computer werkt trageere dan in begin, virus ?

[dries V]

Beste,

 

mijn computer werkt niet meer zo vlug als in het begin zit ik met een virus???

[Asus]

Je topic werd verplaatst naar Bestrijding malware & virussen, zo blijft het forum overzichtelijk.

Kan je het onderstaande uitvoeren en het gevraagde logje hier in je topic posten ?

 

Download  RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hoe je controleert of je met een 32- of 64-bitversie van Windows werkt kan je hier bekijken.

• RSIT 32 bit (RSIT.exe)
• RSIT 64 bit (RSITx64.exe)

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
• Wanneer de tool gereed is worden er twee kladblok bestanden geopend genaamd "Log.txt" en "Info.txt" .

RSIT Logbestanden plaatsen

• Voeg het logbestand met de naam "Log.txt" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in de map ""C:\\rsit")
• Het logbestand met de naam "Info.txt" wat geminimaliseerd is hoeft u niet te plaatsen. (Dit logbestand wordt enkel de eerst keer bij het uitvoeren aangemaakt).
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

De handleiding voor het gebruik van RSIT kan je HIER bekijken en we hebben ook nog een 

.

[dries V]

zoals gevraagd:

 

 

Logfile of random's system information tool 1.10 (written by random/random)
Run by anne at 2015-11-15 13:54:00
Microsoft Windows 10 Home
System drive C: has 1 GB (2%) free of 57 GB
Total RAM: 3987 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:54:06, on 15/11/2015
Platform: Unknown Windows (WinNT 6.02.1008)

 

 

MSIE: Internet Explorer v11.0 (11.00.10240.16412)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe
C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
C:\Users\anne\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\anne.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: PDF Architect 3 Helper - {06E08260-0695-4EC1-A74B-1310D8899D93} - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
O4 - HKLM\..\Run: [Lexmark X5400 Series] "C:\Program Files (x86)\Lexmark X5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [OneDrive] "C:\Users\anne\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-154558-44482-6/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-154558-44482-6/4 (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CyberLink PowerDVD 10 MS Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 10 MS Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe
O23 - Service: lxdv_device -   - C:\Windows\system32\lxdvcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: PDF Architect 3 - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\ws.exe
O23 - Service: PDF Architect 3 CrashHandler - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe
O23 - Service: PDF Architect 3 Creator - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
O23 - Service: PGFNEX Service (PGFNEXSrv) - Unknown owner - C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Update service - Popcorn Time - C:\Program Files (x86)\Popcorn Time\Updater.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13173 bytes

======Listing Processes======







C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-173cb844-c7c8-422b-a7c1-1faace2bc37d -SystemEventPortName:HostProcess-5d604208-9e01-4e41-9c1a-ef00c318438a -IoCancelEventPortName:HostProcess-5412251e-bd6e-41e3-a8eb-77fa3b195caa -NonStateChangingEventPortName:HostProcess-a4e6baaf-0e3c-4859-87d2-30753d191efa -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:1d2baf75-0828-4e86-88b7-be582941c64c -DeviceGroupId:WudfDefaultDevicePool
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\igfxCUIService.exe
dashost.exe {641e8c45-6e86-40db-9eebac2ce3b40e02}
C:\WINDOWS\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe"
"C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe"
C:\Windows\system32\lxdvcoms.exe -service
"C:\Program Files (x86)\PDF Architect 3\creator-ws.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe"
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files (x86)\Popcorn Time\Updater.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"dwm.exe"
"C:\Program Files (x86)\PHotkey\PHotkey.exe"
"C:\Program Files (x86)\PHotkey\MsgTranAgt.exe"
"C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe"
taskeng.exe {4175939B-1AFF-49D4-8F9A-BF8F11BD2C9F}
"C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe" --autorun
sihost.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Explorer.EXE
ATouch64
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Program Files (x86)\PHotkey\POSD.exe"
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\PHotkey\GPMTray.exe" HIDE
"C:\Program Files (x86)\PHotkey\KeyboardMonitorTool.exe"
/QuitInfo:0000000000001244;000000000000127C;  
/loadhooks /Parent:0000000000001074
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe"
"C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Users\anne\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
"C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\WINDOWS\System32\spoolsv.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{478B41E6-3257-4519-BDA8-E971F9843849}
"C:\WINDOWS\System32\NetworkUXBroker.exe" -ServerName:Windows.Networking.UX
C:\WINDOWS\system32\DllHost.exe /Processid:{B21858C6-9711-4257-99C8-5C0084BEBCE1}
dashost.exe {5e46b410-473d-4ce2-b5280d479516a42c}
C:\WINDOWS\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
"C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1511.59020.0_x64__8wekyb3d8bbwe\Time.exe" -ServerName:App.AppXq8avk61zazpy808ab5ppkf6taqp47km6.mca
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Users\anne\Downloads\RSITx64.exe"
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe48_ Global\UsGthrCtrlFltPipeMssGthrPipe48 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 620 624 632 8192 628
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  
C:\WINDOWS\tasks\DriverToolkit Autorun.job - C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe  --autorun

