desp6

Lid

Bekijk profiel Bekijk hun activiteit

Items
10
Registratiedatum
17 januari 2014
Laatst bezocht
9 maart 2014

desp6's prestaties

Groentje (2/14)

Recente badges

Reputatie

Lettertype gewijzigd - Beeld staat buiten scherm - Adware geeft besmetting aan.

desp6 reageerde op desp6's topic in Archief Bestrijding malware & virussen

Beste, Bedankt voor uw tips! Het probleem is ondertussen opgelost, een andere grafische verbindingskabel willen steken, hdmi ipv dvi laten we zeggen, maakte dat ik met de knoppen van het scherm bezig was en zo waarschijnlijk een instelling gewijzigd had, dit teruggezet en het is in orde...
- 9 maart 2014
- 8 antwoorden
Lettertype gewijzigd - Beeld staat buiten scherm - Adware geeft besmetting aan.

desp6 reageerde op desp6's topic in Archief Bestrijding malware & virussen

Ja: De weergave op het scherm ligt nog steeds buiten de grootte van het scherm, maar waarschijnlijk heb ik mijn vraag niet goed voorbereid: Ik had eergisteren een bluetooth stick (Belkin F8TO17) gebruikt en voor de eerste keer in een usb poort gestopt. De drivers werden geinstalleerd door windows maar blijkbaar waren er 2 te kort. Ik nam dan de driver van de site installeerde die en toen kreeg ik het bericht dat die niet goed geinstalleerd was. Ik probeerde via installatie ongedaan maken in apparaatbeheer de driver terug te verwijderen maar geen goed resultaat. Ik probeerde via een herstelpunt anders dan het aanbevolen herstelpunt maar ook geen resultaat. Ik heb een update van de grafische drivers geprobeerd maar ook geen resultaat. Maar misschien is het wel een goed idee dit driver probleem als het probleem te beschouwen. Kan zo een driver het grafisch gedeelte zo in de war sturen?
- 9 maart 2014
- 8 antwoorden
Lettertype gewijzigd - Beeld staat buiten scherm - Adware geeft besmetting aan.

desp6 reageerde op desp6's topic in Archief Bestrijding malware & virussen

Dit is het waarschijnlijk want het kwam niet vanzelf op # AdwCleaner v3.020 - Report created 08/03/2014 at 16:30:01 # Updated 27/02/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Joz - NAZOJ # Running from : C:\Users\Aaron\Desktop\adwcleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v27.0.1 (nl) [ File : C:\Users\Joz\AppData\Roaming\Mozilla\Firefox\Profiles\ileknv4w.default\prefs.js ] [ File : C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\9dc7e8ea.default\prefs.js ] [ File : C:\Users\Leander\AppData\Roaming\Mozilla\Firefox\Profiles\5rslhwbk.default\prefs.js ] -\\ Google Chrome v33.0.1750.146 [ File : C:\Users\Joz\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Leander\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1371 octets] - [08/03/2014 16:30:01] ########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [1431 octets] ##########
- 8 maart 2014
- 8 antwoorden
Lettertype gewijzigd - Beeld staat buiten scherm - Adware geeft besmetting aan.

desp6 reageerde op desp6's topic in Archief Bestrijding malware & virussen

Bedankt voor uw reactie, kape! Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Joz on za 08/03/2014 at 15:02:41,16. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Joz\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 8/03/2014 15:04:43 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Users\Aaron\AppData\Local\VirtualStore deleted successfully C:\Users\Ann\AppData\Local\VirtualStore deleted successfully C:\Users\Joz\AppData\Local\MediaShow deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Joz\AppData\Local\Temp ==== ====== Java Cache ===== 2014-03-07 20:56:04 86C47CA21A599230CA54E8F5EBDB6A07 124 ----a-w- C:\Users\Joz\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\7\6619ee07-1563b4a9 ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== 2014-03-07 20:38:52 26C03A0BE08D76E3CE34AF88B9E8C549 3232 ----a-w- C:\Windows\Sysnative\Tasks\{F0C9B26F-9865-4E9E-8820-F8ABFC85F76A} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Joz\AppData\Roaming ====== 2014-02-20 11:05:05 -------- d-----w- C:\Users\Ann\AppData\Local\Nero_AG 2014-02-20 11:04:57 -------- d-----w- C:\Users\Ann\AppData\Roaming\Nero 2014-02-20 11:04:49 -------- d-----w- C:\Users\Ann\AppData\Local\Nero ====== C:\Users\Joz ====== 2014-03-08 12:13:51 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Joz\Desktop\RSITx64.exe 2014-03-08 12:13:10 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Joz\Downloads\RSITx64.exe ====== C: exe-files == 2014-03-08 12:13:51 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Joz\Desktop\RSITx64.exe 2014-03-08 12:13:10 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Joz\Downloads\RSITx64.exe 2014-03-04 20:00:38 99EDAB82414D23D14947415E5C502FE1 786136 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.146\33.0.1750.146_33.0.1750.117_chrome_updater.exe === C: other files == 2014-03-07 20:29:29 2451081B4E1C8C895556C1ADA9CF9451 219319678 ----a-w- C:\Users\Joz\Downloads\f8t016-f8t017.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-865961703-3610155193-1465402369-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "PowerDVD12DMREngine"="C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" "PowerDVD12Agent"="C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "G Data AntiVirus Tray"="C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe" "GDFirewallTray"="C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [21/02/2014 20:20] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/03/2012 13:47] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/03/2012 13:47] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Joz\AppData\Roaming\Mozilla\Firefox\Profiles\ileknv4w.default - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Joz\AppData\Roaming\Mozilla\Firefox\Profiles\ileknv4w.default D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies F98B0B2789436E072D7ED979C4E44D07 - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director CE252B04FB9F4F773A7DB5338BFEEA5B - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility ==== Chrome Look ====================== Google Docs - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Joz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Joz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Joz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Joz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Joz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Joz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Leander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Leander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Leander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Leander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Leander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Leander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.aldi.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.aldi.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {C0C7CA55-340D-4A9C-AE41-964712CE9928} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Leander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Leander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Ann\AppData\Local\Mozilla\Firefox\Profiles\9dc7e8ea.default\Cache emptied successfully C:\Users\Joz\AppData\Local\Mozilla\Firefox\Profiles\ileknv4w.default\Cache emptied successfully C:\Users\Leander\AppData\Local\Mozilla\Firefox\Profiles\5rslhwbk.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Joz\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Leander\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=10 folders=3 2909602 bytes) ==== Empty Temp Folders ====================== C:\Users\Aaron\AppData\Local\Temp emptied successfully C:\Users\Ann\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Joz\AppData\Local\Temp will be emptied at reboot C:\Users\Leander\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Joz\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 08/03/2014 at 15:50:15,62 ======================
- 8 maart 2014
- 8 antwoorden
Lettertype gewijzigd - Beeld staat buiten scherm - Adware geeft besmetting aan.

