albada53
Lid-
Items
58 -
Registratiedatum
-
Laatst bezocht
albada53's prestaties
-
Jion reageerde op een bericht in een topic: gravity space en its result hub
-
gravity space en its result hub
albada53 reageerde op albada53's topic in Archief Bestrijding malware & virussen
Heel erg bedankt voor alle hulp. ik heb Unchecky geïnstalleerd en zal Mbam gebruiken. Top wat jullie doen!! Superbedankt! -
gravity space en its result hub
albada53 reageerde op albada53's topic in Archief Bestrijding malware & virussen
Dank voor je advies v.w.b. MSE. Ik heb een betaalde versie van GData, maar deze vertraagde de computer heel erg en stond ook niet toe om bepaalde downloads wel door te laten. Ik zal deze dan toch maar weer installeren? Ik denk dat de problemen verholpen zijn, dankzij jullie/jouw hulp. Is er in de instellingen bij Windows 7 de mogelijkheid om PUP's niet toe te laten? -
gravity space en its result hub
albada53 reageerde op albada53's topic in Archief Bestrijding malware & virussen
Ik heb Microsoft Security Essentials op mijn computer geïnstalleerd en deze is actief, dus ik heb verder geen virusscanner meer geïnstalleerd. Bijgaand het logje van zoek.exe: Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Windows7 on zo 23-08-2015 at 11:36:12,35. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Windows7\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 23-8-2015 11:38:04 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~3\ZoomBrowser deleted successfully C:\Users\Windows7\AppData\Roaming\ZoomBrowser EX deleted successfully C:\Users\Windows7\AppData\Local\Downloaded Installations deleted successfully C:\Users\Windows7\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Windows7\AppData\Local\EmieSiteList deleted successfully C:\Users\Windows7\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GLogin deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GLogin deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\esgiguard deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\esgiguard deleted successfully ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Android Resource Navigator deleted C:\Program Files\Enigma Software Group\SpyHunter deleted C:\Logfile.txt deleted C:\Users\Windows7\AppData\Roaming\appdataFr2.bin deleted C:\Users\Windows7\AppData\Roaming\ARCompanion.log deleted C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Avkwctl.log deleted C:\Windows\SysNative\config\systemprofile\AppData\Roaming\gdfw.log deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\gdscan.log deleted C:\PROGRA~3\Package Cache deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\Windows\wininit.ini deleted "C:\Windows\Installer\11f0da.msi" deleted "C:\Windows\Installer\12bb46.msi" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-08-20 19:06:14 BC949EA893A9384070C31F083CCEFD26 3 ----a-w- C:\Windows\7Loader.TAG 2015-08-16 19:44:48 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\notepad.exe 2015-08-09 11:18:24 C71EBB0B33A178A572647F6BB0C9EB9B 10449 ----a-w- C:\Windows\diagerr.xml 2015-08-09 11:18:24 692CA5EBC9E0CEF0A8D0BE4DF7400CEE 9528 ----a-w- C:\Windows\diagwrn.xml ====== C:\Users\Windows7\AppData\Local\Temp ==== 2015-08-14 12:29:20 5F09D271B8F4A62FC087E0D5452D2EC8 681097 ----a-w- C:\Users\Windows7\AppData\Local\Temp\sqlite3.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-08-21 08:19:35 A98799EBA5BAABF1AB2BAFCE488FC9F9 19871232 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-08-21 08:19:34 225DB7BABA68ED284693EAEE04E94EA1 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-08-16 20:03:24 4FA66A573E9A45D05AD5A25B1E76A35D 103120 ----a-w- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-16 19:49:18 90E480789256D852FA3EADD39D56FDDA 6131200 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2015-08-16 19:49:17 AF0EC95144F76EA4B40A7ED1DD34616C 856064 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll 2015-08-16 19:49:16 A27593907607A692D0DE105DE29BBC33 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll 2015-08-16 19:48:54 DC18FFFF3175376ABD38E6D48309F7F9 3934656 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-08-16 19:48:54 5792E7C663FAA39335D4F787B9499490 1311768 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2015-08-16 19:48:53 6C95D6264810F816E92780E7DB81F7B1 3989952 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-08-16 19:48:52 A38E10B4143A19F32D64517B6A1FCB98 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2015-08-16 19:48:51 FC85BC746818EE9B5181EA0B1C882778 552960 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-08-16 19:48:49 FE748FEAA8A5A7677DA1C2C6CE405ADE 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-08-16 19:48:49 15400F593C9023CDC1D144C30BBDA47A 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-08-16 19:48:48 650B603F5C040727788F19AD0B8D09BC 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-08-16 19:48:48 51C161D5638465251857B2207BD535CB 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-08-16 19:48:48 4C2D57F3DDBC07D3CC59160CDC400AC0 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-08-16 19:48:48 0A4CE9AAA18F9DE7414C1E7BE572F5FA 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2015-08-16 19:48:47 E70054ADA6AAB84659AB20D137747ACF 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-08-16 19:48:47 A2C5FAE51BC43B29525AAA5BF0B31259 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-08-16 19:48:47 086A1544FACAA91CD6F95FC4CDE16913 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-08-16 19:48:46 8A82C9C4A205266DC22BB1C8F2E1AB2D 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-08-16 19:48:46 75706C0F199BC7658A98BEE452964587 36864 ----a-w- C:\Windows\SysWOW64\cryptbase.dll 2015-08-16 19:48:46 3982911B4C4F42B156D7347C1543CF9F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-08-16 19:48:46 37CE74C8094AD7D1D3B79A8D2849803E 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2015-08-16 19:48:46 2506A1507B7CBFE069BC0289349786ED 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2015-08-16 19:48:45 DD8BCBBC1C383F38F284E25CE39C136C 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-08-16 19:48:45 9E94CD7C6CBDC2C9B6A87AD9D5E4EF80 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2015-08-16 19:48:42 C899E7E3A4F42B802DA1E97F9908BD26 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2015-08-16 19:48:42 832494A551C2B2CCB616B2BE13A696A1 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-08-16 19:48:41 1EA1328207A915C9EB10AA1D102C0B52 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-08-16 19:48:41 03A179385219FD37CDFB3E603F912CA7 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-08-16 19:48:40 D5F9C627C221A3B4B6944EDBE90D642C 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-08-16 19:48:40 008BDC16E15B3B6EFB6E8B6684022F36 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-08-16 19:46:09 C989240A97D4E0B4354679CCF7E66389 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-08-16 19:46:09 BDC048308B74B2146495BBB8D4CD4974 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-08-16 19:46:08 FCDCEB29CD1129C6C86AD9700A7E5BD1 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-08-16 19:46:08 A37FEDFC0BC9E96AD3DFFF41D5805F04 2279424 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-08-16 19:46:07 C929BFB3FD2460B570553AE7344640BC 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-08-16 19:46:07 BD3E3A13423C40E8CF4BE531EE68BAF0 1310720 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-08-16 19:46:07 67DA0EE95026FB2D3577F664F2187F98 342736 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-08-16 19:46:07 358D91656E54B03B8FFE3CF4D535A6C8 504320 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-08-16 19:46:06 C98AF04E9FC94DBF57B29A9891597664 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-08-16 19:46:06 32664FC06B115923C449DC22D47CD8A6 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-08-16 19:46:05 728188684708FEF4F18E2CAB46C54DBB 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-08-16 19:46:05 0E9529DC8BA5AD3C06B99F115D0D804D 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-08-16 19:46:04 D1D3DB57C68A2A62E03DD973F53CEA18 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-08-16 19:46:03 FB1B7D2B2D500E067B96C56EE0B4DDAD 664064 ----a-w- C:\Windows\SysWOW64\jscript.dll 2015-08-16 19:46:03 D7FDD5E8B88ADE9107772B4C879FDF94 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-08-16 19:46:03 8B6B89D3FEDB34CA38055B82A790545F 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-08-16 19:46:03 1CB9D50EE52BED7DEBF394CEA8A971A5 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-08-16 19:46:02 793F71F873D106A611DB79741327038C 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-08-16 19:46:02 3E168B5E5FEE3D09C2D4E97861B5F4B3 479232 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-08-16 19:46:00 3C74EA1EC43A694060F09B7D754446C6 12856832 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-08-16 19:45:57 AB6A3699E478DEF677D48B126B223C54 4520448 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-08-16 19:45:57 53DE75BD2C7A3EA29770147EAC8A8D5A 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-08-16 19:45:57 0AC8CD2138FD10C4A0E2FF08F892359C 1951232 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-08-16 19:45:56 ECF459774AE6A273F0F59D7C072DB3C4 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-08-16 19:45:56 4D036506C8359185FC52EB49DB891743 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2015-08-16 19:45:56 445DB8651F05684F8259D4054A15BC50 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-08-16 19:45:04 6B003E11CDBDA3B45A3D16E5A9D3F73B 82432 ----a-w- C:\Windows\SysWOW64\davclnt.dll 2015-08-16 19:45:04 55C70654420DBF429604FD567E6F3CD3 206848 ----a-w- C:\Windows\SysWOW64\WebClnt.dll 2015-08-16 19:45:00 EA1BE72A8CD5CEA7B6E6649D1FD78BA1 1241088 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2015-08-16 19:45:00 121E2E789BE080EB86DA71F95B611DF2 1390592 ----a-w- C:\Windows\SysWOW64\msxml6.dll 2015-08-16 19:44:59 B6F9E4CDA3069B03F654B650A5379E60 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2015-08-16 19:44:59 127EE7F36CEA127ECCA55BECBC230398 2048 ----a-w- C:\Windows\SysWOW64\msxml6r.dll 2015-08-16 19:44:56 CE21524C53E9671A7108B28FB9B4E474 1251328 ----a-w- C:\Windows\SysWOW64\DWrite.dll 2015-08-16 19:44:55 680D463893C9846CC6A1DA6012DD0FE5 299520 ----a-w- C:\Windows\SysWOW64\atmfd.dll 2015-08-16 19:44:52 9E2F12744DD9810961031C56FBB691F4 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll 2015-08-16 19:44:52 965CFC7687F0D188F215DC142FC8F6A1 1987584 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll 2015-08-16 19:44:52 7983F3481E89B96074FAE9AFCC24079C 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll 2015-08-16 19:44:52 520AEC6C64AF2CFD74B469DB98611D4A 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll 2015-08-16 19:44:52 400C20D6967A83EA69D6953EBB8D3FA3 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll 2015-08-16 19:44:48 A4F6DF0E33E644E802C8798ED94D80EA 179712 ----a-w- C:\Windows\SysWOW64\notepad.exe 2015-08-16 19:44:44 4478348E3942AD9EED9AB263AFE7CD83 12875776 ----a-w- C:\Windows\SysWOW64\shell32.dll 2015-08-16 19:43:57 A02515B58D318F427FBA64437FB0EDDF 566784 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2015-08-16 19:43:57 4447FD20A6B48D05E8392B6E18A194A8 173056 ----a-w- C:\Windows\SysWOW64\wuwebv.dll 2015-08-16 19:43:56 FBECE2B32A3658AEB609DC5A1021100F 30208 ----a-w- C:\Windows\SysWOW64\wups.dll 2015-08-16 19:43:56 E96D0EEAAE0446F664EE15703BB32A34 93184 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2015-08-16 19:43:56 742AC3EF3C7C30F0EBF628D6D03BB399 34816 ----a-w- C:\Windows\SysWOW64\wuapp.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-08-21 08:19:35 E5F2BB962F84A8F8D996FEA33F4C817B 25191936 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-08-21 08:19:35 4FD63532DBF78DC6B50078F769E7949F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-08-20 22:15:18 400E0B72AEB663360E1A3AB33DDD6A87 1116672 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-08-20 22:15:17 EEAFBC5A31C68438AF67531C52410A3D 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2015-08-20 22:15:17 EC9178A8037D3EF938F38B6793EAF990 774656 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-08-20 22:15:17 E99A30142A108B11381C47B0A30283B0 17344 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe 2015-08-20 22:15:17 DD91D9EAAA415B26EB30EC9CF768BF03 743424 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-08-20 22:15:17 A3D0A038A6C03E368E80CDDEFC473140 1148416 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-08-20 22:15:17 4FEB4397B066DEEDDDED0D1CEDA1C887 69120 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-08-20 22:15:17 36DA2E5BD218764CB48B8A13CF0B091F 437760 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-08-16 20:03:24 52ED64BF80D360B0EA2B6E5F1504CDFF 124624 ----a-w- C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll 2015-08-16 19:49:19 C01DC60229F41D33AF2DF4162EDA0F44 7077376 ----a-w- C:\Windows\Sysnative\mstscax.dll 2015-08-16 19:49:17 35A97817FDA4C8F421D8478DCCF045B1 1057792 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll 2015-08-16 19:49:16 CDA122FCC691D14D3971A83AB035156D 62976 ----a-w- C:\Windows\Sysnative\tsgqec.dll 2015-08-16 19:49:16 2686F572B3CAF633C4A350A3671835F2 429568 ----a-w- C:\Windows\Sysnative\wksprt.exe 2015-08-16 19:48:55 B9A07A9807A4BAC067498CC8D77F3D4D 5568960 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-08-16 19:48:55 72585BDAF2EC5237EBD71D540657D6A2 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2015-08-16 19:48:55 3F63C62D9183235792A46C0B66EAAD04 1730496 ----a-w- C:\Windows\Sysnative\ntdll.dll 2015-08-16 19:48:54 2E730941CC5BF6200A4F56D1E9C24AAD 1743360 ----a-w- C:\Windows\Sysnative\sysmain.dll 2015-08-16 19:48:52 DAF50D708FF79AC4AE0A1C256A9BEE33 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2015-08-16 19:48:52 B892459EC8441FFB9E045CCE73862868 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2015-08-16 19:48:52 AF249D7461E228EBBD1C7E98D99B3B12 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-08-16 19:48:52 99D1FAA337A4EF3C33E256C79DC708F8 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-08-16 19:48:51 E80CA72FA43BF258E72C408CEF9839BE 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2015-08-16 19:48:51 A0502BF52867F00FD9C67D1C355F6C91 1216512 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2015-08-16 19:48:51 6DC249682EA708DA1C4B5CBD9C016F21 729088 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-08-16 19:48:51 35766EDA62E3FA02B897182219EEDF8A 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-08-16 19:48:49 D6431591DEED9D47E9266890FB2BFBBC 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-08-16 19:48:49 6518A42BE5B157EF3DC3ED4F8BE4CA46 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-08-16 19:48:49 53632BBEFB00BDA1DCFC9E155E0C6B53 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2015-08-16 19:48:49 46041293D887F4D89979874015F26B30 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-08-16 19:48:49 354D59027DE2BFB3A63E8E7DBAF081D8 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2015-08-16 19:48:48 