Jean Paul

ok bedankt voor de info. goede avond m.vr.gr. Jean Paul Deze werkwijze is helemaal nu, hoe sluiten we dit af ?

Ik heb het bericht kunnen uitprinten. Ok, ik hoef mij dus geen zorgen te maken om komende bijlagen te openen ? Eventueel eerst opslaan en dan openen. bedankt m.vr.gr. Jean Paul

Bedankt voor de info ivm gegevensn had er geen erg in. Goed, maar zal ik hetzelfde probleem niet voor hebben met andere bijlagen die ik moet openen ?deze hier zijn precies naar Word gezet .

Hallo, Ik ontving een mail waarvan ik de inhoud wil afprinten. zie bijlage 002 Bijlage 003 is de tekst Bijlage 004 toont voor openen bijlage Bijlage 005 is wat ik krijg om uit te printen (dit is in Word ? ) Mijn vraag : hoe krijg ik de juiste weergave zoals 003 om uit te printen. Hoe kan ik het juiste programma om bijlage uit te printen ? M.vr.gr. Jean Paul printscreen files004.bmp printscreen files005.bmp

Bedankt, ik sluit dit onderwerp af. M.vr.gr.

Dag, Ik heb de tips toegepast doch de datum en uur komen er niet uit. Bij de tip van l'escape heb ik dat in de mail ingebracht ( W7) , ik krijg de blauwe balk op het scherm in de mail , die blijft staan en de letters komen niet te voorschijn. Blijkbaar kan men een lichtkrant , gemaakt in XP niet inbrengen in W7.

Dag, bedankt voor de linken doch ik zie nergens de loop van datum en uur . Dat is juist het probleem. In XP loopt het uur en datum mooi in een gekleurde band maar in W7 zie ik deze niet. Dat is de vraag hoe het komt dat datum en uur niet worden opgenomen in W7.

Als u ziet in #9 en de volgende ziet u dat er nog niets is veranderd. Ik heb nog geen oplossing ontvangen of tip. In #10 had ik nog eens de originele code doorgegeven maar verder niets meer. Kan het worden opgelost zo niet sluit ik dit af. Geen probleem. groeten.

Hallo, is er iets gevonden of heeft iemand de oplossing ? Groeten, Jean paul

Hallo, hartelijk dank voor de inzet en hulp inzake. Jullie hulp wordt zeer gewaardeerd. Bedankt groeten Jean Paul

Het is oke dat terug Google verschijnt. Ik bedoel maar dat dit niet het originele beeld waar staat dat het in verschillende talen kan worden gegeven en in de Browser stat niets. Normaal staat daar dan adres van hetgeen je hebt gezocht of niet ? Dien ik nu nog iets te doen of is de PC nu terug safe ? Ik herhaal nog eens mijn vraag : wat met de gevonden bedreiging zoals in bericht #28 Groeten, Jean Paul

DIT is Gedaan Maar nu heb ik weer DAT Googlescherm ontmoet de kleine vlakjes. Dient DIT zo? Wat ontmoette Mijn Vraag ivm sterven Bedreiging hiervoor - Zie bijlage Is dit een probleem of is dit nu vanzelf verwijderd ? printscreen files006.bmp

oke starting GDCleaner at 2016-03-13 13:34:11 Version: 1.0.15350.689 VersionCheck.newerVersionAvailable: 0 Engine V2.00.0 Data extracted from self Info 2015-11-30 10:14:06, B:0 W:152 S:n/a O:20 P:70 SDF:4/43/232 ----------------------------------------------------------------------------------------- starting GDCleaner at 2016-03-13 13:35:11 Version: 1.0.15350.689 VersionCheck.newerVersionAvailable: 0 Engine V2.00.0 Data extracted from self Info 2015-11-30 10:14:06, B:0 W:152 S:n/a O:20 P:70 SDF:4/43/232 --- entering Detection Stage at 2016-03-13 13:35:15 --- Executing detection Script: SUCCESS #Detections: 0 #Suspicious paths: 62 C:\Users\Jeanpaul\AppData\Roaming C:\Windows\explorer.exe c:\malware\eicar.com C:\Users\Jeanpaul\AppData\Local C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe C:\Windows\System32\lsass.exe C:\Windows\System32\SearchFilterHost.exe C:\Windows\System32\services.exe C:\Windows\System32\smss.exe C:\Windows\System32\lsm.exe dllhost.exe C:\Windows\System32\csrss.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\winlogon.exe C:\Windows\System32\atiesrxx.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe C:\Windows\System32\hpservice.exe C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe C:\Windows\System32\atieclxx.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Windows\System32\spoolsv.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Windows\System32\taskhost.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\dwm.exe attrib.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Users\Jeanpaul\AppData\Local\Microsoft\BingSvc\BingSvc.exe C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe C:\Users\Jeanpaul\Downloads\zoek (1).exe C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe C:\Windows\System32\rundll32.exe C:\Windows\splwow64.exe C:\Windows\System32\SearchIndexer.exe C:\Windows\System32\GWX\GWX.exe C:\Windows\System32\conhost.exe audiodg.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Windows\System32\taskeng.exe C:\Windows\System32\SearchProtocolHost.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\System32\dllhost.exe C:\Windows\System32\sppsvc.exe C:\Windows\System32\igfxsrvc.exe C:\Users\Jeanpaul\Downloads\GDCleanUp.exe --- leaving Detection Stage at 2016-03-13 13:35:16 --- --- entering Scanning Stage at 2016-03-13 13:35:16 --- --- leaving Scanning Stage at 2016-03-13 13:39:09 --- ------------------------------------------------------------------------------------------------ starting GDCleaner at 2016-03-13 13:51:53 Version: 1.0.15350.689 VersionCheck.newerVersionAvailable: 0 Engine V2.00.0 Data extracted from self Info 2015-11-30 10:14:06, B:0 W:152 S:n/a O:20 P:70 SDF:4/43/232 --- entering Detection Stage at 2016-03-13 13:52:02 --- Executing detection Script: SUCCESS #Detections: 0 #Suspicious paths: 57 C:\Users\Jeanpaul\AppData\Roaming C:\Windows\explorer.exe c:\malware\eicar.com C:\Users\Jeanpaul\AppData\Local C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe C:\Windows\System32\lsass.exe C:\Windows\System32\SearchFilterHost.exe C:\Windows\System32\services.exe C:\Windows\System32\smss.exe C:\Windows\System32\lsm.exe C:\Windows\System32\csrss.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\winlogon.exe C:\Windows\System32\atiesrxx.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe C:\Windows\System32\hpservice.exe C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe C:\Windows\System32\atieclxx.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Windows\System32\spoolsv.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Windows\System32\taskhost.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\dwm.exe attrib.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Users\Jeanpaul\AppData\Local\Microsoft\BingSvc\BingSvc.exe C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe C:\Users\Jeanpaul\Downloads\zoek (1).exe C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe C:\Windows\System32\rundll32.exe C:\Windows\splwow64.exe C:\Windows\System32\SearchIndexer.exe C:\Windows\System32\GWX\GWX.exe C:\Windows\System32\conhost.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\System32\taskeng.exe C:\Windows\System32\SearchProtocolHost.exe C:\Users\Jeanpaul\Downloads\GDCleanUp.exe --- leaving Detection Stage at 2016-03-13 13:52:03 --- --- entering Scanning Stage at 2016-03-13 13:52:03 --- --- leaving Scanning Stage at 2016-03-13 13:55:31 --- ------------------------------------------------------------------------------------------------------- goed zo? Kunt u al zeggen hoe ik het dreigement 004 uit bericht #21 weg krijg , Groeten,