desp6 plaatste een topic in Archief Bestrijding malware & virussen

Beste, Ik heb het gevoeld dat er heel wat "verkeerde" zaken op mijn pc staan (zie onderwerp). Ik heb daarom een logje met RSIT gemaakt. Zou er iemand hier eens naar willen kijken? Alvast bedankt! ï»¿Logfile of random's system information tool 1.09 (written by random/random) Run by Joz at 2014-03-08 13:14:02 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 205 GB (23%) free of 902 GB Total RAM: 4078 MB (51% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:14:09, on 8/03/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16518) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\trend micro\Joz.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [PowerDVD12DMREngine] "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" O4 - HKLM\..\Run: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CLHNServiceForPowerDVD12 - CyberLink Corp. - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: G Data Backup Service (GDBackupSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe O23 - Service: G Data Tuner Service (GDTunerSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: G Data Datasafeservice (TSNxGService) - G Data Software - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13065 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch "C:\Windows\system32\nvvsvc.exe" "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" C:\Windows\system32\svchost.exe -k RPCSS "C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe" C:\Windows\system32\nvvsvc.exe -session -first C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe" "C:\Program Files\Bonjour\mDNSResponder.exe" "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe" "taskhost.exe" "C:\Windows\system32\Dwm.exe" "C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe" "C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe" C:\Windows\Explorer.EXE "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe" "C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe" "C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1 "C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe" "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" WLIDSvcM.exe 3680 "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" "C:\Program Files\iPod\bin\iPodService.exe" "C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe" C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f60e4c19-d66d-4b57-aea0-95ffa7bd9850 -SystemEventPortName:HostProcess-a63b5d66-6065-4fed-a1e4-7a736e931e8d -IoCancelEventPortName:HostProcess-5a849c78-1218-4b60-8513-e4c4ef08dff7 -NonStateChangingEventPortName:HostProcess-acbce22e-f6e9-4a21-bf28-39b89fa279e9 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:f2ebc684-6269-499f-b26b-92419da0161d -DeviceGroupId:WpdFsGroup "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe" -Embedding "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe" "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" C:\Windows\System32\vds.exe "C:\Program Files (x86)\Nero\Update\NASvc.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" C:\Windows\system32\wbem\wmiprvse.exe taskeng.exe {BE431F36-3483-41D0-A450-21B15932DF2D} "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 "C:\Users\Joz\Desktop\RSITx64.exe" ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\Joz\AppData\Roaming\Mozilla\Firefox\Profiles\ileknv4w.default [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=AdobeÂ® FlashÂ® Player 12.0.0.70 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX] "Description"=Canon Easy-PhotoPrint EX "Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl] "Description"=Garmin GPS Control for Firefox "Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] "Description"=Picasa3 plugin "Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2] "Description"=Javaâ„¢ Deployment Toolkit "Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2] "Description"=OracleÂ® Next Generation Javaâ„¢ Plug-In "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=C:\Windows\system32\Wat\npWatWeb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Nero.com/KM] "Description"= "Path"=C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision] "Description"=NVIDIA stereo images plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] "Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=AdobeÂ® FlashÂ® Player 12.0.0.70 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=OracleÂ® Next Generation Javaâ„¢ Plug-In "Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=C:\Windows\system32\Wat\npWatWeb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll C:\Program Files (x86)\Mozilla Firefox\extensions\ belgiumeid@eid.belgium.be ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-01-24 79240] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-16 12673128] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2011-05-20 284440] "CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2010-08-04 107816] "PowerDVD12DMREngine"=C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [2012-09-19 505872] "PowerDVD12Agent"=C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [2012-09-19 374560] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720] "G Data AntiVirus Tray"=C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe [2013-08-21 1444472] "GDFirewallTray"=C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe [2013-03-22 1854928] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-11-02 152392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=l3codecp.acm "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "VIDC.FFDS"=ff_vfw.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-03-08 13:14:02 ----D---- C:\rsit 2014-02-27 18:23:07 ----D---- C:\Windows\Migration 2014-02-15 18:03:02 ----D---- C:\Program Files (x86)\Mozilla Firefox 2014-02-13 22:35:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2014-02-13 22:35:39 ----A---- C:\Windows\system32\vbscript.dll 2014-02-13 22:35:03 ----A---- C:\Windows\SYSWOW64\msrating.dll 2014-02-13 22:35:03 ----A---- C:\Windows\SYSWOW64\ieui.dll 2014-02-13 22:35:03 ----A---- C:\Windows\system32\msrating.dll 2014-02-13 22:35:02 ----A---- C:\Windows\system32\ieui.dll 2014-02-13 22:35:02 ----A---- C:\Windows\system32\iernonce.dll 2014-02-13 22:35:02 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2014-02-13 22:35:02 ----A---- C:\Windows\system32\ie4uinit.exe 2014-02-13 22:35:01 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2014-02-13 22:35:01 ----A---- C:\Windows\system32\msfeeds.dll 2014-02-13 22:35:01 ----A---- C:\Windows\system32\jsproxy.dll 2014-02-13 22:35:00 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2014-02-13 22:35:00 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2014-02-13 22:35:00 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2014-02-13 22:35:00 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2014-02-13 22:35:00 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2014-02-13 22:35:00 ----A---- C:\Windows\system32\mshtml.dll 2014-02-13 22:35:00 ----A---- C:\Windows\system32\ieUnatt.exe 2014-02-13 22:35:00 ----A---- C:\Windows\system32\iesetup.dll 2014-02-13 22:35:00 ----A---- C:\Windows\system32\ieetwproxystub.dll 2014-02-13 22:35:00 ----A---- C:\Windows\system32\ieetwcollector.exe 2014-02-13 22:34:59 ----A---- C:\Windows\SYSWOW64\wininet.dll 2014-02-13 22:34:59 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2014-02-13 22:34:59 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2014-02-13 22:34:59 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2014-02-13 22:34:59 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2014-02-13 22:34:59 ----A---- C:\Windows\system32\wininet.dll 2014-02-13 22:34:59 ----A---- C:\Windows\system32\jscript9diag.dll 2014-02-13 22:34:59 ----A---- C:\Windows\system32\iertutil.dll 2014-02-13 22:34:59 ----A---- C:\Windows\system32\ieapfltr.dll 2014-02-13 22:34:58 ----A---- C:\Windows\system32\urlmon.dll 2014-02-13 22:34:58 ----A---- C:\Windows\system32\ieframe.dll 2014-02-13 22:34:57 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2014-02-13 22:34:57 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2014-02-13 22:34:57 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2014-02-13 22:34:56 ----A---- C:\Windows\system32\jscript9.dll 2014-02-13 16:05:22 ----A---- C:\Windows\SYSWOW64\msxml3r.dll 2014-02-13 16:05:22 ----A---- C:\Windows\SYSWOW64\msxml3.dll 