E615E2FF68D64B52CEFDCD24332D61F5 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-08-16 19:48:48 7245C8C33397B90E376B9BB54E2A96C8 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-08-16 19:48:48 61024C6DE4EEBC6BCC92422F0AE3CE94 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-08-16 19:48:48 55C48343919A72B0C8F5C42E4C798FCA 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2015-08-16 19:48:48 0D48E93C6BE3143C0198CB252B992D16 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-08-16 19:48:47 EBB9C6638109A3486EBA51D28837495C 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-08-16 19:48:47 E6D24098FDB4A9C29007696B79389DB9 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2015-08-16 19:48:47 98AFEF63F857FA67FA1BDD3969F40366 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-08-16 19:48:47 98432481E11B9EDB54A2B069E465D1CB 44032 ----a-w- C:\Windows\Sysnative\cryptbase.dll 2015-08-16 19:48:46 7ADF0CB99051D1E0DB7F65DA1D8099F1 11264 ----a-w- C:\Windows\Sysnative\msmmsp.dll 2015-08-16 19:48:46 77E88D36E88FDC825DCCBF269F81ED3E 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2015-08-16 19:48:46 219DF0B319E46EA2601D90101C4C330A 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-08-16 19:48:46 1BE3823E3206785F2BA8F26B2FAD3FBE 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-08-16 19:48:46 0797A4FDBA2766B88FB563BBB7646FCE 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-08-16 19:48:45 BD6BDB13F5D8FA13166CF8B3CBD6976A 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2015-08-16 19:48:42 BC48CD24D35FA0E18D66A97E502BFAE2 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2015-08-16 19:48:41 25AADF664F576D1C264F8AC27B4838DF 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-08-16 19:48:40 FFAD95FF2FE4B14F91E437E03D1F68BA 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-08-16 19:48:40 46CB68A774B67187B722FA1156672A23 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-08-16 19:47:20 168EA9CD9BD6056BB6F60B57D5304BBE 52736 ----a-w- C:\Windows\Sysnative\basesrv.dll 2015-08-16 19:46:09 92E60B0F2E864336737091554370E658 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-08-16 19:46:09 4E37600CED71FFCE7EEBB129A90B3431 2885632 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-08-16 19:46:08 890E3A6A6DB6D15EB242460D2353D39C 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-08-16 19:46:07 D0A52A4F631172E2AC35A84CCDF28FA4 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-08-16 19:46:07 ACE8BB2BECFEC66A738EE3DDDFF0CA07 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-08-16 19:46:06 B2ADFD1217625A68A484E9838C608F51 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-08-16 19:46:05 9CAC3401B481383936A9D66EF1B80307 389840 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-08-16 19:46:04 B8322A1FCD5686F2D97B6BCA1862C9B8 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-08-16 19:46:04 158C1D034080B9DC0A9A2CD9E8DB0199 1545728 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-08-16 19:46:03 427D40AF9BCAE05125F3513E770706E1 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-08-16 19:46:02 857D9F533F7F9838B68C2CEF8AB68412 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-08-16 19:46:00 3E4568FFE110FE81CA1A75BF1149153B 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-08-16 19:45:59 F9C6645800D1EDE9033858C60903F00C 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-08-16 19:45:59 C580215DE134617942FF1740A1235CE4 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-08-16 19:45:58 43AF91A40E44205272335E33B7BBA4C3 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-08-16 19:45:57 95C5B29740852D171CA03BAE61B670FE 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-08-16 19:45:57 62FC1CC7DFC11B5F6A25763375F765BF 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-08-16 19:45:57 39E11AA344781CD5773BE9E2472C84E4 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-08-16 19:45:56 6E3D6B8844FF524D7B27EE7FFB3EF6F5 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-08-16 19:45:55 E892688BB1C8B0B485C27436F2B963CF 615936 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-08-16 19:45:55 AD31A019C2195C75B26DF3337EE8F9FE 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-08-16 19:45:55 995797E4DE4215715CA2040BB81F4594 14451200 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-08-16 19:45:54 ECA4CCA74F61C6288734B786089765B0 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-08-16 19:45:54 C6960223A6BAB3CF83DB09565D191844 5923328 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-08-16 19:45:54 C555B5C8142844DED9E3BD94E6313000 2427904 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-08-16 19:45:54 9C7B3D3A9A945AED5CC97C6535C9D857 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2015-08-16 19:45:54 56E1A08F9CDF246CCAB75EA32B87B2DA 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-08-16 19:45:53 77A4FEE4031F90DBB5C16F6A8FC855BC 417792 ----a-w- C:\Windows\Sysnative\html.iec 2015-08-16 19:45:53 2D9A67695E80C889FAD5C92651D5E641 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-08-16 19:45:53 080E99BE131C2433FD7E6813F77F08FD 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-08-16 19:45:04 4E89FC53493704BF835F0300DC201C34 260096 ----a-w- C:\Windows\Sysnative\WebClnt.dll 2015-08-16 19:45:04 16FD9A0F6EDEF091A72D7D3B77574008 102912 ----a-w- C:\Windows\Sysnative\davclnt.dll 2015-08-16 19:45:01 32A74A5BC52EF569BC65252AF6F28578 1887232 ----a-w- C:\Windows\Sysnative\msxml3.dll 2015-08-16 19:45:00 40EA064E91C6A63FDBC83259FC5BD4F8 2004992 ----a-w- C:\Windows\Sysnative\msxml6.dll 2015-08-16 19:44:59 99119778A8E44F077E46B0870B8DD6A8 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2015-08-16 19:44:59 22DC6C17443DECC9EBE258220906DCAC 2048 ----a-w- C:\Windows\Sysnative\msxml6r.dll 2015-08-16 19:44:56 F97A0CFC495C92FF2F6A03933157D115 3208192 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-08-16 19:44:56 F8C0AF84AB602D395FFC89BC7CF3CE18 372736 ----a-w- C:\Windows\Sysnative\atmfd.dll 2015-08-16 19:44:56 DB94C47BD7F2AD9C58DEC46026D5FD08 1648128 ----a-w- C:\Windows\Sysnative\DWrite.dll 2015-08-16 19:44:56 D5A775990A7C202A037378FDBCDB6141 1180160 ----a-w- C:\Windows\Sysnative\FntCache.dll 2015-08-16 19:44:53 0365E7AED8A38CB5FFF1DFB4458C0593 41984 ----a-w- C:\Windows\Sysnative\lpk.dll 2015-08-16 19:44:52 D4FB2E00F49711C9DD3E2C2646D7C767 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll 2015-08-16 19:44:52 B45F7BC413F905ECA9DE679E3FF09472 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll 2015-08-16 19:44:52 52DE81006E192EAA09B3BDE763D80BC8 14336 ----a-w- C:\Windows\Sysnative\dciman32.dll 2015-08-16 19:44:52 15113A4CD09E0F06894495FCE8BF2BF8 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll 2015-08-16 19:44:48 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\Sysnative\notepad.exe 2015-08-16 19:44:45 733BC760342A816D3B5A8CE2C7EF1D92 14177280 ----a-w- C:\Windows\Sysnative\shell32.dll 2015-08-16 19:43:57 C980982C7F8ECB462C52CBEC759CBBDC 3154944 ----a-w- C:\Windows\Sysnative\wucltux.dll 2015-08-16 19:43:57 B0FBE5C8E18EB3BD677846DAB54037D5 696320 ----a-w- C:\Windows\Sysnative\wuapi.dll 2015-08-16 19:43:57 6FDC1FAD277AEF0A89B0D28F5675679C 139776 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2015-08-16 19:43:57 499034D7F1F6AF49F9EE12F8822793CB 2606080 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2015-08-16 19:43:57 0F72B73EBE4F6F86EE569598D377165E 192000 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2015-08-16 19:43:56 DE1B5089D48291BD81F6A5CCFB832E53 36864 ----a-w- C:\Windows\Sysnative\wups.dll 2015-08-16 19:43:56 D1E38F98DDA581BF70B6A89882E6E6F6 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll 2015-08-16 19:43:56 C0DA341908CC3A0209A63FBD4B521C2A 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll 2015-08-16 19:43:56 A6848EF3860E81A835AA4982ADBA1884 37888 ----a-w- C:\Windows\Sysnative\wups2.dll 2015-08-16 19:43:56 7CFCC5210E226AA85F2A21098FA01F29 37376 ----a-w- C:\Windows\Sysnative\wuapp.exe 2015-08-16 19:43:56 1956D89C3E24A8388840489371B3A428 98304 ----a-w- C:\Windows\Sysnative\wudriver.dll ====== C:\Windows\Sysnative\drivers ===== 2015-08-22 12:43:29 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-08-22 12:42:30 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2015-08-22 12:42:30 AE757332EA130E94E646621CC695B52A 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-08-22 12:42:30 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2015-08-16 19:48:53 67050452C0118BAF2883928E6FCCFE47 94656 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys 2015-08-16 19:48:48 67A1743377EBB5D9A370A8C2086CFDCC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-08-16 19:48:48 522A1595D5701800DD41B2D472F5AAED 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-08-16 19:48:45 B2081803D510DCE174992BA880EDCA70 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-08-16 19:48:45 97687971F9CB30E2633DE0F1296B9F61 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-08-16 19:48:45 552FA62B0EFECD22D8D52499324BCA4F 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys ====== C:\Windows\Tasks ====== 2015-08-20 19:20:53 9A65CF43D5B10FFE35C419EEACE546A4 1056 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0db7d54cc35d1.job 2015-08-20 19:20:53 34BF7035991B9E189CF6F2C096444079 1060 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0db7d5525056a.job 2015-08-20 19:20:53 2BEEDBCD8DC441FA0BFA74BF23A5D69C 4056 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA1d0db7d5525056a 2015-08-20 19:20:53 11F7F337F3C0B92AAD66D948D2245C6B 3804 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore1d0db7d54cc35d1 2015-08-08 08:45:33 DECB49BCFAC93245C85DEE8C521AF5A1 4166 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2015-08-08 08:45:33 B5AB8999F9B0B3DE40A6C8A401A49931 1060 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-08 08:45:32 BAD8830A47958DCA039D057F699AD0CC 1056 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-08 08:45:32 9E388F1BD320BE8034052DFD11E7022F 3914 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-07-29 17:46:46 -------- d-----w- C:\Program Files\Common Files\AV ======= C:\PROGRA~2 ===== ======= C: ===== 2015-08-20 19:06:14 BC949EA893A9384070C31F083CCEFD26 3 --sha-r- C:\win7ldr 2015-08-20 19:06:14 8B3E35F943CBF4CC2DE64A6DF8076525 203316 --sha-r- C:\grldr 2015-08-09 11:27:07 93B885ADFE0DA089CDF634904FD59F71 1 --sha-w- C:\BOOTNXT ====== C:\Users\Windows7\AppData\Roaming ====== 2015-08-08 09:18:49 -------- d-s---w- C:\Windows\serviceprofiles\networkservice\AppData\Locallow\Microsoft ====== C:\Users\Windows7 ====== 2015-08-22 23:58:57 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Windows7\Downloads\RSITx64 (1).exe 2015-08-22 12:40:50 D3B6FA14CB7E12B7FBC0B3AA26235898 24345872 ----a-w- C:\Users\Windows7\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-22 10:50:00 7E584580AE57FA86520F59343BF9A270 1605632 ----a-w- C:\Users\Windows7\Downloads\adwcleaner_5.003.exe 2015-08-21 13:01:45 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Windows7\Downloads\RSITx64.exe ====== C: exe-files == 2015-08-22 23:58:57 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Windows7\Downloads\RSITx64 (1).exe 2015-08-22 12:40:50 D3B6FA14CB7E12B7FBC0B3AA26235898 24345872 ----a-w- C:\Users\Windows7\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-22 10:50:00 7E584580AE57FA86520F59343BF9A270 1605632 ----a-w- C:\Users\Windows7\Downloads\adwcleaner_5.003.exe 2015-08-21 13:01:45 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Windows7\Downloads\RSITx64.exe 2015-08-20 20:00:13 B1798BC27E40983B12FEFD0D85C05B3F 873800 ----a-w- C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\SwReporter\4.28.1\software_reporter_tool.exe 2015-08-20 19:21:41 B03D87D080E98A6D872D8BAF9441C84B 48876624 ----a-w- C:\Program Files (x86)\Google\Update\Install\{902DD2AE-7F57-4401-84CA-FB4FE4B8A060}\44.0.2403.157_chrome64_installer.exe 2015-08-20 19:21:39 B03D87D080E98A6D872D8BAF9441C84B 48876624 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\44.0.2403.157\44.0.2403.157_chrome64_installer.exe 2015-08-20 19:20:52 E692507B6F9EE2E230B2557126983FA5 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleUpdateWebPlugin.exe 2015-08-20 19:20:52 5EF88BA7321C634D5E9A7CAB3965001E 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleUpdateBroker.exe 2015-08-20 19:20:52 323B9908034B25B3227494F781697EA5 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleUpdateOnDemand.exe 2015-08-20 19:20:50 171E3EB5F07EA00E1F407897D0A6CCC6 931408 ----a-w- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleUpdateSetup.exe 2015-08-20 19:20:48 7814A8ED32D5186BA651008AFFB55080 144200 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 2015-08-20 19:20:45 A560D240B9F64C9EC758510BDE008BE5 305992 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler64.exe 2015-08-20 19:20:45 7814A8ED32D5186BA651008AFFB55080 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleUpdate.exe 2015-08-20 19:20:45 673AD34FC250054DC780465662621669 130888 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleUpdateComRegisterShell64.exe 2015-08-20 19:20:45 638E68043F19207226C6ABEB273D5FE7 245576 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler.exe 2015-08-20 19:04:58 C5C9D23958596A941C5044B2B5919963 3541702 ----a-w- C:\Users\Windows7\Desktop\Nieuwe map\Windows 7 ULTIMATE activator by Lord Tidus.exe 2015-08-16 19:46:07 F666B5E4A99DAE8E243189C89E9AFA74 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2015-08-16 19:46:05 E595881896AA929A7FA8936DFCF8D3FE 473600 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2015-08-16 19:46:05 2B1D4B6004AE4BE9EB19CAD4AB924944 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2015-08-16 19:46:04 C2A6A7E10E872F62F261637B67AFB248 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2015-08-16 19:45:58 AA12B1DD4C32F01995A07774D9A44C47 814288 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2015-08-16 19:45:58 66CD0B90DA1E7219759821F9846A29CB 491008 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2015-08-16 19:44:48 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\notepad.exe === C: other files == 2015-08-22 12:43:29 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-08-22 12:42:30 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-08-22 12:42:30 AE757332EA130E94E646621CC695B52A 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-08-22 12:42:30 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-08-20 19:14:59 602F0E7767955CED93A2B721A88120B5 958232 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507063.sys 2015-08-20 19:14:59 3D39601F01B131CE1B08CB32540F1EF0 554840 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507063.sys 2015-08-16 19:48:53 67050452C0118BAF2883928E6FCCFE47 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys 2015-08-16 19:48:48 67A1743377EBB5D9A370A8C2086CFDCC 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-08-16 19:48:48 522A1595D5701800DD41B2D472F5AAED 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-08-16 19:48:45 B2081803D510DCE174992BA880EDCA70 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2015-08-16 19:48:45 97687971F9CB30E2633DE0F1296B9F61 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2015-08-16 19:48:45 552FA62B0EFECD22D8D52499324BCA4F 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2015-08-16 19:44:56 F97A0CFC495C92FF2F6A03933157D115 3208192 ----a-w- C:\Windows\System32\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1869362604-1768435415-2293966079-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Spotify Web Helper"="C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Spotify Web Helper"="C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Windows7\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-07-2015 19:30] C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS\AutoKMS.exe [03-02-2013 10:52] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-08-2015 21:20] C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0db7d54cc35d1.