Nu vind ik plots deze logs op mijn bureaublad maar ik weet nu niet bij welk bericht die behoren ; [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183 ********************************************************************************** [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

Dit heb ik gevonden bij DATA enz.... zie bijlage 005 printscreen files005.bmp

Hallo, Ik wil nu niet moeilijk doen maar heb mijn origineel Google scherm terug gevonden door even in de INSTELLINGEN te kijken en de GESCHIEDENIS eens kuisen en een nieuwe URL in te stellen. Krijg wel even een opmerking van het anti virusprogram voor een probleem Is dit op te lossen en warr kan ik dat probleem dan vinden om te verwijderen ? bijlage : printscreen files004.bmp

ik vind dat log niet van in #18 en dat hetstelpunt ook niet

dag, plots krijg ik "zoek" op mijn scherm en heb uw opdracht ingegeven en kreeg dan resultaatlog Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Jeanpaul on zo 13/03/2016 at 14:03:15,19. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jeanpaul\Downloads\zoek (1).exe [scan all users] [script inserted] ==== System Restore Info ====================== 13/03/2016 14:12:06 Zoek.exe System Restore Point Created Successfully. ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on zo 13/03/2016 at 14:12:38,97 ======================

als Het Scherm verklein staat er Niets meer op. Ik ben nu naar, via google, Naar het forum gegaan en Mijn vragen aangeklikt en krijg this zaak op Mijn Scherm, also andere including reclame van Aldi enz ..... Zie bijlage printscreen files002.bmp

Dag Hoe krijg ik "zoek.exe " op mijn bureaublad , Lukt niet en vind het nergens terug na download

hallo, heb ZOEK.exe gedownload Maar Kan Niets aanvinken. Bij iedere klik herhaalt Het zixh op de Taakbalk printscreen files001.bmp