2014-02-13 16:05:22 ----A---- C:\Windows\system32\msxml3r.dll 2014-02-13 16:05:22 ----A---- C:\Windows\system32\msxml3.dll 2014-02-13 16:05:17 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe 2014-02-13 16:05:17 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe 2014-02-13 16:05:17 ----A---- C:\Windows\SYSWOW64\RMActivate.exe 2014-02-13 16:05:17 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-13 16:05:17 ----A---- C:\Windows\system32\RMActivate_isv.exe 2014-02-13 16:05:17 ----A---- C:\Windows\system32\RMActivate.exe 2014-02-13 16:05:16 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll 2014-02-13 16:05:16 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll 2014-02-13 16:05:16 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll 2014-02-13 16:05:16 ----A---- C:\Windows\SYSWOW64\secproc.dll 2014-02-13 16:05:16 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe 2014-02-13 16:05:16 ----A---- C:\Windows\SYSWOW64\msdrm.dll 2014-02-13 16:05:16 ----A---- C:\Windows\system32\secproc_ssp_isv.dll 2014-02-13 16:05:16 ----A---- C:\Windows\system32\secproc_ssp.dll 2014-02-13 16:05:16 ----A---- C:\Windows\system32\secproc_isv.dll 2014-02-13 16:05:16 ----A---- C:\Windows\system32\secproc.dll 2014-02-13 16:05:16 ----A---- C:\Windows\system32\RMActivate_ssp.exe 2014-02-13 16:05:16 ----A---- C:\Windows\system32\msdrm.dll 2014-02-13 16:05:13 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll 2014-02-13 16:05:13 ----A---- C:\Windows\system32\d3d10warp.dll 2014-02-13 16:05:12 ----A---- C:\Windows\SYSWOW64\d2d1.dll 2014-02-13 16:05:12 ----A---- C:\Windows\system32\d2d1.dll ======List of files/folders modified in the last 1 month====== 2014-03-08 13:14:07 ----D---- C:\Program Files\trend micro 2014-03-08 13:14:03 ----D---- C:\Windows\Temp 2014-03-08 11:35:00 ----D---- C:\Windows\system32\config 2014-03-08 11:27:09 ----A---- C:\Windows\SYSWOW64\log.txt 2014-03-08 11:24:01 ----D---- C:\ProgramData\NVIDIA 2014-03-07 21:39:04 ----D---- C:\Windows\Prefetch 2014-03-07 21:38:52 ----D---- C:\Windows\system32\Tasks 2014-03-07 21:23:10 ----D---- C:\Windows\System32 2014-03-07 21:23:10 ----D---- C:\Windows\inf 2014-03-07 21:23:10 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-03-07 21:21:48 ----D---- C:\Windows\system32\drivers 2014-03-05 22:18:07 ----D---- C:\ProgramData\PMS 2014-03-03 11:46:38 ----SHD---- C:\$RECYCLE.BIN 2014-02-28 21:01:33 ----D---- C:\Windows\Microsoft.NET 2014-02-28 20:05:09 ----SHD---- C:\Windows\Installer 2014-02-28 20:03:12 ----D---- C:\Windows\SysWOW64 2014-02-28 20:03:12 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI 2014-02-28 20:02:12 ----SHD---- C:\System Volume Information 2014-02-27 18:26:07 ----RSD---- C:\Windows\assembly 2014-02-27 18:23:17 ----D---- C:\Windows\SYSWOW64\en-US 2014-02-27 18:23:16 ----D---- C:\Windows\system32\en-US 2014-02-27 18:23:07 ----SD---- C:\ProgramData\Microsoft 2014-02-27 18:23:07 ----D---- C:\Windows 2014-02-21 20:20:13 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2014-02-17 23:03:12 ----D---- C:\Windows\system32\MRT 2014-02-17 23:01:48 ----D---- C:\Windows\debug 2014-02-17 23:01:47 ----A---- C:\Windows\system32\MRT.exe 2014-02-16 16:50:41 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-16 09:17:02 ----RD---- C:\Program Files (x86) 2014-02-15 14:12:25 ----D---- C:\Program Files (x86)\Nero 2014-02-15 14:11:42 ----D---- C:\Windows\system32\catroot2 2014-02-14 13:10:32 ----D---- C:\Windows\rescache 2014-02-14 11:53:30 ----D---- C:\Windows\winsxs 2014-02-14 11:51:17 ----D---- C:\Windows\SYSWOW64\nl-NL 2014-02-14 11:51:16 ----D---- C:\Windows\system32\nl-NL 2014-02-14 11:51:11 ----D---- C:\Program Files (x86)\Internet Explorer 2014-02-14 11:51:10 ----D---- C:\Program Files\Internet Explorer 2014-02-13 22:39:39 ----D---- C:\Windows\system32\catroot ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 GDBehave;GDBehave; C:\Windows\system32\drivers\GDBehave.sys [2013-10-29 60248] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-05-20 557848] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R0 TS4NT;TS4nt driver; C:\Windows\System32\Drivers\TS4nt.sys [2013-10-29 98760] R1 gddcv;G Data DCV Driver; \??\C:\Windows\system32\drivers\gddcv64.sys [2013-10-29 59736] R1 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [2013-10-29 130392] R1 gdwfpcd;G Data WFP CD; C:\Windows\system32\drivers\gdwfpcd64.sys [2013-10-29 64856] R1 GRD;G Data Rootkit Detector Driver; \??\C:\Windows\system32\drivers\GRD.sys [2013-10-29 106272] R1 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [2013-10-29 65368] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2012-11-29 35344] R2 ntk_PowerDVD12;ntk_PowerDVD12; \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-06-20 83704] R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-08-02 129000] R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\drivers\asmtxhci.sys [2011-08-02 391144] R3 gddcd;G Data DCD Driver; \??\C:\Windows\system32\drivers\gddcd64.sys [2013-10-29 79704] R3 GDPkIcpt;GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [2013-10-29 63320] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-16 3056360] R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2011-03-11 56344] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-01-17 188224] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2012-07-30 158720] R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144] R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840] R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208] S1 GLogin;GLogin; C:\Windows\system32\drivers\GLogin.sys [] S3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2012-06-30 44672] S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984] S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784] S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960] S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384] S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2012-04-18 19304] S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 wsvd;wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624] R2 AVKProxy;G Data AntiVirus Proxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2013-08-26 1970296] R2 AVKService;G Data Scheduler; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [2013-08-21 635000] R2 AVKWCtl;G Data Bestandssysteembewaker; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe [2013-10-15 2562208] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-09-19 90640] R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504] R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-09-19 78352] R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-09-19 295440] R2 GDBackupSvc;G Data Backup Service; C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2013-08-21 1947768] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2011-03-11 326168] R2 MemeoBackgroundService;MemeoBackgroundService; C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824] R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-07-18 762192] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 884512] R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728] R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-03-11 2656280] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480] R3 GDFwSvc;G Data Personal Firewall; C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [2013-10-17 2942808] R3 GDScan;G Data Scanner; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2013-08-22 695416] R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 641352] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-28 136176] S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-25 1260320] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21 257928] S3 GDTunerSvc;G Data Tuner Service; C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [2013-02-25 1711568] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-28 136176] S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 111616] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-15 118896] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 TSNxGService;G Data Datasafeservice; C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [2013-09-17 255608] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-24 1255736] S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] -----------------EOF-----------------
- 8 maart 2014
- 8 antwoorden
waarschijnlijk spyware na updaten programma