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-08-2015 21:20] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-08-2015 21:20] C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0db7d5525056a.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-08-2015 21:20] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\0" [c:\program files\internet explorer\iexplore.exe] "C:\Windows\SysNative\tasks\4983" [wscript.exe C:\Users\Windows7\AppData\Local\Temp\launchie.vbs //B] "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d0db7d54cc35d1" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d0db7d5525056a" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\{243725C8-E191-48A6-990A-59B2DD03BD84}" [C:\Program Files (x86)\Logitech\iTouch\iTouch.exe] "C:\Windows\SysNative\tasks\{6FF46B97-D352-4539-9FC2-8DC98768A89B}" [C:\Program Files (x86)\Logitech\iTouch\iTouch.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"] ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.157 ==== Chromium Startpages ====================== C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Preferences ries":"C7EC0723DF4ED6DD007C7C1E99263BD1269097FB5ECFF6C223091CAD84716A1A"}},"super_mac":"323E2EAB33F45A8516F4E1B71B71BE8649C517F291131D482C22B765EC126341"},"session":{"restore_on_startup":5,"startup_urls":["https://www.google.nl/]},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"},"sync":{"remaining_rollback_tries":0}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?pc=MSSE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?pc=MSSE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{BEDCB1EE-EBCC-455E-992E-6A6970810C32}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {BEDCB1EE-EBCC-455E-992E-6A6970810C32} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\472EE7AF07377B34A9543AB971CCDC5C deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75932EE05AB03F84FAFA19C253187532 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EE23957-0BA5-48F3-AFAF-912C35815723} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\472EE7AF07377B34A9543AB971CCDC5C deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\75932EE05AB03F84FAFA19C253187532 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Windows7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Windows7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=51 folders=8 28827330 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Windows7\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Windows7\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 23-08-2015 at 12:07:46,53 ====================== -
gravity space en its result hub
albada53 reageerde op albada53's topic in Archief Bestrijding malware & virussen
Bijgaand het nieuwe RSIT logje Logfile of random's system information tool 1.10 (written by random/random) Run by Windows7 at 2015-08-23 01:59:15 Microsoft Windows 7 Ultimate Service Pack 1 System drive C: has 56 GB (47%) free of 119 GB Total RAM: 3837 MB (49% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:59:27, on 23-8-2015 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17937) Boot mode: Normal Running processes: C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Program Files\trend micro\Windows7.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [spybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9246 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "C:\Program Files\Microsoft Security Client\MsMpEng.exe" "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Windows\System32\svchost.exe -k utcsvc "C:\Program Files (x86)\PasswordBox\pbbtnService.exe" "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" "taskhost.exe" taskeng.exe {EA746169-07AF-4119-8530-4CF6AF7B4612} "C:\Windows\system32\Dwm.exe" "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c C:\Windows\Explorer.EXE "C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe" -services -injection-server "C:\Windows\system32\GWX\GWX.exe" "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\viakaraokesrv.exe "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "C:\Program Files (x86)\Canon\CAL\CALMAIN.exe" C:\Windows\system32\EscSvc64.exe "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe" WLIDSvcM.exe 2612 C:\Windows\system32\sppsvc.exe "C:\Program Files\Microsoft Security Client\NisSrv.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ec12fe78-0487-4bf3-97a9-d4bb6e5b9cfa -SystemEventPortName:HostProcess-fbac17a6-290c-4cbf-8df2-ccde78c3abee -IoCancelEventPortName:HostProcess-bf43dcf9-c5fe-4678-ac6c-2f1ef2c7e6ea -NonStateChangingEventPortName:HostProcess-7246f8ce-dc46-4a9b-86f0-3c625b2033c5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9be40953-ed8c-4c5e-8b3f-cc32138cb168 -DeviceGroupId:WpdFsGroup C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" C:\Windows\servicing\TrustedInstaller.exe "C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516 "C:\Users\Windows7\Downloads\RSITx64 (1).exe" ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\tasks\AutoKMS.job - C:\Windows\AutoKMS\AutoKMS.exe C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0db7d54cc35d1.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0db7d5525056a.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584] "Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584] "Spotify Web Helper"=C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-08-15 2018360] "SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-08-15 2018360] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2011-02-22 3019376] ""= [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-02-11 272896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access" "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service" "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater" "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=l3codecp.acm "VIDC.LAGS"=lagarith.dll "VIDC.FFDS"=ff_vfw.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2015-08-22 15:05:17 ----A---- C:\MBAM Scanlog.txt 2015-08-22 14:43:29 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys 2015-08-22 14:42:30 ----A---- C:\Windows\system32\drivers\mwac.sys 2015-08-22 14:42:30 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys 2015-08-22 14:42:30 ----A---- C:\Windows\system32\drivers\mbam.sys 2015-08-22 14:42:29 ----D---- C:\ProgramData\Malwarebytes 2015-08-22 14:42:29 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-08-22 12:52:27 ----D---- C:\AdwCleaner 2015-08-21 10:19:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2015-08-21 10:19:35 ----A---- C:\Windows\system32\mshtml.dll 2015-08-21 00:15:18 ----A---- C:\Windows\system32\appraiser.dll 2015-08-21 00:15:17 ----A---- C:\Windows\system32\invagent.dll 2015-08-21 00:15:17 ----A---- C:\Windows\system32\generaltel.dll 2015-08-21 00:15:17 ----A---- C:\Windows\system32\devinv.dll 2015-08-21 00:15:17 ----A---- C:\Windows\system32\CompatTelRunner.exe 2015-08-21 00:15:17 ----A---- C:\Windows\system32\aepdu.dll 2015-08-21 00:15:17 ----A---- C:\Windows\system32\aeinv.dll 2015-08-21 00:15:17 ----A---- C:\Windows\system32\acmigration.dll 2015-08-16 22:03:24 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-16 22:03:24 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-16 21:49:19 ----A---- C:\Windows\system32\mstscax.dll 2015-08-16 21:49:18 ----A---- C:\Windows\SYSWOW64\mstscax.dll 2015-08-16 21:49:17 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll 2015-08-16 21:49:17 ----A---- C:\Windows\system32\rdvidcrl.dll 2015-08-16 21:49:16 ----A---- C:\Windows\SYSWOW64\tsgqec.dll 2015-08-16 21:49:16 ----A---- C:\Windows\system32\wksprt.exe 2015-08-16 21:49:16 ----A---- C:\Windows\system32\tsgqec.dll 2015-08-16 21:48:55 ----A---- C:\Windows\system32\ntoskrnl.exe 2015-08-16 21:48:55 ----A---- C:\Windows\system32\ntdll.dll 2015-08-16 21:48:55 ----A---- C:\Windows\system32\kernel32.dll 2015-08-16 21:48:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2015-08-16 21:48:54 ----A---- C:\Windows\SYSWOW64\ntdll.dll 2015-08-16 21:48:54 ----A---- C:\Windows\system32\sysmain.dll 2015-08-16 21:48:53 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2015-08-16 21:48:53 ----A---- C:\Windows\system32\drivers\mountmgr.sys 2015-08-16 21:48:52 ----A---- C:\Windows\SYSWOW64\kernel32.dll 2015-08-16 21:48:52 ----A---- C:\Windows\system32\wow64.dll 2015-08-16 21:48:52 ----A---- C:\Windows\system32\rstrui.exe 2015-08-16 21:48:52 ----A---- C:\Windows\system32\lsasrv.dll 2015-08-16 21:48:52 ----A---- C:\Windows\system32\KernelBase.dll 2015-08-16 21:48:51 ----A---- C:\Windows\SYSWOW64\kerberos.dll 2015-08-16 21:48:51 ----A---- C:\Windows\system32\winsrv.dll 2015-08-16 21:48:51 ----A---- C:\Windows\system32\srcore.dll 2015-08-16 21:48:51 ----A---- C:\Windows\system32\rpcrt4.dll 2015-08-16 21:48:51 ----A---- C:\Windows\system32\kerberos.dll 2015-08-16 21:48:49 ----A---- C:\Windows\SYSWOW64\schannel.dll 2015-08-16 21:48:49 ----A---- C:\Windows\SYSWOW64\msv1_0.dll 2015-08-16 21:48:49 ----A---- C:\Windows\system32\wdigest.dll 2015-08-16 21:48:49 ----A---- C:\Windows\system32\schannel.dll 2015-08-16 21:48:49 ----A---- C:\Windows\system32\msv1_0.dll 2015-08-16 21:48:49 ----A---- C:\Windows\system32\csrsrv.dll 2015-08-16 21:48:49 ----A---- C:\Windows\system32\conhost.exe 2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\wdigest.dll 2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\TSpkg.dll 2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\ncrypt.dll 2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\KernelBase.dll 2015-08-16 21:48:48 ----A---- C:\Windows\system32\TSpkg.dll 2015-08-16 21:48:48 ----A---- C:\Windows\system32\sspicli.dll 2015-08-16 21:48:48 ----A---- C:\Windows\system32\smss.exe 2015-08-16 21:48:48 ----A---- C:\Windows\system32\ncrypt.dll 2015-08-16 21:48:48 ----A---- C:\Windows\system32\lsass.exe 2015-08-16 21:48:48 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2015-08-16 21:48:48 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2015-08-16 21:48:47 ----A---- C:\Windows\SYSWOW64\srclient.dll 2015-08-16 21:48:47 ----A---- C:\Windows\SYSWOW64\setup16.exe 2015-08-16 21:48:47 ----A---- C:\Windows\SYSWOW64\auditpol.exe 2015-08-16 21:48:47 ----A---- C:\Windows\system32\srclient.dll 2015-08-16 21:48:47 ----A---- C:\Windows\system32\ntvdm64.dll 2015-08-16 21:48:47 ----A---- C:\Windows\system32\cryptbase.dll 2015-08-16 21:48:47 ----A---- C:\Windows\system32\auditpol.exe 2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\secur32.dll 2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll 2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll 2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\cryptbase.dll 2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\credssp.dll 2015-08-16 21:48:46 ----A---- C:\Windows\system32\wow64win.dll 2015-08-16 21:48:46 ----A---- C:\Windows\system32\sspisrv.dll 2015-08-16 21:48:46 ----A---- C:\Windows\system32\secur32.dll 2015-08-16 21:48:46 ----A---- C:\Windows\system32\msmmsp.dll 2015-08-16 21:48:46 ----A---- C:\Windows\system32\credssp.dll 2015-08-16 21:48:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-16 21:48:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-16 21:48:45 ----A---- C:\Windows\SYSWOW64\wow32.dll 2015-08-16 21:48:45 ----A---- C:\Windows\SYSWOW64\sspicli.dll 2015-08-16 21:48:45 ----A---- C:\Windows\system32\wow64cpu.dll 2015-08-16 21:48:45 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys 2015-08-16 21:48:45 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys 2015-08-16 21:48:45 ----A---- C:\Windows\system32\drivers\mrxsmb.sys 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll 2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll 2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll 2015-08-16 21:48:42 ----A---- C:\Windows\SYSWOW64\instnm.exe 2015-08-16 21:48:42 ----A---- C:\Windows\SYSWOW64\apisetschema.dll 2015-08-16 21:48:42 ----A---- C:\Windows\system32\apisetschema.dll 2015-08-16 21:48:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-08-16 21:48:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll 2015-08-16 21:48:41 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-08-16 21:48:41 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-08-16 21:48:41 ----A---- C:\Windows\SYSWOW64\user.exe 2015-08-16 21:48:41 ----A---- C:\Windows\SYSWOW64\adtschema.dll 2015-08-16 21:48:41 ----A---- C:\Windows\system32\adtschema.dll 2015-08-16 21:48:40 ----A---- C:\Windows\SYSWOW64\msobjs.dll 2015-08-16 21:48:40 ----A---- C:\Windows\SYSWOW64\msaudite.dll 2015-08-16 21:48:40 ----A---- C:\Windows\system32\msobjs.dll 2015-08-16 21:48:40 ----A---- C:\Windows\system32\msaudite.dll 2015-08-16 21:47:20 ----A---- C:\Windows\system32\basesrv.dll 2015-08-16 21:46:09 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2015-08-16 21:46:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2015-08-16 21:46:09 ----A---- C:\Windows\system32\iertutil.dll 2015-08-16 21:46:09 ----A---- C:\Windows\system32\ieetwcollector.exe 2015-08-16 21:46:08 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2015-08-16 21:46:08 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2015-08-16 21:46:08 ----A---- C:\Windows\system32\ieetwproxystub.dll 2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll 2015-08-16 21:46:07 ----A---- C:\Windows\system32\iernonce.dll 2015-08-16 21:46:07 ----A---- C:\Windows\system32\ie4uinit.exe 2015-08-16 21:46:06 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2015-08-16 21:46:06 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2015-08-16 21:46:06 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-08-16 21:46:05 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2015-08-16 21:46:05 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2015-08-16 21:46:05 ----A---- C:\Windows\system32\iedkcs32.dll 2015-08-16 21:46:04 ----A---- C:\Windows\system32\urlmon.dll 2015-08-16 21:46:04 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\jscript.dll 2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2015-08-16 21:46:03 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2015-08-16 21:46:02 ----A---- C:\Windows\SYSWOW64\ieui.dll 2015-08-16 21:46:02 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2015-08-16 21:46:02 ----A---- C:\Windows\system32\dxtrans.dll 