=========Mozilla firefox=========

ProfilePath - C:\Users\anne\AppData\Roaming\Mozilla\Firefox\Profiles\rhow4nuq.default

prefs.js - "browser.search.useDBForOrder" -  "false"
prefs.js - "browser.startup.homepage" -  "http://www.google.be/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.245 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.1]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.65.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.65.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\PDF Architect 3]
"Description"=
"Path"=C:\Program Files (x86)\PDF Architect 3\np-previewer.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.245 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.65.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.65.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
belgiumeid@eid.belgium.be

C:\Users\anne\AppData\Roaming\Mozilla\Firefox\Profiles\rhow4nuq.default\extensions\
en-US@dictionaries.addons.mozilla.org
{77d2ed30-4cd2-11e0-b8af-0800200c9a66}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29 219304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-02 551520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12 2134656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28 2339032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-02 212576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93}]
PDF Architect 3 Helper - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24 38104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-02 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12 1725056]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-02 172640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2DFF3579-5AA7-45B9-9328-1D38EA230861} - PDF Architect 3 Toolbar - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24 496344]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24 13667032]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-02-25 1381744]
"lxdvmon.exe"=C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe [2007-11-02 455336]
"lxdvamon"=C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe [2007-11-02 25256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-03-13 7451928]
"OneDrive"=C:\Users\anne\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-10-31 548552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer_For_P2G8"=C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05 111576]
"CLVirtualDrive"=C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2013-11-26 490760]
"RemoteControl10"=C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2013-03-11 95192]
"YouCam Service"=C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-09-18 267224]
"PSUAMain"=C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [2014-10-16 37624]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-10-15 157480]
"AllShareAgent"=C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [2012-03-01 285072]
"Lexmark X5400 Series"=C:\Program Files (x86)\Lexmark X5400 Series\fm3032.exe [2009-07-07 307880]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-10-06 597040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ConfirmFileDelete"=1
"NoRun"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-11-15 11:36:20 ----N---- C:\WINDOWS\system32\fppr4-x64.dll
2015-11-15 11:36:20 ----N---- C:\WINDOWS\system32\fppmon4.dll
2015-11-15 11:07:10 ----HD---- C:\OneDriveTemp
2015-11-14 11:55:06 ----HD---- C:\$WINDOWS.~BT
2015-11-11 23:06:01 ----D---- C:\Users\anne\AppData\Roaming\WinRAR
2015-11-11 23:05:37 ----D---- C:\Program Files (x86)\WinRAR
2015-11-11 22:25:05 ----D---- C:\Users\anne\AppData\Roaming\PDF Producer
2015-11-11 16:49:56 ----D---- C:\Program Files (x86)\DriverToolkit
2015-11-10 19:52:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepository.dll
2015-11-10 19:52:51 ----A---- C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 19:52:50 ----A---- C:\WINDOWS\SYSWOW64\esent.dll
2015-11-10 19:52:50 ----A---- C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 19:52:50 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 19:52:50 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 19:52:49 ----A---- C:\WINDOWS\system32\edgehtml.dll
2015-11-10 19:52:48 ----A---- C:\WINDOWS\system32\drivers\afd.sys
2015-11-10 19:52:48 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 19:52:47 ----A---- C:\WINDOWS\system32\mshtml.dll
2015-11-10 19:52:47 ----A---- C:\WINDOWS\system32\esent.dll
2015-11-10 19:52:46 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2015-11-10 19:52:46 ----A---- C:\WINDOWS\system32\iertutil.dll
2015-11-10 19:52:45 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2015-11-10 19:52:44 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2015-11-10 19:52:38 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2015-11-10 19:52:37 ----A---- C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 19:52:36 ----A---- C:\WINDOWS\SYSWOW64\dlnashext.dll
2015-11-10 19:52:36 ----A---- C:\WINDOWS\system32\dlnashext.dll
2015-11-10 19:52:36 ----A---- C:\WINDOWS\system32\audiosrv.dll
2015-11-10 19:52:35 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2015-11-10 19:52:35 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 19:52:34 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2015-11-10 19:52:34 ----A---- C:\WINDOWS\SYSWOW64\LicenseManager.dll
2015-11-10 19:52:34 ----A---- C:\WINDOWS\system32\urlmon.dll
2015-11-10 19:52:34 ----A---- C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 19:52:33 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2015-11-10 19:52:33 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 19:52:33 ----A---- C:\WINDOWS\system32\appraiser.dll
2015-11-10 19:52:32 ----A---- C:\WINDOWS\system32\drivers\tdx.sys
2015-11-10 19:52:32 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2015-11-10 19:52:29 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:52:28 ----A---- C:\WINDOWS\system32\winlogon.exe
2015-11-10 19:52:27 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.dll
2015-11-10 19:52:27 ----A---- C:\WINDOWS\system32\win32kfull.sys
2015-11-10 19:52:27 ----A---- C:\WINDOWS\system32\usermgr.dll
2015-11-10 19:52:27 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 19:52:27 ----A---- C:\WINDOWS\system32\internetmail.dll
2015-11-10 19:52:27 ----A---- C:\WINDOWS\system32\dssvc.dll
2015-11-10 19:52:27 ----A---- C:\WINDOWS\system32\browserbroker.dll
2015-11-10 19:52:26 ----A---- C:\WINDOWS\system32\ieframe.dll
2015-11-10 19:52:24 ----A---- C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 19:52:24 ----A---- C:\WINDOWS\system32\RDXService.dll
2015-11-10 19:52:23 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.Usb.dll
2015-11-10 19:52:23 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2015-11-10 19:52:23 ----A---- C:\WINDOWS\system32\win32kbase.sys
2015-11-10 19:52:22 ----A---- C:\WINDOWS\SYSWOW64\twinapi.appcore.dll
2015-11-10 19:52:22 ----A---- C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 19:52:22 ----A---- C:\WINDOWS\system32\jscript.dll
2015-11-10 19:52:21 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2015-11-10 19:52:21 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2015-11-10 19:52:21 ----A---- C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:52:21 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 19:43:06 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerInstaller.exe
2015-11-02 19:02:52 ----A---- C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2015-11-02 19:02:51 ----A---- C:\WINDOWS\SYSWOW64\Intel_OpenCL_ICD32.dll
2015-11-02 19:02:51 ----A---- C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2015-11-02 19:02:51 ----A---- C:\WINDOWS\system32\IntelWiDiVAD64.exe
2015-11-02 19:02:51 ----A---- C:\WINDOWS\system32\IntelWiDiUtils64.dll
2015-11-02 19:02:51 ----A---- C:\WINDOWS\system32\IntelWiDiUMS64.exe
2015-11-02 19:02:51 ----A---- C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2015-11-02 19:02:51 ----A---- C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2015-11-02 19:02:51 ----A---- C:\WINDOWS\system32\IntelWiDiMux64.dll
2015-11-02 19:02:51 ----A---- C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2015-11-02 19:02:51 ----A---- C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2015-11-02 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\IntelOpenCL32.dll
2015-11-02 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\IntelCpHeciSvc.exe
2015-11-02 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\iglhsip32.dll
2015-11-02 19:02:50 ----A---- C:\WINDOWS\SYSWOW64\iglhcp32.dll
2015-11-02 19:02:50 ----A---- C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2015-11-02 19:02:50 ----A---- C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2015-11-02 19:02:50 ----A---- C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2015-11-02 19:02:50 ----A---- C:\WINDOWS\system32\IntelWiDiAAC64.dll
2015-11-02 19:02:50 ----A---- C:\WINDOWS\system32\IntelOpenCL64.dll
2015-11-02 19:02:50 ----A---- C:\WINDOWS\system32\iglhsip64.dll
2015-11-02 19:02:50 ----A---- C:\WINDOWS\system32\iglhcp64.dll
2015-11-02 19:02:50 ----A---- C:\WINDOWS\system32\igfxCoIn_v4276.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\SYSWOW64\igfxexps32.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\SYSWOW64\igfxcmrt32.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\SYSWOW64\igfxcmjit32.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxOSP.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxLHMLib.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxext.exe
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxexps.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxEMLibv2_0.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxEMLib.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxDTCM.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxDILibv2_0.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxDILib.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxDHLibv2_0.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxDHLib.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxCUIServicePS.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxcmrt64.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxcmjit64.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfx11cmrt64.dll
2015-11-02 19:02:48 ----A---- C:\WINDOWS\SYSWOW64\igfx11cmrt32.dll
2015-11-02 19:02:48 ----A---- C:\WINDOWS\SYSWOW64\igdusc32.dll
2015-11-02 19:02:48 ----A---- C:\WINDOWS\system32\igdumdim64.dll
2015-11-02 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\igdumdim32.dll
2015-11-02 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\igdrcl32.dll
2015-11-02 19:02:47 ----A---- C:\WINDOWS\SYSWOW64\igdmd32.dll
2015-11-02 19:02:47 ----A---- C:\WINDOWS\system32\igdrcl64.dll
2015-11-02 19:02:47 ----A---- C:\WINDOWS\system32\igdmd64.dll
2015-11-02 19:02:46 ----A---- C:\WINDOWS\SYSWOW64\igdfcl32.dll
2015-11-02 19:02:46 ----A---- C:\WINDOWS\SYSWOW64\igdde32.dll
2015-11-02 19:02:46 ----A---- C:\WINDOWS\SYSWOW64\igdbcl32.dll
2015-11-02 19:02:46 ----A---- C:\WINDOWS\SYSWOW64\igdail32.dll
2015-11-02 19:02:46 ----A---- C:\WINDOWS\system32\igdfcl64.dll
2015-11-02 19:02:46 ----A---- C:\WINDOWS\system32\igdde64.dll
2015-11-02 19:02:46 ----A---- C:\WINDOWS\system32\igdbcl64.dll
2015-11-02 19:02:46 ----A---- C:\WINDOWS\system32\igdail64.dll
2015-11-02 19:02:45 ----A---- C:\WINDOWS\SYSWOW64\igd10iumd32.dll
2015-11-02 19:02:44 ----A---- C:\WINDOWS\SYSWOW64\ig7icd32.dll
2015-11-02 19:02:44 ----A---- C:\WINDOWS\system32\ig7icd64.dll
2015-11-02 19:02:44 ----A---- C:\WINDOWS\system32\IccLibDll_x64.dll
2015-11-02 19:02:44 ----A---- C:\WINDOWS\system32\Gfxv4_0.exe
2015-11-02 19:02:43 ----A---- C:\WINDOWS\system32\Gfxv2_0.exe
2015-11-02 19:02:43 ----A---- C:\WINDOWS\system32\GfxUIEx.exe
2015-11-02 19:02:43 ----A---- C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2015-11-02 19:02:43 ----A---- C:\WINDOWS\system32\DPTopologyApp.exe
2015-11-02 19:02:43 ----A---- C:\WINDOWS\system32\difx64.exe
2015-11-02 19:02:43 ----A---- C:\WINDOWS\system32\CustomModeAppv2_0.exe
2015-11-02 19:02:43 ----A---- C:\WINDOWS\system32\CustomModeApp.exe

======List of files/folders modified in the last 1 month======

2015-11-15 13:54:06 ----D---- C:\WINDOWS\Prefetch
2015-11-15 13:54:05 ----D---- C:\Program Files\trend micro
2015-11-15 13:47:50 ----D---- C:\WINDOWS\Temp
2015-11-15 13:47:45 ----D---- C:\WINDOWS\System32
2015-11-15 13:06:01 ----D---- C:\WINDOWS\system32\sru
2015-11-15 11:37:18 ----D---- C:\WINDOWS\INF
2015-11-15 11:37:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-15 11:09:37 ----D---- C:\WINDOWS\AppReadiness
2015-11-14 16:58:02 ----D---- C:\WINDOWS\system32\config
2015-11-14 16:56:04 ----D---- C:\WINDOWS\rescache
2015-11-14 16:52:58 ----D---- C:\WINDOWS\Microsoft.NET
2015-11-14 11:57:43 ----D---- C:\WINDOWS\Panther
2015-11-14 11:55:06 ----D---- C:\WINDOWS\Logs
2015-11-14 11:17:55 ----HD---- C:\Program Files\WindowsApps
2015-11-14 01:59:39 ----D---- C:\WINDOWS\system32\drivers
2015-11-14 01:42:51 ----D---- C:\WINDOWS\WinSxS
2015-11-14 01:38:24 ----RD---- C:\WINDOWS\assembly
2015-11-13 12:36:42 ----D---- C:\WINDOWS\SYSWOW64\nl-NL
2015-11-13 12:36:42 ----D---- C:\WINDOWS\SysWOW64
2015-11-13 12:36:42 ----D---- C:\WINDOWS\system32\nl-NL
2015-11-13 12:36:42 ----D---- C:\WINDOWS\system32\appraiser
2015-11-13 12:36:38 ----D---- C:\WINDOWS\AppPatch
2015-11-13 12:36:35 ----D---- C:\WINDOWS\system32\DriverStore
2015-11-13 09:59:04 ----D---- C:\WINDOWS\system32\MRT
2015-11-13 09:53:34 ----A---- C:\WINDOWS\system32\MRT.exe
2015-11-12 08:34:02 ----D---- C:\ProgramData\lx_cats
2015-11-12 08:34:01 ----HD---- C:\ProgramData
2015-11-11 23:14:53 ----D---- C:\WINDOWS\Tasks
2015-11-11 23:14:53 ----D---- C:\WINDOWS\system32\Tasks
2015-11-11 23:05:37 ----RD---- C:\Program Files (x86)
2015-11-11 16:45:04 ----SHDC---- C:\WINDOWS\Installer
2015-11-11 10:16:36 ----D---- C:\WINDOWS\CbsTemp
2015-11-10 19:50:01 ----D---- C:\WINDOWS\system32\catroot2
2015-11-10 19:46:39 ----D---- C:\Windows
2015-11-09 18:22:52 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-11-03 19:20:11 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2015-11-02 19:12:53 ----A---- C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-11-02 19:11:57 ----D---- C:\WINDOWS\system32\CatRoot
2015-11-02 19:11:47 ----D---- C:\ProgramData\Oracle
2015-11-02 19:08:31 ----D---- C:\Program Files (x86)\Common Files
2015-11-02 19:07:34 ----A---- C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-11-02 19:07:07 ----D---- C:\Program Files\Java
2015-11-02 19:05:52 ----D---- C:\Program Files (x86)\Java
2015-11-02 19:02:51 ----A---- C:\WINDOWS\SYSWOW64\OpenCL.DLL
2015-11-02 19:02:51 ----A---- C:\WINDOWS\system32\OpenCL.DLL
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxTray.exe
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxLHM.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxHK.exe
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxEM.exe
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxDI.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxDH.dll
2015-11-02 19:02:49 ----A---- C:\WINDOWS\system32\igfxCUIService.exe
2015-11-02 19:02:48 ----A---- C:\WINDOWS\system32\igdusc64.dll
2015-11-02 19:02:45 ----A---- C:\WINDOWS\system32\igd10iumd64.dll
2015-11-01 12:47:09 ----D---- C:\WINDOWS\debug
2015-11-01 12:06:41 ----D---- C:\WINDOWS\SoftwareDistribution
2015-11-01 11:39:20 ----D---- C:\Program Files\PDFCreator
2015-11-01 11:37:43 ----D---- C:\Program Files\CCleaner
2015-10-31 19:51:57 ----D---- C:\WINDOWS\system32\NDF
2015-10-28 08:58:56 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2015-10-28 08:57:38 ----D---- C:\Program Files\Microsoft Office 15
2015-10-19 15:56:08 ----D---- C:\WINDOWS\system32\WDI
2015-10-17 18:00:00 ----D---- C:\WINDOWS\system32\Boot
2015-10-17 17:59:58 ----D---- C:\WINDOWS\system32\CodeIntegrity
2015-10-17 17:06:46 ----D---- C:\WINDOWS\system32\LogFiles
2015-10-17 16:44:30 ----RD---- C:\Program Files (x86)\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CLVirtualDrive;CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [2013-03-05 91712]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2015-07-10 83968]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-07-10 8192]
R1 NNSALPC;NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSAlpc.sys [2014-06-04 96800]
R1 NNSHTTP;NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHttp.sys [2014-06-18 162336]
R1 NNSHTTPS;NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHttps.sys [2014-06-04 112160]
R1 NNSIDS;NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIds.sys [2014-06-04 115232]
R1 NNSNAHSL;@oem27.inf,%NNSNAHSL_Desc%;Network Activity Hook Server LightWeight Filter Driver; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [2014-01-16 47360]
R1 NNSPICC;NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPicc.sys [2014-06-04 95776]
R1 NNSPIHSW;NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPihsw.sys [2014-06-04 70176]
R1 NNSPOP3;NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPop3.sys [2014-06-04 125984]
R1 NNSPROT;NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSProt.sys [2014-06-04 306720]
R1 NNSPRV;NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPrv.sys [2014-06-04 169504]
R1 NNSSMTP;NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSmtp.sys [2014-06-04 115744]
R1 NNSSTRM;NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSStrm.sys [2014-06-04 261152]
R1 NNSTLSC;NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTlsc.sys [2014-06-04 109088]
R1 PSINKNC;PSINKNC; C:\WINDOWS\system32\DRIVERS\psinknc.sys [2014-07-24 195616]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2015-07-10 48128]
R2 PEGAGFN;PEGAGFN; \??\C:\Program Files (x86)\PHotkey\PEGAGFN.sys [2009-09-11 14344]
R2 PSINAflt;PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [2014-10-13 163088]
R2 PSINFile;PSINFile; C:\WINDOWS\system32\DRIVERS\PSINFile.sys [2014-10-13 121616]
R2 PSINProc;PSINProc; C:\WINDOWS\system32\DRIVERS\PSINProc.sys [2014-07-24 122400]
R2 PSINProt;PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [2014-07-24 132128]
R2 PSINReg;PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [2014-10-13 107792]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2015-07-10 61952]
R3 AMPPAL;@oem16.inf,%AMPPAL.SVCDESC%;Intel® Centrino® Wireless Bluetooth® + High Speed Virtuele adapter; C:\WINDOWS\System32\drivers\AMPPAL.sys [2013-07-29 165344]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator-service; C:\WINDOWS\System32\drivers\BthEnum.sys [2015-07-10 105984]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy-stuurprogramma; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2015-07-10 237568]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2015-07-10 128512]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;USB-stuurprogramma voor Bluetooth-radio; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2015-07-10 84992]
R3 clwvd;@oem28.inf,%clwvd.DeviceDesc%;CyberLink WebCam Virtual Driver; C:\WINDOWS\system32\DRIVERS\clwvd.sys [2013-03-05 41408]
R3 ibtusb;@oem36.inf,%ibtusb.SVCDESC_IBT%;Intel® Wireless Bluetooth®; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2015-07-14 263952]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-11-02 3797424]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2014-03-04 3882456]
R3 IntcDAud;@oem41.inf,%IntcDAud.SvcDesc%;Intel® Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2015-08-21 463112]
R3 iwdbus;@oem32.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-07-20 38976]
R3 NETwNb64;___ Intel® Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\WINDOWS\System32\drivers\Netwbw02.sys [2015-07-10 3496216]
R3 PegaRadioSwitch;@oem20.inf,%PegaRadioSwitch%;Pega Radio Switch Device; C:\WINDOWS\System32\drivers\PegaRadioSwitch.sys [2013-08-22 23552]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2015-07-10 167936]
R3 RTSUER;@oem35.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2015-05-14 402960]
R3 SensorsHIDClassDriver;@SensorsHidClassDriver.inf,%WudfSensorsHIDClassDriverDisplayName%;UMDF-reflectorservice voor het stuurprogramma voor sensors van HID-klasse; C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-07-10 214016]
R3 TXEIx64;@oem25.inf,%TEE_SvcDesc%;Intel® Trusted Execution Engine Interface ; C:\WINDOWS\System32\drivers\TXEIx64.sys [2013-07-01 87568]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-07-10 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-07-10 99168]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2015-07-10 58208]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2015-07-10 58720]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2015-07-10 40288]
S3 AMPPALP;@oem21.inf,%AMPPALP_Desc%;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol; C:\WINDOWS\system32\DRIVERS\amppal.sys [2013-07-29 165344]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Stuurprogramma voor Bluetooth-poort; C:\WINDOWS\System32\Drivers\BTHport.sys [2015-09-17 929280]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-09-17 36352]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2015-07-10 116736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 fcvsc;fcvsc; C:\WINDOWS\System32\drivers\fcvsc.sys [2015-07-10 31232]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-07-10 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-07-10 50016]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2015-07-10 424800]
S3 intaud_WaveExtensible;@oem11.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-07-20 50240]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\WINDOWS\system32\drivers\ioqos.sys [2015-07-10 26624]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2015-10-17 113880]
S3 MiraDispKmd;@miradisp.inf,%MiraDispKmd%;Kernel Mode Miracast Filter Driver; C:\WINDOWS\System32\drivers\MiraDispKmd.sys [2015-07-10 23552]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-07-10 705376]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2015-07-10 76128]
S3 PSKMAD;PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [2014-03-25 60400]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2015-07-17 934752]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2015-07-10 61952]
S3 UcmUcsi;@ucmucsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-07-14 46080]
S3 UdeCx;USB Device Emulation Support Library; C:\WINDOWS\system32\drivers\udecx.sys [2015-07-10 44032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-10-07 60744]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2015-10-07 2780856]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R2 CyberLink PowerDVD 10 MS Monitor Service;CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [2013-03-11 74712]
R2 CyberLink PowerDVD 10 MS Service;CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [2013-03-11 316376]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-11-02 330136]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-01 733696]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [2013-09-29 168216]
R2 lxdv_device;lxdv_device; C:\Windows\system32\lxdvcoms.exe [2007-10-18 1044136]
R2 NanoServiceMain;Panda Protection Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2015-07-27 141560]
R2 OneSyncSvc_Session3;Host synchroniseren_Session3; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R2 PandaAgent;Panda Devices Agent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-10-09 66808]
R2 PDF Architect 3 Creator;PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [2015-04-24 740568]
R2 PGFNEXSrv;PGFNEX Service; C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe [2014-03-04 136192]
R2 PSUAService;Panda Product Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2014-10-16 38136]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-03-06 389896]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-06-17 43696]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R3 PimIndexMaintenanceSvc_Session3;Contact Data_Session3; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S2 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S2 lxdvCATSCustConnectService;lxdvCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe [2007-10-18 33448]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S2 SamsungAllShareV2.0;Samsung AllShare PC; C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-06-25 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10 269000]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 cphs;Intel® Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-11-02 291744]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-07-10 27136]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-01 822232]
S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2014-10-15 643880]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\lsass.exe [2015-07-10 56344]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 150600]
S3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [2015-04-24 901336]
S3 PDF Architect 3;PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2015-04-24 2244312]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2015-07-12 1031680]
S3 SimpleSlideShowServer;SimpleSlideShowServer; C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]

-----------------EOF-----------------
 

[Asus]

Goed zo.

 

Na de analyse van je logje door een malware-expert krijg je persoonlijke begeleiding en nieuwe instructies.
 

[kweezie wabbit]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
• Dubbelklik op Zoek.exe om de tool te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

chromelook;
firefoxlook;
emptyfolderscheck;delete
startupall;
filesrcm;

• Klik op de knop "More options" en vink nu de onderstaande opties aan.
   
• Do a Deep Scan
• Installed Programs
• Auto Clean
   
• De optie "Scan All Users" staat standaard aangevinkt.
• Klik nu op de knop "Run script".
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
• Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

• Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

[dries V]

beste,

 

zoals gevraagd

attachment=39754:zoek-results.log]zoek-results.log

 

 

[kweezie wabbit]

Download AdwCleaner by Xplode naar het bureaublad (verwijder eerst eventuele aanwezige oudere versies van deze tool op je PC, zodat je nu de meest recente database van AdwCleaner kan gebruiken).
 
Als de link naar AdwCleaner niet werkt, probeer dan deze link.
De download start automatisch na enkele seconden.

• Sluit alle openstaande vensters.
• Dubbelklik op AdwCleaner om hem te starten.
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
• Klik op Scan.
• Klik vervolgens op Clean (Engelse versie)of Verwijderen (Nederlandse versie).
• Klik bij Herstarten Noodzakelijk op OK

Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Voeg dit logje toe aan je volgend bericht.
Anders is het hier terug te vinden C:\\AdwCleaner\\AdwCleaner[C0].txt.
 
Meer informatie vind je in de handleiding.

[dries V]

zoals gevraagd:

 

 

AdwCleanerS3.txt

[kweezie wabbit]

Ofwel heb je het foute logje geplaatst ofwel heb je de gevonden items niet verwijderd.

Kijk eens of je in de map C:\AdwCleaner het bestandje AdwCleaner[C3].txt

 

Als je dat bestandje niet kan vinden, moet je AdwCleaner opnieuw uitvoeren.

Eerst scannen er daarna verwijderen en dan pas het logje plaatsen.

[dries V]

zoals gevraagd, opnieuw scan uitgevoert; log  hieronder

# AdwCleaner v5.022 - Logbestand aangemaakt 25/11/2015 op 18:18:07
# Laatste update 22/11/2015 door Xplode
# Database : 2015-11-22.2 [server]
# Besturingssysteem : Windows 10 Home  (x64)
# Gebruikersnaam : anne - DRIES-ANNE-1
# Gestart vanuit : C:\Users\anne\Downloads\adwcleaner_5.022.exe
# Optie : Verwijderen
# Ondersteuning : http://toolslib.net/forum

***** [ Services ] *****


***** [ Mappen ] *****

[-] Map Verwijderd : C:\Program Files (x86)\DriverToolkit
[-] Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
[-] Map Verwijderd : C:\Users\anne\AppData\Local\DriverToolkit

***** [ Bestanden ] *****


***** [ DLLs ] *****


***** [ Snelkoppelingen ] *****


***** [ geplande taken ] *****


***** [ Register ] *****

[-] Sleutel Verwijderd : HKCU\Software\Conduit
[-] Sleutel Verwijderd : HKCU\Software\DriverToolkit
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Conduit
[-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1

***** [ Internetbrowsers ] *****


*************************

:: "Tracing" sleutels verwijderd
:: Winsock instellingen gereset

*************************

C:\AdwCleanerDebug.txt - [55 bytes] - [07/12/2014 20:45:03]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1298 bytes] ##########