desp6 reageerde op desp6's topic in Archief Bestrijding malware & virussen

Super!Nogmaals dank...
- 18 januari 2014
- 8 antwoorden
waarschijnlijk spyware na updaten programma

desp6 reageerde op desp6's topic in Archief Bestrijding malware & virussen

Op dit ogenblik heb ik niets meer gemerkt...Bedankt!
- 18 januari 2014
- 8 antwoorden
waarschijnlijk spyware na updaten programma

desp6 reageerde op desp6's topic in Archief Bestrijding malware & virussen

Bedankt voor uw bericht! Hier is het nieuwe logje Zoek.exe v5.0.0.0 Updated 17-Januari-2014 Tool run by Joz on vr 17/01/2014 at 18:44:47,97. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Joz\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 17/01/2014 18:46:31 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\G DATA Software deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\VS Revo Group deleted successfully C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\log deleted successfully C:\ProgramData\CanonEPP deleted successfully C:\ProgramData\CanonIJEPPEX2 deleted successfully C:\ProgramData\Oracle deleted successfully C:\Users\Aaron\AppData\Roaming\Publish Providers deleted successfully C:\Users\Joz\AppData\Roaming\TP deleted successfully C:\Users\Aaron\AppData\Local\VirtualStore deleted successfully C:\Users\Ann\AppData\Local\VirtualStore deleted successfully C:\Users\Ann\AppData\Local\{33F8A799-3832-45E5-A2D9-DA2C0EF97DBF} deleted successfully C:\Users\Ann\AppData\Local\{437572C7-16B0-4E01-8A46-23CCBC3C655A} deleted successfully C:\Users\Ann\AppData\Local\{45FBF6BC-0894-4C4B-B958-FAC52CF43131} deleted successfully C:\Users\Ann\AppData\Local\{B47F1A0E-0730-4AD8-A44B-7B9997D45F3B} deleted successfully C:\Users\Ann\AppData\Local\{D1D78954-AAAB-4514-9247-77E51739E562} deleted successfully C:\Users\Ann\AppData\Local\{DD76DF36-A73B-4DB1-8C03-39A62C20ACBE} deleted successfully C:\Users\Joz\AppData\Local\MediaShow deleted successfully C:\Users\Leander\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Joz\AppData\Local\Temp ==== 2014-01-16 14:17:36 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2014-01-16 12:56:54 9FB9D49C2DB7EDD1084AB765D619F5C6 66368 ----a-w- C:\Users\Joz\AppData\Local\Temp\utt4848.tmp.exe 2014-01-16 12:56:25 ACCF09B6587E31C57E575D6FEE5ADA28 904272 ----a-w- C:\Users\Joz\AppData\Local\Temp\uttDF0B.tmp.exe 2014-01-16 12:38:15 DEB30840549C57204730F866A9592535 222584 ----a-w- C:\Users\Joz\AppData\Local\Temp\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\FixTransforms.exe ====== Java Cache ===== 2014-01-16 12:40:42 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Joz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-26f6b461 2014-01-16 12:40:32 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Joz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-1336a24e 2014-01-16 12:40:32 01DFA5183B1925086590CC5E79496DC9 99 ----a-w- C:\Users\Joz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap 2014-01-16 12:40:30 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Joz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-2a46a453 2014-01-16 12:40:32 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Joz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-6170ed91 ====== C:\Windows\SysWOW64 ===== 2014-01-16 12:18:56 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-01-16 12:18:52 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-01-16 12:18:52 A7871E39687EC6EE9712209DAE248B3A 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-01-16 12:18:52 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Windows\SysWOW64\java.exe 2014-01-06 19:23:36 1A5F9109705CF798D2ED9B5D7D596A72 4558848 ----a-w- C:\Windows\SysWOW64\GPhotos.scr ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-01-14 19:49:26 F2BF71FCEAB8FB8A691408C478E2FF4C 3156480 ----a-w- C:\Windows\Sysnative\win32k.sys ====== C:\Windows\Sysnative\drivers ===== 2014-01-14 19:49:26 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys 2014-01-14 19:49:26 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys 2014-01-14 19:49:26 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys 2014-01-14 19:49:26 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2014-01-14 19:49:26 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys 2014-01-14 19:49:26 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys 2014-01-14 19:49:26 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys 2014-01-14 19:49:25 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-01-17 12:51:53 -------- d-----w- C:\Program Files\trend micro 2014-01-16 13:10:33 -------- d-----w- C:\Program Files\iTunes 2014-01-16 13:10:33 -------- d-----w- C:\Program Files\iPod ======= C:\PROGRA~2 ===== 2014-01-16 13:10:33 -------- d-----w- C:\PROGRA~2\iTunes 2014-01-16 12:50:28 -------- d-----w- C:\PROGRA~2\OpenOffice 4 ======= C: ===== ====== C:\Users\Joz\AppData\Roaming ====== 2014-01-16 12:51:33 -------- d-----w- C:\Users\Joz\AppData\Roaming\OpenOffice 2014-01-07 20:00:41 -------- d-----w- C:\Users\Joz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-06 13:53:34 2333DBD0756CDDB57DED2687209DED62 605712 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat ====== C:\Users\Joz ====== 2014-01-17 12:51:28 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Joz\Desktop\RSITx64.exe 2014-01-17 12:46:12 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Joz\Downloads\RSITx64.exe 2014-01-16 14:18:17 72F83343107DA703E4F26D4A5004DDFA 1057016 ----a-w- C:\Users\Joz\Downloads\rkill64.exe 2014-01-16 14:18:11 C038AC0153BFFE7F8778D404C0872317 1933048 ----a-w- C:\Users\Joz\Downloads\rkill.exe 2014-01-16 14:17:20 EE386D5ACB945089BCD91766697224BB 1037068 ----a-w- C:\Users\Joz\Downloads\JRT.exe 2014-01-16 14:10:52 246FE58EFFD357B2078842708155E46C 1236282 ----a-w- C:\Users\Joz\Desktop\adwcleaner.exe 2014-01-16 14:10:25 246FE58EFFD357B2078842708155E46C 1236282 ----a-w- C:\Users\Joz\Downloads\adwcleaner.exe 2014-01-16 13:16:01 2EF3C9CBDCA7A36AF962B81603D63931 9913680 ----a-w- C:\Users\Joz\Downloads\mpnwin303ea22(1).exe 2014-01-16 13:10:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-01-16 13:06:02 284B423971432349F83D7B18859564A8 100400976 ----a-w- C:\Users\Joz\Downloads\iTunes64Setup(1).exe 2014-01-16 12:58:45 90B4989B832A57D261F0AB51F143E97A 4645232 ----a-w- C:\Users\Joz\Downloads\ccsetup409.exe 2014-01-16 12:51:11 -------- d-s---w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1 2014-01-16 12:45:15 6B530372E19D404C2001573D9A0BCBBC 139734741 ----a-w- C:\Users\Joz\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_nl.exe 2014-01-05 13:19:37 F82BE065BC9AF68FFCDC14D01DFF81DC 3672992 ----a-w- C:\Users\Joz\Downloads\adusetup_ashampoo.exe 2013-12-20 15:56:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ====== C: exe-files == 2014-01-17 12:51:59 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Joz.exe 2014-01-17 12:51:28 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Joz\Desktop\RSITx64.exe 2014-01-17 12:46:12 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Joz\Downloads\RSITx64.exe 2014-01-16 14:18:17 72F83343107DA703E4F26D4A5004DDFA 1057016 ----a-w- C:\Users\Joz\Downloads\rkill64.exe 2014-01-16 14:18:11 C038AC0153BFFE7F8778D404C0872317 1933048 ----a-w- C:\Users\Joz\Downloads\rkill.exe 2014-01-16 14:17:36 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2014-01-16 14:17:20 EE386D5ACB945089BCD91766697224BB 1037068 ----a-w- C:\Users\Joz\Downloads\JRT.exe 2014-01-16 14:10:52 246FE58EFFD357B2078842708155E46C 1236282 ----a-w- C:\Users\Joz\Desktop\adwcleaner.exe 2014-01-16 14:10:25 246FE58EFFD357B2078842708155E46C 1236282 ----a-w- C:\Users\Joz\Downloads\adwcleaner.exe 2014-01-16 13:16:01 2EF3C9CBDCA7A36AF962B81603D63931 9913680 ----a-w- C:\Users\Joz\Downloads\mpnwin303ea22(1).exe 2014-01-16 