updates/3C7263E33FA6646EA5564B726E074AC2.zip.datLanguages\nl-nl.lngDutch (Nederlands) ék3C7263E33FA6646EA5564B726E074AC2Language Supportr 3M-http://dl.emsisoft.com/updates/A4DCB0BE672B2D4A2A475AD56B987522.zip.datLanguages\ko-kr.lngKorean ʯA4DCB0BE672B2D4A2A475AD56B987522Language Support'q 3+M-http://dl.emsisoft.com/updates/002D1A219A1E255B96C2BD7AA07827F4.zip.datLanguages\pl-pl.lngPolish (Polski) ó 002D1A219A1E255B96C2BD7AA07827F4Language Support p #M;http://dl.emsisoft.com/updates/44E591B51DA1445C0FB560F68B44CD6D.zip.datfr-fr.chmFrench Help344E591B51DA1445C0FB560F68B44CD6DFrench online help file Ÿ F_† Ÿ dx #[Mhttp://dl.emsisoft.com/updates/720AEB9F18D76BE49DE86C8B25A9FC38.zip.data2dix86.sysBackground guard driver component (x86)N2720AEB9F18D76BE49DE86C8B25A9FC38Background guard driver component for x86 systems - 1.0.0.709Vw #MMyhttp://dl.emsisoft.com/updates/F83FB687FE3CB8908CD98B509DCB4EA6.zip.data2dix86.dllBackground guard component (x86) ‘ûF83FB687FE3CB8908CD98B509DCB4EA6Background guard component for x86 systems - 1.0.0.709dv #[Mhttp://dl.emsisoft.com/updates/05936579605018BD2BC528FF2C1AD95F.zip.data2dix64.sysBackground guard driver component (x64)\œ05936579605018BD2BC528FF2C1AD95FBackground guard driver component for x64 systems - 1.0.0.6577u /M]http://dl.emsisoft.com/updates/D9435DA6B31A7D552EA8B4CDAF2980C2.zip.data2acc.dllFile guard module ”¾D9435DA6B31A7D552EA8B4CDAF2980C2File guard protection module - 1.0.0.710 ; S¨Í ò ; 4} %+MUhttp://dl.emsisoft.com/updates/8B619F3CE4DD663440E2EC744E883573.zip.datresource.dllResource Module+³8B619F3CE4DD663440E2EC744E883573Additional data resources - 8.1.0.31X| %CMhttp://dl.emsisoft.com/updates/89B93237CB71628BA36B7DBB1215E318.zip.data2core64.dllBehavior blocker core (x64) •L89B93237CB71628BA36B7DBB1215E318Behavior blocker core component for x64 systems - 7.0.0.111X{ %CMhttp://dl.emsisoft.com/updates/2A8DC74CCAEF04BB2AC3E4A55050F450.zip.data2core32.dllBehavior blocker core (x86) ˆ_2A8DC74CCAEF04BB2AC3E4A55050F450Behavior blocker core component for x86 systems - 7.0.0.111(z 3-M-http://dl.emsisoft.com/updates/7EEF6792D8AF293A9F60FF5FFA34E990.zip.datLanguages\de-de.lngGerman (Deutsch) ñò7EEF6792D8AF293A9F60FF5FFA34E990Language Support*y 31M-http://dl.emsisoft.com/updates/07E9D1CA0AAE489D2874B5319DF5834D.zip.datLanguages\fr-fr.lngFrench (Français) ý“07E9D1CA0AAE489D2874B5319DF5834DLanguage Support b U›½ b * #+MChttp://dl.emsisoft.com/updates/1958483F6E5D831F92475E199BA2750C.zip.datclean32.dllCleaning engine´1958483F6E5D831F92475E199BA2750CCleaning engine - 1.0.0.163) 1M?http://dl.emsisoft.com/updates/C61694310D85F74584C6CE29822FB85B.zip.datclean.datCleaning resources Ý C61694310D85F74584C6CE29822FB85BCleaning engine componentZ ;Mhttp://dl.emsisoft.com/updates/4D46C00FBBF2499A65334B70237B5402.zip.data2cmd.exeCommandline Scanner 8.1.‡4D46C00FBBF2499A65334B70237B5402Console application using command line parameters to scan - 8.1.0.317 +;MEhttp://dl.emsisoft.com/updates/E1EAACA116EAE3241872A5A67E3BB629.zip.data2framework.dllService Framework (x86)WME1EAACA116EAE3241872A5A67E3BB629Service component - 8.1.0.31(~ %)M?http://dl.emsisoft.com/updates/11D313BFFD2BAB07257935EA475157FF.zip.data2update.dllUpdater moduleì«11D313BFFD2BAB07257935EA475157FFUpdater module - 8.1.0.31 » (V‹ » L !?Muhttp://dl.emsisoft.com/updates/1E370D588367AE396EAFF9D34BD15149.zip.datfrme32.dllCleaning engine componentp1E370D588367AE396EAFF9D34BD15149Cleaning engine file and registry module - 1.0.0.478G )KMWhttp://dl.emsisoft.com/updates/725E5A19B34061BDD5A5F5720A4D9022.zip.datcleanhlp32.dllCleaning engine component (x86) –Ã725E5A19B34061BDD5A5F5720A4D9022Cleaning engine component - 1.0.0.149N )SM_http://dl.emsisoft.com/updates/DBC8CDAFC84E96E894C3BAAED9B30F47.zip.datcleanhlp32.sysCleaning engine helper driver (x86)b)DBC8CDAFC84E96E894C3BAAED9B30F47Cleaning engine helper driver - 1.0.0.149T )SMkhttp://dl.emsisoft.com/updates/B794DCF38C965FA2F93C45A7C3D582C5.zip.datcleanhlp64.sysCleaning engine helper driver (x64)kÝB794DCF38C965FA2F93C45A7C3D582C5Cleaning engine helper driver (x64) - 1.0.0.149 Ý H{ž Ý = 'Muhttp://dl.emsisoft.com/updates/6FD8F474D031AE49BBD4CF1098F36C47.zip.data2service.exeServiceÿ^6FD8F474D031AE49BBD4CF1098F36C47Service application for non admin support - 8.1.0.33Y #?Mhttp://dl.emsisoft.com/updates/E529485E177539A5000C85692F840A13.zip.data2start.exeEmsisoft Anti-Malware 8.1&ÞOE529485E177539A5000C85692F840A13Main application including scanner and configuration - 8.1.0.33I %7Mshttp://dl.emsisoft.com/updates/7C83894193504D4AC6B3D999FB24144A.zip.data2wizard.exeSecurity Setup Wizard"iJ7C83894193504D4AC6B3D999FB24144ATool to setup the security configuration - 8.1.0.314 #)MYhttp://dl.emsisoft.com/updates/180947F97163C012576419D9C28ABEA0.zip.datlogging.dllLogging module ÷>180947F97163C012576419D9C28ABEA0Debug logging helper module - 8.1.0.31 I” ”˜¢§¬±¶»ÀÅÊÏÔÙÞãèíò÷ü$).38=BGLQV[`ejoty~ƒˆ’—œ¡¦«°µº¿ÄÉÎÓØÝâçìñöûŠ…€{uoic]WQKE?93-'! ý÷ñëåßÙÓÍÇÁ»µ¯©£—‘‹…ysmga[UNG@92+$ ‡ † … „ ƒ ‚ €~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPO N M L K J ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I Rû ‡Œ‘–›¡§*³¹¿ÅËÑ×Ýãéïõû %+17=CIOU[agmsy…‹‘—£©¯µ»ÁÈÏÖÝäëòù€yrkd]VOHA:3,% û œ › š ™ ˜ — – • ” “ ’ ‘ Ž Œ ‹ Š ‰ K L M NOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ € ‚ ƒ „ … † ‡ ˆ D nº D H ))M{http://dl.emsisoft.com/updates/3D7E47A121A58F7E1E639419E7CB28C0.zip.datBlitzBlank.exeBlitzBlank 1.0 õ3D7E47A121A58F7E1E639419E7CB28C0Removes infections that nothing else removes - 1.0.0.32& )MAhttp://dl.emsisoft.com/updates/139D664E42F8F5A849F4F5069769595D.zip.dathu-hu.chmHungarian helpca139D664E42F8F5A849F4F5069769595DHungarian online help file0 !M]http://dl.emsisoft.com/updates/F432EB8D1D84A565167107E2EF001473.zip.data2wsc.dllWSC moduleª®F432EB8D1D84A565167107E2EF001473Windows Security Center module - 6.5.0.2( 3-M-http://dl.emsisoft.com/updates/49430175DECDF78AA27506D09C2EEF9E.zip.datLanguages\cz-cz.lngCzech (CeÅ¡tina) ºd49430175DECDF78AA27506D09C2EEF9ELanguage supportb #-M/http://dl.emsisoft.com/updates/8D8F409361718B641DE6BE8D58799549.zip.data2guard.exeProtection GuardÁ*8D8F409361718B641DE6BE8D58799549Background guard with file guard, behavior blocker and surf protection - 8.1.0.31 “ .5< “ % #+M9http://dl.emsisoft.com/updates/FAB8FFDBAFB612DC2067D4C31E375F69.zip.data2hosts.datHosts blacklist0Y½FAB8FFDBAFB612DC2067D4C31E375F69Host blocker blacklistu %kMhttp://dl.emsisoft.com/updates/8DEA3FE12A6686573F16A06AD95D7AB9.zip.data2util32.sysBackground guard utility driver component (x86)ï8DEA3FE12A6686573F16A06AD95D7AB9Background guard utility driver component for x86 systems - 1.0.0.661u %kMhttp://dl.emsisoft.com/updates/0932B29AA1B9372FFE6D3AF8BA2ABA3A.zip.data2util64.sysBackground guard utility driver component (x64)#œ0932B29AA1B9372FFE6D3AF8BA2ABA3ABackground guard utility driver component for x64 systems - 1.0.0.661N -AMmhttp://dl.emsisoft.com/updates/CDECBEC73B9681E13AB06ECA3AB8606A.zip.data2cmd_readme.txtCommandline Scanner Readme¸CDECBEC73B9681E13AB06ECA3AB8606AReadme and help file for the commandline scanner Ÿ K¨ûM Ÿ * 31M-http://dl.emsisoft.com/updates/7BF17EFD40FF6878E54D6EC64D3C3F9A.zip.datLanguages\it-it.lngItalian (Italiano) éó7BF17EFD40FF6878E54D6EC64D3C3F9ALanguage Support* 31M-http://dl.emsisoft.com/updates/F4EF042CB0F0FA3EAAF3D002914AF5C0.zip.datLanguages\tr-tr.lngTurkish (Türkçe) îÿF4EF042CB0F0FA3EAAF3D002914AF5C0Language Support) 3/M-http://dl.emsisoft.com/updates/142B0DD7D276FB9DA679E0F24F04B920.zip.datLanguages\sv-se.lngSwedish (Svenska) è142B0DD7D276FB9DA679E0F24F04B920Language Support 3M-http://dl.emsisoft.com/updates/8F7EA25FCE90A392080BA92A653A273B.zip.datLanguages\en-us.lngEnglish Ö²8F7EA25FCE90A392080BA92A653A273BLanguage Support1 %+MOhttp://dl.emsisoft.com/updates/4CEB7895B2A27E249E7557F4A72AEF8A.zip.data2engine.dllScan Engine (A)Uë4CEB7895B2A27E249E7557F4A72AEF8AScan Engine Component - 3.0.0.596 % S¥ê% A #9Mchttp://dl.emsisoft.com/updates/0BFEF73D54CABA563425923E437D501A.zip.data2trust.datTrust check signatures ¦¬0BFEF73D54CABA563425923E437D501ASignatures to verify digitally signed files7 5MYhttp://dl.emsisoft.com/updates/79FC6F80C36D4199DC5DC41807B73A13.zip.data2wl.datWhitelist signatures %ý79FC6F80C36D4199DC5DC41807B73A13Signatures for known good applications* 31M-http://dl.emsisoft.com/updates/8D9919F38F138B0E590BBF5D7C7176B2.zip.datLanguages\es-es.lngSpanish (Español) ñ¥8D9919F38F138B0E590BBF5D7C7176B2Language Support) 3/M-http://dl.emsisoft.com/updates/A96996423A03152BA14FCF5F59C76EA6.zip.datLanguages\ca-es.lngCatalan (Català ) òA96996423A03152BA14FCF5F59C76EA6Language Support ˜4Ìh±P ç † h AMO Signatures\BD\emalware.522²ä8B230C600F1722839A451F9FBE4E69E1Malware signatures (emalware.522)_ 9MG Signatures\BD\jpeg.cvd«4126CDF0C0B40BC2314476BEA28CD9E9Malware signatures (jpeg.cvd)g AMO Signatures\BD\emalware.i35ú3F98992DB974810D5DDF7FA24A126737Malware signatures (emalware.i35)_ 9MG Signatures\BD\cran.ivd¼BE86C2E2801832757FA216B77BA955CEMalware signatures (cran.ivd)g AMO Signatures\BD\emalware.000[344E16009837E3F71BEC9A2CDBB6A7F7Malware signatures (emalware.000)L #M9 a2hosts.datÍCA64216AA8EAEF4F9E93BCCB2521B22CHost blocker blacklistb =MK Signatures\BD\update.txt[997DEB0A63D73B64D513332DDDB89635Malware signatures (update.txt)f AMO Signatures\BD\emalware.000°5340980E252938B75E22D434A40ADF9CMalware signatures (emalware.000)b =MK Signatures\BD\e_spyw.i10B36AFD9AAA7704CFD6E883E737EC7B8CMalware signatures (e_spyw.i10)f AMO Signatures\BD\emalware.522OR683C8DE6FBAA02579D62425DED80D8F7Malware signatures (emalware.522) ê ›2É_úªN ê b #Mc a2trust.datô0BFEF73D54CABA563425923E437D501ASignatures to verify digitally signed filesZ MY a2wl.datH79FC6F80C36D4199DC5DC41807B73A13Signatures for known good applicationsN #M9 a2hosts.dat “:FAB8FFDBAFB612DC2067D4C31E375F69Host blocker blacklistc =MK Signatures\BD\update.txt\BCA98DF6D84746715E7C9BB482A1668BMalware signatures (update.txt)h AMO Signatures\BD\emalware.523ãF8B888D2EB73141DA33D621075F141F5Malware signatures (emalware.523)g AMO Signatures\BD\emalware.i33¼AC3C5E275DA792EF2BF24BDE34214C7AMalware signatures (emalware.i33)g AMO Signatures\BD\emalware.i34õ39BD13605B47C6DDFF4AB228D8855717Malware signatures (emalware.i34)c =MK Signatures\BD\e_spyw.i10Q5AEE0F57E37074EFA215806F194EBA10Malware signatures (e_spyw.i10) \ ăDÌŽRØŸd) ê * \ O< )AMcleanhlp32.dll1.0.0.149 built by: WinDDK725e5a19b34061bdd5a5f5720a4d9022;; #Mclean32.dll1.0.0.1631958483f6e5d831f92475e199ba2750c=: )Mblitzblank.exe1,0,0,323d7e47a121a58f7e1e639419e7cb28c099 !Mbdcore.dll11.0.1.61755023407fde00d9916505a557569d598 #Mavxdisk.dll1.4.0.0adf9f919e10832746ed516230420f74977 Ma2wsc.dll6.5.0.2f432eb8d1d84a565167107e2ef001473;6 %Ma2wizard.exe8.1.0.317c83894193504d4ac6b3d999fb24144a;5 %Ma2update.dll8.1.0.3111d313bffd2bab07257935ea475157ff:4 #Ma2start.exe8.1.0.33e529485e177539a5000c85692f840a13<3 'Ma2service.exe8.1.0.336fd8f474d031ae49bbd4cf1098f36c4772 Ma2mor.dll6.5.0.111686738dd11317dc31fa064ce6fb476=1 'Ma2hooks64.dll7.0.0.109138c1d281999712a68fcb96d6c75c618=0 'Ma2hooks32.dll7.0.0.109c9a9b7c0beacc25df284fc50f7d4306d?