Hallo, De scan is uitgevoerd maar door te vlug te handelen heb ik de gedetecteerde bedreigingen in quarantaine verwijderd. Het opslaan van het gedetailleerd logboek lukte niet wanneer ik OPSLAAN klikte. Ik heb de geschiedenis gaan ophalen in het programma en hierbij gevoegd. Hopelijk is het goed of dient er nog wat te worden gedaan ? Malwarebytes Anti-Malware www.malwarebytes.org Protection, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Starting, Protection, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Started, Protection, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Starting, Protection, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Started, Update, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Manual, Remediation Database, 2015.9.16.1, 2016.3.10.1, Update, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Manual, Rootkit Database, 2015.9.18.1, 2016.2.27.1, Update, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Manual, IP Database, 2015.9.21.2, 2016.3.3.1, Update, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Manual, Domain Database, 2015.9.22.3, 2016.3.12.1, Update, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Manual, Malware Database, 2015.9.22.5, 2016.3.12.2, Protection, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Protection, Refresh, Starting, Protection, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopping, Protection, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopped, Protection, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Protection, Refresh, Success, Protection, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Starting, Protection, 12/03/2016 9:20, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Started, Scan, 12/03/2016 9:21, SYSTEM, JEANPAUL-PC, Manual, Start: 12/03/2016 9:21, Duur: 0 min 24 sec, Bedreigingsscan, Geannuleerd, 0 malwaredetecties, 0 niet-malware detecties, Protection, 12/03/2016 9:21, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopping, Protection, 12/03/2016 9:21, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopped, Protection, 12/03/2016 9:21, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Stopping, Protection, 12/03/2016 9:21, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Stopped, Protection, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Starting, Protection, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Started, Protection, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Starting, Protection, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Started, Update, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Manual, Remediation Database, 2015.9.16.1, 2016.3.10.1, Update, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Manual, Rootkit Database, 2015.9.18.1, 2016.2.27.1, Update, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Manual, IP Database, 2015.9.21.2, 2016.3.3.1, Update, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Manual, Domain Database, 2015.9.22.3, 2016.3.12.1, Update, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Manual, Malware Database, 2015.9.22.5, 2016.3.12.2, Protection, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Protection, Refresh, Starting, Protection, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopping, Protection, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopped, Protection, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Protection, Refresh, Success, Protection, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Starting, Protection, 12/03/2016 9:22, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Started, Scan, 12/03/2016 10:15, SYSTEM, JEANPAUL-PC, Manual, Start: 12/03/2016 9:23, Duur: 50 min 28 sec, Bedreigingsscan, Voltooid, 3 malwaredetecties, 13 niet-malware detecties, Protection, 12/03/2016 10:23, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopping, Protection, 12/03/2016 10:23, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopped, Protection, 12/03/2016 10:23, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Stopping, Protection, 12/03/2016 10:23, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Stopped, Protection, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Starting, Protection, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Started, Protection, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Starting, Protection, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Started, Update, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Manual, Remediation Database, 2015.9.16.1, 2016.3.10.1, Update, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Manual, Rootkit Database, 2015.9.18.1, 2016.2.27.1, Update, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Manual, IP Database, 2015.9.21.2, 2016.3.3.1, Update, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Manual, Domain Database, 2015.9.22.3, 2016.3.12.1, Update, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Manual, Malware Database, 2015.9.22.5, 2016.3.12.2, Protection, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Protection, Refresh, Starting, Protection, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopping, Protection, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopped, Protection, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Protection, Refresh, Success, Protection, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Starting, Protection, 12/03/2016 10:24, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Started, Detection, 12/03/2016 10:30, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Domain, 192.168.9.1, sethealer.net, 50585, Outbound, C:\Windows\System32\svchost.exe, Detection, 12/03/2016 10:30, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Domain, 192.168.9.1, sethealer.net, 50585, Outbound, C:\Windows\System32\svchost.exe, Detection, 12/03/2016 10:30, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Domain, 192.168.9.1, sethealer.com, 50586, Outbound, C:\Windows\System32\svchost.exe, Detection, 12/03/2016 10:30, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Domain, 192.168.9.1, sethealer.com, 50586, Outbound, C:\Windows\System32\svchost.exe, Protection, 12/03/2016 10:38, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopping, Protection, 12/03/2016 10:38, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopped, Protection, 12/03/2016 10:38, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Stopping, Protection, 12/03/2016 10:38, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Stopped, Protection, 12/03/2016 10:38, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Starting, Protection, 12/03/2016 10:38, SYSTEM, JEANPAUL-PC, Protection, Malware Protection, Started, Protection, 12/03/2016 10:38, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Starting, Protection, 12/03/2016 10:38, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Started, Update, 12/03/2016 10:39, SYSTEM, JEANPAUL-PC, Manual, Remediation Database, 2015.9.16.1, 2016.3.10.1, Update, 12/03/2016 10:39, SYSTEM, JEANPAUL-PC, Manual, Rootkit Database, 2015.9.18.1, 2016.2.27.1, Update, 12/03/2016 10:39, SYSTEM, JEANPAUL-PC, Manual, IP Database, 2015.9.21.2, 2016.3.3.1, Update, 12/03/2016 10:39, SYSTEM, JEANPAUL-PC, Manual, Domain Database, 2015.9.22.3, 2016.3.12.1, Update, 12/03/2016 10:39, SYSTEM, JEANPAUL-PC, Manual, Malware Database, 2015.9.22.5, 2016.3.12.2, Protection, 12/03/2016 10:39, SYSTEM, JEANPAUL-PC, Protection, Refresh, Starting, Protection, 12/03/2016 10:39, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopping, Protection, 12/03/2016 10:39, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Stopped, Protection, 12/03/2016 10:39, SYSTEM, JEANPAUL-PC, Protection, Refresh, Success, Protection, 12/03/2016 10:39, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Starting, Protection, 12/03/2016 10:39, SYSTEM, JEANPAUL-PC, Protection, Malicious Website Protection, Started, Scan, 12/03/2016 11:22, SYSTEM, JEANPAUL-PC, Manual, Start: 12/03/2016 10:39, Duur: 42 min 30 sec, Bedreigingsscan, Voltooid, 0 malwaredetecties, 0 niet-malware detecties, (end) Malwarebytes Anti-Malware www.malwarebytes.org Scandatum: 12/03/2016 Scantijd: 9:23 Logboekbestand: MBAM SCANLOG 3.txt Beheerder: Ja Versie: 2.2.0.1024 Malware-database: v2016.03.12.02 Rootkit-database: v2016.02.27.01 Licentie: Proef Malware-bescherming: Ingeschakeld Bescherming tegen kwaadaardige websites: Ingeschakeld Zelfbescherming: Uitgeschakeld Besturingssysteem: Windows 7 Service Pack 1 Processor: x64 Bestandssysteem: NTFS Gebruiker: Jeanpaul Scantype: Bedreigingsscan Resultaat: Voltooid Objecten gescand: 555090 Verstreken tijd: 50 min, 28 sec Geheugen: Ingeschakeld Opstarten: Ingeschakeld Bestandssysteem: Ingeschakeld Archieven: Ingeschakeld Rootkits: Uitgeschakeld Heuristiek: Ingeschakeld POP: Ingeschakeld POA: Ingeschakeld Processen: 0 (Geen kwaadaardige items gedetecteerd) Modules: 0 (Geen kwaadaardige items gedetecteerd) Registersleutels: 1 PUP.Optional.SystemHealer, HKU\S-1-5-21-3465489470-3912349346-1417799925-1001\SOFTWARE\SYSTEM HEALER, In quarantaine, [ecf631553d5cb87e41cf472371931ae6], Registerwaarden: 4 Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CONTROLSET001\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://un-stop.net/wpad.dat?b7b82ba60c8c6e0282c0f8fe5a6e7cf77386753, In quarantaine, [eff3681efa9f91a51859f3926f959967] Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-3465489470-3912349346-1417799925-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://un-stop.net/wpad.dat?b7b82ba60c8c6e0282c0f8fe5a6e7cf77386753, In quarantaine, [a33f74122c6d4ee847292b5ab4505ea2] PUP.Optional.SystemHealer, HKU\S-1-5-21-3465489470-3912349346-1417799925-1001\SOFTWARE\SYSTEM HEALER|HomePage, http://systemhealer.com/, In quarantaine, [ecf631553d5cb87e41cf472371931ae6] PUP.Optional.SystemHealer, HKU\S-1-5-21-3465489470-3912349346-1417799925-1001\SOFTWARE\SYSTEM HEALER|SupportPage, http://systemhealer.com/support/#contact, In quarantaine, [6e743551e9b0ea4ce52b6406cd376c94] Registerdata: 0 (Geen kwaadaardige items gedetecteerd) Mappen: 1 PUP.Optional.IStartPageing.ShrtCln, C:\Users\Pc.Jeanpaul-PC\AppData\Roaming\istartpageing, In quarantaine, [637fd6b02079a49263c22ce24bb82fd1], Bestanden: 10 PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-3465489470-3912349346-1417799925-1000\$R623C0O.zip, In quarantaine, [82601d69dabfca6cee26dd2c50b21ae6], PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-3465489470-3912349346-1417799925-1000\$RCBFMI3.zip, In quarantaine, [d60cccbad1c8c27469ab2fda8b770df3], PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-3465489470-3912349346-1417799925-1000\$RLGMZ47.zip, In quarantaine, [954dacda7227e84ea173e029e9190bf5], PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-3465489470-3912349346-1417799925-1000\$RPR1IHF.zip, In quarantaine, [fde55b2b673256e025ef1fea08fa45bb], PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-3465489470-3912349346-1417799925-1000\$RPU60YQ.zip, In quarantaine, [ca18ceb83a5f7db955bf7c8d05fdac54], PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-3465489470-3912349346-1417799925-1000\$RYFRAM4.zip, In quarantaine, [1fc33650970279bdf0245dac5aa8748c], Adware.ConvertAd, C:\Users\Jeanpaul\AppData\Local\Temp\Tq6i8Vb221.exe, In quarantaine, [fae88402cbcef44239804bb4ca3702fe], PUP.Optional.ConvertAd, C:\Users\Jeanpaul\AppData\Local\Temp\nswFE9C.tmp, In quarantaine, [34ae7214475220162890c1d3c2405aa6], PUP.Optional.ConvertAd, C:\Users\Jeanpaul\AppData\Local\Temp\nsx5A37.tmp, In quarantaine, [07db3452afea9a9c7543d7bd07fb31cf], PUP.Optional.Yontoo, C:\Users\Jeanpaul\AppData\Local\Temp\4eRoLUGig5.exe, In quarantaine, [974be3a3e4b5290d9e5c401627da4ab6], Fysieke Sectoren: 0 (Geen kwaadaardige items gedetecteerd) (end) Malwarebytes Anti-Malware www.malwarebytes.org Scandatum: 12/03/2016 Scantijd: 9:21 Logboekbestand: MBAM SCANLOG 4.txt Beheerder: Ja Versie: 2.2.0.1024 Malware-database: v2016.03.12.02 Rootkit-database: v2016.02.27.01 Licentie: Proef Malware-bescherming: Ingeschakeld Bescherming tegen kwaadaardige websites: Ingeschakeld Zelfbescherming: Uitgeschakeld Besturingssysteem: Windows 7 Service Pack 1 Processor: x64 Bestandssysteem: NTFS Gebruiker: Jeanpaul Scantype: Bedreigingsscan Resultaat: Geannuleerd Objecten gescand: 0 (Geen kwaadaardige items gedetecteerd) Verstreken tijd: 0 min, 24 sec Geheugen: Ingeschakeld Opstarten: Ingeschakeld Bestandssysteem: Ingeschakeld Archieven: Ingeschakeld Rootkits: Uitgeschakeld Heuristiek: Ingeschakeld POP: Ingeschakeld POA: Ingeschakeld Processen: 0 (Geen kwaadaardige items gedetecteerd) Modules: 0 (Geen kwaadaardige items gedetecteerd) Registersleutels: 0 (Geen kwaadaardige items gedetecteerd) Registerwaarden: 0 (Geen kwaadaardige items gedetecteerd) Registerdata: 0 (Geen kwaadaardige items gedetecteerd) Mappen: 0 (Geen kwaadaardige items gedetecteerd) Bestanden: 0 (Geen kwaadaardige items gedetecteerd) Fysieke Sectoren: 0 (Geen kwaadaardige items gedetecteerd) (end) Malwarebytes Anti-Malware www.malwarebytes.org Scandatum: 12/03/2016 Scantijd: 10:39 Logboekbestand: MBAM SCANLOG.txt Beheerder: Ja Versie: 2.2.0.1024 Malware-database: v2016.03.12.02 Rootkit-database: v2016.02.27.01 Licentie: Proef Malware-bescherming: Ingeschakeld Bescherming tegen kwaadaardige websites: Ingeschakeld Zelfbescherming: Uitgeschakeld Besturingssysteem: Windows 7 Service Pack 1 Processor: x64 Bestandssysteem: NTFS Gebruiker: Jeanpaul Scantype: Bedreigingsscan Resultaat: Voltooid Objecten gescand: 555107 Verstreken tijd: 42 min, 30 sec Geheugen: Ingeschakeld Opstarten: Ingeschakeld Bestandssysteem: Ingeschakeld Archieven: Ingeschakeld Rootkits: Uitgeschakeld Heuristiek: Ingeschakeld POP: Ingeschakeld POA: Ingeschakeld Processen: 0 (Geen kwaadaardige items gedetecteerd) Modules: 0 (Geen kwaadaardige items gedetecteerd) Registersleutels: 0 (Geen kwaadaardige items gedetecteerd) Registerwaarden: 0 (Geen kwaadaardige items gedetecteerd) Registerdata: 0 (Geen kwaadaardige items gedetecteerd) Mappen: 0 (Geen kwaadaardige items gedetecteerd) Bestanden: 0 (Geen kwaadaardige items gedetecteerd) Fysieke Sectoren: 0 (Geen kwaadaardige items gedetecteerd) (end) Groeten,

Hallo, Hierbij het logje na adw cleaner , ok # AdwCleaner v5.101 - Logbestand aangemaakt 11/03/2016 op 17:02:40 # Laatste update 07/03/2016 door Xplode # Database : 2016-03-08.1 [server] # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64) # Gebruikersnaam : Jeanpaul - JEANPAUL-PC # Gestart vanuit : C:\Users\Jeanpaul\Downloads\adwcleaner_5.101.exe # Optie : Verwijderen # Ondersteuning : http://toolslib.net/forum ***** [ Services ] ***** [-] Service Verwijderd : dojygici ***** [ Mappen ] ***** [-] Map Verwijderd : C:\Program Files\Babylon [-] Map Verwijderd : C:\Program Files (x86)\46423739-1457533992-3043-3039-464331314531 [-] Map Verwijderd : C:\ProgramData\bdaf13d9-0e63-1 [-] Map Verwijderd : C:\ProgramData\bdaf13d9-3a95-0 [-] Map Verwijderd : C:\Users\Jeanpaul\AppData\Local\46423739-1457537827-3043-3039-464331314531 [-] Map Verwijderd : C:\Users\Jeanpaul\AppData\Local\Temp\MPC [-] Map Verwijderd : C:\Users\Jeanpaul\AppData\Roaming\ASPackage [-] Map Verwijderd : C:\Users\Jeanpaul\AppData\Roaming\RPEng [-] Map Verwijderd : C:\Users\Jeanpaul\AppData\Roaming\SimpleFiles [-] Map Verwijderd : C:\Users\Jeanpaul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage ***** [ Bestanden ] ***** ***** [ DLLs ] ***** ***** [ Snelkoppelingen ] ***** [-] Snelkoppeling Gedesinfecteerd : C:\Users\Public\Desktop\Google Chrome.lnk [-] Snelkoppeling Gedesinfecteerd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [-] Snelkoppeling Gedesinfecteerd : C:\Users\Jeanpaul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [-] Snelkoppeling Gedesinfecteerd : C:\Users\Jeanpaul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk [-] Snelkoppeling Gedesinfecteerd : C:\Users\Jeanpaul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [-] Snelkoppeling Gedesinfecteerd : C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ***** [ geplande taken ] ***** ***** [ Register ] ***** [-] Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [HealerCheckout.exe] [-] Sleutel Verwijderd : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd [-] Sleutel Verwijderd : HKCU\Software\PRODUCTSETUP [-] Sleutel Verwijderd : HKCU\Software\SimpleFiles [-] Sleutel Verwijderd : HKLM\SOFTWARE\SimpleFiles [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater [-] Waarde Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{39A24398-617B-4994-A697-2A7107D04A15}] [-] Waarde Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{FB8CE5F5-03E8-41EA-BC65-597E053FB922}] [-] Waarde Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{9533A64F-3E3F-4184-A445-A6BD673083F1}] [-] Waarde Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BB63E136-5D90-4AD1-8BBD-8B7D9012418E}] ***** [ Internetbrowsers ] ***** [-] [C:\Users\Jeanpaul\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Verwijderd : fcfenmboojpjinhpgggodefccipikbpd ************************* :: "Tracing" sleutels verwijderd :: Winsock instellingen gereset ************************* C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3656 bytes] - [11/03/2016 17:02:40] C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [4159 bytes] - [11/03/2016 16:57:47] ########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3842 bytes] ##########

Ik geef het volledige wat ik kreeg ,goed Logfile of random's system information tool 1.10 (written by random/random) Run by Jeanpaul at 2016-03-11 11:26:53 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 372 GB (61%) free of 610 GB Total RAM: 6092 MB (48% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:27:10, on 11/03/2016 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18231) Boot mode: Normal Running processes: C:\Users\Jeanpaul\AppData\Local\Microsoft\BingSvc\BingSvc.exe C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe C:\Program Files\trend micro\Jeanpaul.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1450972015&rver=6.4.6456.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox&lc=2067&id=64855&mkt=nl-be&cbcxt=mai R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://un-stop.net/wpad.dat?b7b82ba60c8c6e0282c0f8fe5a6e7cf77386753 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: 5.79.79.150 pagead2.googlesyndication.com O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent O4 - HKLM\..\Run: [VmbNotifier] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [bingSvc] C:\Users\Jeanpaul\AppData\Local\Microsoft\BingSvc\BingSvc.exe O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN38U123TN0602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk = ? O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Kaspersky Anti-Virus-service 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe O23 - Service: Overheat Layout (dojygici) - Unknown owner - C:\Program.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Users\Jeanpaul\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9319 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe winlogon.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\Hpservice.exe "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f63f93cc-4b12-456b-a0a3-370d8dd3a605 -SystemEventPortName:HostProcess-dfa50190-2d17-4e04-8571-e60855259fab -IoCancelEventPortName:HostProcess-d6701e96-8a5e-4126-8944-70abd81d07b7 -NonStateChangingEventPortName:HostProcess-9d52bf49-2231-4bd7-b1c8-cdc59bed7a64 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:016e4b94-035b-4f58-812d-58727704ffb8 -DeviceGroupId: atieclxx C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe" -r "taskhost.exe" "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service C:\Windows\System32\svchost.exe -k utcsvc "C:\Program Files (x86)\46423739-1457533992-3043-3039-464331314531\jnsu1192.tmp" "C:\Users\Jeanpaul\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN38U123TN0602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1 "C:\Windows\system32\RunDll32.exe" "C:\Program Files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN38U123TN0602;CONNECTION=NW;MONITOR=1; C:\Windows\splwow64.exe 8192 "C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe" -Embedding C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" "C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe" "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe" "C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe" "C:\Windows\system32\GWX\GWX.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe" WLIDSvcM.exe 2688 C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\servicing\TrustedInstaller.exe "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe" -hidden C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\msiexec.exe /V taskeng.exe {ABFFE3C9-6360-46FD-82E3-3B7A0A73FD32} C:\Windows\system32\sppsvc.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3868 --on-initialized-event-handle=332 --parent-handle=336 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2664.0.771642402\1439276741" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,8,24,52 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x6760 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.882.2.3000 --ignored=" --type=renderer " /prefetch:822062411 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=AffiliationBasedMatching/EnabledThroughFieldTrial/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Disabled/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_5/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ChromeSuggestions/Default/*ClientSideDetectionModel/Model0/*CrossDevicePromo/14DaySingleProfile/*DataReductionProxyConfigService/Enabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A5/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Disabled/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*SpdyEnableDependencies/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="2664.3.93297968\77676159" --font-cache-shared-handle=3476 /prefetch:673131151 "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe13_ Global\UsGthrCtrlFltPipeMssGthrPipe13 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540 "C:\Users\Jeanpaul\Desktop\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08 2134656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C66D064F-82FE-4E1A-B06A-B2490BA48B18}] Kaspersky Protection plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-24 800216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08 1725056] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C66D064F-82FE-4E1A-B06A-B2490BA48B18}] Kaspersky Protection plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-24 584664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - Kaspersky Protection toolbar - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-24 800216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - Kaspersky Protection toolbar - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-24 584664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-08-09 167704] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-08-09 392472] "Persistence"=C:\Windows\system32\igfxpers.exe [2011-08-09 416024] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BingSvc"=C:\Users\Jeanpaul\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-12-25 144008] "Gadwin PrintScreen"=C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [2011-05-03 487424] "HP Photosmart 5520 series (NET)"=C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2012-10-17 2573416] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "MobileBroadband"=C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [2013-07-17 76800] "VmbNotifier"=C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe [2013-07-17 1862144] "NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-04-14 113288] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30 334896] C:\Users\Jeanpaul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk - C:\Windows\system32\RunDll32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-08-09 390144] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "MSVideo8"=VfWWDM32.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2016-03-11 11:26:53 ----D---- C:\rsit 2016-03-11 11:26:53 ----D---- C:\Program Files\trend micro 2016-03-11 11:21:45 ----D---- C:\ProgramData\Sun 2016-03-11 11:19:12 ----D---- C:\ProgramData\Oracle 2016-03-11 11:18:01 ----D---- C:\ProgramData\bdaf13d9-3a95-0 2016-03-11 11:18:00 ----D---- C:\ProgramData\bdaf13d9-0e63-1 2016-03-10 14:19:25 ----A---- C:\Windows\system32\generaltel.dll 2016-03-10 14:19:25 ----A---- C:\Windows\system32\appraiser.dll 2016-03-10 14:19:25 ----A---- C:\Windows\system32\aeinv.dll 2016-03-10 14:19:24 ----A---- C:\Windows\system32\invagent.dll 2016-03-10 14:19:24 ----A---- C:\Windows\system32\devinv.dll 2016-03-10 14:19:24 ----A---- C:\Windows\system32\CompatTelRunner.exe 2016-03-10 14:19:24 ----A---- C:\Windows\system32\acmigration.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\ucrtbase.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2016-03-10 10:18:37 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2016-03-10 10:18:35 ----A---- C:\Windows\system32\win32k.sys 2016-03-10 10:18:34 ----A---- C:\Windows\SYSWOW64\wuwebv.dll 2016-03-10 10:18:34 ----A---- C:\Windows\SYSWOW64\wups.dll 2016-03-10 10:18:34 ----A---- C:\Windows\SYSWOW64\wudriver.dll 2016-03-10 10:18:34 ----A---- C:\Windows\SYSWOW64\wuapp.exe 2016-03-10 10:18:34 ----A---- C:\Windows\SYSWOW64\wuapi.dll 2016-03-10 10:18:34 ----A---- C:\Windows\system32\wuwebv.dll 2016-03-10 10:18:34 ----A---- C:\Windows\system32\wups2.dll 2016-03-10 10:18:34 ----A---- C:\Windows\system32\wups.dll 2016-03-10 10:18:34 ----A---- C:\Windows\system32\wudriver.dll 2016-03-10 10:18:34 ----A---- C:\Windows\system32\wucltux.dll 2016-03-10 10:18:34 ----A---- C:\Windows\system32\wuaueng.dll 2016-03-10 10:18:34 ----A---- C:\Windows\system32\wuauclt.exe 2016-03-10 10:18:34 ----A---- C:\Windows\system32\wuapp.exe 2016-03-10 10:18:34 ----A---- C:\Windows\system32\wuapi.dll 2016-03-10 10:18:34 ----A---- C:\Windows\system32\wu.upgrade.ps.dll 2016-03-10 10:18:34 ----A---- C:\Windows\system32\WinSetupUI.dll 2016-03-10 10:18:31 ----A---- C:\Windows\system32\drivers\ntfs.sys 2016-03-10 10:18:29 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS 2016-03-10 10:18:27 ----A---- C:\Windows\SYSWOW64\oleaut32.dll 2016-03-10 10:18:27 ----A---- C:\Windows\SYSWOW64\asycfilt.dll 2016-03-10 10:18:27 ----A---- C:\Windows\system32\oleaut32.dll 2016-03-10 10:18:27 ----A---- C:\Windows\system32\asycfilt.dll 2016-03-10 10:18:23 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2016-03-10 10:18:23 ----A---- C:\Windows\SYSWOW64\inseng.dll 2016-03-10 10:18:23 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2016-03-10 10:18:23 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2016-03-10 10:18:23 ----A---- C:\Windows\system32\iertutil.dll 2016-03-10 10:18:23 ----A---- C:\Windows\system32\iernonce.dll 2016-03-10 10:18:23 ----A---- C:\Windows\system32\ieetwproxystub.dll 2016-03-10 10:18:23 ----A---- C:\Windows\system32\ieetwcollector.exe 2016-03-10 10:18:22 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2016-03-10 10:18:22 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2016-03-10 10:18:22 ----A---- C:\Windows\SYSWOW64\occache.dll 2016-03-10 10:18:22 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2016-03-10 10:18:22 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2016-03-10 10:18:22 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2016-03-10 10:18:22 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2016-03-10 10:18:22 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll 2016-03-10 10:18:22 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2016-03-10 10:18:22 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-03-10 10:18:22 ----A---- C:\Windows\system32\inseng.dll 2016-03-10 10:18:22 ----A---- C:\Windows\system32\ie4uinit.exe 2016-03-10 10:18:21 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2016-03-10 10:18:21 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2016-03-10 10:18:21 ----A---- C:\Windows\SYSWOW64\jscript.dll 2016-03-10 10:18:21 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2016-03-10 10:18:21 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2016-03-10 10:18:21 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2016-03-10 10:18:21 ----A---- C:\Windows\system32\urlmon.dll 2016-03-10 10:18:21 ----A---- C:\Windows\system32\occache.dll 2016-03-10 10:18:21 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2016-03-10 10:18:21 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2016-03-10 10:18:21 ----A---- C:\Windows\system32\iedkcs32.dll 2016-03-10 10:18:20 ----A---- C:\Windows\SYSWOW64\ieui.dll 2016-03-10 10:18:20 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2016-03-10 10:18:20 ----A---- C:\Windows\system32\msfeeds.dll 2016-03-10 10:18:20 ----A---- C:\Windows\system32\iesetup.dll 2016-03-10 10:18:20 ----A---- C:\Windows\system32\ieapfltr.dll 2016-03-10 10:18:20 ----A---- C:\Windows\system32\dxtrans.dll 2016-03-10 10:18:19 ----A---- C:\Windows\SYSWOW64\wininet.dll 2016-03-10 10:18:19 ----A---- C:\Windows\SYSWOW64\webcheck.dll 2016-03-10 10:18:19 ----A---- C:\Windows\SYSWOW64\msrating.dll 2016-03-10 10:18:19 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll 2016-03-10 10:18:19 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll 2016-03-10 10:18:19 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2016-03-10 10:18:19 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2016-03-10 10:18:19 ----A---- C:\Windows\system32\vbscript.dll 2016-03-10 10:18:19 ----A---- C:\Windows\system32\jsproxy.dll 2016-03-10 10:18:19 ----A---- C:\Windows\system32\dxtmsft.dll 2016-03-10 10:18:18 ----A---- C:\Windows\system32\webcheck.dll 2016-03-10 10:18:18 ----A---- C:\Windows\system32\mshtmlmedia.dll 2016-03-10 10:18:18 ----A---- C:\Windows\system32\mshtmled.dll 2016-03-10 10:18:18 ----A---- C:\Windows\system32\ieUnatt.exe 2016-03-10 10:18:18 ----A---- C:\Windows\system32\ieui.dll 2016-03-10 10:18:18 ----A---- C:\Windows\system32\ieframe.dll 2016-03-10 10:18:17 ----A---- C:\Windows\system32\wininet.dll 2016-03-10 10:18:17 ----A---- C:\Windows\system32\MshtmlDac.dll 2016-03-10 10:18:17 ----A---- C:\Windows\system32\jscript9diag.dll 2016-03-10 10:18:17 ----A---- C:\Windows\system32\jscript9.dll 2016-03-10 10:18:17 ----A---- C:\Windows\system32\jscript.dll 2016-03-10 10:18:16 ----A---- C:\Windows\system32\msrating.dll 2016-03-10 10:18:16 ----A---- C:\Windows\system32\mshtml.dll 2016-03-10 10:17:19 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2016-03-10 10:17:19 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2016-03-10 10:17:19 ----A---- C:\Windows\SYSWOW64\ntdll.dll 2016-03-10 10:17:19 ----A---- C:\Windows\system32\ntoskrnl.exe 2016-03-10 10:17:19 ----A---- C:\Windows\system32\ntdll.dll 2016-03-10 10:17:19 ----A---- C:\Windows\system32\KernelBase.dll 2016-03-10 10:17:19 ----A---- C:\Windows\system32\kerberos.dll 2016-03-10 10:17:18 ----A---- C:\Windows\SYSWOW64\KernelBase.dll 2016-03-10 10:17:18 ----A---- C:\Windows\SYSWOW64\kerberos.dll 2016-03-10 10:17:18 ----A---- C:\Windows\SYSWOW64\advapi32.dll 2016-03-10 10:17:18 ----A---- C:\Windows\system32\lsasrv.dll 2016-03-10 10:17:18 ----A---- C:\Windows\system32\kernel32.dll 2016-03-10 10:17:18 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2016-03-10 10:17:18 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2016-03-10 10:17:18 ----A---- C:\Windows\system32\advapi32.dll 2016-03-10 10:17:17 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll 2016-03-10 10:17:17 ----A---- C:\Windows\system32\smss.exe 2016-03-10 10:17:17 ----A---- C:\Windows\system32\schannel.dll 2016-03-10 10:17:17 ----A---- C:\Windows\system32\rpcrt4.dll 2016-03-10 10:17:17 ----A---- C:\Windows\system32\drivers\mrxsmb.sys 2016-03-10 10:17:16 ----A---- C:\Windows\SYSWOW64\sspicli.dll 2016-03-10 10:17:16 ----A---- C:\Windows\system32\wow64win.dll 2016-03-10 10:17:16 ----A---- C:\Windows\system32\winsrv.dll 2016-03-10 10:17:16 ----A---- C:\Windows\system32\TSpkg.dll 2016-03-10 10:17:16 ----A---- C:\Windows\system32\srcore.dll 2016-03-10 10:17:16 ----A---- C:\Windows\system32\ncrypt.dll 2016-03-10 10:17:16 ----A---- C:\Windows\system32\msv1_0.dll 2016-03-10 10:17:16 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-03-10 10:17:15 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\wow32.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\wdigest.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\user.exe 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\TSpkg.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\srclient.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\setup16.exe 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\secur32.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\schannel.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\ncrypt.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\msv1_0.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\msobjs.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\msaudite.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\kernel32.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\instnm.exe 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\cryptbase.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\credssp.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\auditpol.exe 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\apisetschema.dll 2016-03-10 10:17:15 ----A---- C:\Windows\SYSWOW64\adtschema.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\wow64cpu.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\wow64.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\wdigest.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\sspisrv.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\sspicli.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\srclient.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\secur32.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\rstrui.exe 2016-03-10 10:17:15 ----A---- C:\Windows\system32\ntvdm64.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\msobjs.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\msaudite.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\lsass.exe 2016-03-10 10:17:15 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys 2016-03-10 10:17:15 ----A---- C:\Windows\system32\csrsrv.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\cryptbase.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\credssp.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\conhost.exe 2016-03-10 10:17:15 ----A---- C:\Windows\system32\auditpol.exe 2016-03-10 10:17:15 ----A---- C:\Windows\system32\apisetschema.dll 2016-03-10 10:17:15 ----A---- C:\Windows\system32\adtschema.dll 2016-03-10 10:17:09 ----A---- C:\Windows\SYSWOW64\mfds.dll 2016-03-10 10:17:09 ----A---- C:\Windows\system32\mfds.dll 2016-03-10 10:17:08 ----A---- C:\Windows\SYSWOW64\lpk.dll 2016-03-10 10:17:08 ----A---- C:\Windows\SYSWOW64\fontsub.dll 2016-03-10 10:17:08 ----A---- C:\Windows\SYSWOW64\dciman32.dll 2016-03-10 10:17:08 ----A---- C:\Windows\SYSWOW64\atmlib.dll 2016-03-10 10:17:08 ----A---- C:\Windows\SYSWOW64\atmfd.dll 2016-03-10 10:17:08 ----A---- C:\Windows\system32\lpk.dll 2016-03-10 10:17:08 ----A---- C:\Windows\system32\fontsub.dll 2016-03-10 10:17:08 ----A---- C:\Windows\system32\dciman32.dll 2016-03-10 10:17:08 ----A---- C:\Windows\system32\atmlib.dll 2016-03-10 10:17:08 ----A---- C:\Windows\system32\atmfd.dll 2016-03-10 10:15:41 ----A---- C:\Windows\system32\seclogon.dll 2016-03-10 10:15:39 ----A---- C:\Windows\SYSWOW64\wmp.dll 2016-03-10 10:15:39 ----A---- C:\Windows\system32\wmp.dll 2016-03-10 10:15:38 ----A---- C:\Windows\SYSWOW64\wmploc.DLL 2016-03-10 10:15:38 ----A---- C:\Windows\SYSWOW64\spwmp.dll 2016-03-10 10:15:38 ----A---- C:\Windows\SYSWOW64\dxmasf.dll 2016-03-10 10:15:38 ----A---- C:\Windows\system32\wmploc.DLL 2016-03-10 10:15:38 ----A---- C:\Windows\system32\spwmp.dll 2016-03-10 10:15:38 ----A---- C:\Windows\system32\dxmasf.dll 2016-03-09 15:37:31 ----D---- C:\Users\Jeanpaul\AppData\Roaming\SimpleFiles 2016-03-09 15:33:12 ----D---- C:\Users\Jeanpaul\AppData\Roaming\ASPackage 2016-03-09 15:33:12 ----D---- C:\Program Files (x86)\46423739-1457533992-3043-3039-464331314531 2016-03-08 12:42:50 ----D---- C:\Windows\Minidump ======List of files/folders modified in the last 1 month====== 2016-03-11 11:27:08 ----D---- C:\Windows\Prefetch 2016-03-11 11:26:58 ----D---- C:\Windows\Temp 2016-03-11 11:26:53 ----RD---- C:\Program Files 2016-03-11 11:23:59 ----D---- C:\Windows\system32\Tasks 2016-03-11 11:23:57 ----D---- C:\Windows\Tasks 2016-03-11 11:23:55 ----RD---- C:\Program Files (x86) 2016-03-11 11:21:45 ----SHD---- C:\Windows\Installer 2016-03-11 11:21:45 ----HD---- C:\ProgramData 2016-03-11 11:21:45 ----D---- C:\Program Files (x86)\Common Files 2016-03-11 11:21:32 ----D---- C:\Windows\SysWOW64 2016-03-11 10:26:47 ----D---- C:\ProgramData\Kaspersky Lab 2016-03-11 10:11:53 ----D---- C:\Windows\system32\config 2016-03-11 10:11:47 ----D---- C:\Program Files (x86)\TeamViewer 2016-03-11 10:11:13 ----SHD---- C:\System Volume Information 2016-03-10 23:48:45 ----D---- C:\Windows\winsxs 2016-03-10 23:44:53 ----D---- C:\Windows\system32\drivers 2016-03-10 23:39:00 ----D---- C:\Windows\system32\MRT 2016-03-10 23:35:15 ----A---- C:\Windows\system32\MRT.exe 2016-03-10 23:34:58 ----D---- C:\Windows\system32\appraiser 2016-03-10 23:34:58 ----D---- C:\Windows\System32 2016-03-10 23:32:31 ----D---- C:\Users\Jeanpaul\AppData\Roaming\Skype 2016-03-10 16:03:57 ----D---- C:\Windows\rescache 2016-03-10 14:38:27 ----D---- C:\Windows\Microsoft.NET 2016-03-10 14:38:10 ----A---- C:\Windows\system32\PerfStringBackup.INI 2016-03-10 14:38:09 ----D---- C:\Windows\inf 2016-03-10 14:38:02 ----RSD---- C:\Windows\assembly 2016-03-10 14:28:15 ----D---- C:\Windows\system32\catroot 2016-03-10 14:28:13 ----D---- C:\Windows\system32\catroot2 2016-03-10 14:27:39 ----D---- C:\Windows\SYSWOW64\nl-NL 2016-03-10 14:27:37 ----D---- C:\Windows\system32\nl-NL 2016-03-10 14:27:33 ----D---- C:\Program Files\Internet Explorer 2016-03-10 14:27:32 ----D---- C:\Windows\SYSWOW64\en-US 2016-03-10 14:27:27 ----D---- C:\Windows\system32\en-US 2016-03-10 14:27:24 ----D---- C:\Program Files (x86)\Internet Explorer 2016-03-10 14:27:05 ----D---- C:\Windows\AppPatch 2016-03-10 14:26:59 ----D---- C:\Windows\system32\DriverStore 2016-03-10 13:51:03 ----D---- C:\Program Files (x86)\Windows Media Player 2016-03-10 13:51:02 ----D---- C:\Program Files\Windows Media Player 2016-03-10 13:39:55 ----D---- C:\Windows\system32\wfp 2016-03-10 13:39:50 ----D---- C:\Windows\system32\wbem 2016-03-10 13:39:50 ----D---- C:\Windows 2016-03-10 13:38:34 ----D---- C:\Windows\system32\CodeIntegrity 2016-03-10 13:38:01 ----D---- C:\Program Files\Common Files\Microsoft Shared 2016-03-10 13:37:40 ----D---- C:\Windows\registration 2016-03-10 13:37:13 ----D---- C:\Windows\SYSWOW64\config 2016-03-09 15:13:20 ----D---- C:\Users\Jeanpaul\AppData\Roaming\vlc 2016-03-08 21:37:34 ----D---- C:\Windows\system32\LogFiles 2016-02-26 22:36:44 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI 2016-02-26 22:24:13 ----SD---- C:\Windows\SYSWOW64\GWX 2016-02-26 22:24:13 ----SD---- C:\Windows\system32\GWX 2016-02-23 09:42:29 ----D---- C:\Windows\system32\drivers\UMDF 2016-02-22 18:11:39 ----D---- C:\Windows\LiveKernelReports 2016-02-21 18:57:31 ----D---- C:\FAVORIETEN 2016-02-19 10:08:10 ----D---- C:\Windows\system32\NDF 2016-02-15 10:33:25 ----D---- C:\Program Files (x86)\FrostWire 6 2016-02-12 18:36:48 ----D---- C:\ProgramData\Skype ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak); C:\Windows\system32\DRIVERS\cm_km.sys [2015-07-06 389816] R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-04-25 30488] R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2015-06-22 478392] R0 klbackupdisk;Kaspersky Lab klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [2015-06-06 53432] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 klbackupflt;Kaspersky Lab klbackupflt; C:\Windows\system32\DRIVERS\klbackupflt.sys [2015-06-27 70000] R1 klhk;Kaspersky Lab service driver; C:\Windows\system32\DRIVERS\klhk.sys [2015-12-24 227000] R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2016-03-01 934808] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2015-06-11 39096] R1 klpd;Kaspersky Lab format recognizer driver; C:\Windows\system32\DRIVERS\klpd.sys [2015-12-24 41352] R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2015-06-11 65208] R1 Klwtp;Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [2015-06-16 103096] R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2015-06-23 187056] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 kldisk;kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [2016-03-01 77728] R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-04-25 43800] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-10-01 9981952] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-09-30 310272] R3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984] R3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784] R3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384] R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472] R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2015-12-24 181640] R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2015-06-06 41144] R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2015-06-07 41648] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit; C:\Windows\system32\DRIVERS\Netwsw00.sys [2012-02-21 11471872] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-06-10 91648] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-06-10 208896] R3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720] R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 338536] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056] R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288] R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984] S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968] S4 klkbdflt2;Kaspersky Lab KlKbdFlt2; C:\Windows\system32\DRIVERS\klkbdflt2.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-09-30 204288] R2 AVP16.0.0;Kaspersky Anti-Virus-service 16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [2015-08-12 194000] R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-01-08 1433216] R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-01-08 1773696] R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 dojygici;Overheat Layout; C:\Program Files (x86)\46423739-1457533992-3043-3039-464331314531\jnsu1192.tmp [2016-03-09 284160] R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2012-04-25 31000] R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-09-28 25800] R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-12-14 6889232] R2 VmbService;Vodafone Mobile Broadband-service; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2013-07-17 8704] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23 144200] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23 144200] S3 hpqwmiex;HP Software Framework Service; C:\Users\Jeanpaul\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe [2016-01-11 794112] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-02-08 114688] S3 vssbrigde64;vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [2015-07-09 144640] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-12-23 1255736] S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848] -----------------EOF-----------------

Hallo Hierbij het logbestand Log.txt ? Dit is het eerste van de weegegeven bestanden, is het dit ? Logfile of random's system information tool 1.10 (written by random/random) Run by Jeanpaul at 2016-03-11 11:26:53 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 372 GB (61%) free of 610 GB Total RAM: 6092 MB (48% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:27:10, on 11/03/2016 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18231) Boot mode: Normal Running processes: C:\Users\Jeanpaul\AppData\Local\Microsoft\BingSvc\BingSvc.exe C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe C:\Program Files\trend micro\Jeanpaul.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1450972015&rver=6.4.6456.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox&lc=2067&id=64855&mkt=nl-be&cbcxt=mai R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://un-stop.net/wpad.dat?b7b82ba60c8c6e0282c0f8fe5a6e7cf77386753 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: 5.79.79.150 pagead2.googlesyndication.com O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent O4 - HKLM\..\Run: [VmbNotifier] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [bingSvc] C:\Users\Jeanpaul\AppData\Local\Microsoft\BingSvc\BingSvc.exe O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN38U123TN0602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk = ? O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Kaspersky Anti-Virus-service 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe O23 - Service: Overheat Layout (dojygici) - Unknown owner - C:\Program.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Users\Jeanpaul\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9319 bytes