13:06:02 284B423971432349F83D7B18859564A8 100400976 ----a-w- C:\Users\Joz\Downloads\iTunes64Setup(1).exe 2014-01-16 12:58:45 90B4989B832A57D261F0AB51F143E97A 4645232 ----a-w- C:\Users\Joz\Downloads\ccsetup409.exe 2014-01-16 12:56:55 78963266BDFBF30279B9CDFB7D690A3A 79584 ----a-w- C:\Users\Joz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUY0ME2Y\spstub[1].exe 2014-01-16 12:56:54 9FB9D49C2DB7EDD1084AB765D619F5C6 66368 ----a-w- C:\Users\Joz\AppData\Local\Temp\utt4848.tmp.exe 2014-01-16 12:56:30 ACCF09B6587E31C57E575D6FEE5ADA28 904272 ----a-w- C:\Users\Joz\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe 2014-01-16 12:56:25 ACCF09B6587E31C57E575D6FEE5ADA28 904272 ----a-w- C:\Users\Joz\AppData\Local\Temp\uttDF0B.tmp.exe 2014-01-16 12:54:51 1D0A1FF655C6CF2EA2DE4FB6AA8246AD 9046696 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.76\32.0.1700.76_31.0.1650.63_chrome_updater.exe 2014-01-16 12:45:15 6B530372E19D404C2001573D9A0BCBBC 139734741 ----a-w- C:\Users\Joz\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_nl.exe 2014-01-16 12:38:15 DEB30840549C57204730F866A9592535 222584 ----a-w- C:\Users\Joz\AppData\Local\Temp\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\FixTransforms.exe 2014-01-16 12:18:56 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-01-16 12:18:52 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-01-16 12:18:52 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Windows\SysWOW64\java.exe 2014-01-16 12:17:22 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Joz\AppData\LocalLow\Sun\Java\jre1.7.0_51\lzma.exe === C: other files == 2014-01-16 14:17:36 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\modules.bat 2014-01-16 14:17:36 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\chrome.bat 2014-01-16 14:17:36 BAD6C67C870CC81C48DBA53089929884 153331 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\firefox.bat 2014-01-16 14:17:36 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\FWPolicy.bat 2014-01-16 14:17:36 B7D46D5BC21F69EFEEFFC15060E423AC 154167 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\misc.bat 2014-01-16 14:17:36 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\ask.bat 2014-01-16 14:17:36 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\ev_clear.bat 2014-01-16 14:17:36 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\iexplore.bat 2014-01-16 14:17:36 7178963AEE641F3E47E1CE22416F8A3A 9295 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\runvalues.bat 2014-01-16 14:17:36 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\delorphans.bat 2014-01-16 14:17:36 5AE8F4442CA6D69FE9A6738E8DB411F2 10261 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\JRT.bat 2014-01-16 14:17:36 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\prelim.bat 2014-01-16 14:17:36 55D97CE5B1A61AD51F887E46550029F6 16063 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\get.bat 2014-01-16 14:17:36 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\searchlnk.bat 2014-01-16 14:17:36 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\TDL4.bat 2014-01-16 14:17:36 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\medfos.bat 2014-01-16 14:17:36 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\Joz\AppData\Local\Temp\jrt\delfolders.bat 2014-01-16 14:16:43 96C343AE140D5F08E97F77D8F263EA95 99 ----a-w- C:\Users\Joz\AppData\Local\Temp\uttED7A.tmp.bat 2014-01-16 12:56:50 CBF9C44A4C35599989CA8BDA97DDC586 77 ----a-w- C:\Users\Joz\AppData\Local\Temp\utt402C.tmp.bat 2014-01-16 12:56:28 7E26EF4D77CCBA82F79240A5D41DAC54 93 ----a-w- C:\Users\Joz\AppData\Local\Temp\uttEBF5.tmp.bat 2014-01-14 19:49:26 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2014-01-14 19:49:26 F2BF71FCEAB8FB8A691408C478E2FF4C 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-01-14 19:49:26 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2014-01-14 19:49:26 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2014-01-14 19:49:26 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2014-01-14 19:49:26 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2014-01-14 19:49:26 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2014-01-14 19:49:26 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2014-01-14 19:49:25 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\System32\drivers\netio.sys 2014-01-11 20:16:48 13D91EC6379218B9FAB2CF2DF752288E 29548 ----a-w- C:\Users\Joz\Downloads\FW Het resultaat van een avond keihardzwoegen!.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-865961703-3610155193-1465402369-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "PowerDVD12DMREngine"="C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" "PowerDVD12Agent"="C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "G Data AntiVirus Tray"="C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe" "GDFirewallTray"="C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/12/2013 17:20] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/03/2012 13:47] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/03/2012 13:47] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Joz\AppData\Roaming\Mozilla\Firefox\Profiles\ileknv4w.default - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Joz\AppData\Roaming\Mozilla\Firefox\Profiles\ileknv4w.default F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies F98B0B2789436E072D7ED979C4E44D07 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director CE252B04FB9F4F773A7DB5338BFEEA5B - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility ==== Chrome Look ====================== Google Docs - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Joz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Joz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Joz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Joz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Joz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Joz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Leander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Leander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Leander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Leander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Leander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Leander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.aldi.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.aldi.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {C0C7CA55-340D-4A9C-AE41-964712CE9928} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Ann\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Leander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Leander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Leander\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Ann\AppData\Local\Mozilla\Firefox\Profiles\9dc7e8ea.default\Cache emptied successfully C:\Users\Joz\AppData\Local\Mozilla\Firefox\Profiles\ileknv4w.default\Cache emptied successfully C:\Users\Leander\AppData\Local\Mozilla\Firefox\Profiles\5rslhwbk.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Ann\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Joz\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Leander\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=10 folders=3 2909602 bytes) ==== Empty Temp Folders ====================== C:\Users\Aaron\AppData\Local\Temp emptied successfully C:\Users\Ann\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Leander\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\Joz\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Joz\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 17/01/2014 at 19:08:50,03 ======================
- 17 januari 2014
- 8 antwoorden
waarschijnlijk spyware na updaten programma