/ -Ma2hijackfree.exe4.5.0.1059900a239e2e57ea6635ed984b31fe6c:. #Ma2guard.exe8.1.0.318d8f409361718b641de6be8d58799549 b Åx<õ®gߢb >F %#Munins000.exe51.1052.0.067fc5f2f794a32c6d6c77ac0e31966e8;E %Mresource.dll8.1.0.318b619f3ce4dd663440e2ec744e883573=D )Mquarantine.dll7.0.0.139bf2f24c1392cc93d3f4c00132c5454fGC =Moutlook2010scanner64.dll1.0.0.82df33586a63c6cda88165f8929a5fb552EB 9Moutlook2010scanner.dll1.0.0.8250c44e197eb6849822ba4260a09ddcc6EA 9Moutlook2007scanner.dll1.0.0.517e06d7b491b66d6e1961ae8140400681E@ 9Moutlook2003scanner.dll1.0.0.51815ae19a385c980e98e6792f17617fc0:? #Mlogging.dll8.1.0.31180947f97163c012576419d9c28abea0K> !AMfrme32.dll1.0.0.478 built by: WinDDK1e370d588367ae396eaff9d34bd151499= #Mevcdiff.dll1.0.0.19e28caa559c533a531ccee624da8c64e HitmanPro is denk ik deze: Logfile of random's system information tool 1.09 (written by random/random) Run by Bea at 2014-02-02 11:19:10 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 14 GB (18%) free of 76 GB Total RAM: 4095 MB (40% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:19:18, on 2-2-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Bea\Desktop\pc beveiliging\HijackThis (1) (1).exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Bea\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Bea\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\Bea.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Bea\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKCU\..\Run: [Google Update] "C:\Users\Bea\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_140299A73DDFBEE682C1057A74DE4DC2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: LastPass - file://C:\Users\Bea\AppData\LocalLow\LastPass\context.html?cmd=lastpass O8 - Extra context menu item: LastPass Invulformulieren - file://C:\Users\Bea\AppData\LocalLow\LastPass\context.html?cmd=fillforms O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Emsisoft Anti-Malware 8.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HitmanPro.Alert Service (hmpalertsvc) - SurfRight B.V. - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13474 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\AutoKMS.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-314706107-1989528577-1666421781-1001Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-314706107-1989528577-1666421781-1001UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-09 4171464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-16 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Aanmelden - Help - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}] LastPass Vault - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-12-19 612864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}] FlashGetBHO - C:\Users\Bea\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll [2012-11-01 149168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-16 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - LastPass Toolbar - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-12-19 612864] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-04 218408] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] "BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Users\Bea\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-22 116648] "GoogleChromeAutoLaunch_140299A73DDFBEE682C1057A74DE4DC2"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2014-01-23 866584] "GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2013-12-06 20203904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-09 4171464] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm "vidc.cvid"=iccvid.dll "msacm.siren"=sirenacm.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-02-02 11:19:10 ----D---- C:\rsit 2014-02-02 11:19:10 ----D---- C:\Program Files (x86)\trend micro 2014-02-01 22:11:50 ----D---- C:\Program Files (x86)\Emsisoft Anti-Malware 2014-02-01 22:10:13 ----D---- C:\Program Files (x86)\HitmanPro.Alert 2014-02-01 22:10:13 ----A---- C:\Windows\SysWOW64\hmpalert.dll 2014-02-01 21:23:27 ----A---- C:\Windows\SysWOW64\wksprtPS.dll 2014-02-01 21:23:27 ----A---- C:\Windows\SysWOW64\tsgqec.dll 2014-02-01 21:23:27 ----A---- C:\Windows\SysWOW64\rdpendp_winip.dll 2014-02-01 21:23:27 ----A---- C:\Windows\SysWOW64\mstsc.exe 2014-02-01 21:23:27 ----A---- C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-02-01 21:23:27 ----A---- C:\Windows\SysWOW64\aaclient.dll 2014-02-01 21:23:26 ----A---- C:\Windows\SysWOW64\mstscax.dll 2014-02-01 20:30:25 ----D---- C:\Windows\SoftwareDistribution 2014-01-31 10:35:40 ----D---- C:\Program Files (x86)\Common Files\DESIGNER 2014-01-28 23:08:51 ----D---- C:\Windows\Migration 2014-01-28 23:05:13 ----A---- C:\Windows\SysWOW64\qdvd.dll 2014-01-16 11:25:29 ----D---- C:\ProgramData\Oracle 2014-01-16 11:23:13 ----A---- C:\Windows\SysWOW64\javaws.exe 2014-01-16 11:23:02 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-16 11:23:02 ----A---- C:\Windows\SysWOW64\javaw.exe 2014-01-16 11:23:02 ----A---- C:\Windows\SysWOW64\java.exe 2014-01-12 12:22:40 ----SHD---- C:\$RECYCLE.BIN 2014-01-12 12:18:27 ----A---- C:\Windows\zoek-delete.exe 2014-01-12 12:18:25 ----D---- C:\Windows\Temp 2014-01-12 09:36:07 ----HD---- C:\VTRoot 2014-01-11 23:50:52 ----D---- C:\Users\Bea\AppData\Roaming\Comodo 2014-01-11 21:49:51 ----SD---- C:\ProgramData\Shared Space 2014-01-11 21:49:33 ----D---- C:\ProgramData\Comodo 2014-01-11 21:49:28 ----D---- C:\ProgramData\Comodo Downloader 2014-01-10 23:18:23 ----D---- C:\Windows\pss 2014-01-10 09:53:48 ----A---- C:\DelFix.txt 2014-01-09 18:09:32 ----D---- C:\zoek_backup ======List of files/folders modified in the last 1 month====== 2014-02-02 11:19:10 ----RD---- C:\Program Files (x86) 2014-02-02 11:08:30 ----D---- C:\Windows\Tasks 2014-02-02 01:15:36 ----HD---- C:\ProgramData 2014-02-02 01:14:06 ----SHD---- C:\Windows\Installer 2014-02-02 01:14:06 ----SHD---- C:\Config.Msi 2014-02-02 01:00:02 ----D---- C:\Windows\inf 2014-02-01 23:29:11 ----AD---- C:\Windows 2014-02-01 22:10:13 ----D---- C:\Windows\SysWOW64 2014-02-01 22:10:13 ----D---- C:\Windows\System32 2014-02-01 22:00:50 ----RD---- C:\Program Files 2014-02-01 21:43:11 ----D---- C:\Windows\winsxs 2014-02-01 21:39:46 ----D---- C:\Windows\SysWOW64\wbem 2014-02-01 21:39:46 ----D---- C:\Windows\SysWOW64\nl-NL 2014-02-01 21:39:45 ----D---- C:\Windows\PolicyDefinitions 2014-02-01 21:22:52 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-01 21:19:25 ----SHD---- C:\System Volume Information 2014-02-01 15:39:48 ----D---- C:\Users\Bea\AppData\Roaming\uTorrent 2014-02-01 15:38:28 ----D---- C:\Windows\Prefetch 2014-01-31 11:20:30 ----D---- C:\Windows\AutoKMS 2014-01-31 10:53:26 ----D---- C:\Windows\Microsoft.NET 2014-01-31 10:41:59 ----D---- C:\ProgramData\Microsoft Help 2014-01-31 10:39:06 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2014-01-31 10:38:10 ----RSD---- C:\Windows\Fonts 2014-01-31 10:37:35 ----D---- C:\Windows\ShellNew 2014-01-31 10:37:04 ----D---- C:\Program Files (x86)\MSBuild 2014-01-31 10:35:40 ----D---- C:\Program Files (x86)\Common Files 2014-01-31 10:27:13 ----A---- C:\Windows\win.ini 2014-01-28 23:09:44 ----D---- C:\Windows\SysWOW64\en-US 2014-01-28 23:08:51 ----SD---- C:\ProgramData\Microsoft 2014-01-28 22:31:32 ----D---- C:\Users\Bea\AppData\Roaming\Nitro PDF 2014-01-25 13:34:46 ----D---- C:\Users\Bea\AppData\Roaming\Mozilla 2014-01-23 01:23:03 ----D---- C:\Windows\debug 2014-01-21 17:50:59 ----RSD---- C:\Windows\assembly 2014-01-11 21:20:14 ----D---- C:\Program Files (x86)\Microsoft Security Client 2014-01-10 12:32:32 ----D---- C:\Program Files (x86)\Microsoft 2014-01-09 10:24:50 ----SD---- C:\Users\Bea\AppData\Roaming\Microsoft 2014-01-09 10:09:19 ----SHD---- C:\Boot ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AsDsm;AsDsm; C:\Windows\SysWOW64\drivers\AsDsm.sys [] R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [] R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [] R1 A2DDA;A2 Direct Disk Access Support Driver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-03-28 26176] R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [] R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [] R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [] R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904] R2 hmpalert;HitmanPro.Alert Support Driver; \??\C:\Windows\system32\drivers\hmpalert.sys [] R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [] R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [] S3 a2acc;a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2013-08-24 70960] S3 cleanhlp;cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-12-04 57024] S3 cpuz135;cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-08-11 24368] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-12-04 4161512] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432] R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [] R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208] R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2013-10-20 6254152] R2 hmpalertsvc;HitmanPro.Alert Service; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-02-01 1830768] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-01-12 341312] R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-03-25 230408] R2 nlsX86cc;NLS Service; C:\Windows\SysWOW64\NLSSRV32.EXE [2011-01-12 68928] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-08-27 239176] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-08-27 93072] R3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280] R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2009-04-15 271760] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 116648] S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10 257416] S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808] S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-09-24 164056] S3 fsssvc;Windows Live Family Safety; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 116648] S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V [] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-03-09 30798512] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] -----------------EOF-----------------

Ik vrees dat mijn laptop nog steeds een virus heeft. Zouden jullie nog een keer willen kijken naar deze log? Logfile of random's system information tool 1.09 (written by random/random) Run by Bea at 2014-02-02 11:19:10 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 14 GB (18%) free of 76 GB Total RAM: 4095 MB (40% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:19:18, on 2-2-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Bea\Desktop\pc beveiliging\HijackThis (1) (1).exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Bea\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Bea\Downloads\RSIT.exe C:\Program Files (x86)\trend micro\Bea.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Bea\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKCU\..\Run: [Google Update] "C:\Users\Bea\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_140299A73DDFBEE682C1057A74DE4DC2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: LastPass - file://C:\Users\Bea\AppData\LocalLow\LastPass\context.html?cmd=lastpass O8 - Extra context menu item: LastPass Invulformulieren - file://C:\Users\Bea\AppData\LocalLow\LastPass\context.html?cmd=fillforms O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Emsisoft Anti-Malware 8.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HitmanPro.Alert Service (hmpalertsvc) - SurfRight B.V. - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13474 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\AutoKMS.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-314706107-1989528577-1666421781-1001Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-314706107-1989528577-1666421781-1001UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-09 4171464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-16 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Aanmelden - Help - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}] LastPass Vault - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-12-19 612864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}] FlashGetBHO - C:\Users\Bea\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll [2012-11-01 149168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-16 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - LastPass Toolbar - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-12-19 612864] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-04 218408] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] "BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Users\Bea\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-22 116648] "GoogleChromeAutoLaunch_140299A73DDFBEE682C1057A74DE4DC2"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2014-01-23 866584] "GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2013-12-06 20203904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-09 4171464] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm "vidc.cvid"=iccvid.dll "msacm.siren"=sirenacm.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-02-02 11:19:10 ----D---- C:\rsit 2014-02-02 11:19:10 ----D---- C:\Program Files (x86)\trend micro 2014-02-01 22:11:50 ----D---- C:\Program Files (x86)\Emsisoft Anti-Malware 2014-02-01 22:10:13 ----D---- C:\Program Files (x86)\HitmanPro.Alert 2014-02-01 22:10:13 ----A---- C:\Windows\SysWOW64\hmpalert.dll 2014-02-01 21:23:27 ----A---- C:\Windows\SysWOW64\wksprtPS.dll 2014-02-01 21:23:27 ----A---- C:\Windows\SysWOW64\tsgqec.dll 2014-02-01 21:23:27 ----A---- C:\Windows\SysWOW64\rdpendp_winip.dll 2014-02-01 21:23:27 ----A---- C:\Windows\SysWOW64\mstsc.exe 2014-02-01 21:23:27 ----A---- C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-02-01 21:23:27 ----A---- C:\Windows\SysWOW64\aaclient.dll 2014-02-01 21:23:26 ----A---- C:\Windows\SysWOW64\mstscax.dll 2014-02-01 20:30:25 ----D---- C:\Windows\SoftwareDistribution 2014-01-31 10:35:40 ----D---- C:\Program Files (x86)\Common Files\DESIGNER 2014-01-28 23:08:51 ----D---- C:\Windows\Migration 2014-01-28 23:05:13 ----A---- C:\Windows\SysWOW64\qdvd.dll 2014-01-16 11:25:29 ----D---- C:\ProgramData\Oracle 2014-01-16 11:23:13 ----A---- C:\Windows\SysWOW64\javaws.exe 2014-01-16 11:23:02 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-16 11:23:02 ----A---- C:\Windows\SysWOW64\javaw.exe 2014-01-16 11:23:02 ----A---- C:\Windows\SysWOW64\java.exe 2014-01-12 12:22:40 ----SHD---- C:\$RECYCLE.BIN 2014-01-12 12:18:27 ----A---- C:\Windows\zoek-delete.exe 2014-01-12 12:18:25 ----D---- C:\Windows\Temp 2014-01-12 09:36:07 ----HD---- C:\VTRoot 2014-01-11 23:50:52 ----D---- C:\Users\Bea\AppData\Roaming\Comodo 2014-01-11 21:49:51 ----SD---- C:\ProgramData\Shared Space 2014-01-11 21:49:33 ----D---- C:\ProgramData\Comodo 2014-01-11 21:49:28 ----D---- C:\ProgramData\Comodo Downloader 2014-01-10 23:18:23 ----D---- C:\Windows\pss 2014-01-10 09:53:48 ----A---- C:\DelFix.txt 2014-01-09 18:09:32 ----D---- C:\zoek_backup ======List of files/folders modified in the last 1 month====== 2014-02-02 11:19:10 ----RD---- C:\Program Files (x86) 2014-02-02 11:08:30 ----D---- C:\Windows\Tasks 2014-02-02 01:15:36 ----HD---- C:\ProgramData 2014-02-02 01:14:06 ----SHD---- C:\Windows\Installer 2014-02-02 01:14:06 ----SHD---- C:\Config.Msi 2014-02-02 01:00:02 ----D---- C:\Windows\inf 2014-02-01 23:29:11 ----AD---- C:\Windows 2014-02-01 22:10:13 ----D---- C:\Windows\SysWOW64 2014-02-01 22:10:13 ----D---- C:\Windows\System32 2014-02-01 22:00:50 ----RD---- C:\Program Files 2014-02-01 21:43:11 ----D---- C:\Windows\winsxs 2014-02-01 21:39:46 ----D---- C:\Windows\SysWOW64\wbem 2014-02-01 21:39:46 ----D---- C:\Windows\SysWOW64\nl-NL 2014-02-01 21:39:45 ----D---- C:\Windows\PolicyDefinitions 2014-02-01 21:22:52 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-01 21:19:25 ----SHD---- C:\System Volume Information 2014-02-01 15:39:48 ----D---- C:\Users\Bea\AppData\Roaming\uTorrent 2014-02-01 15:38:28 ----D---- C:\Windows\Prefetch 2014-01-31 11:20:30 ----D---- C:\Windows\AutoKMS 2014-01-31 10:53:26 ----D---- C:\Windows\Microsoft.NET 2014-01-31 10:41:59 ----D---- C:\ProgramData\Microsoft Help 2014-01-31 10:39:06 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2014-01-31 10:38:10 ----RSD---- C:\Windows\Fonts 2014-01-31 10:37:35 ----D---- C:\Windows\ShellNew 2014-01-31 10:37:04 ----D---- C:\Program Files (x86)\MSBuild 2014-01-31 10:35:40 ----D---- C:\Program Files (x86)\Common Files 2014-01-31 10:27:13 ----A---- C:\Windows\win.ini 2014-01-28 23:09:44 ----D---- C:\Windows\SysWOW64\en-US 2014-01-28 23:08:51 ----SD---- C:\ProgramData\Microsoft 2014-01-28 22:31:32 ----D---- C:\Users\Bea\AppData\Roaming\Nitro PDF 2014-01-25 13:34:46 ----D---- C:\Users\Bea\AppData\Roaming\Mozilla 2014-01-23 01:23:03 ----D---- C:\Windows\debug 2014-01-21 17:50:59 ----RSD---- C:\Windows\assembly 2014-01-11 21:20:14 ----D---- C:\Program Files (x86)\Microsoft Security Client 2014-01-10 12:32:32 ----D---- C:\Program Files (x86)\Microsoft 2014-01-09 10:24:50 ----SD---- C:\Users\Bea\AppData\Roaming\Microsoft 2014-01-09 10:09:19 ----SHD---- C:\Boot ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AsDsm;AsDsm; C:\Windows\SysWOW64\drivers\AsDsm.sys [] R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [] R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [] R1 A2DDA;A2 Direct Disk Access Support Driver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-03-28 26176] R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [] R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [] R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [] R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [] R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904] R2 hmpalert;HitmanPro.Alert Support Driver; \??\C:\Windows\system32\drivers\hmpalert.sys [] R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [] R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [] S3 a2acc;a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2013-08-24 70960] S3 cleanhlp;cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-12-04 57024] S3 cpuz135;cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-08-11 24368] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-12-04 4161512] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432] R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [] R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208] R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2013-10-20 6254152] R2 hmpalertsvc;HitmanPro.Alert Service; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-02-01 1830768] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-01-12 341312] R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-03-25 230408] R2 nlsX86cc;NLS Service; C:\Windows\SysWOW64\NLSSRV32.EXE [2011-01-12 68928] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-08-27 239176] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-08-27 93072] R3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280] R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2009-04-15 271760] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 116648] S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10 257416] S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808] S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-09-24 164056] S3 fsssvc;Windows Live Family Safety; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 116648] S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V [] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-03-09 30798512] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] -----------------EOF----------------- Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 11:14:32, on 2-2-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Bea\Desktop\pc beveiliging\HijackThis (1) (1).exe C:\Windows\SysWOW64\DllHost.exe