2015-08-16 21:46:00 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2015-08-16 21:46:00 ----A---- C:\Windows\system32\msfeeds.dll 2015-08-16 21:45:59 ----A---- C:\Windows\system32\iesetup.dll 2015-08-16 21:45:59 ----A---- C:\Windows\system32\ieapfltr.dll 2015-08-16 21:45:57 ----A---- C:\Windows\SYSWOW64\wininet.dll 2015-08-16 21:45:57 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll 2015-08-16 21:45:57 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2015-08-16 21:45:57 ----A---- C:\Windows\system32\vbscript.dll 2015-08-16 21:45:57 ----A---- C:\Windows\system32\jsproxy.dll 2015-08-16 21:45:57 ----A---- C:\Windows\system32\ieUnatt.exe 2015-08-16 21:45:56 ----A---- C:\Windows\SYSWOW64\msrating.dll 2015-08-16 21:45:56 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll 2015-08-16 21:45:56 ----A---- C:\Windows\system32\dxtmsft.dll 2015-08-16 21:45:55 ----A---- C:\Windows\system32\mshtmled.dll 2015-08-16 21:45:55 ----A---- C:\Windows\system32\ieui.dll 2015-08-16 21:45:55 ----A---- C:\Windows\system32\ieframe.dll 2015-08-16 21:45:54 ----A---- C:\Windows\system32\wininet.dll 2015-08-16 21:45:54 ----A---- C:\Windows\system32\mshtmlmedia.dll 2015-08-16 21:45:54 ----A---- C:\Windows\system32\jscript9diag.dll 2015-08-16 21:45:54 ----A---- C:\Windows\system32\jscript9.dll 2015-08-16 21:45:54 ----A---- C:\Windows\system32\jscript.dll 2015-08-16 21:45:53 ----A---- C:\Windows\system32\msrating.dll 2015-08-16 21:45:53 ----A---- C:\Windows\system32\MshtmlDac.dll 2015-08-16 21:45:04 ----A---- C:\Windows\SYSWOW64\WebClnt.dll 2015-08-16 21:45:04 ----A---- C:\Windows\SYSWOW64\davclnt.dll 2015-08-16 21:45:04 ----A---- C:\Windows\system32\WebClnt.dll 2015-08-16 21:45:04 ----A---- C:\Windows\system32\davclnt.dll 2015-08-16 21:45:01 ----A---- C:\Windows\system32\msxml3.dll 2015-08-16 21:45:00 ----A---- C:\Windows\SYSWOW64\msxml6.dll 2015-08-16 21:45:00 ----A---- C:\Windows\SYSWOW64\msxml3.dll 2015-08-16 21:45:00 ----A---- C:\Windows\system32\msxml6.dll 2015-08-16 21:44:59 ----A---- C:\Windows\SYSWOW64\msxml6r.dll 2015-08-16 21:44:59 ----A---- C:\Windows\SYSWOW64\msxml3r.dll 2015-08-16 21:44:59 ----A---- C:\Windows\system32\msxml6r.dll 2015-08-16 21:44:59 ----A---- C:\Windows\system32\msxml3r.dll 2015-08-16 21:44:56 ----A---- C:\Windows\SYSWOW64\DWrite.dll 2015-08-16 21:44:56 ----A---- C:\Windows\system32\win32k.sys 2015-08-16 21:44:56 ----A---- C:\Windows\system32\FntCache.dll 2015-08-16 21:44:56 ----A---- C:\Windows\system32\DWrite.dll 2015-08-16 21:44:56 ----A---- C:\Windows\system32\atmfd.dll 2015-08-16 21:44:55 ----A---- C:\Windows\SYSWOW64\atmfd.dll 2015-08-16 21:44:53 ----A---- C:\Windows\system32\lpk.dll 2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\lpk.dll 2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\fontsub.dll 2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\dciman32.dll 2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll 2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\atmlib.dll 2015-08-16 21:44:52 ----A---- C:\Windows\system32\fontsub.dll 2015-08-16 21:44:52 ----A---- C:\Windows\system32\dciman32.dll 2015-08-16 21:44:52 ----A---- C:\Windows\system32\d3d10warp.dll 2015-08-16 21:44:52 ----A---- C:\Windows\system32\atmlib.dll 2015-08-16 21:44:48 ----A---- C:\Windows\SYSWOW64\notepad.exe 2015-08-16 21:44:48 ----A---- C:\Windows\system32\notepad.exe 2015-08-16 21:44:48 ----A---- C:\Windows\notepad.exe 2015-08-16 21:44:45 ----A---- C:\Windows\system32\shell32.dll 2015-08-16 21:44:44 ----A---- C:\Windows\SYSWOW64\shell32.dll 2015-08-16 21:43:57 ----A---- C:\Windows\SYSWOW64\wuwebv.dll 2015-08-16 21:43:57 ----A---- C:\Windows\SYSWOW64\wuapi.dll 2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuwebv.dll 2015-08-16 21:43:57 ----A---- C:\Windows\system32\wucltux.dll 2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuaueng.dll 2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuauclt.exe 2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuapi.dll 2015-08-16 21:43:56 ----A---- C:\Windows\SYSWOW64\wups.dll 2015-08-16 21:43:56 ----A---- C:\Windows\SYSWOW64\wudriver.dll 2015-08-16 21:43:56 ----A---- C:\Windows\SYSWOW64\wuapp.exe 2015-08-16 21:43:56 ----A---- C:\Windows\system32\wups2.dll 2015-08-16 21:43:56 ----A---- C:\Windows\system32\wups.dll 2015-08-16 21:43:56 ----A---- C:\Windows\system32\wudriver.dll 2015-08-16 21:43:56 ----A---- C:\Windows\system32\wuapp.exe 2015-08-16 21:43:56 ----A---- C:\Windows\system32\wu.upgrade.ps.dll 2015-08-16 21:43:56 ----A---- C:\Windows\system32\WinSetupUI.dll 2015-08-16 21:24:19 ----HD---- C:\$Windows.~BT 2015-08-16 21:07:57 ----ASH---- C:\pagefile.sys 2015-08-16 21:07:54 ----ASH---- C:\hiberfil.sys 2015-08-16 20:54:21 ----D---- C:\$SysReset 2015-08-10 00:06:22 ----SHD---- C:\Recovery 2015-07-29 19:46:46 ----D---- C:\Program Files\Common Files\AV ======List of files/folders modified in the last 1 month====== 2015-08-23 01:59:17 ----D---- C:\Program Files\trend micro 2015-08-23 01:58:59 ----D---- C:\Windows\Temp 2015-08-23 01:57:23 ----D---- C:\Windows\system32\config 2015-08-23 01:52:58 ----D---- C:\Windows\system32\drivers 2015-08-22 15:04:28 ----HD---- C:\ProgramData 2015-08-22 15:04:26 ----D---- C:\Program Files (x86)\Common Files 2015-08-22 15:04:26 ----D---- C:\Program Files (x86)\Android Resource Navigator 2015-08-22 14:42:29 ----RD---- C:\Program Files (x86) 2015-08-22 13:59:28 ----D---- C:\Windows\system32\Tasks 2015-08-22 12:48:34 ----D---- C:\Windows\system32\FxsTmp 2015-08-21 12:09:19 ----D---- C:\Windows\system32\drivers\etc 2015-08-21 10:23:07 ----D---- C:\Windows\winsxs 2015-08-21 10:20:56 ----SD---- C:\Windows\system32\CompatTel 2015-08-21 10:20:56 ----D---- C:\Windows\SysWOW64 2015-08-21 10:20:56 ----D---- C:\Windows\system32\appraiser 2015-08-21 10:20:56 ----D---- C:\Windows\System32 2015-08-21 10:20:56 ----D---- C:\Windows\AppPatch 2015-08-21 10:19:25 ----SHD---- C:\System Volume Information 2015-08-21 00:06:16 ----D---- C:\Windows 2015-08-20 21:25:01 ----SHD---- C:\Windows\Installer 2015-08-20 21:21:44 ----D---- C:\Program Files (x86)\Google 2015-08-20 21:20:53 ----D---- C:\Windows\Tasks 2015-08-20 21:04:32 ----D---- C:\Windows\inf 2015-08-20 21:04:32 ----A---- C:\Windows\system32\PerfStringBackup.INI 2015-08-20 20:57:17 ----D---- C:\Windows\pss 2015-08-20 19:44:27 ----D---- C:\Windows\rescache 2015-08-20 18:55:27 ----D---- C:\Windows\Microsoft.NET 2015-08-20 18:54:31 ----RSD---- C:\Windows\assembly 2015-08-17 07:07:29 ----D---- C:\Boot 2015-08-17 06:58:11 ----RSD---- C:\Windows\Media 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\zh-TW 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\zh-HK 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\zh-CN 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\tr-TR 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\sv-SE 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\ru-RU 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\pt-PT 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\pt-BR 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\pl-PL 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\nb-NO 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\migration 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\ko-KR 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\ja-JP 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\it-IT 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\hu-HU 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\fr-FR 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\fi-FI 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\es-ES 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\el-GR 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\de-DE 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\da-DK 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\cs-CZ 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\color 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\BioAPIFFDB 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\Atheros_L1e 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\Adobe 2015-08-17 06:58:07 ----D---- C:\Windows\system32\zh-TW 2015-08-17 06:58:07 ----D---- C:\Windows\system32\zh-HK 2015-08-17 06:58:07 ----D---- C:\Windows\system32\zh-CN 2015-08-17 06:58:07 ----D---- C:\Windows\system32\tr-TR 2015-08-17 06:58:07 ----D---- C:\Windows\system32\sv-SE 2015-08-17 06:58:04 ----D---- C:\Windows\system32\ru-RU 2015-08-17 06:58:04 ----D---- C:\Windows\system32\pt-PT 2015-08-17 06:58:04 ----D---- C:\Windows\system32\pt-BR 2015-08-17 06:58:04 ----D---- C:\Windows\system32\pl-PL 2015-08-17 06:58:04 ----D---- C:\Windows\system32\NDF 2015-08-17 06:58:04 ----D---- C:\Windows\system32\nb-NO 2015-08-17 06:58:04 ----D---- C:\Windows\system32\migration 2015-08-17 06:58:04 ----D---- C:\Windows\system32\ko-KR 2015-08-17 06:58:04 ----D---- C:\Windows\system32\ja-JP 2015-08-17 06:58:04 ----D---- C:\Windows\system32\it-IT 2015-08-17 06:58:03 ----DC---- C:\Windows\system32\DRVSTORE 2015-08-17 06:58:03 ----D---- C:\Windows\system32\hu-HU 2015-08-17 06:58:03 ----D---- C:\Windows\system32\fr-FR 2015-08-17 06:58:03 ----D---- C:\Windows\system32\fi-FI 2015-08-17 06:58:03 ----D---- C:\Windows\system32\es-ES 2015-08-17 06:58:03 ----D---- C:\Windows\system32\el-GR 2015-08-17 06:58:03 ----D---- C:\Windows\system32\de-DE 2015-08-17 06:58:03 ----D---- C:\Windows\system32\da-DK 2015-08-17 06:58:03 ----D---- C:\Windows\system32\cs-CZ 2015-08-17 06:58:02 ----D---- C:\Windows\system32\appmgmt 2015-08-17 06:58:02 ----D---- C:\Windows\ShellNew 2015-08-17 06:58:01 ----D---- C:\Windows\PolicyDefinitions 2015-08-17 06:58:00 ----D---- C:\Windows\nl 2015-08-17 06:58:00 ----D---- C:\Windows\LiveKernelReports 2015-08-17 06:57:56 ----RSD---- C:\Windows\Fonts 2015-08-17 06:57:56 ----D---- C:\Windows\Downloaded Program Files 2015-08-17 06:57:56 ----D---- C:\Windows\DigitalLocker 2015-08-17 06:57:55 ----SD---- C:\ProgramData\Microsoft 2015-08-17 06:57:52 ----D---- C:\Program Files (x86)\MSBuild 2015-08-17 06:57:52 ----D---- C:\Program Files (x86)\Microsoft.NET 2015-08-17 06:57:51 ----RD---- C:\Program Files 2015-08-17 06:57:51 ----D---- C:\Program Files\Common Files\System 2015-08-17 06:57:51 ----D---- C:\Program Files\Common Files\Microsoft Shared 2015-08-17 06:57:50 ----D---- C:\Windows\system32\Recovery 2015-08-17 06:57:50 ----D---- C:\Program Files\Common Files 2015-08-17 06:57:48 ----SD---- C:\Users\Windows7\AppData\Roaming\Microsoft 2015-08-16 22:13:23 ----D---- C:\Windows\SYSWOW64\nl-NL 2015-08-16 22:13:23 ----D---- C:\Windows\SYSWOW64\en-US 2015-08-16 22:13:22 ----D---- C:\Windows\system32\nl-NL 2015-08-16 22:13:22 ----D---- C:\Windows\system32\en-US 2015-08-16 22:13:22 ----D---- C:\Windows\system32\drivers\nl-NL 2015-08-16 22:13:22 ----D---- C:\Windows\system32\drivers\en-US 2015-08-16 22:13:04 ----D---- C:\Program Files\Internet Explorer 2015-08-16 22:12:58 ----D---- C:\Program Files (x86)\Internet Explorer 2015-08-16 22:04:25 ----D---- C:\ProgramData\Microsoft Help 2015-08-16 22:04:12 ----A---- C:\Windows\win.ini 2015-08-16 22:03:47 ----D---- C:\Windows\system32\catroot2 2015-08-16 21:41:49 ----D---- C:\Windows\Panther 2015-08-15 21:31:11 ----D---- C:\Users\Windows7\AppData\Roaming\Spotify 2015-08-15 20:38:54 ----D---- C:\Program Files (x86)\1Password 4 2015-08-15 19:14:33 ----D---- C:\Program Files\Microsoft Silverlight 2015-08-15 19:14:33 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2015-08-15 19:04:11 ----A---- C:\Windows\system32\MRT.exe 2015-08-15 18:46:05 ----D---- C:\Users\Windows7\AppData\Roaming\Identities 2015-08-09 14:34:49 ----D---- C:\Windows\registration 2015-08-09 13:27:10 ----RASH---- C:\BOOTSECT.BAK 2015-07-29 19:46:43 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-07-29 19:38:37 ----D---- C:\Windows\Logs 2015-07-25 17:34:03 ----D---- C:\Program Files\CCleaner 2015-07-25 16:48:03 ----SD---- C:\Windows\system32\GWX ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376] R0 RapportHades64;RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [2015-07-29 139896] R0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2015-07-29 394584] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560] R1 RapportCerberus_1507063;RapportCerberus_1507063; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507063.sys [2015-08-20 958232] R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-07-29 500088] R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-07-29 489240] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-06-18 25816] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2011-02-17 2153072] S1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [] S1 GLogin;GLogin; C:\Windows\system32\drivers\GLogin.sys [] S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [] S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-06-18 63704] S3 netr28ux;Sweex Wireless USB Adapter Driver; C:\Windows\system32\DRIVERS\netr28ux.sys [2010-07-27 1241952] S3 NMgamingmsFltr;USB Optical Mouse; C:\Windows\system32\drivers\NMgamingms.sys [2009-07-24 11264] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2011-08-11 694376] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688] S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960] S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496] S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [] S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128] R2 CCALib8;Canon Camera Access Library 8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [2006-03-30 96341] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 EpsonScanSvc;Epson Scanner Service; C:\Windows\system32\EscSvc64.exe [2011-12-12 135824] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816] R2 PasswordBox;PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-05-14 67584] R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-07-29 2255128] R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168] R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408] R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928] R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2011-02-17 27760] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544] R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20 144200] S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14 268976] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20 144200] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-16 114688] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144] S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-02-02 1255736] S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944] -----------------EOF----------------- -
gravity space en its result hub
albada53 reageerde op albada53's topic in Archief Bestrijding malware & virussen
Bijgaand het MBAM logbestand: Malwarebytes Anti-Malware www.malwarebytes.org Scandatum: 22-8-2015 Scantijd: 14:44 Logboekbestand: MBAM Scanlog.txt Beheerder: Ja Versie: 2.1.8.1057 Malware-database: v2015.08.22.02 Rootkit-database: v2015.08.16.01 Licentie: Gratis Malware-bescherming: Uitgeschakeld Bescherming tegen kwaadaardige websites: Uitgeschakeld Zelfbescherming: Uitgeschakeld Besturingssysteem: Windows 7 Service Pack 1 Processor: x64 Bestandssysteem: NTFS Gebruiker: Windows7 Scantype: Bedreigingsscan Resultaat: Voltooid Objecten gescand: 349411 Verstreken tijd: 18 min, 47 sec Geheugen: Ingeschakeld Opstarten: Ingeschakeld Bestandssysteem: Ingeschakeld Archieven: Ingeschakeld Rootkits: Uitgeschakeld Heuristiek: Ingeschakeld POP: Ingeschakeld POA: Ingeschakeld Processen: 0 (Geen kwaadaardige items gedetecteerd) Modules: 0 (Geen kwaadaardige items gedetecteerd) Registersleutels: 3 PUP.Optional.GravitySpace.A, HKLM\SOFTWARE\WOW6432NODE\GravitySpace, In quarantaine, [3f9b3ecd4b40211579611a05c340926e], PUP.Optional.ItsResultsHub.A, HKLM\SOFTWARE\WOW6432NODE\ItsResultsHub, In quarantaine, [37a363a8becd1521f5fd882a7094916f], PUP.Optional.Conduit.A, HKU\S-1-5-21-1869362604-1768435415-2293966079-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{951AA42A-7E13-44E8-9D49-B9609A3CB09D}, In quarantaine, [a13982897f0c0432e7e2bc69e71c1ce4], Registerwaarden: 3 PUP.Optional.Conduit.A, HKU\S-1-5-21-1869362604-1768435415-2293966079-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{951AA42A-7E13-44E8-9D49-B9609A3CB09D}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN38681808413092588&UM=2, In quarantaine, [a13982897f0c0432e7e2bc69e71c1ce4] PUP.Optional.Conduit.A, HKU\S-1-5-21-1869362604-1768435415-2293966079-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{951AA42A-7E13-44E8-9D49-B9609A3CB09D}|SuggestionsURL_JSON, http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, In quarantaine, [0fcb6ba0a5e674c2b8110a1b55aea55b] PUP.Optional.Conduit.A, HKU\S-1-5-21-1869362604-1768435415-2293966079-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{951AA42A-7E13-44E8-9D49-B9609A3CB09D}|FaviconURL, http://search.conduit.com/favicon.ico, In quarantaine, [b624fe0d1d6ea78f0abf0e174cb7d828] Registerdata: 0 (Geen kwaadaardige items gedetecteerd) Mappen: 46 PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb, In quarantaine, [b723e922ef9c89ad1628307351b3a759], PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater, In quarantaine, [b723e922ef9c89ad1628307351b3a759], PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a, In quarantaine, [e5f5c249b0db87aff747772c5ea6768a], PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a\updater, In quarantaine, [e5f5c249b0db87aff747772c5ea6768a], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\10, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\10bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12\resources, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12bak\resources, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\2, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\2bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\3, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\3bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\4, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\4bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\5, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\5bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7\resources, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7bak\resources, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\8, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\8bak, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugincontainer, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\10, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\10bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\2, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\2bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\5, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\5bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\6, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\6bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\resources, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7bak\resources, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\8, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\8bak, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], Bestanden: 65 PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer.bak, In quarantaine, [eeec8e7deba032045a985f2b7a8b16ea], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer.exe, In quarantaine, [e7f3f4179eed95a11ad8c4c6d035d22e], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\10\Plugin.exe, In quarantaine, [fedc5caf1b7062d4bf33b5d52ed7a15f], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\10bak\Plugin.exe, In quarantaine, [b327fe0d6c1fa88efdf56e1c8e77f10f], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12\Plugin.exe, In quarantaine, [31a9a665553674c24aa8eb9fc83de21e], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12\resources\plugin.dll, In quarantaine, [24b621eae4a7a59124cefb8f848158a8], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12bak\Plugin.exe, In quarantaine, [d505ac5f9cef3204b53d24662bdaa45c], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12bak\resources\plugin.dll, In quarantaine, [dbffda31d2b90531866c7b0fd23304fc], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\2\Plugin.exe, In quarantaine, [13c76e9dc8c388ae2bc7f09a6d9833cd], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\2bak\Plugin.exe, In quarantaine, [36a4f417ef9cdd59876b0a80a85d2ed2], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\3\Plugin.exe, In quarantaine, [9545d338800b211509e9d7b33bcaf40c], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\3bak\Plugin.exe, In quarantaine, [e4f654b73556cc6af5fdec9ea26307f9], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\4\Plugin.exe, In quarantaine, [35a524e7f398fb3b5c96ee9cd1349e62], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\4bak\Plugin.exe, In quarantaine, [af2bef1c4e3dae8829c998f212f3ec14], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\5\Plugin.exe, In quarantaine, [77636f9c6a2164d28f636c1edf261de3], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\5bak\Plugin.exe, In quarantaine, [b4262fdcf3986accea082664bc49857b], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7\Plugin.exe, In quarantaine, [3d9de72436552c0a20d2d7b3ad58da26], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7\resources\38.0.5.dll, In quarantaine, [6f6bfd0e355642f45d95d3b7de27c838], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7\resources\39.0.0.dll, In quarantaine, [1bbf84872863b581b83a4545bb4a42be], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7\resources\40.0.0.dll, In quarantaine, [a6348487731872c482702763b3523ec2], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7bak\Plugin.exe, In quarantaine, [78629e6db4d741f59a58058514f17090], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7bak\resources\38.0.5.dll, In quarantaine, [2baf7f8c6328e45247ab325827de5ca4], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7bak\resources\39.0.0.dll, In quarantaine, [776355b63a51e94d07ebe6a4a4612cd4], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7bak\resources\40.0.0.dll, In quarantaine, [26b4fc0f94f7300690624941db2ad927], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\8\Plugin.exe, In quarantaine, [4e8c68a3c2c99a9c5e94cebc6a9b18e8], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\8bak\Plugin.exe, In quarantaine, [6c6ef01b058671c5638ff694ca3bdd23], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugincontainer.bak, In quarantaine, [825854b7246788aeaf52f49920e53bc5], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugincontainer.exe, In quarantaine, [23b734d7d8b3f0461ee3721b6e9746ba], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\10\Plugin.exe, In quarantaine, [984230db8ffcf6405aa7eca131d4f010], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\10bak\Plugin.exe, In quarantaine, [2ab0c942cfbcc175778a0588f70e21df], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\2\Plugin.exe, In quarantaine, [14c60b00bfccfb3b5ea33e4f897c6d93], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\2bak\Plugin.exe, In quarantaine, [677312f9d1ba0f27fc05f895e71ecb35], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3\Plugin.exe, In quarantaine, [ac2e76957c0fa19509f81d701ee7c838], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3bak\Plugin.exe, In quarantaine, [fedc4ac1c0cbd85e09f86d2039cc14ec], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\5\Plugin.exe, In quarantaine, [10ca818a107b7eb85ea35f2eab5a41bf], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\5bak\Plugin.exe, In quarantaine, [edede328bbd01f17827f721bb64fd828], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\6\Plugin.exe, In quarantaine, [01d9dc2f8ffccb6b20e1e1ac1beabb45], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\6bak\Plugin.exe, In quarantaine, [499167a4bdce280ed8295c31788d57a9], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\Plugin.exe, In quarantaine, [b4262ae11279f6407a87731a897c8779], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\resources\38.0.5.dll, In quarantaine, [5b7fcc3fc3c8cd698c75dbb233d2f10f], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\resources\39.0.0.dll, In quarantaine, [736724e733583df9d0318c0164a129d7], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\resources\40.0.0.dll, In quarantaine, [0bcf000b82091f17679afc917293ff01], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7bak\Plugin.exe, In quarantaine, [03d7ab60fb9058decc35e8a59d680df3], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7bak\resources\38.0.5.dll, In quarantaine, [4a90b358b6d55ed820e199f47a8b4bb5], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7bak\resources\39.0.0.dll, In quarantaine, [756532d9424938fe3fc2cbc2a4617e82], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7bak\resources\40.0.0.dll, In quarantaine, [1bbf010afe8d74c2758c721be2236b95], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\8\Plugin.exe, In quarantaine, [8357bc4fef9c1422fc056924937212ee], PUP.Optional.Yontoo.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\8bak\Plugin.exe, In quarantaine, [e3f75bb063281c1aa160f7969174837d], PUP.Optional.Multiplug.A, C:\Program Files (x86)\Android Resource Navigator\Android Resource Navigator.exe, In quarantaine, [9644b952cbc069cd19ea8befa65bc53b], PUP.Optional.GravitySpace.A, C:\Users\Windows7\AppData\Local\Temp\{386A8078-9B0C-4E21-AF9C-0763C4143330}.dll, In quarantaine, [be1c8784bfcc6dc9935f04862bda22de], PUP.Optional.GravitySpace.A, C:\Users\Windows7\AppData\Local\Temp\{A68B0999-E601-42FA-B937-E3257121D458}.dll, In quarantaine, [d802e92257342e08ad45f1997f8617e9], PUP.Optional.GravitySpace.A, C:\Users\Windows7\AppData\Local\Temp\{AD002073-2619-498A-9649-D83E0DCEB12A}.dll, In quarantaine, [0ccebe4dfc8f03334ca6deac09fc2bd5], PUP.Optional.GravitySpace.A, C:\Users\Windows7\AppData\Local\Temp\{BE7CBEB9-9C0A-48ED-89FB-3A974B872CD9}.dll, In quarantaine, [27b3fc0f5c2fe15548aa1674c34256aa], PUP.Optional.GravitySpace.A, C:\Users\Windows7\AppData\Local\Temp\{DCD9AC96-E60D-4F14-B793-B29FDD1D65D9}.dll, In quarantaine, [16c4da315e2d95a11cd69febc243d32d], PUP.Optional.GravitySpace.A, C:\Users\Windows7\AppData\Local\Temp\{FBE0EE50-EF8A-4BA6-81BA-F5F399FE0272}.dll, In quarantaine, [81591cef1e6dad893cb608829a6b34cc], PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater.exe, In quarantaine, [b723e922ef9c89ad1628307351b3a759], PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater.bak, In quarantaine, [b723e922ef9c89ad1628307351b3a759], PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a\updater.exe, In quarantaine, [e5f5c249b0db87aff747772c5ea6768a], PUP.Optional.Updater.A, C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a\updater.bak, In quarantaine, [e5f5c249b0db87aff747772c5ea6768a], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\temp, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\12.zip, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\2.zip, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\4.zip, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.GravitySpace.A, C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\8.zip, In quarantaine, [4a9034d7dfac71c5d4390c0c5ba810f0], PUP.Optional.SeeMoreResultsHub.A, C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\temp, In quarantaine, [bf1bef1cb0dbc86edd5d8594f90a659b], Fysieke Sectoren: 0 (Geen kwaadaardige items gedetecteerd) -
gravity space en its result hub
albada53 reageerde op albada53's topic in Archief Bestrijding malware & virussen
Bijgaand het logbestand: # AdwCleaner v5.003 - Logbestand aangemaakt 22/08/2015 op 13:55:26 # Laatste update 20/08/2015 door Xplode # Database : 2015-08-20.1 [server] # Besturingssysteem : Windows 7 Ultimate Service Pack 1 (x64) # Gebruikersnaam : Windows7 - WINDOWS7-PC # Gestart vanuit : C:\Users\Windows7\Downloads\adwcleaner_5.003.exe # Optie : Verwijderen ***** [ Services ] ***** [-] Service Verwijderd : Service Mgr GravitySpace [-] Service Verwijderd : Service Mgr ItsResultsHub [-] Service Verwijderd : Update Mgr GravitySpace [-] Service Verwijderd : Update Mgr ItsResultsHub [-] Service Verwijderd : ba96e052 ***** [ Mappen ] ***** [-] Map Verwijderd : C:\Program Files (x86)\DealExpreess [-] Map Verwijderd : C:\Program Files (x86)\Gravity Space [-] Map Verwijderd : C:\Program Files (x86)\Its Results Hub [-] Map Verwijderd : C:\ProgramData\Conduit [-] Map Verwijderd : C:\ProgramData\Tarma Installer [-] Map Verwijderd : C:\ProgramData\Innovative Solutions [-] Map Verwijderd : C:\ProgramData\9362275760275399918 [-] Map Verwijderd : C:\ProgramData\{29248ef6-e2ae-4fb9-2924-48ef6e2a3bdb} [-] Map Verwijderd : C:\ProgramData\{e66a1256-a48f-ba52-e66a-a1256a48495a} [-] Map Verwijderd : C:\ProgramData\{f2250c9f-26f3-fc3d-f225-50c9f26f327c} [-] Map Verwijderd : C:\ProgramData\{f29e2a13-9ed9-d039-f29e-e2a139eda84e} [-] Map Verwijderd : C:\Users\Windows7\AppData\Local\AVG Secure Search [-] Map Verwijderd : C:\Users\Windows7\AppData\Local\Innovative Solutions [-] Map Verwijderd : C:\Users\Windows7\AppData\LocalLow\Conduit [-] Map Verwijderd : C:\Users\Windows7\AppData\LocalLow\PriceGong [-] Map Verwijderd : C:\Users\Windows7\AppData\Roaming\OpenCandy ***** [ Bestanden ] ***** ***** [ Snelkoppelingen ] ***** ***** [ geplande taken ] ***** [-] Taak Verwidjerd : Express FilesUpdate ***** [ Register ] ***** [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\Prod.cap [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\speedupmypc [-] Sleutel Verwidjerd : HKLM\SOFTWARE\ffe234b3-ae3a-7f66-5965-f0d45f30d325 [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{14df11ed} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ba96e052} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} [!] Sleutel Niet Verwidjerd : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{99415057-7C50-439D-AA20-02D83C071B61} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{2a361efd-fb26-4d2c-82ef-2535d46b8c07} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\CLSID\{8788dd2d-bed5-4071-8439-c822cef57bc8} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\TypeLib\{5DEBC66A-136E-4F2C-84CC-8A984EBA1195} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\TypeLib\{829DD016-D322-481B-8BA3-10064B09EAC4} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\TypeLib\{67B87BDE-141A-4CB3-AC00-49501C139D4A} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Classes\TypeLib\{F895EF08-C980-4DFC-A0C8-C40E25D66ADF} [-] Sleutel Verwidjerd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} [-] Sleutel Verwidjerd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Sleutel Verwidjerd : HKCU\Software\AppDataLow\Software\Conduit [-] Sleutel Verwidjerd : HKCU\Software\AppDataLow\Software\ConduitSearchScopes [-] Sleutel Verwidjerd : HKCU\Software\AppDataLow\Software\PriceGong [-] Sleutel Verwidjerd : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Conduit [-] Sleutel Verwidjerd : HKLM\SOFTWARE\Uniblue [!] Sleutel Niet Verwidjerd : HKLM\SOFTWARE\Uniblue\DriverScanner [-] Sleutel Verwidjerd : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81} [-] Sleutel Verwidjerd : [x64] HKLM\SOFTWARE\Tarma Installer ***** [ Internetbrowsers ] ***** [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : start.facemoods.com [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : r [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : toolbar.ask.com [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : search.conduit.com [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : isearch.avg.com [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : search.babylon.com [-] [C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : utorrent.nl.softonic.com ************************* :: Proxy instellingen gereset :: Winsock instellingen gereset :: Chrome policies verwijderd ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5883 bytes] ########## -
gravity space en its result hub
albada53 reageerde op albada53's topic in Archief Bestrijding malware & virussen
Bijgaand het logbestand: Logfile of random's system information tool 1.10 (written by random/random) Run by Windows7 at 2015-08-21 15:02:21 Microsoft Windows 7 Ultimate Service Pack 1 System drive C: has 57 GB (48%) free of 119 GB Total RAM: 3837 MB (54% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:02:34, on 21-8-2015 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17937) Boot mode: Normal Running processes: C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\plugin.exe C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3\plugin.exe C:\Program Files\trend micro\Windows7.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [spybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - (no file) O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Service Mgr GravitySpace - Unknown owner - C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer.exe O23 - Service: Service Mgr ItsResultsHub - Unknown owner - C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugincontainer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Update Mgr GravitySpace - Unknown owner - C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater.exe O23 - Service: Update Mgr ItsResultsHub - Unknown owner - C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a\updater.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9822 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "C:\Program Files\Microsoft Security Client\MsMpEng.exe" "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "taskhost.exe" taskeng.exe {C224045E-9219-4873-A700-1015A5DB18FC} "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe" C:\Windows\System32\svchost.exe -k utcsvc "C:\Program Files (x86)\PasswordBox\pbbtnService.exe" "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" "C:\Windows\system32\GWX\GWX.exe" "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugincontainer.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted "C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe" -services -injection-server "C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater.exe" "C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a\updater.exe" C:\Windows\system32\viakaraokesrv.exe "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 2664 "C:\Program Files (x86)\Canon\CAL\CALMAIN.exe" C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\EscSvc64.exe "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe" C:\Windows\system32\sppsvc.exe C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Microsoft Security Client\NisSrv.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-df44b463-1e02-423b-b923-d63e0e993532 -SystemEventPortName:HostProcess-aa644b8b-4303-4c01-b695-a0739716f5aa -IoCancelEventPortName:HostProcess-a45469d6-6b03-4f69-9584-b265221e3169 -NonStateChangingEventPortName:HostProcess-ef6b513c-6628-4778-8696-535d534ca7c3 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:dc3c264f-6a9c-41f8-88f5-2ce8ea95874b -DeviceGroupId:WpdFsGroup "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --profile-directory=Default "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4268.0.903073285\815527494" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,9,22,45 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x2e32 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2302 --ignored=" --type=renderer " /prefetch:822062411 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_31/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4268.1.25992095\1455480068" --font-cache-shared-handle=2024 /prefetch:673131151 "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\10\plugin.exe" "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\6\plugin.exe" "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\5\plugin.exe" "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\8\plugin.exe" "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\2\plugin.exe" "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3\plugin.exe" "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\plugin.exe" u "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\7\plugin.exe" "C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugins\3\plugin.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/Enabled/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_31/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4268.4.1957876780\195253755" --font-cache-shared-handle=2464 /prefetch:673131151 "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516 "C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer.exe" "C:\Users\Windows7\Downloads\RSITx64.exe" "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\tasks\AutoKMS.job - C:\Windows\AutoKMS\AutoKMS.exe C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0db7d54cc35d1.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0db7d5525056a.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584] "Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584] "Spotify Web Helper"=C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-08-15 2018360] "SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] C:\Users\Windows7\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-08-15 2018360] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2011-02-22 3019376] ""= [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-02-11 272896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access" "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service" "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater" "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=l3codecp.acm "VIDC.LAGS"=lagarith.dll "VIDC.FFDS"=ff_vfw.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2015-08-21 14:59:06 ----D---- C:\Program Files (x86)\Its Results Hub 2015-08-21 14:59:06 ----D---- C:\Program Files (x86)\Gravity Space 2015-08-21 10:19:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2015-08-21 10:19:35 ----A---- C:\Windows\system32\mshtml.dll 2015-08-21 00:15:18 ----A---- C:\Windows\system32\appraiser.dll 2015-08-21 00:15:17 ----A---- C:\Windows\system32\invagent.dll 2015-08-21 00:15:17 ----A---- C:\Windows\system32\generaltel.dll 2015-08-21 00:15:17 ----A---- C:\Windows\system32\devinv.dll 2015-08-21 00:15:17 ----A---- C:\Windows\system32\CompatTelRunner.exe 2015-08-21 00:15:17 ----A---- C:\Windows\system32\aepdu.dll 2015-08-21 00:15:17 ----A---- C:\Windows\system32\aeinv.dll 2015-08-21 00:15:17 ----A---- C:\Windows\system32\acmigration.dll 2015-08-16 22:03:24 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-16 22:03:24 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-16 21:49:19 ----A---- C:\Windows\system32\mstscax.dll 2015-08-16 21:49:18 ----A---- C:\Windows\SYSWOW64\mstscax.dll 2015-08-16 21:49:17 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll 2015-08-16 21:49:17 ----A---- C:\Windows\system32\rdvidcrl.dll 2015-08-16 21:49:16 ----A---- C:\Windows\SYSWOW64\tsgqec.dll 2015-08-16 21:49:16 ----A---- C:\Windows\system32\wksprt.exe 2015-08-16 21:49:16 ----A---- C:\Windows\system32\tsgqec.dll 2015-08-16 21:48:55 ----A---- C:\Windows\system32\ntoskrnl.exe 2015-08-16 21:48:55 ----A---- C:\Windows\system32\ntdll.dll 2015-08-16 21:48:55 ----A---- C:\Windows\system32\kernel32.dll 2015-08-16 21:48:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2015-08-16 21:48:54 ----A---- C:\Windows\SYSWOW64\ntdll.dll 2015-08-16 21:48:54 ----A---- C:\Windows\system32\sysmain.dll 2015-08-16 21:48:53 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2015-08-16 21:48:53 ----A---- C:\Windows\system32\drivers\mountmgr.sys 2015-08-16 21:48:52 ----A---- C:\Windows\SYSWOW64\kernel32.dll 2015-08-16 21:48:52 ----A---- C:\Windows\system32\wow64.dll 2015-08-16 21:48:52 ----A---- C:\Windows\system32\rstrui.exe 2015-08-16 21:48:52 ----A---- C:\Windows\system32\lsasrv.dll 2015-08-16 21:48:52 ----A---- C:\Windows\system32\KernelBase.dll 2015-08-16 21:48:51 ----A---- C:\Windows\SYSWOW64\kerberos.dll 2015-08-16 21:48:51 ----A---- C:\Windows\system32\winsrv.dll 2015-08-16 21:48:51 ----A---- C:\Windows\system32\srcore.dll 2015-08-16 21:48:51 ----A---- C:\Windows\system32\rpcrt4.dll 2015-08-16 21:48:51 ----A---- C:\Windows\system32\kerberos.dll 2015-08-16 21:48:49 ----A---- C:\Windows\SYSWOW64\schannel.dll 2015-08-16 21:48:49 ----A---- C:\Windows\SYSWOW64\msv1_0.dll 2015-08-16 21:48:49 ----A---- C:\Windows\system32\wdigest.dll 2015-08-16 21:48:49 ----A---- C:\Windows\system32\schannel.dll 2015-08-16 21:48:49 ----A---- C:\Windows\system32\msv1_0.dll 2015-08-16 21:48:49 ----A---- C:\Windows\system32\csrsrv.dll 2015-08-16 21:48:49 ----A---- C:\Windows\system32\conhost.exe 2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\wdigest.dll 2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\TSpkg.dll 2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\ncrypt.dll 2015-08-16 21:48:48 ----A---- C:\Windows\SYSWOW64\KernelBase.dll 2015-08-16 21:48:48 ----A---- C:\Windows\system32\TSpkg.dll 2015-08-16 21:48:48 ----A---- C:\Windows\system32\sspicli.dll 2015-08-16 21:48:48 ----A---- C:\Windows\system32\smss.exe 2015-08-16 21:48:48 ----A---- C:\Windows\system32\ncrypt.dll 2015-08-16 21:48:48 ----A---- C:\Windows\system32\lsass.exe 2015-08-16 21:48:48 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2015-08-16 21:48:48 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2015-08-16 21:48:47 ----A---- C:\Windows\SYSWOW64\srclient.dll 2015-08-16 21:48:47 ----A---- C:\Windows\SYSWOW64\setup16.exe 2015-08-16 21:48:47 ----A---- C:\Windows\SYSWOW64\auditpol.exe 2015-08-16 21:48:47 ----A---- C:\Windows\system32\srclient.dll 2015-08-16 21:48:47 ----A---- C:\Windows\system32\ntvdm64.dll 2015-08-16 21:48:47 ----A---- C:\Windows\system32\cryptbase.dll 2015-08-16 21:48:47 ----A---- C:\Windows\system32\auditpol.exe 2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\secur32.dll 2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll 2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll 2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\cryptbase.dll 2015-08-16 21:48:46 ----A---- C:\Windows\SYSWOW64\credssp.dll 2015-08-16 21:48:46 ----A---- C:\Windows\system32\wow64win.dll 2015-08-16 21:48:46 ----A---- C:\Windows\system32\sspisrv.dll 2015-08-16 21:48:46 ----A---- C:\Windows\system32\secur32.dll 2015-08-16 21:48:46 ----A---- C:\Windows\system32\msmmsp.dll 2015-08-16 21:48:46 ----A---- C:\Windows\system32\credssp.dll 2015-08-16 21:48:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-16 21:48:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-08-16 21:48:45 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-16 21:48:45 ----A---- C:\Windows\SYSWOW64\wow32.dll 2015-08-16 21:48:45 ----A---- C:\Windows\SYSWOW64\sspicli.dll 2015-08-16 21:48:45 ----A---- C:\Windows\system32\wow64cpu.dll 2015-08-16 21:48:45 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys 2015-08-16 21:48:45 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys 2015-08-16 21:48:45 ----A---- C:\Windows\system32\drivers\mrxsmb.sys 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-08-16 21:48:44 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-08-16 21:48:43 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll 2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll 2015-08-16 21:48:42 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll 2015-08-16 21:48:42 ----A---- C:\Windows\SYSWOW64\instnm.exe 2015-08-16 21:48:42 ----A---- C:\Windows\SYSWOW64\apisetschema.dll 2015-08-16 21:48:42 ----A---- C:\Windows\system32\apisetschema.dll 2015-08-16 21:48:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-08-16 21:48:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll 2015-08-16 21:48:41 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-08-16 21:48:41 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-08-16 21:48:41 ----A---- C:\Windows\SYSWOW64\user.exe 2015-08-16 21:48:41 ----A---- C:\Windows\SYSWOW64\adtschema.dll 2015-08-16 21:48:41 ----A---- C:\Windows\system32\adtschema.dll 2015-08-16 21:48:40 ----A---- C:\Windows\SYSWOW64\msobjs.dll 2015-08-16 21:48:40 ----A---- C:\Windows\SYSWOW64\msaudite.dll 2015-08-16 21:48:40 ----A---- C:\Windows\system32\msobjs.dll 2015-08-16 21:48:40 ----A---- C:\Windows\system32\msaudite.dll 2015-08-16 21:47:20 ----A---- C:\Windows\system32\basesrv.dll 2015-08-16 21:46:09 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2015-08-16 21:46:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2015-08-16 21:46:09 ----A---- C:\Windows\system32\iertutil.dll 2015-08-16 21:46:09 ----A---- C:\Windows\system32\ieetwcollector.exe 2015-08-16 21:46:08 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2015-08-16 21:46:08 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2015-08-16 21:46:08 ----A---- C:\Windows\system32\ieetwproxystub.dll 2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2015-08-16 21:46:07 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll 2015-08-16 21:46:07 ----A---- C:\Windows\system32\iernonce.dll 2015-08-16 21:46:07 ----A---- C:\Windows\system32\ie4uinit.exe 2015-08-16 21:46:06 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2015-08-16 21:46:06 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2015-08-16 21:46:06 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-08-16 21:46:05 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2015-08-16 21:46:05 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2015-08-16 21:46:05 ----A---- C:\Windows\system32\iedkcs32.dll 2015-08-16 21:46:04 ----A---- C:\Windows\system32\urlmon.dll 2015-08-16 21:46:04 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\jscript.dll 2015-08-16 21:46:03 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2015-08-16 21:46:03 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2015-08-16 21:46:02 ----A---- C:\Windows\SYSWOW64\ieui.dll 2015-08-16 21:46:02 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2015-08-16 21:46:02 ----A---- C:\Windows\system32\dxtrans.dll 2015-08-16 21:46:00 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2015-08-16 21:46:00 ----A---- C:\Windows\system32\msfeeds.dll 2015-08-16 21:45:59 ----A---- C:\Windows\system32\iesetup.dll 2015-08-16 21:45:59 ----A---- C:\Windows\system32\ieapfltr.dll 2015-08-16 21:45:57 ----A---- C:\Windows\SYSWOW64\wininet.dll 2015-08-16 21:45:57 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll 2015-08-16 21:45:57 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2015-08-16 21:45:57 ----A---- C:\Windows\system32\vbscript.dll 2015-08-16 21:45:57 ----A---- C:\Windows\system32\jsproxy.dll 2015-08-16 21:45:57 ----A---- C:\Windows\system32\ieUnatt.exe 2015-08-16 21:45:56 ----A---- C:\Windows\SYSWOW64\msrating.dll 2015-08-16 21:45:56 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll 2015-08-16 21:45:56 ----A---- C:\Windows\system32\dxtmsft.dll 2015-08-16 21:45:55 ----A---- C:\Windows\system32\mshtmled.dll 2015-08-16 21:45:55 ----A---- C:\Windows\system32\ieui.dll 2015-08-16 21:45:55 ----A---- C:\Windows\system32\ieframe.dll 2015-08-16 21:45:54 ----A---- C:\Windows\system32\wininet.dll 2015-08-16 21:45:54 ----A---- C:\Windows\system32\mshtmlmedia.dll 2015-08-16 21:45:54 ----A---- C:\Windows\system32\jscript9diag.dll 2015-08-16 21:45:54 ----A---- C:\Windows\system32\jscript9.dll 2015-08-16 21:45:54 ----A---- C:\Windows\system32\jscript.dll 2015-08-16 21:45:53 ----A---- C:\Windows\system32\msrating.dll 2015-08-16 21:45:53 ----A---- C:\Windows\system32\MshtmlDac.dll 2015-08-16 21:45:04 ----A---- C:\Windows\SYSWOW64\WebClnt.dll 2015-08-16 21:45:04 ----A---- C:\Windows\SYSWOW64\davclnt.dll 2015-08-16 21:45:04 ----A---- C:\Windows\system32\WebClnt.dll 2015-08-16 21:45:04 ----A---- C:\Windows\system32\davclnt.dll 2015-08-16 21:45:01 ----A---- C:\Windows\system32\msxml3.dll 2015-08-16 21:45:00 ----A---- C:\Windows\SYSWOW64\msxml6.dll 2015-08-16 21:45:00 ----A---- C:\Windows\SYSWOW64\msxml3.dll 2015-08-16 21:45:00 ----A---- C:\Windows\system32\msxml6.dll 2015-08-16 21:44:59 ----A---- C:\Windows\SYSWOW64\msxml6r.dll 2015-08-16 21:44:59 ----A---- C:\Windows\SYSWOW64\msxml3r.dll 2015-08-16 21:44:59 ----A---- C:\Windows\system32\msxml6r.dll 2015-08-16 21:44:59 ----A---- C:\Windows\system32\msxml3r.dll 2015-08-16 21:44:56 ----A---- C:\Windows\SYSWOW64\DWrite.dll 2015-08-16 21:44:56 ----A---- C:\Windows\system32\win32k.sys 2015-08-16 21:44:56 ----A---- C:\Windows\system32\FntCache.dll 2015-08-16 21:44:56 ----A---- C:\Windows\system32\DWrite.dll 2015-08-16 21:44:56 ----A---- C:\Windows\system32\atmfd.dll 2015-08-16 21:44:55 ----A---- C:\Windows\SYSWOW64\atmfd.dll 2015-08-16 21:44:53 ----A---- C:\Windows\system32\lpk.dll 2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\lpk.dll 2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\fontsub.dll 2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\dciman32.dll 2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll 2015-08-16 21:44:52 ----A---- C:\Windows\SYSWOW64\atmlib.dll 2015-08-16 21:44:52 ----A---- C:\Windows\system32\fontsub.dll 2015-08-16 21:44:52 ----A---- C:\Windows\system32\dciman32.dll 2015-08-16 21:44:52 ----A---- C:\Windows\system32\d3d10warp.dll 2015-08-16 21:44:52 ----A---- C:\Windows\system32\atmlib.dll 2015-08-16 21:44:48 ----A---- C:\Windows\SYSWOW64\notepad.exe 2015-08-16 21:44:48 ----A---- C:\Windows\system32\notepad.exe 2015-08-16 21:44:48 ----A---- C:\Windows\notepad.exe 2015-08-16 21:44:45 ----A---- C:\Windows\system32\shell32.dll 2015-08-16 21:44:44 ----A---- C:\Windows\SYSWOW64\shell32.dll 2015-08-16 21:43:57 ----A---- C:\Windows\SYSWOW64\wuwebv.dll 2015-08-16 21:43:57 ----A---- C:\Windows\SYSWOW64\wuapi.dll 2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuwebv.dll 2015-08-16 21:43:57 ----A---- C:\Windows\system32\wucltux.dll 2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuaueng.dll 2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuauclt.exe 2015-08-16 21:43:57 ----A---- C:\Windows\system32\wuapi.dll 2015-08-16 21:43:56 ----A---- C:\Windows\SYSWOW64\wups.dll 2015-08-16 21:43:56 ----A---- C:\Windows\SYSWOW64\wudriver.dll 2015-08-16 21:43:56 ----A---- C:\Windows\SYSWOW64\wuapp.exe 2015-08-16 21:43:56 ----A---- C:\Windows\system32\wups2.dll 2015-08-16 21:43:56 ----A---- C:\Windows\system32\wups.dll 2015-08-16 21:43:56 ----A---- C:\Windows\system32\wudriver.dll 2015-08-16 21:43:56 ----A---- C:\Windows\system32\wuapp.exe 2015-08-16 21:43:56 ----A---- C:\Windows\system32\wu.upgrade.ps.dll 2015-08-16 21:43:56 ----A---- C:\Windows\system32\WinSetupUI.dll 2015-08-16 21:24:19 ----HD---- C:\$Windows.~BT 2015-08-16 21:07:57 ----ASH---- C:\pagefile.sys 2015-08-16 21:07:54 ----ASH---- C:\hiberfil.sys 2015-08-16 20:54:21 ----D---- C:\$SysReset 2015-08-10 00:06:22 ----SHD---- C:\Recovery 2015-08-04 19:38:54 ----D---- C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a 2015-08-04 19:38:08 ----D---- C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb 2015-07-31 21:32:16 ----D---- C:\ProgramData\{29248ef6-e2ae-4fb9-2924-48ef6e2a3bdb} 2015-07-29 19:46:46 ----D---- C:\Program Files\Common Files\AV 2015-07-27 09:32:07 ----D---- C:\ProgramData\{e66a1256-a48f-ba52-e66a-a1256a48495a} ======List of files/folders modified in the last 1 month====== 2015-08-21 15:02:28 ----D---- C:\Windows\Temp 2015-08-21 15:02:24 ----D---- C:\Program Files\trend micro 2015-08-21 14:59:06 ----RD---- C:\Program Files (x86) 2015-08-21 13:54:59 ----D---- C:\Windows\system32\config 2015-08-21 12:09:19 ----D---- C:\Windows\system32\drivers\etc 2015-08-21 10:23:07 ----D---- C:\Windows\winsxs 2015-08-21 10:20:56 ----SD---- C:\Windows\system32\CompatTel 2015-08-21 10:20:56 ----D---- C:\Windows\SysWOW64 2015-08-21 10:20:56 ----D---- C:\Windows\system32\appraiser 2015-08-21 10:20:56 ----D---- C:\Windows\System32 2015-08-21 10:20:56 ----D---- C:\Windows\AppPatch 2015-08-21 10:19:25 ----SHD---- C:\System Volume Information 2015-08-21 00:06:16 ----D---- C:\Windows 2015-08-20 21:25:01 ----SHD---- C:\Windows\Installer 2015-08-20 21:21:44 ----D---- C:\Program Files (x86)\Google 2015-08-20 21:20:53 ----D---- C:\Windows\Tasks 2015-08-20 21:20:53 ----D---- C:\Windows\system32\Tasks 2015-08-20 21:04:32 ----D---- C:\Windows\inf 2015-08-20 21:04:32 ----A---- C:\Windows\system32\PerfStringBackup.INI 2015-08-20 20:57:17 ----D---- C:\Windows\pss 2015-08-20 19:44:27 ----D---- C:\Windows\rescache 2015-08-20 18:55:27 ----D---- C:\Windows\Microsoft.NET 2015-08-20 18:54:31 ----RSD---- C:\Windows\assembly 2015-08-17 07:07:29 ----D---- C:\Boot 2015-08-17 06:58:11 ----RSD---- C:\Windows\Media 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\zh-TW 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\zh-HK 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\zh-CN 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\tr-TR 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\sv-SE 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\ru-RU 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\pt-PT 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\pt-BR 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\pl-PL 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\nb-NO 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\migration 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\ko-KR 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\ja-JP 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\it-IT 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\hu-HU 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\fr-FR 2015-08-17 06:58:09 ----D---- C:\Windows\SYSWOW64\fi-FI 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\es-ES 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\el-GR 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\de-DE 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\da-DK 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\cs-CZ 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\color 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\BioAPIFFDB 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\Atheros_L1e 2015-08-17 06:58:08 ----D---- C:\Windows\SYSWOW64\Adobe 2015-08-17 06:58:07 ----D---- C:\Windows\system32\zh-TW 2015-08-17 06:58:07 ----D---- C:\Windows\system32\zh-HK 2015-08-17 06:58:07 ----D---- C:\Windows\system32\zh-CN 2015-08-17 06:58:07 ----D---- C:\Windows\system32\tr-TR 2015-08-17 06:58:07 ----D---- C:\Windows\system32\sv-SE 2015-08-17 06:58:04 ----D---- C:\Windows\system32\ru-RU 2015-08-17 06:58:04 ----D---- C:\Windows\system32\pt-PT 2015-08-17 06:58:04 ----D---- C:\Windows\system32\pt-BR 2015-08-17 06:58:04 ----D---- C:\Windows\system32\pl-PL 2015-08-17 06:58:04 ----D---- C:\Windows\system32\NDF 2015-08-17 06:58:04 ----D---- C:\Windows\system32\nb-NO 2015-08-17 06:58:04 ----D---- C:\Windows\system32\migration 2015-08-17 06:58:04 ----D---- C:\Windows\system32\ko-KR 2015-08-17 06:58:04 ----D---- C:\Windows\system32\ja-JP 2015-08-17 06:58:04 ----D---- C:\Windows\system32\it-IT 2015-08-17 06:58:03 ----DC---- C:\Windows\system32\DRVSTORE 2015-08-17 06:58:03 ----D---- C:\Windows\system32\hu-HU 2015-08-17 06:58:03 ----D---- C:\Windows\system32\fr-FR 2015-08-17 06:58:03 ----D---- C:\Windows\system32\fi-FI 2015-08-17 06:58:03 ----D---- C:\Windows\system32\es-ES 2015-08-17 06:58:03 ----D---- C:\Windows\system32\el-GR 2015-08-17 06:58:03 ----D---- C:\Windows\system32\de-DE 2015-08-17 06:58:03 ----D---- C:\Windows\system32\da-DK 2015-08-17 06:58:03 ----D---- C:\Windows\system32\cs-CZ 2015-08-17 06:58:02 ----D---- C:\Windows\system32\appmgmt 2015-08-17 06:58:02 ----D---- C:\Windows\ShellNew 2015-08-17 06:58:01 ----D---- C:\Windows\PolicyDefinitions 2015-08-17 06:58:00 ----D---- C:\Windows\nl 2015-08-17 06:58:00 ----D---- C:\Windows\LiveKernelReports 2015-08-17 06:57:56 ----RSD---- C:\Windows\Fonts 2015-08-17 06:57:56 ----D---- C:\Windows\Downloaded Program Files 2015-08-17 06:57:56 ----D---- C:\Windows\DigitalLocker 2015-08-17 06:57:55 ----SD---- C:\ProgramData\Microsoft 2015-08-17 06:57:55 ----HD---- C:\ProgramData 2015-08-17 06:57:52 ----D---- C:\Program Files (x86)\MSBuild 2015-08-17 06:57:52 ----D---- C:\Program Files (x86)\Microsoft.NET 2015-08-17 06:57:52 ----D---- C:\Program Files (x86)\Common Files 2015-08-17 06:57:51 ----RD---- C:\Program Files 2015-08-17 06:57:51 ----D---- C:\Program Files\Common Files\System 2015-08-17 06:57:51 ----D---- C:\Program Files\Common Files\Microsoft Shared 2015-08-17 06:57:50 ----D---- C:\Windows\system32\Recovery 2015-08-17 06:57:50 ----D---- C:\Program Files\Common Files 2015-08-17 06:57:48 ----SD---- C:\Users\Windows7\AppData\Roaming\Microsoft 2015-08-16 22:13:23 ----D---- C:\Windows\SYSWOW64\nl-NL 2015-08-16 22:13:23 ----D---- C:\Windows\SYSWOW64\en-US 2015-08-16 22:13:22 ----D---- C:\Windows\system32\nl-NL 2015-08-16 22:13:22 ----D---- C:\Windows\system32\en-US 2015-08-16 22:13:22 ----D---- C:\Windows\system32\drivers\nl-NL 2015-08-16 22:13:22 ----D---- C:\Windows\system32\drivers\en-US 2015-08-16 22:13:21 ----D---- C:\Windows\system32\drivers 2015-08-16 22:13:04 ----D---- C:\Program Files\Internet Explorer 2015-08-16 22:12:58 ----D---- C:\Program Files (x86)\Internet Explorer 2015-08-16 22:04:25 ----D---- C:\ProgramData\Microsoft Help 2015-08-16 22:04:12 ----A---- C:\Windows\win.ini 2015-08-16 22:03:47 ----D---- C:\Windows\system32\catroot2 2015-08-16 21:41:49 ----D---- C:\Windows\Panther 2015-08-16 21:36:49 ----D---- C:\ProgramData\{f2250c9f-26f3-fc3d-f225-50c9f26f327c} 2015-08-15 21:31:11 ----D---- C:\Users\Windows7\AppData\Roaming\Spotify 2015-08-15 20:38:54 ----D---- C:\Program Files (x86)\1Password 4 2015-08-15 19:14:33 ----D---- C:\Program Files\Microsoft Silverlight 2015-08-15 19:14:33 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2015-08-15 19:04:11 ----A---- C:\Windows\system32\MRT.exe 2015-08-15 18:46:05 ----D---- C:\Users\Windows7\AppData\Roaming\Identities 2015-08-09 14:34:49 ----D---- C:\Windows\registration 2015-08-09 13:27:10 ----RASH---- C:\BOOTSECT.BAK 2015-08-05 17:50:20 ----D---- C:\ProgramData\9362275760275399918 2015-07-29 19:46:43 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-07-29 19:38:37 ----D---- C:\Windows\Logs 2015-07-25 17:34:03 ----D---- C:\Program Files\CCleaner 2015-07-25 16:58:10 ----D---- C:\ProgramData\{f29e2a13-9ed9-d039-f29e-e2a139eda84e} 2015-07-25 16:48:03 ----SD---- C:\Windows\system32\GWX ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376] R0 RapportHades64;RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [2015-07-29 139896] R0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2015-07-29 394584] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560] R1 RapportCerberus_1507063;RapportCerberus_1507063; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507063.sys [2015-08-20 958232] R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-07-29 500088] R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-07-29 489240] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2011-02-17 2153072] S1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [] S1 GLogin;GLogin; C:\Windows\system32\drivers\GLogin.sys [] S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [] S3 netr28ux;Sweex Wireless USB Adapter Driver; C:\Windows\system32\DRIVERS\netr28ux.sys [2010-07-27 1241952] S3 NMgamingmsFltr;USB Optical Mouse; C:\Windows\system32\drivers\NMgamingms.sys [2009-07-24 11264] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2011-08-11 694376] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688] S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960] S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496] S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [] S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128] R2 CCALib8;Canon Camera Access Library 8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [2006-03-30 96341] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 EpsonScanSvc;Epson Scanner Service; C:\Windows\system32\EscSvc64.exe [2011-12-12 135824] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816] R2 PasswordBox;PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-05-14 67584] R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-07-29 2255128] R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168] R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408] R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928] R2 Service Mgr GravitySpace;Service Mgr GravitySpace; C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer.exe [2015-08-21 1189648] R2 Service Mgr ItsResultsHub;Service Mgr ItsResultsHub; C:\ProgramData\ff8de6dd-320f-4157-95aa-b9e38361078a\plugincontainer.exe [2015-08-21 1192720] R2 Update Mgr GravitySpace;Update Mgr GravitySpace; C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater.exe [2015-08-21 702224] R2 Update Mgr ItsResultsHub;Update Mgr ItsResultsHub; C:\Program Files (x86)\Common Files\ff8de6dd-320f-4157-95aa-b9e38361078a\updater.exe [2015-08-21 708880] R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2011-02-17 27760] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544] R3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S2 ba96e052;SystemPlus; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20 144200] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14 268976] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20 144200] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-16 114688] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-02-02 1255736] S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944] -----------------EOF----------------- -
gravity space en its result hub
albada53 plaatste een topic in Archief Bestrijding malware & virussen
Ik krijg steeds de programma's: Gravity Space en Its Result Hub op mijn programma. Ik heb begrepen dat dit Addware is. Ik heb in de instellingen van Google Chrome bij extensions alles teruggezet naar de standaardwaarden maar toch komen deze 2 programma's bij het opstarten mee met de browser. Hoe kan ik deze programma's definitief verwijderen? En zijn deze programma's schadelijk? -
na upgrade naar windows 10 werkt mijn draadloze toetsenbord niet meer
albada53 reageerde op albada53's topic in Archief Windows 10
Hartelijk dank voor uw advies. Alles werkt weer. Super! -
na upgrade naar windows 10 werkt mijn draadloze toetsenbord niet meer
albada53 reageerde op albada53's topic in Archief Windows 10
Dank voor reactie. Ik ga een bekabeld toetsenbord aanschaffen en hoop dat ik op deze manier "binnen" kan komen. Hartelijk dank voor uw hulp. Mocht het niet lukken dan hoop ik weer een beroep op u te mogen doen. -
na upgrade naar windows 10 werkt mijn draadloze toetsenbord niet meer
albada53 plaatste een topic in Archief Windows 10
na het upgraden naar windows 10 werkt mijn draadloze toetsenbord niet meer. ik heb mijn computer beveiligd met een gebruikersnaam en wachtwoord en kan nu niet meer inloggen. ik heb de cd nog van logitech maar wellicht is dit niet compatibel met windows 10? -
win32.downloader.gen
albada53 reageerde op albada53's topic in Archief Bestrijding malware & virussen
Dank voor uw bericht. Bijgaand de inhoud van de log van RSIT. Ik heb inmiddels op de C-schijf bestanden verwijderd die betrekking hadden op de toolbar en kom nu ook geen melding van malware meer tegen met Spybot&Search: Logfile of random's system information tool 1.09 (written by random/random) Run by Windows7 at 2014-01-12 20:57:57 Microsoft Windows 7 Ultimate Service Pack 1 System drive C: has 68 GB (57%) free of 119 GB Total RAM: 3837 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:58:17, on 12-1-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\trend micro\Windows7.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files (x86)\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: G Data Backup Service (GDBackupSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe O23 - Service: G Data Tuner Service (GDTunerSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: G Data Datasafeservice (TSNxGService) - G Data Software - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater17.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8870 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "taskhost.exe" "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe" "C:\Program Files (x86)\PasswordBox\pbbtnService.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe" C:\Windows\system32\viakaraokesrv.exe "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe" "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe" 72648 "C:\ProgramData\AVG SafeGuard toolbar\Logger\logger.properties" \??\C:\Windows\system32\conhost.exe "-1458266172-1641278595-4726277001464456352-2014956984-1539071642-17810601041741051306 "C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r "C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe" "C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe" "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe" "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dd5edb54-99cd-4470-b4ee-f87e98c29800 -SystemEventPortName:HostProcess-af256238-d5c9-44b5-a5b8-443adc2f9023 -IoCancelEventPortName:HostProcess-395d8718-2891-45f3-bc01-ecf5a73b59b3 -NonStateChangingEventPortName:HostProcess-58abe0e8-449f-474d-bda1-c678337cd266 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0f3edae2-9766-4f9b-ad55-b8cf290d4680 -DeviceGroupId:WpdFsGroup C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4964 CREDAT:267521 /prefetch:2 C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe -Embedding "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe" -Embedding "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4964 CREDAT:922926 /prefetch:2 C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\sppsvc.exe "C:\Users\Windows7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZRG0869\RSITx64.exe" ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\AutoKMS.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-08 6669000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5DB69B97-934B-451D-94DB-32EF802A01CD}] PasswordBox Helper - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2013-12-23 129032] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-08 4171464] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] AVG SafeGuard toolbar - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll [2014-01-10 3349528] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {95B7759C-8C7F-4BF1-B163-73684A933233} - AVG SafeGuard toolbar - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll [2014-01-10 3349528] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584] "Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304] "BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2011-02-22 3019376] ""= [] "GDFirewallTray"=C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe [2013-03-22 1854928] "zBrowser Launcher"=C:\Program Files (x86)\Logitech\iTouch\iTouch.exe [2002-11-23 631362] "G Data AntiVirus Tray"=C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe [2013-08-21 1444472] "vProt"=C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2014-01-10 2486296] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-02-11 272896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-08 6669000] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-08 4171464] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=l3codecp.acm "VIDC.LAGS"=lagarith.dll "VIDC.FFDS"=ff_vfw.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-01-12 20:57:58 ----D---- C:\Program Files\trend micro 2014-01-12 20:57:57 ----D---- C:\rsit 2014-01-04 20:27:38 ----A---- C:\autoexec.bat 2014-01-04 20:24:28 ----D---- C:\Program Files\Enigma Software Group 2014-01-04 20:23:41 ----D---- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP 2014-01-04 17:17:27 ----D---- C:\Windows\SYSWOW64\SearchProtect 2014-01-04 17:15:35 ----D---- C:\ProgramData\Conduit 2014-01-04 17:14:27 ----D---- C:\Users\Windows7\AppData\Roaming\OpenCandy 2014-01-01 16:13:13 ----D---- C:\Windows\system32\appmgmt 2014-01-01 16:05:34 ----A---- C:\Windows\SYSWOW64\drmclien.dll 2014-01-01 15:35:05 ----N---- C:\Windows\SYSWOW64\MultiSZ.dll 2014-01-01 15:35:02 ----A---- C:\Windows\SYSWOW64\TwnLib20.dll 2014-01-01 15:35:02 ----A---- C:\Windows\SYSWOW64\picn20.dll 2014-01-01 15:35:02 ----A---- C:\Windows\SYSWOW64\imagx5.dll 2014-01-01 15:35:01 ----A---- C:\Windows\SYSWOW64\ImagXpr5.dll 2014-01-01 15:35:01 ----A---- C:\Windows\SYSWOW64\imagr5.dll 2014-01-01 15:34:24 ----D---- C:\Program Files (x86)\Ahead 2014-01-01 15:34:24 ----A---- C:\Windows\SYSWOW64\NeroCheck.exe 2014-01-01 14:42:31 ----A---- C:\Windows\SYSWOW64\ShellManager10E2D762.dll 2014-01-01 14:42:31 ----A---- C:\Windows\SYSWOW64\NEROINSTAEC43759.DB 2013-12-31 16:37:46 ----D---- C:\ProgramData\Ahead ======List of files/folders modified in the last 1 month====== 2014-01-12 20:58:03 ----D---- C:\Windows\Temp 2014-01-12 20:57:58 ----RD---- C:\Program Files 2014-01-12 20:48:30 ----D---- C:\Windows\system32\config 2014-01-10 12:16:48 ----SHD---- C:\System Volume Information 2014-01-10 12:13:21 ----D---- C:\ProgramData\AVG SafeGuard toolbar 2014-01-10 12:13:17 ----D---- C:\Program Files (x86)\AVG SafeGuard toolbar 2014-01-08 11:17:53 ----SHD---- C:\#GDATA.Trash.Store# 2014-01-08 11:17:46 ----D---- C:\Windows\SysWOW64 2014-01-07 13:03:19 ----D---- C:\Windows\system32\catroot2 2014-01-07 11:36:38 ----D---- C:\Windows\system32\NDF 2014-01-05 22:26:55 ----D---- C:\Users\Windows7\AppData\Roaming\uTorrent 2014-01-05 12:35:26 ----D---- C:\Windows 2014-01-05 11:08:01 ----D---- C:\ProgramData\Spybot - Search & Destroy 2014-01-05 10:41:08 ----RD---- C:\Program Files (x86) 2014-01-05 10:13:02 ----SHD---- C:\Windows\Installer 2014-01-05 10:13:02 ----SD---- C:\Users\Windows7\AppData\Roaming\Microsoft 2014-01-04 20:23:39 ----D---- C:\Program Files (x86)\Common Files 2014-01-04 17:44:45 ----D---- C:\Windows\system32\Tasks 2014-01-04 17:44:44 ----D---- C:\Windows\Tasks 2014-01-04 17:15:35 ----HD---- C:\ProgramData 2014-01-01 16:42:20 ----D---- C:\ProgramData\Adobe 2014-01-01 16:42:19 ----D---- C:\Program Files (x86)\Adobe 2014-01-01 16:23:22 ----D---- C:\Windows\inf 2014-01-01 16:14:58 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2014-01-01 16:13:13 ----D---- C:\Windows\System32 2014-01-01 16:12:05 ----D---- C:\Windows\SYSWOW64\Adobe 2014-01-01 16:12:05 ----D---- C:\Program Files\Internet Explorer 2014-01-01 16:05:34 ----D---- C:\Windows\system32\catroot 2014-01-01 15:02:54 ----D---- C:\Windows\ehome 2013-12-31 12:23:29 ----D---- C:\Users\Windows7\AppData\Roaming\Ahead 2013-12-31 11:47:13 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-12-29 12:44:44 ----D---- C:\Program Files (x86)\Internet Explorer 2013-12-26 18:57:10 ----D---- C:\Program Files (x86)\PasswordBox 2013-12-14 18:35:56 ----D---- C:\Windows\debug 2013-12-14 16:07:20 ----D---- C:\Windows\rescache 2013-12-14 09:54:30 ----D---- C:\Windows\system32\MRT 2013-12-14 09:53:03 ----A---- C:\Windows\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 GDBehave;GDBehave; C:\Windows\system32\drivers\GDBehave.sys [2013-11-24 60248] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R0 TS4NT;TS4nt driver; C:\Windows\System32\Drivers\TS4nt.sys [2013-11-24 98760] R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-11-21 46368] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560] R1 gddcv;G Data DCV Driver; \??\C:\Windows\system32\drivers\gddcv64.sys [2013-11-24 59736] R1 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [2013-11-24 130392] R1 gdwfpcd;G Data WFP CD; C:\Windows\system32\drivers\gdwfpcd64.sys [2013-11-24 64856] R1 GRD;G Data Rootkit Detector Driver; \??\C:\Windows\system32\drivers\GRD.sys [2013-11-24 106272] R1 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [2013-11-24 65368] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R3 gddcd;G Data DCD Driver; \??\C:\Windows\system32\drivers\gddcd64.sys [2013-11-24 79704] R3 GDPkIcpt;GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [2013-11-24 63320] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2011-02-17 2153072] S1 GLogin;GLogin; C:\Windows\system32\drivers\GLogin.sys [] S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [] S3 netr28ux;Sweex Wireless USB Adapter Driver; C:\Windows\system32\DRIVERS\netr28ux.sys [2010-07-27 1241952] S3 NMgamingmsFltr;USB Optical Mouse; C:\Windows\system32\drivers\NMgamingms.sys [2009-07-24 11264] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2011-08-11 694376] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688] S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960] S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [] S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-05 65640] R2 AVKProxy;G Data AntiVirus Proxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2013-08-26 1970296] R2 AVKService;G Data Scheduler; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [2013-08-21 635000] R2 AVKWCtl;G Data Bestandssysteembewaker; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe [2013-10-15 2562208] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 GDBackupSvc;G Data Backup Service; C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2013-08-21 1947768] R2 PasswordBox;PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-11-01 67584] R2 TSNxGService;G Data Datasafeservice; C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [2013-09-17 255608] R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2011-02-17 27760] R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-01-10 1771544] R3 GDFwSvc;G Data Personal Firewall; C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [2013-10-17 2942808] R3 GDScan;G Data Scanner; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2013-08-22 695416] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 GDTunerSvc;G Data Tuner Service; C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [2013-02-25 1711568] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-03-08 50921648] S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-02-02 1255736] S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] -----------------EOF----------------- -
Hi. Ik had een gratis DVD-brand programma gedownload(IBGBurner) en vervolgens blijkt, dat er een zoekmachine was geInstalleerd, n.l. Itrusted. Ik heb alle programma.s verwijderd, maar met SpyBotSearch blijkt er mallware op de computer te staan, genaamd Win32.downloader. gen. Ik krijg het niet via SpyBotSearch verwijderd. Mijn virusscanner(G-Data) heeft het wel geisoleerd. Hoe krijg ik deze malware nu verwijderd van mijn computer? Ik heb begrepen, dat dit malware is die gevaarlijk is . Bij voorbaat dank voor jullie hulp!
-
Het is niet gelukt. Ik heb het geprobeerd via Start- Mijn programma's- Windows Office Hulpprogramma's, maar daar vond ik niet de diagnostische gegevens. Vervolgens heb ik in Outlook, via Help, analyse en herstel gedaan, maar daar moest ik vervolgens de cd rom plaatsen. Deze heb ik echter niet meer. Ik kon ook bladeren naar SBERET.MSI maar deze heb ik nergens kunnen vinden. Weet nu niet wat te doen. - - - Updated - - - Het is niet gelukt. Ik heb het geprobeerd via Start- Mijn programma's- Windows Office Hulpprogramma's, maar daar vond ik niet de diagnostische gegevens. Vervolgens heb ik in Outlook, via Help, analyse en herstel gedaan, maar daar moest ik vervolgens de cd rom plaatsen. Deze heb ik echter niet meer. Ik kon ook bladeren naar SBERET.MSI maar deze heb ik nergens kunnen vinden. Weet nu niet wat te doen. - - - Updated - - - Ik gebruik Windows XP
-
bij Outlook info staat dat het de versie 2002 is SP3. volgens de automatische upgrade is het 2007
OVER ONS
PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!