desp6 reageerde op desp6's topic in Archief Bestrijding malware & virussen

OK,bedankt,ik had al een log staan maar misschien daarom niet met RSITx64 van de juiste locatie? Ik heb al een nieuwe gemaakt.Er was al een virus gevonden wat nu weg zou moeten zijn... Hier is m'n RSIT 64 bit-log ï»¿Logfile of random's system information tool 1.09 (written by random/random) Run by Joz at 2014-01-17 16:12:38 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 244 GB (27%) free of 902 GB Total RAM: 4078 MB (46% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:12:54, on 17/01/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\trend micro\Joz.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [PowerDVD12DMREngine] "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" O4 - HKLM\..\Run: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CLHNServiceForPowerDVD12 - CyberLink Corp. - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: G Data Backup Service (GDBackupSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe O23 - Service: G Data Tuner Service (GDTunerSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: G Data Datasafeservice (TSNxGService) - G Data Software - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13296 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch "C:\Windows\system32\nvvsvc.exe" "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" C:\Windows\system32\svchost.exe -k RPCSS "C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe" C:\Windows\system32\nvvsvc.exe -session -first C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe" "C:\Program Files\Bonjour\mDNSResponder.exe" "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe" "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe" "C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe" "taskhost.exe" "C:\Windows\system32\Dwm.exe" "C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe" "C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe" C:\Windows\Explorer.EXE "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe" "C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe" "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1 "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 2536 "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe" "C:\Program Files\iPod\bin\iPodService.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ac4792ba-903d-4b47-8ecc-c2b43232b978 -SystemEventPortName:HostProcess-b18922c7-26df-4e02-8a37-3975fec996fe -IoCancelEventPortName:HostProcess-6e99ea65-9cde-471e-9d6d-dd3f80c1de36 -NonStateChangingEventPortName:HostProcess-8a53dcdf-4812-44e1-8a9f-fee6c087a7d6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:19b0bad8-d700-4ee0-9adc-82c9b7c627d9 -DeviceGroupId:WpdFsGroup "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe" -Embedding C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe" "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" C:\Windows\System32\vds.exe "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" C:\Windows\SysWOW64\DllHost.exe /Processid:{EF16A570-5955-4320-AA4F-4FC669B870FA} C:\Windows\system32\DllHost.exe /Processid:{4005BB4E-87C1-471E-8832-515DF5598ED7} C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv taskeng.exe {26161E14-EDB2-433C-846D-2533D37BF58A} "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" C:\Windows\system32\sppsvc.exe "C:\Users\Joz\Desktop\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\Joz\AppData\Roaming\Mozilla\Firefox\Profiles\ileknv4w.default [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=AdobeÂ® FlashÂ® Player 11.9.900.170 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX] "Description"=Canon Easy-PhotoPrint EX "Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl] "Description"=Garmin GPS Control for Firefox "Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] "Description"=Picasa3 plugin "Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2] "Description"=Javaâ„¢ Deployment Toolkit "Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2] "Description"=OracleÂ® Next Generation Javaâ„¢ Plug-In "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=C:\Windows\system32\Wat\npWatWeb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision] "Description"=NVIDIA stereo images plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] "Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=AdobeÂ® FlashÂ® Player 11.9.900.170 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=OracleÂ® Next Generation Javaâ„¢ Plug-In "Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=C:\Windows\system32\Wat\npWatWeb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll C:\Program Files (x86)\Mozilla Firefox\extensions\ belgiumeid@eid.belgium.be ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-01-24 79240] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-16 12673128] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2011-05-20 284440] "CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2010-08-04 107816] "PowerDVD12DMREngine"=C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [2012-09-19 505872] "PowerDVD12Agent"=C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [2012-09-19 374560] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720] "G Data AntiVirus Tray"=C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe [2013-08-21 1444472] "GDFirewallTray"=C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe [2013-03-22 1854928] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-11-02 152392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=l3codecp.acm "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "VIDC.FFDS"=ff_vfw.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-01-17 13:51:53 ----D---- C:\Program Files\trend micro 2014-01-17 13:51:52 ----D---- C:\rsit 2014-01-16 15:19:34 ----D---- C:\Windows\ERUNT 2014-01-16 15:11:08 ----D---- C:\AdwCleaner 2014-01-16 14:10:33 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-01-16 14:10:33 ----D---- C:\Program Files\iTunes 2014-01-16 14:10:33 ----D---- C:\Program Files\iPod 2014-01-16 14:10:33 ----D---- C:\Program Files (x86)\iTunes 2014-01-16 13:51:33 ----D---- C:\Users\Joz\AppData\Roaming\OpenOffice 2014-01-16 13:50:28 ----D---- C:\Program Files (x86)\OpenOffice 4 2014-01-16 13:18:56 ----A---- C:\Windows\SYSWOW64\javaws.exe 2014-01-16 13:18:52 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll 2014-01-16 13:18:52 ----A---- C:\Windows\SYSWOW64\javaw.exe 2014-01-16 13:18:52 ----A---- C:\Windows\SYSWOW64\java.exe 2014-01-14 20:49:26 ----A---- C:\Windows\system32\win32k.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbuhci.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbport.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbohci.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbhub.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbehci.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbd.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbccgp.sys 2014-01-14 20:49:25 ----A---- C:\Windows\system32\drivers\netio.sys 2014-01-06 20:23:36 ----A---- C:\Windows\SYSWOW64\GPhotos.scr ======List of files/folders modified in the last 1 month====== 2014-01-17 16:12:50 ----D---- C:\Windows\Temp 2014-01-17 16:11:27 ----D---- C:\Windows\Prefetch 2014-01-17 15:01:19 ----SHD---- C:\System Volume Information 2014-01-17 13:51:53 ----RD---- C:\Program Files 2014-01-17 11:44:31 ----D---- C:\Windows\system32\config 2014-01-17 11:31:17 ----A---- C:\Windows\SYSWOW64\log.txt 2014-01-17 11:28:23 ----D---- C:\ProgramData\NVIDIA 2014-01-16 15:22:02 ----D---- C:\Windows\SysWOW64 2014-01-16 15:19:34 ----D---- C:\Windows 2014-01-16 15:16:45 ----D---- C:\Users\Joz\AppData\Roaming\uTorrent 2014-01-16 15:12:48 ----D---- C:\Windows\system32\catroot 2014-01-16 15:12:13 ----HD---- C:\ProgramData 2014-01-16 15:12:13 ----D---- C:\Windows\system32\Tasks 2014-01-16 15:08:10 ----RD---- C:\Program Files (x86) 2014-01-16 14:11:16 ----D---- C:\Windows\inf 2014-01-16 14:10:56 ----SHD---- C:\Windows\Installer 2014-01-16 14:10:42 ----D---- C:\Windows\System32 2014-01-16 14:09:14 ----D---- C:\Windows\system32\DriverStore 2014-01-16 13:59:26 ----D---- C:\Program Files\CCleaner 2014-01-16 13:51:20 ----RSD---- C:\Windows\assembly 2014-01-16 13:50:44 ----RSD---- C:\Windows\Fonts 2014-01-16 13:19:25 ----D---- C:\ProgramData\Oracle 2014-01-16 13:18:52 ----D---- C:\Program Files (x86)\Java 2014-01-16 13:10:23 ----D---- C:\Windows\winsxs 2014-01-16 13:06:37 ----D---- C:\Windows\system32\drivers 2014-01-14 23:05:22 ----D---- C:\Windows\system32\MRT 2014-01-14 23:03:48 ----A---- C:\Windows\system32\MRT.exe 2014-01-14 20:49:21 ----D---- C:\Windows\system32\catroot2 2014-01-11 22:38:42 ----D---- C:\Users\Joz\AppData\Roaming\SoftGrid Client 2014-01-11 22:22:23 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-01-11 22:08:24 ----D---- C:\Users\Joz\AppData\Roaming\vlc 2013-12-30 12:02:15 ----D---- C:\ProgramData\Sony 2013-12-30 12:01:24 ----D---- C:\Users\Joz\AppData\Roaming\Sony 2013-12-20 16:55:58 ----D---- C:\Program Files (x86)\Google 2013-12-20 16:45:50 ----SD---- C:\Users\Joz\AppData\Roaming\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 GDBehave;GDBehave; C:\Windows\system32\drivers\GDBehave.sys [2013-10-29 60248] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-05-20 557848] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R0 TS4NT;TS4nt driver; C:\Windows\System32\Drivers\TS4nt.sys [2013-10-29 98760] R1 gddcv;G Data DCV Driver; \??\C:\Windows\system32\drivers\gddcv64.sys [2013-10-29 59736] R1 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [2013-10-29 130392] R1 gdwfpcd;G Data WFP CD; C:\Windows\system32\drivers\gdwfpcd64.sys [2013-10-29 64856] R1 GRD;G Data Rootkit Detector Driver; \??\C:\Windows\system32\drivers\GRD.sys [2013-10-29 106272] R1 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [2013-10-29 65368] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/01/01 16:43:59]; \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-09-19 147704] R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2012-11-29 35344] R2 ntk_PowerDVD12;ntk_PowerDVD12; \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-06-20 83704] R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\drivers\asmthub3.sys [2011-08-02 129000] R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\drivers\asmtxhci.sys [2011-08-02 391144] R3 gddcd;G Data DCD Driver; \??\C:\Windows\system32\drivers\gddcd64.sys [2013-10-29 79704] R3 GDPkIcpt;GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [2013-10-29 63320] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-16 3056360] R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2011-03-11 56344] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-01-17 188224] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2012-07-30 158720] R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144] R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840] R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208] S1 GLogin;GLogin; C:\Windows\system32\drivers\GLogin.sys [] S3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2012-06-30 44672] S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2012-04-18 19304] S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 wsvd;wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624] R2 AVKProxy;G Data AntiVirus Proxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2013-08-26 1970296] R2 AVKService;G Data Scheduler; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [2013-08-21 635000] R2 AVKWCtl;G Data Bestandssysteembewaker; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe [2013-10-15 2562208] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-09-19 90640] R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504] R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-09-19 78352] R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-09-19 295440] R2 GDBackupSvc;G Data Backup Service; C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2013-08-21 1947768] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2011-03-11 326168] R2 MemeoBackgroundService;MemeoBackgroundService; C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 884512] R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728] R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-03-11 2656280] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096] R3 GDFwSvc;G Data Personal Firewall; C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [2013-10-17 2942808] R3 GDScan;G Data Scanner; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2013-08-22 695416] R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 641352] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-28 136176] S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-25 1260320] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416] S3 GDTunerSvc;G Data Tuner Service; C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [2013-02-25 1711568] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-28 136176] S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-11 119408] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 TSNxGService;G Data Datasafeservice; C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [2013-09-17 255608] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-24 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] -----------------EOF-----------------
- 17 januari 2014
- 8 antwoorden
waarschijnlijk spyware na updaten programma

desp6 plaatste een topic in Archief Bestrijding malware & virussen

Hallo, Waarschijnlijk ben ik onvoorzichtig geweest in het updaten van een programma. Ik heb daarna gescand met malwareybytes en mijn vermoeden lijkt bevestigd. Zou er iemand mij kunnen helpen dit op te lossen,aub? Alvast bedankt! Hieronder mijn logje. ï»¿Logfile of random's system information tool 1.09 (written by random/random) Run by Joz at 2014-01-17 13:51:52 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 244 GB (27%) free of 902 GB Total RAM: 4078 MB (59% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:52:04, on 17/01/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\trend micro\Joz.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [PowerDVD12DMREngine] "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" O4 - HKLM\..\Run: [PowerDVD12Agent] "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, auto's, kleding, verzamelobjecten, cadeaubons en meer | eBay (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CLHNServiceForPowerDVD12 - CyberLink Corp. - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: G Data Backup Service (GDBackupSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe O23 - Service: G Data Tuner Service (GDTunerSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: G Data Datasafeservice (TSNxGService) - G Data Software - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13211 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch "C:\Windows\system32\nvvsvc.exe" "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" C:\Windows\system32\svchost.exe -k RPCSS "C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe" C:\Windows\system32\nvvsvc.exe -session -first C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe" "C:\Program Files\Bonjour\mDNSResponder.exe" "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe" "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe" "C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe" "taskhost.exe" "C:\Windows\system32\Dwm.exe" "C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe" "C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe" C:\Windows\Explorer.EXE "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe" "C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe" "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1 "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 2536 "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe" "C:\Program Files\iPod\bin\iPodService.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ac4792ba-903d-4b47-8ecc-c2b43232b978 -SystemEventPortName:HostProcess-b18922c7-26df-4e02-8a37-3975fec996fe -IoCancelEventPortName:HostProcess-6e99ea65-9cde-471e-9d6d-dd3f80c1de36 -NonStateChangingEventPortName:HostProcess-8a53dcdf-4812-44e1-8a9f-fee6c087a7d6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:19b0bad8-d700-4ee0-9adc-82c9b7c627d9 -DeviceGroupId:WpdFsGroup "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe" -Embedding C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe" "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" C:\Windows\System32\vds.exe "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 "C:\Users\Joz\Desktop\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job =========Mozilla firefox========= ProfilePath - C:\Users\Joz\AppData\Roaming\Mozilla\Firefox\Profiles\ileknv4w.default [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=AdobeÂ® FlashÂ® Player 11.9.900.170 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX] "Description"=Canon Easy-PhotoPrint EX "Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl] "Description"=Garmin GPS Control for Firefox "Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] "Description"=Picasa3 plugin "Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2] "Description"=Javaâ„¢ Deployment Toolkit "Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2] "Description"=OracleÂ® Next Generation Javaâ„¢ Plug-In "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=C:\Windows\system32\Wat\npWatWeb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision] "Description"=NVIDIA stereo images plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] "Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=AdobeÂ® FlashÂ® Player 11.9.900.170 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=OracleÂ® Next Generation Javaâ„¢ Plug-In "Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=C:\Windows\system32\Wat\npWatWeb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll C:\Program Files (x86)\Mozilla Firefox\extensions\ belgiumeid@eid.belgium.be ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-01-24 79240] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-16 12673128] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2011-05-20 284440] "CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2010-08-04 107816] "PowerDVD12DMREngine"=C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [2012-09-19 505872] "PowerDVD12Agent"=C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [2012-09-19 374560] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720] "G Data AntiVirus Tray"=C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe [2013-08-21 1444472] "GDFirewallTray"=C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe [2013-03-22 1854928] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-11-02 152392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=l3codecp.acm "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "VIDC.FFDS"=ff_vfw.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-01-17 13:51:53 ----D---- C:\Program Files\trend micro 2014-01-17 13:51:52 ----D---- C:\rsit 2014-01-16 15:19:34 ----D---- C:\Windows\ERUNT 2014-01-16 15:11:08 ----D---- C:\AdwCleaner 2014-01-16 14:10:33 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-01-16 14:10:33 ----D---- C:\Program Files\iTunes 2014-01-16 14:10:33 ----D---- C:\Program Files\iPod 2014-01-16 14:10:33 ----D---- C:\Program Files (x86)\iTunes 2014-01-16 13:51:33 ----D---- C:\Users\Joz\AppData\Roaming\OpenOffice 2014-01-16 13:50:28 ----D---- C:\Program Files (x86)\OpenOffice 4 2014-01-16 13:18:56 ----A---- C:\Windows\SYSWOW64\javaws.exe 2014-01-16 13:18:52 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll 2014-01-16 13:18:52 ----A---- C:\Windows\SYSWOW64\javaw.exe 2014-01-16 13:18:52 ----A---- C:\Windows\SYSWOW64\java.exe 2014-01-14 20:49:26 ----A---- C:\Windows\system32\win32k.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbuhci.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbport.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbohci.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbhub.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbehci.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbd.sys 2014-01-14 20:49:26 ----A---- C:\Windows\system32\drivers\usbccgp.sys 2014-01-14 20:49:25 ----A---- C:\Windows\system32\drivers\netio.sys 2014-01-06 20:23:36 ----A---- C:\Windows\SYSWOW64\GPhotos.scr ======List of files/folders modified in the last 1 month====== 2014-01-17 13:52:04 ----D---- C:\Windows\Prefetch 2014-01-17 13:51:58 ----D---- C:\Windows\Temp 2014-01-17 13:51:53 ----RD---- C:\Program Files 2014-01-17 11:44:31 ----D---- C:\Windows\system32\config 2014-01-17 11:31:17 ----A---- C:\Windows\SYSWOW64\log.txt 2014-01-17 11:28:23 ----D---- C:\ProgramData\NVIDIA 2014-01-16 15:22:02 ----D---- C:\Windows\SysWOW64 2014-01-16 15:19:34 ----D---- C:\Windows 2014-01-16 15:16:45 ----D---- C:\Users\Joz\AppData\Roaming\uTorrent 2014-01-16 15:12:48 ----D---- C:\Windows\system32\catroot 2014-01-16 15:12:13 ----HD---- C:\ProgramData 2014-01-16 15:12:13 ----D---- C:\Windows\system32\Tasks 2014-01-16 15:08:10 ----RD---- C:\Program Files (x86) 2014-01-16 14:11:16 ----D---- C:\Windows\inf 2014-01-16 14:10:56 ----SHD---- C:\Windows\Installer 2014-01-16 14:10:42 ----D---- C:\Windows\System32 2014-01-16 14:09:33 ----SHD---- C:\System Volume Information 2014-01-16 14:09:14 ----D---- C:\Windows\system32\DriverStore 2014-01-16 13:59:26 ----D---- C:\Program Files\CCleaner 2014-01-16 13:51:20 ----RSD---- C:\Windows\assembly 2014-01-16 13:50:44 ----RSD---- C:\Windows\Fonts 2014-01-16 13:19:25 ----D---- C:\ProgramData\Oracle 2014-01-16 13:18:52 ----D---- C:\Program Files (x86)\Java 2014-01-16 13:10:23 ----D---- C:\Windows\winsxs 2014-01-16 13:06:37 ----D---- C:\Windows\system32\drivers 2014-01-14 23:05:22 ----D---- C:\Windows\system32\MRT 2014-01-14 23:03:48 ----A---- C:\Windows\system32\MRT.exe 2014-01-14 20:49:21 ----D---- C:\Windows\system32\catroot2 2014-01-11 22:38:42 ----D---- C:\Users\Joz\AppData\Roaming\SoftGrid Client 2014-01-11 22:22:23 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-01-11 22:08:24 ----D---- C:\Users\Joz\AppData\Roaming\vlc 2013-12-30 12:02:15 ----D---- C:\ProgramData\Sony 2013-12-30 12:01:24 ----D---- C:\Users\Joz\AppData\Roaming\Sony 2013-12-20 16:55:58 ----D---- C:\Program Files (x86)\Google 2013-12-20 16:45:50 ----SD---- C:\Users\Joz\AppData\Roaming\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 GDBehave;GDBehave; C:\Windows\system32\drivers\GDBehave.sys [2013-10-29 60248] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-05-20 557848] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R0 TS4NT;TS4nt driver; C:\Windows\System32\Drivers\TS4nt.sys [2013-10-29 98760] R1 gddcv;G Data DCV Driver; \??\C:\Windows\system32\drivers\gddcv64.sys [2013-10-29 59736] R1 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [2013-10-29 130392] R1 gdwfpcd;G Data WFP CD; C:\Windows\system32\drivers\gdwfpcd64.sys [2013-10-29 64856] R1 GRD;G Data Rootkit Detector Driver; \??\C:\Windows\system32\drivers\GRD.sys [2013-10-29 106272] R1 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [2013-10-29 65368] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/01/01 16:43:59]; \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-09-19 147704] R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2012-11-29 35344] R2 ntk_PowerDVD12;ntk_PowerDVD12; \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-06-20 83704] R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\drivers\asmthub3.sys [2011-08-02 129000] R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\drivers\asmtxhci.sys [2011-08-02 391144] R3 gddcd;G Data DCD Driver; \??\C:\Windows\system32\drivers\gddcd64.sys [2013-10-29 79704] R3 GDPkIcpt;GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [2013-10-29 63320] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-16 3056360] R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2011-03-11 56344] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-01-17 188224] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2012-07-30 158720] R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144] R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840] R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208] S1 GLogin;GLogin; C:\Windows\system32\drivers\GLogin.sys [] S3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2012-06-30 44672] S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2012-04-18 19304] S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 wsvd;wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624] R2 AVKProxy;G Data AntiVirus Proxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2013-08-26 1970296] R2 AVKService;G Data Scheduler; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [2013-08-21 635000] R2 AVKWCtl;G Data Bestandssysteembewaker; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe [2013-10-15 2562208] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-09-19 90640] R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504] R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-09-19 78352] R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-09-19 295440] R2 GDBackupSvc;G Data Backup Service; C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2013-08-21 1947768] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2011-03-11 326168] R2 MemeoBackgroundService;MemeoBackgroundService; C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 884512] R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728] R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-03-11 2656280] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096] R3 GDFwSvc;G Data Personal Firewall; C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [2013-10-17 2942808] R3 GDScan;G Data Scanner; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2013-08-22 695416] R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 641352] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-28 136176] S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-25 1260320] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416] S3 GDTunerSvc;G Data Tuner Service; C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [2013-02-25 1711568] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-28 136176] S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-11 119408] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 TSNxGService;G Data Datasafeservice; C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [2013-09-17 255608] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-24 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] -----------------EOF-----------------
- 17 januari 2014
- 8 antwoorden

Inloggen

desp6

Items

Registratiedatum

Laatst bezocht

desp6's prestaties

Groentje (2/14)

Recente badges

Reputatie

Lettertype gewijzigd - Beeld staat buiten scherm - Adware geeft besmetting aan.

Lettertype gewijzigd - Beeld staat buiten scherm - Adware geeft besmetting aan.

Lettertype gewijzigd - Beeld staat buiten scherm - Adware geeft besmetting aan.

Lettertype gewijzigd - Beeld staat buiten scherm - Adware geeft besmetting aan.

Lettertype gewijzigd - Beeld staat buiten scherm - Adware geeft besmetting aan.

waarschijnlijk spyware na updaten programma

waarschijnlijk spyware na updaten programma

waarschijnlijk spyware na updaten programma

waarschijnlijk spyware na updaten programma

waarschijnlijk spyware na updaten programma

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie