Mededeling

Collapse
No announcement yet.

Sechijack virus/trojan

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Sechijack virus/trojan

    Ik heb heel veel troep op mijn computer en krijg het er niet af mijn computer is extreem traag en kan alleen nog normaal op internet in veilige modus, ook kan ik malwarebytes antimalware niet eens starten...

  • #2
    Lastig werken zonder analyse logje maar wil je onderstaande doen aub.
    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
    (hier en hier) kan je lezen hoe je dat doet.

    en download Zoek.exe naar het bureaublad.
    klik hier voor meer informatie over hoe zoek.exe te gebruiken)
    • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
    • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
      Code:
      emptyfolderscheck;delete
      firefoxlook; 
      Chromelook; 
      CHRdefaults;
      autoclean; 
      iedefaults;
    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht als bijlage.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Zoek.exe v5.0.0.1 Updated 31-December-2015
      Tool run by Sara on za 09-01-2016 at 13:30:03,57.
      Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
      Running in: Safe Mode NETWORK Internet Access Detected
      Launched: C:\Users\Sara\Downloads\zoek (1).exe [Scan all users] [Script inserted]

      ==== Older Logs ======================

      C:\zoek-results2015-10-24-224713.log 9037 bytes

      ==== Empty Folders Check ======================

      C:\PROGRA~2\137219 deleted successfully
      C:\PROGRA~2\Beat's Before deleted successfully
      C:\PROGRA~2\Forth Tree deleted successfully
      C:\PROGRA~2\Items deleted successfully
      C:\PROGRA~2\Sky west deleted successfully
      C:\PROGRA~2\SubFolder deleted successfully
      C:\Users\Sara\AppData\Roaming\QuickScan deleted successfully
      C:\Users\Sara\AppData\Roaming\yLEThjJwJ deleted successfully
      C:\Users\Sara\AppData\Local\EmieBrowserModeList deleted successfully
      C:\Users\Sara\AppData\Local\EmieSiteList deleted successfully
      C:\Users\Sara\AppData\Local\EmieUserList deleted successfully

      ==== Deleting CLSID Registry Keys ======================


      ==== Deleting CLSID Registry Values ======================


      ==== Deleting Services ======================

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\TunnelBearMaintenance deleted successfully
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TunnelBearMaintenance deleted successfully
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\TunnelBearMaintenance deleted successfully
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TunnelBearMaintenance deleted successfully

      ==== FireFox Fix ======================

      ProfilePath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\as6hys20.default

      user.js not found
      ---- Lines Search removed from prefs.js ----
      user_pref("browser.search.defaultenginename", "Search Provided by Bing");
      ---- Lines browser.startup.page removed from prefs.js ----
      user_pref("browser.startup.page", 0);
      ---- FireFox user.js and prefs.js backups ----

      prefs_09-01-2016_1346_.backup

      ==== Deleting Files \ Folders ======================

      C:\Windows\system32\Tasks\ASUS Live Update deleted
      C:\Windows\system32\Tasks\iexplore deleted
      C:\PROGRA~2\137319 deleted
      C:\PROGRA~2\293096 deleted
      C:\PROGRA~2\Adobe deleted
      C:\Program Files\pandasecuritytb deleted
      C:\Users\Sara\AppData\Roaming\a.txt deleted
      C:\Users\Sara\AppData\Roaming\check.txt deleted
      C:\Users\Sara\AppData\Roaming\e.txt deleted
      C:\PROGRA~2\Package Cache deleted
      C:\Users\Sara\Downloads\okayfreedomint_softonic.exe deleted
      C:\Users\Sara\AppData\LocalLow\pandasecuritytb deleted
      C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\as6hys20.default\pandasecuritytb deleted
      C:\Users\Sara\AppData\Roaming\WSThDaiRhNDGTbPIhB.exe deleted
      "C:\Users\Sara\AppData\Local\{4329E51F-3DB3-410F-A5C7-85DEF535B7F1}" deleted
      "C:\Users\Sara\AppData\Roaming\WSThDaiRhNDGTbPIh" deleted
      "C:\ProgramData\f22752f90d692f6d3e857c4fecc65ce1be31ab00" deleted
      "C:\ProgramData\XML" deleted

      ==== Orphaned Tasks deleted from Registry ======================

      ASUS Live Update deleted
      avast Emergency Update deleted
      CreateChoiceProcessTask deleted
      iexplore deleted
      ReasonSecurityScheduledScan deleted
      ReasonSecurityStart deleted
      Security deleted
      System Monitor deleted
      {E187A067-1073-4DD5-8699-979D60C4A217} deleted

      ==== Firefox Start and Search pages ======================

      ProfilePath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\as6hys20.default
      user_pref("browser.startup.homepage", "http://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-24c40057");
      user_pref("browser.search.selectedEngine", "Bing ");
      user_pref("keyword.URL", "http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=");

      ==== Firefox Extensions ======================

      ProfilePath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\as6hys20.default
      - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

      AppDir: C:\Program Files\Mozilla Firefox
      - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

      ==== Firefox Plugins ======================

      Profilepath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\as6hys20.default
      3D1497F3F1A344FFB733CE616BB9096D - C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll - Google Update
      C45A130CA14334073C0FF795897A1D22 - c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll - Silverlight Plug-In
      D6015DB8EA402753421FF62CA3909B62 - C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U66
      776C6B8D53C56500BC355D513F11A105 - C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.660.18
      70858ED7836E5C849D33576A84DC8CCF - C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll - Shockwave Flash
      1AF58C92FD9F3F07C6E4D18599B34FAC - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla
      B24F014C6DDA5A39CE7FCB2A8B862C5A - c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrlui.dll - Microsoft® Silverlight


      ==== Chromium Look ======================

      Google Chrome Version: 46.0.2490.86


      HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
      fcfenmboojpjinhpgggodefccipikbpd - No path found

      Chrome Web Store Payments - Sara\AppData\Local\Chromium\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
      Google Slides - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
      Google Docs - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
      Google Drive - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
      YouTube - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      Google Search - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      Google Sheets - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
      SiteAdvisor - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
      Avast Online Security - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
      Chrome Hotword Shared Module - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
      Google Wallet - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
      Gmail - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
      Google Docs - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake
      Google Drive - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf
      YouTube - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      Google Search - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      Google Docs Offline - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
      Chrome Web Store Payments - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
      Gmail - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

      ==== Set IE to Default ======================

      Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-24c40057"

      New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-24c40057"

      ==== All HKLM and HKCU SearchScopes ======================

      HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
      HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-24c40057&q={searchTerms}
      HKLM\SearchScopes\{fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
      HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
      HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-24c40057&q={searchTerms}
      HKCU\SearchScopes\{910B0E08-22E8-4D94-9A35-215BC04329A5} - http://search.bureau108.fr/s.php?q={searchTerms}
      HKCU\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
      HKCU\SearchScopes\{fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

      ==== Reset Google Chrome ======================

      C:\Users\Sara\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
      C:\Users\Sara\AppData\Local\Chromium\User Data\Default\Secure Preferences was reset successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully
      C:\Users\Sara\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
      C:\Users\Sara\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully
      C:\Users\Sara\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
      C:\Users\Sara\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

      ==== Empty IE Cache ======================

      C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

      ==== Empty FireFox Cache ======================

      C:\Users\Sara\AppData\Local\Mozilla\Firefox\Profiles\as6hys20.default\cache2 emptied successfully

      ==== Empty Chrome Cache ======================

      C:\Users\Sara\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
      C:\Users\Sara\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

      ==== Empty All Flash Cache ======================

      Flash Cache Emptied Successfully

      ==== Empty All Java Cache ======================

      Java Cache cleared successfully

      ==== C:\zoek_backup content ======================

      C:\zoek_backup (files=566 folders=59 207689360 bytes)

      ==== Empty Temp Folders ======================

      C:\Users\Default\AppData\Local\temp emptied successfully
      C:\Users\Default User\AppData\Local\temp emptied successfully
      C:\Users\Public\AppData\Local\temp emptied successfully
      C:\Users\Sara\AppData\Local\temp will be emptied at reboot
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
      C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
      C:\Windows\Temp will be emptied at reboot

      ==== After Reboot ======================

      ==== Empty Temp Folders ======================

      C:\Windows\Temp successfully emptied
      C:\Users\Sara\AppData\Local\Temp successfully emptied

      ==== Empty Recycle Bin ======================

      C:\$RECYCLE.BIN successfully emptied

      ==== EOF on za 09-01-2016 at 14:12:53,28 ======================

      Comment


      • #4
        Ok, kan je alweer in normale modus starten?
        Zo ja, dan aub onderstaande doen aub.
        Download RSIT van de onderstaande locaties en sla deze op het bureablad op.
        Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

        RSIT Downloaden
        RSIT Uitvoeren
        • Dubbelklik op RSIT.exe om de tool te starten.
        • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
        • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
        • Als u RSIT de eerste keer uitvoert zal HijackThis gedownload worden als deze niet aanwezig is, sta dit vervolgens toe.
        • Wanneer de tool gereed is worden er twee kladblok bestanden geopend genaamd "Log.txt" en "Info.txt" geopend.

        RSIT Logbestanden plaatsen
        • Voeg het logbestand met de naam "Log.txt" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in de map ""C:\rsit")
        • Het logbestand met de naam "Info.txt" wat geminimaliseerd is hoeft u niet te plaatsen. (Dit logbestand wordt enkel de eerst keer bij het uitvoeren aangemaakt).

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Logfile of random's system information tool 1.10 (written by random/random)
          Run by Sara at 2016-01-09 15:22:38
          Microsoft Windows 7 Starter Service Pack 1
          System drive C: has 87 GB (57%) free of 153 GB
          Total RAM: 1984 MB (68% free)

          Logfile of Trend Micro HijackThis v2.0.4
          Scan saved at 15:22:47, on 9-1-2016
          Platform: Windows 7 SP1 (WinNT 6.00.3505)
          MSIE: Internet Explorer v11.0 (11.00.9600.18124)
          Boot mode: Safe mode with network support

          Running processes:
          C:\Windows\Explorer.EXE
          C:\Windows\system32\ctfmon.exe
          C:\Program Files\CCleaner\CCleaner.exe
          C:\Windows\system32\DllHost.exe
          C:\Program Files\Opera\34.0.2036.25\opera.exe
          C:\Program Files\Opera\34.0.2036.25\opera_crashreporter.exe
          C:\Program Files\Opera\34.0.2036.25\opera.exe
          C:\Program Files\Opera\34.0.2036.25\opera.exe
          C:\Program Files\Opera\34.0.2036.25\opera.exe
          C:\Users\Sara\Downloads\RSIT (1).exe
          C:\Program Files\trend micro\Sara.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?FORM=INCO...G=ICO-24c40057
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll
          O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
          O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
          O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
          O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Sara\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
          O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
          O4 - Startup: Sidebar.com.url
          O4 - Startup: Sidebar.eu.url
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
          O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O23 - Service: Emsisoft Protection Service (a2AntiMalware) - Emsisoft Ltd - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
          O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
          O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
          O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
          O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
          O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
          O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
          O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
          O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
          O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
          O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
          O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
          O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
          O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
          O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
          O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe
          O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
          O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

          --
          End of file - 5596 bytes

          ======Scheduled tasks folder======

          C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe -check pepperplugin
          C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
          C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
          C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
          C:\Windows\tasks\Opera scheduled Autoupdate 1449605623.job - C:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0)

          =========Mozilla firefox=========

          ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\as6hys20.default

          prefs.js - "browser.search.useDBForOrder" - true
          prefs.js - "browser.startup.homepage" - "http://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-24c40057"
          prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q="

          [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
          "Description"=Adobe® Flash® Player 20.0.0.267 Plugin
          "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
          "Description"=
          "Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
          "Description"=
          "Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
          "Description"=
          "Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
          "Description"=
          "Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.66.2]
          "Description"=Java™ Deployment Toolkit
          "Path"=C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2]
          "Description"=Oracle® Next Generation Java™ Plug-In
          "Path"=C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
          "Description"=
          "Path"=disabled

          [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
          "Description"=Ag Player Plugin
          "Path"=c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
          "Description"=Google Update
          "Path"=C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
          "Description"=Google Update
          "Path"=C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll


          C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\as6hys20.default\searchplugins\
          bing-.xml

          ======Registry dump======

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
          Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-24 460384]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
          Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12 1725056]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
          Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-24 172640]

          [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
          "SoundMan"=C:\Windows\SOUNDMAN.EXE [2009-04-14 604704]
          "PSUAMain"=C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [2015-10-22 54520]
          "NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2015-12-09 2771576]
          "ShadowPlay"=C:\Windows\system32\nvspcap.dll [2015-12-09 1530240]
          "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]

          [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
          "Spotify Web Helper"=C:\Users\Sara\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-12-19 2346096]
          "CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2015-09-16 6495144]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
          C:\Users\Sara\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-12-19 2346096]

          C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
          Sidebar.com.url
          Sidebar.eu.url

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
          "SecurityProviders"=credssp.dll

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NanoServiceMain]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSUAService]

          [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
          "ConsentPromptBehaviorAdmin"=5
          "ConsentPromptBehaviorUser"=3
          "EnableUIADesktopToggle"=0
          "dontdisplaylastusername"=0
          "legalnoticecaption"=
          "legalnoticetext"=
          "shutdownwithoutlogon"=1
          "undockwithoutlogon"=1
          "SoftwareSASGeneration"=1

          [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
          "NoDrives"=0
          "RestrictRun"=0

          [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
          "NoDrives"=0
          "RestrictRun"=0

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]


          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastSvc.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgidsagent.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blindman.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccuac.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\instup.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keyscrambler.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbampt.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamscheduler.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDFiles.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDMain.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDWinSec.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe]
          "Debugger="C:\Windows\System32\svchost.exe
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe]
          "Debugger="C:\Windows\System32\svchost.exe

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
          "vidc.mrle"=msrle32.dll
          "vidc.msvc"=msvidc32.dll
          "msacm.imaadpcm"=imaadp32.acm
          "msacm.msg711"=msg711.acm
          "msacm.msgsm610"=msgsm32.acm
          "msacm.msadpcm"=msadp32.acm
          "midimapper"=midimap.dll
          "wavemapper"=msacm32.drv
          "VIDC.UYVY"=msyuv.dll
          "VIDC.YUY2"=msyuv.dll
          "VIDC.YVYU"=msyuv.dll
          "VIDC.IYUV"=iyuv_32.dll
          "vidc.i420"=iyuv_32.dll
          "VIDC.YVU9"=tsbyuv.dll
          "msacm.l3acm"=C:\Windows\System32\l3codeca.acm
          "vidc.cvid"=iccvid.dll
          "MSVideo8"=VfWWDM32.dll
          "wave"=wdmaud.drv
          "mixer"=wdmaud.drv
          "wave1"=wdmaud.drv
          "midi"=wdmaud.drv
          "mixer1"=wdmaud.drv
          "vidc.mjpg"=bdmjpeg.dll
          "vidc.mpeg"=bdmpegv.dll
          "msacm.bdmpeg"=bdmpega.acm
          "vidc.dvsd"=pdvcodec.dll
          "wave2"=wdmaud.drv
          "midi1"=wdmaud.drv
          "mixer2"=wdmaud.drv

          ======File associations======

          .js - edit - C:\Windows\System32\Notepad.exe %1

          ======List of files/folders created in the last 3 months======

          2016-01-09 14:13:21 ----SHD---- C:\$RECYCLE.BIN
          2016-01-09 13:49:24 ----A---- C:\Windows\zoek-delete.exe
          2016-01-09 13:49:23 ----D---- C:\Windows\Temp
          2016-01-09 10:33:41 ----D---- C:\Program Files\ControlConsoleAPI
          2016-01-08 20:07:30 ----D---- C:\EEK
          2016-01-08 10:22:51 ----D---- C:\ProgramData\Ahead Chart
          2016-01-07 11:35:25 ----A---- C:\Windows\system32\drivers\PSKMAD.sys
          2016-01-02 19:56:31 ----D---- C:\32788R22FWJFW
          2016-01-02 18:05:58 ----D---- C:\Avenger
          2016-01-02 17:45:22 ----RSHD---- C:\ProgramData\iexplore
          2015-12-31 13:20:26 ----A---- C:\ComboFix.txt
          2015-12-25 07:07:32 ----D---- C:\Program Files\Mozilla Firefox
          2015-12-25 07:00:18 ----SHD---- C:\ProgramData\Sidebar
          2015-12-24 14:55:23 ----D---- C:\Program Files\Common Files\Java
          2015-12-23 22:36:26 ----D---- C:\Program Files\Microsoft ASP.NET
          2015-12-22 12:52:02 ----A---- C:\Windows\system32\D3DX9_43.dll
          2015-12-22 12:52:02 ----A---- C:\Windows\system32\d3dx11_43.dll
          2015-12-22 12:52:02 ----A---- C:\Windows\system32\d3dx10_43.dll
          2015-12-22 12:51:57 ----A---- C:\Windows\system32\NvRtmpStreamer32.dll
          2015-12-22 12:51:55 ----A---- C:\Windows\system32\nvspbridge.dll
          2015-12-22 12:51:54 ----A---- C:\Windows\system32\nvspcap.dll
          2015-12-22 12:50:43 ----A---- C:\Windows\system32\nvaudcap32v.dll
          2015-12-22 12:50:43 ----A---- C:\Windows\system32\drivers\nvvad32v.sys
          2015-12-18 23:11:06 ----D---- C:\adaa02c2ddd5266791770efee378
          2015-12-13 19:52:04 ----D---- C:\ProgramData\Desk should
          2015-12-11 10:40:42 ----A---- C:\Windows\system32\win32k.sys
          2015-12-11 10:40:42 ----A---- C:\Windows\system32\DWrite.dll
          2015-12-11 10:40:39 ----A---- C:\Windows\system32\FntCache.dll
          2015-12-11 10:40:38 ----A---- C:\Windows\system32\user32.dll
          2015-12-10 09:47:43 ----A---- C:\Windows\system32\comsvcs.dll
          2015-12-10 09:47:42 ----A---- C:\Windows\system32\catsrvut.dll
          2015-12-10 09:45:59 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
          2015-12-10 09:45:57 ----A---- C:\Windows\system32\ieetwproxystub.dll
          2015-12-10 09:45:57 ----A---- C:\Windows\system32\ieetwcollector.exe
          2015-12-10 09:45:55 ----A---- C:\Windows\system32\iernonce.dll
          2015-12-10 09:45:55 ----A---- C:\Windows\system32\ie4uinit.exe
          2015-12-10 09:45:51 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
          2015-12-10 09:45:49 ----A---- C:\Windows\system32\occache.dll
          2015-12-10 09:45:48 ----A---- C:\Windows\system32\urlmon.dll
          2015-12-10 09:45:48 ----A---- C:\Windows\system32\iedkcs32.dll
          2015-12-10 09:45:47 ----A---- C:\Windows\system32\jsproxy.dll
          2015-12-10 09:45:46 ----A---- C:\Windows\system32\ieUnatt.exe
          2015-12-10 09:45:45 ----A---- C:\Windows\system32\jscript9diag.dll
          2015-12-10 09:45:45 ----A---- C:\Windows\system32\dxtmsft.dll
          2015-12-10 09:45:44 ----A---- C:\Windows\system32\ieapfltr.dll
          2015-12-10 09:45:43 ----A---- C:\Windows\system32\msfeeds.dll
          2015-12-10 09:45:36 ----A---- C:\Windows\system32\webcheck.dll
          2015-12-10 09:45:35 ----A---- C:\Windows\system32\msrating.dll
          2015-12-10 09:45:34 ----A---- C:\Windows\system32\iesetup.dll
          2015-12-10 09:45:32 ----A---- C:\Windows\system32\wininet.dll
          2015-12-10 09:45:32 ----A---- C:\Windows\system32\ieetwcollectorres.dll
          2015-12-10 09:45:30 ----A---- C:\Windows\system32\dxtrans.dll
          2015-12-10 09:45:29 ----A---- C:\Windows\system32\ieui.dll
          2015-12-10 09:45:27 ----A---- C:\Windows\system32\ieframe.dll
          2015-12-10 09:45:23 ----A---- C:\Windows\system32\mshtmled.dll
          2015-12-10 09:45:22 ----A---- C:\Windows\system32\mshtmlmedia.dll
          2015-12-10 09:45:20 ----A---- C:\Windows\system32\MshtmlDac.dll
          2015-12-10 09:45:18 ----A---- C:\Windows\system32\iertutil.dll
          2015-12-10 09:45:03 ----A---- C:\Windows\system32\mshtml.dll
          2015-12-10 09:44:59 ----A---- C:\Windows\system32\jscript9.dll
          2015-12-10 09:44:56 ----A---- C:\Windows\system32\jscript.dll
          2015-12-10 09:44:54 ----A---- C:\Windows\system32\vbscript.dll
          2015-12-10 09:44:18 ----A---- C:\Windows\system32\tzres.dll
          2015-12-10 09:43:51 ----A---- C:\Windows\system32\wuapi.dll
          2015-12-10 09:43:50 ----A---- C:\Windows\system32\wuaueng.dll
          2015-12-10 09:43:49 ----A---- C:\Windows\system32\wucltux.dll
          2015-12-10 09:43:48 ----A---- C:\Windows\system32\wuwebv.dll
          2015-12-10 09:43:47 ----A---- C:\Windows\system32\wudriver.dll
          2015-12-10 09:43:47 ----A---- C:\Windows\system32\wuauclt.exe
          2015-12-10 09:43:47 ----A---- C:\Windows\system32\WinSetupUI.dll
          2015-12-10 09:43:46 ----A---- C:\Windows\system32\wups2.dll
          2015-12-10 09:43:45 ----A---- C:\Windows\system32\wups.dll
          2015-12-10 09:43:45 ----A---- C:\Windows\system32\wuapp.exe
          2015-12-10 09:43:44 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
          2015-12-10 09:43:21 ----A---- C:\Windows\system32\nlsbres.dll
          2015-12-10 09:43:20 ----A---- C:\Windows\system32\KBDAZEL.DLL
          2015-12-10 09:43:20 ----A---- C:\Windows\system32\KBDAZE.DLL
          2015-12-10 09:43:18 ----A---- C:\Windows\system32\kbdgeoqw.dll
          2015-12-10 09:42:58 ----A---- C:\Windows\system32\els.dll
          2015-12-10 09:42:55 ----A---- C:\Windows\system32\usp10.dll
          2015-12-10 09:42:50 ----A---- C:\Windows\system32\drivers\rmcast.sys
          2015-12-10 09:42:49 ----A---- C:\Windows\system32\wshrm.dll
          2015-12-08 21:26:52 ----D---- C:\Users\Sara\AppData\Roaming\Foxit Software
          2015-12-08 21:24:21 ----D---- C:\ProgramData\Foxit ContentPlatform
          2015-12-08 21:24:19 ----D---- C:\Program Files\Foxit Software
          2015-12-08 21:14:05 ----D---- C:\Users\Sara\AppData\Roaming\Opera Software
          2015-12-08 21:13:07 ----D---- C:\Program Files\Opera
          2015-12-08 15:56:02 ----D---- C:\rsit
          2015-12-08 13:54:34 ----RSHD---- C:\ProgramData\Security
          2015-12-06 16:11:37 ----D---- C:\Users\Sara\AppData\Roaming\Rar
          2015-12-04 10:51:33 ----D---- C:\ProgramData\Build Instance
          2015-12-04 10:51:27 ----D---- C:\ProgramData\ScientistMiss
          2015-11-29 11:53:23 ----D---- C:\Windows\Prefetch
          2015-11-16 13:28:09 ----D---- C:\Users\Sara\AppData\Roaming\TunnelBear
          2015-11-16 12:47:53 ----D---- C:\Program Files\Panda Security URL Filtering
          2015-11-16 11:43:07 ----D---- C:\Program Files\Emsisoft Anti-Malware
          2015-11-11 20:49:21 ----A---- C:\Windows\system32\apphelp.dll
          2015-11-11 20:49:21 ----A---- C:\Windows\system32\aelupsvc.dll
          2015-11-11 20:49:20 ----A---- C:\Windows\system32\shimeng.dll
          2015-11-11 20:49:20 ----A---- C:\Windows\system32\sdbinst.exe
          2015-11-11 20:48:56 ----A---- C:\Windows\system32\drivers\tdx.sys
          2015-11-11 20:48:56 ----A---- C:\Windows\system32\drivers\afd.sys
          2015-11-11 20:48:44 ----A---- C:\Windows\system32\kerberos.dll
          2015-11-11 20:48:42 ----A---- C:\Windows\system32\schannel.dll
          2015-11-11 20:48:41 ----A---- C:\Windows\system32\ntoskrnl.exe
          2015-11-11 20:48:41 ----A---- C:\Windows\system32\ncrypt.dll
          2015-11-11 20:48:39 ----A---- C:\Windows\system32\ntkrnlpa.exe
          2015-11-11 20:48:38 ----A---- C:\Windows\system32\ntdll.dll
          2015-11-11 20:48:38 ----A---- C:\Windows\system32\lsasrv.dll
          2015-11-11 20:48:38 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
          2015-11-11 20:48:37 ----A---- C:\Windows\system32\srcore.dll
          2015-11-11 20:48:37 ----A---- C:\Windows\system32\rstrui.exe
          2015-11-11 20:48:37 ----A---- C:\Windows\system32\drivers\ksecdd.sys
          2015-11-11 20:48:36 ----A---- C:\Windows\system32\rpcrt4.dll
          2015-11-11 20:48:36 ----A---- C:\Windows\system32\msv1_0.dll
          2015-11-11 20:48:35 ----A---- C:\Windows\system32\wdigest.dll
          2015-11-11 20:48:35 ----A---- C:\Windows\system32\TSpkg.dll
          2015-11-11 20:48:35 ----A---- C:\Windows\system32\smss.exe
          2015-11-11 20:48:35 ----A---- C:\Windows\system32\auditpol.exe
          2015-11-11 20:48:34 ----A---- C:\Windows\system32\sspicli.dll
          2015-11-11 20:48:34 ----A---- C:\Windows\system32\srclient.dll
          2015-11-11 20:48:34 ----A---- C:\Windows\system32\lsass.exe
          2015-11-11 20:48:34 ----A---- C:\Windows\system32\csrsrv.dll
          2015-11-11 20:48:32 ----A---- C:\Windows\system32\sspisrv.dll
          2015-11-11 20:48:32 ----A---- C:\Windows\system32\secur32.dll
          2015-11-11 20:48:32 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
          2015-11-11 20:48:32 ----A---- C:\Windows\system32\cryptbase.dll
          2015-11-11 20:48:32 ----A---- C:\Windows\system32\credssp.dll
          2015-11-11 20:48:31 ----A---- C:\Windows\system32\msaudite.dll
          2015-11-11 20:48:31 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
          2015-11-11 20:48:31 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
          2015-11-11 20:48:31 ----A---- C:\Windows\system32\apisetschema.dll
          2015-11-11 20:48:31 ----A---- C:\Windows\system32\adtschema.dll
          2015-11-11 20:48:30 ----A---- C:\Windows\system32\msobjs.dll
          2015-11-11 20:48:07 ----A---- C:\Windows\system32\drivers\ndis.sys
          2015-11-11 20:47:11 ----A---- C:\Windows\system32\drivers\cng.sys
          2015-11-11 20:47:10 ----A---- C:\Windows\system32\bcryptprimitives.dll
          2015-11-11 20:46:47 ----A---- C:\Windows\system32\InkEd.dll
          2015-11-11 09:47:32 ----D---- C:\FRST
          2015-10-24 23:24:07 ----D---- C:\zoek_backup
          2015-10-24 21:34:20 ----A---- C:\Windows\WORDPAD.INI
          2015-10-24 15:54:30 ----D---- C:\Program Files\VS Revo Group
          2015-10-24 15:53:47 ----D---- C:\Windows\system32\PolicyDefinitions
          2015-10-24 15:53:40 ----D---- C:\Program Files\Spybot Anti-Beacon
          2015-10-24 15:48:30 ----A---- C:\Windows\system32\drivers\HWiNFO32.SYS
          2015-10-24 15:48:27 ----D---- C:\Users\Sara\AppData\Roaming\IObit
          2015-10-24 14:09:47 ----D---- C:\Program Files\CCleaner
          2015-10-24 13:18:16 ----D---- C:\AdwCleaner
          2015-10-23 18:52:32 ----A---- C:\Windows\zip.exe
          2015-10-23 18:52:32 ----A---- C:\Windows\SWREG.exe
          2015-10-23 18:52:32 ----A---- C:\Windows\sed.exe
          2015-10-23 18:52:32 ----A---- C:\Windows\PEV.exe
          2015-10-23 18:52:32 ----A---- C:\Windows\NIRCMD.exe
          2015-10-23 18:52:32 ----A---- C:\Windows\MBR.exe
          2015-10-23 18:52:32 ----A---- C:\Windows\grep.exe
          2015-10-23 18:52:20 ----D---- C:\Qoobox
          2015-10-23 09:13:34 ----D---- C:\Program Files\Mozilla Maintenance Service
          2015-10-23 08:56:56 ----A---- C:\DelFix.txt
          2015-10-15 07:33:27 ----A---- C:\Windows\system32\invagent.dll
          2015-10-15 07:33:27 ----A---- C:\Windows\system32\appraiser.dll
          2015-10-15 07:33:27 ----A---- C:\Windows\system32\aeinv.dll
          2015-10-15 07:33:26 ----A---- C:\Windows\system32\generaltel.dll
          2015-10-15 07:33:26 ----A---- C:\Windows\system32\devinv.dll
          2015-10-15 07:33:25 ----A---- C:\Windows\system32\CompatTelRunner.exe
          2015-10-15 07:33:25 ----A---- C:\Windows\system32\acmigration.dll
          2015-10-14 10:51:24 ----D---- C:\Windows\pss
          2015-10-14 08:26:22 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
          2015-10-14 08:26:22 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
          2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
          2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
          2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
          2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
          2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
          2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
          2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
          2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
          2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
          2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
          2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
          2015-10-14 08:26:20 ----A---- C:\Windows\system32\ucrtbase.dll
          2015-10-14 08:26:20 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
          2015-10-14 08:26:20 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
          2015-10-14 08:26:20 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
          2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
          2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
          2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
          2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
          2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
          2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
          2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
          2015-10-14 08:26:14 ----A---- C:\Windows\system32\shell32.dll
          2015-10-14 08:26:12 ----A---- C:\Windows\system32\ExplorerFrame.dll
          2015-10-14 08:24:58 ----A---- C:\Windows\system32\appidsvc.dll
          2015-10-14 08:24:58 ----A---- C:\Windows\system32\appidpolicyconverter.exe
          2015-10-14 08:24:58 ----A---- C:\Windows\system32\appidapi.dll
          2015-10-14 08:24:57 ----A---- C:\Windows\system32\setbcdlocale.dll
          2015-10-14 08:24:57 ----A---- C:\Windows\system32\appidcertstorecheck.exe
          2015-10-14 08:24:56 ----A---- C:\Windows\system32\drivers\appid.sys
          2015-10-13 01:29:08 ----A---- C:\Windows\system32\msvcr120_clr0400.dll

          ======List of files/folders modified in the last 3 months======

          2016-01-09 15:22:40 ----D---- C:\Program Files\trend micro
          2016-01-09 14:56:14 ----D---- C:\Windows\System32
          2016-01-09 14:55:53 ----D---- C:\Windows
          2016-01-09 14:13:28 ----D---- C:\Windows\system32\drivers
          2016-01-09 13:46:30 ----D---- C:\ProgramData
          2016-01-09 13:46:27 ----RD---- C:\Program Files
          2016-01-09 13:46:26 ----D---- C:\Windows\system32\Tasks
          2016-01-09 11:01:35 ----D---- C:\Users\Sara\AppData\Roaming\WinRAR
          2016-01-09 10:36:22 ----D---- C:\Windows\inf
          2016-01-09 10:36:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
          2016-01-09 01:56:59 ----D---- C:\Windows\SoftwareDistribution
          2016-01-09 01:56:59 ----D---- C:\Windows\debug
          2016-01-08 12:48:15 ----D---- C:\Windows\system32\config
          2016-01-07 16:28:41 ----D---- C:\Windows\Tasks
          2016-01-07 16:28:40 ----A---- C:\Windows\system32\FlashPlayerApp.exe
          2016-01-07 11:33:18 ----D---- C:\ProgramData\panda_url_filtering
          2016-01-02 18:05:58 ----D---- C:\Windows\Speech
          2016-01-02 02:13:03 ----D---- C:\Users\Sara\AppData\Roaming\Spotify
          2015-12-31 13:16:29 ----A---- C:\Windows\system.ini
          2015-12-31 13:16:03 ----D---- C:\Windows\system32\drivers\etc
          2015-12-31 13:08:16 ----D---- C:\Windows\AppPatch
          2015-12-31 13:08:12 ----D---- C:\Program Files\Common Files
          2015-12-31 10:01:21 ----D---- C:\Windows\IME
          2015-12-31 10:01:20 ----D---- C:\Windows\registration
          2015-12-25 05:47:23 ----D---- C:\Windows\Help
          2015-12-24 14:56:18 ----SHD---- C:\Windows\Installer
          2015-12-24 14:56:17 ----D---- C:\Program Files\Java
          2015-12-24 14:54:04 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
          2015-12-24 06:43:09 ----D---- C:\Windows\Microsoft.NET
          2015-12-23 22:36:27 ----RSD---- C:\Windows\assembly
          2015-12-23 22:35:44 ----D---- C:\Users\Sara\AppData\Roaming\FileZilla
          2015-12-23 08:17:22 ----D---- C:\Windows\Logs
          2015-12-22 12:54:05 ----D---- C:\ProgramData\NVIDIA Corporation
          2015-12-22 12:52:09 ----D---- C:\ProgramData\NVIDIA
          2015-12-22 12:51:54 ----D---- C:\Program Files\NVIDIA Corporation
          2015-12-22 12:51:27 ----D---- C:\Windows\system32\DriverStore
          2015-12-22 12:50:55 ----RD---- C:\Users
          2015-12-21 00:28:41 ----D---- C:\Users\Sara\AppData\Roaming\Skype
          2015-12-20 07:20:57 ----D---- C:\Windows\PLA
          2015-12-19 10:19:15 ----D---- C:\Windows\system32\LogFiles
          2015-12-18 23:10:55 ----D---- C:\Windows\winsxs
          2015-12-18 23:10:53 ----SD---- C:\Windows\system32\GWX
          2015-12-16 22:46:04 ----D---- C:\Windows\addins
          2015-12-11 13:56:03 ----D---- C:\Windows\rescache
          2015-12-11 06:35:23 ----D---- C:\Windows\system32\nl-NL
          2015-12-11 06:35:23 ----D---- C:\Windows\system32\en-US
          2015-12-11 06:35:21 ----D---- C:\Program Files\Internet Explorer
          2015-12-11 06:35:16 ----RSD---- C:\Windows\Fonts
          2015-12-11 01:13:40 ----D---- C:\Program Files\Microsoft Silverlight
          2015-12-11 01:11:16 ----D---- C:\Windows\system32\catroot2
          2015-12-11 01:10:28 ----D---- C:\Windows\system32\MRT
          2015-12-06 09:04:33 ----D---- C:\Windows\nl-NL
          2015-12-04 06:53:32 ----D---- C:\Windows\Offline Web Pages
          2015-12-03 10:05:58 ----D---- C:\Windows\SHELLNEW
          2015-12-02 13:25:18 ----N---- C:\Windows\system32\MpSigStub.exe
          2015-11-29 11:29:59 ----D---- C:\Users\Sara\AppData\Roaming\Notepad++
          2015-11-28 11:17:27 ----D---- C:\Program Files\Notepad++
          2015-11-23 19:09:54 ----A---- C:\Windows\system32\MRT.exe
          2015-11-22 09:52:17 ----D---- C:\ProgramData\Skype
          2015-11-17 10:34:14 ----D---- C:\Users\Sara\AppData\Roaming\uTorrent
          2015-11-16 12:46:06 ----D---- C:\ProgramData\Panda Security
          2015-11-16 12:46:06 ----D---- C:\Program Files\Panda Security
          2015-11-16 12:45:27 ----D---- C:\Users\Sara\AppData\Roaming\Panda Security
          2015-11-15 21:53:02 ----SHD---- C:\System Volume Information
          2015-11-15 12:50:51 ----D---- C:\Users\Sara\AppData\Roaming\Logs
          2015-11-12 03:55:53 ----D---- C:\Windows\system32\migration
          2015-11-11 11:38:35 ----D---- C:\Windows\system32\NDF
          2015-10-26 19:42:49 ----D---- C:\Windows\LiveKernelReports
          2015-10-25 09:44:16 ----D---- C:\Windows\Minidump
          2015-10-23 18:16:45 ----D---- C:\Program Files\Malwarebytes Anti-Malware
          2015-10-21 19:27:16 ----D---- C:\Program Files\SRWare Iron
          2015-10-20 20:29:28 ----D---- C:\Users\Sara\AppData\Roaming\TeamViewer
          2015-10-17 14:18:27 ----D---- C:\Program Files\FileZilla FTP Client
          2015-10-15 23:11:40 ----SD---- C:\Windows\system32\CompatTel
          2015-10-15 23:11:39 ----D---- C:\Windows\system32\appraiser
          2015-10-15 09:49:12 ----RD---- C:\Program Files\Skype
          2015-10-15 07:14:57 ----D---- C:\Windows\system32\CodeIntegrity

          ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

          R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
          R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
          R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [2015-05-20 50992]
          R3 NVENETFD;NVIDIA nForce-netwerkcontroller; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
          R3 tap-tb-0901;TunnelBear Adapter V9; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [2015-08-10 33280]
          S1 epp;epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [2015-10-23 102128]
          S1 epp32;epp32; \??\C:\EEK\bin\epp32.sys [2016-01-08 112408]
          S1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\system32\drivers\HWiNFO32.SYS [2015-10-24 23840]
          S1 ierhpkrd;ierhpkrd; \??\C:\Windows\system32\drivers\ierhpkrd.sys
          S1 NNSALPC;NNSAlpc; C:\Windows\system32\DRIVERS\NNSAlpc.sys [2015-07-09 87032]
          S1 NNSHTTP;NNSHttp; C:\Windows\system32\DRIVERS\NNSHttp.sys [2015-07-09 202104]
          S1 NNSHTTPS;NNSHttps; C:\Windows\system32\DRIVERS\NNSHttps.sys [2015-07-09 109688]
          S1 NNSIDS;NNSids; C:\Windows\system32\DRIVERS\NNSIds.sys [2015-07-09 121720]
          S1 NNSPICC;NNSPicc; C:\Windows\system32\DRIVERS\NNSPicc.sys [2015-07-09 102264]
          S1 NNSPIHSW;NNSPihsw; C:\Windows\system32\DRIVERS\NNSPihsw.sys [2015-08-31 65272]
          S1 NNSPOP3;NNSPop3; C:\Windows\system32\DRIVERS\NNSPop3.sys [2015-07-09 120568]
          S1 NNSPROT;NNSProt; C:\Windows\system32\DRIVERS\NNSProt.sys [2015-07-09 281720]
          S1 NNSPRV;NNSPrv; C:\Windows\system32\DRIVERS\NNSPrv.sys [2015-07-09 209016]
          S1 NNSSMTP;NNSSmtp; C:\Windows\system32\DRIVERS\NNSSmtp.sys [2015-07-09 108408]
          S1 NNSSTRM;NNSStrm; C:\Windows\system32\DRIVERS\NNSStrm.sys [2015-07-09 240376]
          S1 NNSTLSC;NNSTlsc; C:\Windows\system32\DRIVERS\NNSTlsc.sys [2015-07-09 94968]
          S1 PSINKNC;PSINKnc; C:\Windows\system32\DRIVERS\psinknc.sys [2015-07-19 168696]
          S2 irda;IrDA-protocol; C:\Windows\system32\DRIVERS\irda.sys [2009-07-14 96768]
          S2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
          S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
          S2 PSINAflt;PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [2015-07-19 140024]
          S2 PSINFile;PSINFile; C:\Windows\system32\DRIVERS\PSINFile.sys [2015-07-19 105208]
          S2 PSINProc;PSINProc; C:\Windows\system32\DRIVERS\PSINProc.sys [2015-07-19 113912]
          S2 PSINProt;PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [2015-07-19 124664]
          S2 PSINReg;PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [2015-07-19 100600]
          S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
          S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832]
          S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
          S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
          S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
          S3 catchme;catchme; \??\C:\Users\Sara\AppData\Local\Temp\catchme.sys
          S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2006-11-02 20992]
          S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-10-05 23256]
          S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-10-05 51928]
          S3 MFE_RR;MFE_RR; \??\C:\Users\Sara\AppData\Local\Temp\mfe_rr.sys
          S3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-12-09 18552]
          S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2015-08-11 44840]
          S3 panda_url_filteringd;panda_url_filteringd driver; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [2014-02-18 40024]
          S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
          S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [2015-05-22 50832]
          S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
          S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2009-09-21 98560]
          S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2009-09-21 14848]
          S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2009-09-21 123776]
          S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
          S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
          S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
          S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
          S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

          ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

          R2 NanoServiceMain;Panda Protection Service; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [2015-10-18 142072]
          R2 PSUAService;Panda Product Service; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [2015-10-22 38136]
          S2 a2AntiMalware;Emsisoft Protection Service; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [2015-11-10 7101240]
          S2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
          S2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
          S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
          S2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-12-09 922744]
          S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-25 107848]
          S2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
          S2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
          S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
          S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
          S2 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-12-09 1872504]
          S2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-12-09 5119096]
          S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-31 634656]
          S2 PandaAgent;Panda Devices Agent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [2015-10-28 73464]
          S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
          S2 TeamViewer;TeamViewer 10; C:\Program Files\TeamViewer\TeamViewer_Service.exe [2014-11-28 5419792]
          S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-07 269504]
          S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-25 107848]
          S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-11-10 102912]
          S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-12-25 147624]
          S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-12-09 6443128]
          S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
          S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2013-03-01 118520]
          S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-02-10 1343400]
          S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
          S4 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
          S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
          S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
          S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

          -----------------EOF-----------------

          Comment


          • #6
            Bij normaal opstarten krijg ik een rare melding in beeld zie hier Click image for larger version

Name:	Screenshot_116.png
Views:	1
Size:	18,6 KB
ID:	1068627

            maar hierbij het logje in de normale modus


            Logfile of random's system information tool 1.10 (written by random/random)
            Run by Sara at 2016-01-09 15:34:37
            Microsoft Windows 7 Starter Service Pack 1
            System drive C: has 87 GB (57%) free of 153 GB
            Total RAM: 1984 MB (52% free)

            Logfile of Trend Micro HijackThis v2.0.4
            Scan saved at 15:35:03, on 9-1-2016
            Platform: Windows 7 SP1 (WinNT 6.00.3505)
            MSIE: Internet Explorer v11.0 (11.00.9600.18124)
            Boot mode: Normal

            Running processes:
            C:\Windows\system32\Dwm.exe
            C:\Windows\Explorer.EXE
            C:\Windows\system32\taskhost.exe
            C:\Windows\SOUNDMAN.EXE
            C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
            C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
            C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
            C:\Windows\system32\GWX\GWX.exe
            C:\Program Files\Common Files\Java\Java Update\jusched.exe
            C:\Users\Sara\AppData\Roaming\Spotify\SpotifyWebHelper.exe
            C:\Windows\system32\taskeng.exe
            C:\ProgramData\Sidebar\Sidebar.exe
            C:\Program Files\CCleaner\CCleaner.exe
            C:\ProgramData\Sidebar\Sidebar.exe
            C:\Users\Sara\Downloads\RSIT.exe
            C:\Program Files\trend micro\Sara.exe
            C:\Windows\system32\SearchFilterHost.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?FORM=INCO...G=ICO-24c40057
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
            O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll
            O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
            O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll
            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
            O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
            O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
            O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
            O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Sara\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
            O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
            O4 - Startup: Sidebar.com.url
            O4 - Startup: Sidebar.eu.url
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
            O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
            O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
            O23 - Service: Emsisoft Protection Service (a2AntiMalware) - Emsisoft Ltd - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
            O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
            O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
            O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
            O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
            O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
            O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
            O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
            O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
            O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
            O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
            O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
            O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
            O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
            O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
            O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe
            O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
            O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

            --
            End of file - 5833 bytes

            ======Scheduled tasks folder======

            C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe -check pepperplugin
            C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
            C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
            C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
            C:\Windows\tasks\Opera scheduled Autoupdate 1449605623.job - C:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0)

            =========Mozilla firefox=========

            ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\as6hys20.default

            prefs.js - "browser.search.useDBForOrder" - true
            prefs.js - "browser.startup.homepage" - "http://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-24c40057"
            prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q="

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
            "Description"=Adobe® Flash® Player 20.0.0.267 Plugin
            "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
            "Description"=
            "Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
            "Description"=
            "Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
            "Description"=
            "Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
            "Description"=
            "Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.66.2]
            "Description"=Java™ Deployment Toolkit
            "Path"=C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2]
            "Description"=Oracle® Next Generation Java™ Plug-In
            "Path"=C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
            "Description"=
            "Path"=disabled

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
            "Description"=Ag Player Plugin
            "Path"=c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
            "Description"=Google Update
            "Path"=C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
            "Description"=Google Update
            "Path"=C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll


            C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\as6hys20.default\searchplugins\
            bing-.xml

            ======Registry dump======

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
            Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-24 460384]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
            Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12 1725056]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
            Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-24 172640]

            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
            "SoundMan"=C:\Windows\SOUNDMAN.EXE [2009-04-14 604704]
            "PSUAMain"=C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [2015-10-22 54520]
            "NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2015-12-09 2771576]
            "ShadowPlay"=C:\Windows\system32\nvspcap.dll [2015-12-09 1530240]
            "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]

            [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
            "Spotify Web Helper"=C:\Users\Sara\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-12-19 2346096]
            "CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2015-09-16 6495144]

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
            C:\Users\Sara\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-12-19 2346096]

            C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
            Sidebar.com.url
            Sidebar.eu.url

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
            "SecurityProviders"=credssp.dll

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NanoServiceMain]

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSUAService]

            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
            "ConsentPromptBehaviorAdmin"=5
            "ConsentPromptBehaviorUser"=3
            "EnableUIADesktopToggle"=0
            "dontdisplaylastusername"=0
            "legalnoticecaption"=
            "legalnoticetext"=
            "shutdownwithoutlogon"=1
            "undockwithoutlogon"=1
            "SoftwareSASGeneration"=1

            [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
            "NoDrives"=0
            "RestrictRun"=0

            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
            "NoDrives"=0
            "RestrictRun"=0

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]


            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastSvc.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgidsagent.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blindman.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccuac.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\instup.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keyscrambler.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbampt.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamscheduler.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamservice.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDFiles.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDMain.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDWinSec.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe]
            "Debugger="C:\Windows\System32\svchost.exe
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe]
            "Debugger="C:\Windows\System32\svchost.exe

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
            "vidc.mrle"=msrle32.dll
            "vidc.msvc"=msvidc32.dll
            "msacm.imaadpcm"=imaadp32.acm
            "msacm.msg711"=msg711.acm
            "msacm.msgsm610"=msgsm32.acm
            "msacm.msadpcm"=msadp32.acm
            "midimapper"=midimap.dll
            "wavemapper"=msacm32.drv
            "VIDC.UYVY"=msyuv.dll
            "VIDC.YUY2"=msyuv.dll
            "VIDC.YVYU"=msyuv.dll
            "VIDC.IYUV"=iyuv_32.dll
            "vidc.i420"=iyuv_32.dll
            "VIDC.YVU9"=tsbyuv.dll
            "msacm.l3acm"=C:\Windows\System32\l3codeca.acm
            "vidc.cvid"=iccvid.dll
            "MSVideo8"=VfWWDM32.dll
            "wave"=wdmaud.drv
            "mixer"=wdmaud.drv
            "wave1"=wdmaud.drv
            "midi"=wdmaud.drv
            "mixer1"=wdmaud.drv
            "vidc.mjpg"=bdmjpeg.dll
            "vidc.mpeg"=bdmpegv.dll
            "msacm.bdmpeg"=bdmpega.acm
            "vidc.dvsd"=pdvcodec.dll
            "wave2"=wdmaud.drv
            "midi1"=wdmaud.drv
            "mixer2"=wdmaud.drv

            ======File associations======

            .js - edit - C:\Windows\System32\Notepad.exe %1

            ======List of files/folders created in the last 3 months======

            2016-01-09 15:27:41 ----A---- C:\Windows\system32\FNTCACHE.DAT
            2016-01-09 14:13:21 ----SHD---- C:\$RECYCLE.BIN
            2016-01-09 13:49:24 ----A---- C:\Windows\zoek-delete.exe
            2016-01-09 13:49:23 ----D---- C:\Windows\Temp
            2016-01-09 10:33:41 ----D---- C:\Program Files\ControlConsoleAPI
            2016-01-08 20:07:30 ----D---- C:\EEK
            2016-01-08 10:22:51 ----D---- C:\ProgramData\Ahead Chart
            2016-01-07 11:35:25 ----A---- C:\Windows\system32\drivers\PSKMAD.sys
            2016-01-02 19:56:31 ----D---- C:\32788R22FWJFW
            2016-01-02 18:05:58 ----D---- C:\Avenger
            2016-01-02 17:45:22 ----RSHD---- C:\ProgramData\iexplore
            2015-12-31 13:20:26 ----A---- C:\ComboFix.txt
            2015-12-25 07:07:32 ----D---- C:\Program Files\Mozilla Firefox
            2015-12-25 07:00:18 ----SHD---- C:\ProgramData\Sidebar
            2015-12-24 14:55:23 ----D---- C:\Program Files\Common Files\Java
            2015-12-23 22:36:26 ----D---- C:\Program Files\Microsoft ASP.NET
            2015-12-22 12:52:02 ----A---- C:\Windows\system32\D3DX9_43.dll
            2015-12-22 12:52:02 ----A---- C:\Windows\system32\d3dx11_43.dll
            2015-12-22 12:52:02 ----A---- C:\Windows\system32\d3dx10_43.dll
            2015-12-22 12:51:57 ----A---- C:\Windows\system32\NvRtmpStreamer32.dll
            2015-12-22 12:51:55 ----A---- C:\Windows\system32\nvspbridge.dll
            2015-12-22 12:51:54 ----A---- C:\Windows\system32\nvspcap.dll
            2015-12-22 12:50:43 ----A---- C:\Windows\system32\nvaudcap32v.dll
            2015-12-22 12:50:43 ----A---- C:\Windows\system32\drivers\nvvad32v.sys
            2015-12-18 23:11:06 ----D---- C:\adaa02c2ddd5266791770efee378
            2015-12-13 19:52:04 ----D---- C:\ProgramData\Desk should
            2015-12-11 10:40:42 ----A---- C:\Windows\system32\win32k.sys
            2015-12-11 10:40:42 ----A---- C:\Windows\system32\DWrite.dll
            2015-12-11 10:40:39 ----A---- C:\Windows\system32\FntCache.dll
            2015-12-11 10:40:38 ----A---- C:\Windows\system32\user32.dll
            2015-12-10 09:47:43 ----A---- C:\Windows\system32\comsvcs.dll
            2015-12-10 09:47:42 ----A---- C:\Windows\system32\catsrvut.dll
            2015-12-10 09:45:59 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
            2015-12-10 09:45:57 ----A---- C:\Windows\system32\ieetwproxystub.dll
            2015-12-10 09:45:57 ----A---- C:\Windows\system32\ieetwcollector.exe
            2015-12-10 09:45:55 ----A---- C:\Windows\system32\iernonce.dll
            2015-12-10 09:45:55 ----A---- C:\Windows\system32\ie4uinit.exe
            2015-12-10 09:45:51 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
            2015-12-10 09:45:49 ----A---- C:\Windows\system32\occache.dll
            2015-12-10 09:45:48 ----A---- C:\Windows\system32\urlmon.dll
            2015-12-10 09:45:48 ----A---- C:\Windows\system32\iedkcs32.dll
            2015-12-10 09:45:47 ----A---- C:\Windows\system32\jsproxy.dll
            2015-12-10 09:45:46 ----A---- C:\Windows\system32\ieUnatt.exe
            2015-12-10 09:45:45 ----A---- C:\Windows\system32\jscript9diag.dll
            2015-12-10 09:45:45 ----A---- C:\Windows\system32\dxtmsft.dll
            2015-12-10 09:45:44 ----A---- C:\Windows\system32\ieapfltr.dll
            2015-12-10 09:45:43 ----A---- C:\Windows\system32\msfeeds.dll
            2015-12-10 09:45:36 ----A---- C:\Windows\system32\webcheck.dll
            2015-12-10 09:45:35 ----A---- C:\Windows\system32\msrating.dll
            2015-12-10 09:45:34 ----A---- C:\Windows\system32\iesetup.dll
            2015-12-10 09:45:32 ----A---- C:\Windows\system32\wininet.dll
            2015-12-10 09:45:32 ----A---- C:\Windows\system32\ieetwcollectorres.dll
            2015-12-10 09:45:30 ----A---- C:\Windows\system32\dxtrans.dll
            2015-12-10 09:45:29 ----A---- C:\Windows\system32\ieui.dll
            2015-12-10 09:45:27 ----A---- C:\Windows\system32\ieframe.dll
            2015-12-10 09:45:23 ----A---- C:\Windows\system32\mshtmled.dll
            2015-12-10 09:45:22 ----A---- C:\Windows\system32\mshtmlmedia.dll
            2015-12-10 09:45:20 ----A---- C:\Windows\system32\MshtmlDac.dll
            2015-12-10 09:45:18 ----A---- C:\Windows\system32\iertutil.dll
            2015-12-10 09:45:03 ----A---- C:\Windows\system32\mshtml.dll
            2015-12-10 09:44:59 ----A---- C:\Windows\system32\jscript9.dll
            2015-12-10 09:44:56 ----A---- C:\Windows\system32\jscript.dll
            2015-12-10 09:44:54 ----A---- C:\Windows\system32\vbscript.dll
            2015-12-10 09:44:18 ----A---- C:\Windows\system32\tzres.dll
            2015-12-10 09:43:51 ----A---- C:\Windows\system32\wuapi.dll
            2015-12-10 09:43:50 ----A---- C:\Windows\system32\wuaueng.dll
            2015-12-10 09:43:49 ----A---- C:\Windows\system32\wucltux.dll
            2015-12-10 09:43:48 ----A---- C:\Windows\system32\wuwebv.dll
            2015-12-10 09:43:47 ----A---- C:\Windows\system32\wudriver.dll
            2015-12-10 09:43:47 ----A---- C:\Windows\system32\wuauclt.exe
            2015-12-10 09:43:47 ----A---- C:\Windows\system32\WinSetupUI.dll
            2015-12-10 09:43:46 ----A---- C:\Windows\system32\wups2.dll
            2015-12-10 09:43:45 ----A---- C:\Windows\system32\wups.dll
            2015-12-10 09:43:45 ----A---- C:\Windows\system32\wuapp.exe
            2015-12-10 09:43:44 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
            2015-12-10 09:43:21 ----A---- C:\Windows\system32\nlsbres.dll
            2015-12-10 09:43:20 ----A---- C:\Windows\system32\KBDAZEL.DLL
            2015-12-10 09:43:20 ----A---- C:\Windows\system32\KBDAZE.DLL
            2015-12-10 09:43:18 ----A---- C:\Windows\system32\kbdgeoqw.dll
            2015-12-10 09:42:58 ----A---- C:\Windows\system32\els.dll
            2015-12-10 09:42:55 ----A---- C:\Windows\system32\usp10.dll
            2015-12-10 09:42:50 ----A---- C:\Windows\system32\drivers\rmcast.sys
            2015-12-10 09:42:49 ----A---- C:\Windows\system32\wshrm.dll
            2015-12-08 21:26:52 ----D---- C:\Users\Sara\AppData\Roaming\Foxit Software
            2015-12-08 21:24:21 ----D---- C:\ProgramData\Foxit ContentPlatform
            2015-12-08 21:24:19 ----D---- C:\Program Files\Foxit Software
            2015-12-08 21:14:05 ----D---- C:\Users\Sara\AppData\Roaming\Opera Software
            2015-12-08 21:13:07 ----D---- C:\Program Files\Opera
            2015-12-08 15:56:02 ----D---- C:\rsit
            2015-12-08 13:54:34 ----RSHD---- C:\ProgramData\Security
            2015-12-06 16:11:37 ----D---- C:\Users\Sara\AppData\Roaming\Rar
            2015-12-04 10:51:33 ----D---- C:\ProgramData\Build Instance
            2015-12-04 10:51:27 ----D---- C:\ProgramData\ScientistMiss
            2015-11-29 11:53:23 ----D---- C:\Windows\Prefetch
            2015-11-16 13:28:09 ----D---- C:\Users\Sara\AppData\Roaming\TunnelBear
            2015-11-16 12:47:53 ----D---- C:\Program Files\Panda Security URL Filtering
            2015-11-16 11:43:07 ----D---- C:\Program Files\Emsisoft Anti-Malware
            2015-11-11 20:49:21 ----A---- C:\Windows\system32\apphelp.dll
            2015-11-11 20:49:21 ----A---- C:\Windows\system32\aelupsvc.dll
            2015-11-11 20:49:20 ----A---- C:\Windows\system32\shimeng.dll
            2015-11-11 20:49:20 ----A---- C:\Windows\system32\sdbinst.exe
            2015-11-11 20:48:56 ----A---- C:\Windows\system32\drivers\tdx.sys
            2015-11-11 20:48:56 ----A---- C:\Windows\system32\drivers\afd.sys
            2015-11-11 20:48:44 ----A---- C:\Windows\system32\kerberos.dll
            2015-11-11 20:48:42 ----A---- C:\Windows\system32\schannel.dll
            2015-11-11 20:48:41 ----A---- C:\Windows\system32\ntoskrnl.exe
            2015-11-11 20:48:41 ----A---- C:\Windows\system32\ncrypt.dll
            2015-11-11 20:48:39 ----A---- C:\Windows\system32\ntkrnlpa.exe
            2015-11-11 20:48:38 ----A---- C:\Windows\system32\ntdll.dll
            2015-11-11 20:48:38 ----A---- C:\Windows\system32\lsasrv.dll
            2015-11-11 20:48:38 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
            2015-11-11 20:48:37 ----A---- C:\Windows\system32\srcore.dll
            2015-11-11 20:48:37 ----A---- C:\Windows\system32\rstrui.exe
            2015-11-11 20:48:37 ----A---- C:\Windows\system32\drivers\ksecdd.sys
            2015-11-11 20:48:36 ----A---- C:\Windows\system32\rpcrt4.dll
            2015-11-11 20:48:36 ----A---- C:\Windows\system32\msv1_0.dll
            2015-11-11 20:48:35 ----A---- C:\Windows\system32\wdigest.dll
            2015-11-11 20:48:35 ----A---- C:\Windows\system32\TSpkg.dll
            2015-11-11 20:48:35 ----A---- C:\Windows\system32\smss.exe
            2015-11-11 20:48:35 ----A---- C:\Windows\system32\auditpol.exe
            2015-11-11 20:48:34 ----A---- C:\Windows\system32\sspicli.dll
            2015-11-11 20:48:34 ----A---- C:\Windows\system32\srclient.dll
            2015-11-11 20:48:34 ----A---- C:\Windows\system32\lsass.exe
            2015-11-11 20:48:34 ----A---- C:\Windows\system32\csrsrv.dll
            2015-11-11 20:48:32 ----A---- C:\Windows\system32\sspisrv.dll
            2015-11-11 20:48:32 ----A---- C:\Windows\system32\secur32.dll
            2015-11-11 20:48:32 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
            2015-11-11 20:48:32 ----A---- C:\Windows\system32\cryptbase.dll
            2015-11-11 20:48:32 ----A---- C:\Windows\system32\credssp.dll
            2015-11-11 20:48:31 ----A---- C:\Windows\system32\msaudite.dll
            2015-11-11 20:48:31 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
            2015-11-11 20:48:31 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
            2015-11-11 20:48:31 ----A---- C:\Windows\system32\apisetschema.dll
            2015-11-11 20:48:31 ----A---- C:\Windows\system32\adtschema.dll
            2015-11-11 20:48:30 ----A---- C:\Windows\system32\msobjs.dll
            2015-11-11 20:48:07 ----A---- C:\Windows\system32\drivers\ndis.sys
            2015-11-11 20:47:11 ----A---- C:\Windows\system32\drivers\cng.sys
            2015-11-11 20:47:10 ----A---- C:\Windows\system32\bcryptprimitives.dll
            2015-11-11 20:46:47 ----A---- C:\Windows\system32\InkEd.dll
            2015-11-11 09:47:32 ----D---- C:\FRST
            2015-10-24 23:24:07 ----D---- C:\zoek_backup
            2015-10-24 21:34:20 ----A---- C:\Windows\WORDPAD.INI
            2015-10-24 15:54:30 ----D---- C:\Program Files\VS Revo Group
            2015-10-24 15:53:47 ----D---- C:\Windows\system32\PolicyDefinitions
            2015-10-24 15:53:40 ----D---- C:\Program Files\Spybot Anti-Beacon
            2015-10-24 15:48:30 ----A---- C:\Windows\system32\drivers\HWiNFO32.SYS
            2015-10-24 15:48:27 ----D---- C:\Users\Sara\AppData\Roaming\IObit
            2015-10-24 14:09:47 ----D---- C:\Program Files\CCleaner
            2015-10-24 13:18:16 ----D---- C:\AdwCleaner
            2015-10-23 18:52:32 ----A---- C:\Windows\zip.exe
            2015-10-23 18:52:32 ----A---- C:\Windows\SWREG.exe
            2015-10-23 18:52:32 ----A---- C:\Windows\sed.exe
            2015-10-23 18:52:32 ----A---- C:\Windows\PEV.exe
            2015-10-23 18:52:32 ----A---- C:\Windows\NIRCMD.exe
            2015-10-23 18:52:32 ----A---- C:\Windows\MBR.exe
            2015-10-23 18:52:32 ----A---- C:\Windows\grep.exe
            2015-10-23 18:52:20 ----D---- C:\Qoobox
            2015-10-23 09:13:34 ----D---- C:\Program Files\Mozilla Maintenance Service
            2015-10-23 08:56:56 ----A---- C:\DelFix.txt
            2015-10-15 07:33:27 ----A---- C:\Windows\system32\invagent.dll
            2015-10-15 07:33:27 ----A---- C:\Windows\system32\appraiser.dll
            2015-10-15 07:33:27 ----A---- C:\Windows\system32\aeinv.dll
            2015-10-15 07:33:26 ----A---- C:\Windows\system32\generaltel.dll
            2015-10-15 07:33:26 ----A---- C:\Windows\system32\devinv.dll
            2015-10-15 07:33:25 ----A---- C:\Windows\system32\CompatTelRunner.exe
            2015-10-15 07:33:25 ----A---- C:\Windows\system32\acmigration.dll
            2015-10-14 10:51:24 ----D---- C:\Windows\pss
            2015-10-14 08:26:22 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
            2015-10-14 08:26:22 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
            2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
            2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
            2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
            2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
            2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
            2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
            2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
            2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
            2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
            2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
            2015-10-14 08:26:21 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
            2015-10-14 08:26:20 ----A---- C:\Windows\system32\ucrtbase.dll
            2015-10-14 08:26:20 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
            2015-10-14 08:26:20 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
            2015-10-14 08:26:20 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
            2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
            2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
            2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
            2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
            2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
            2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
            2015-10-14 08:26:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
            2015-10-14 08:26:14 ----A---- C:\Windows\system32\shell32.dll
            2015-10-14 08:26:12 ----A---- C:\Windows\system32\ExplorerFrame.dll
            2015-10-14 08:24:58 ----A---- C:\Windows\system32\appidsvc.dll
            2015-10-14 08:24:58 ----A---- C:\Windows\system32\appidpolicyconverter.exe
            2015-10-14 08:24:58 ----A---- C:\Windows\system32\appidapi.dll
            2015-10-14 08:24:57 ----A---- C:\Windows\system32\setbcdlocale.dll
            2015-10-14 08:24:57 ----A---- C:\Windows\system32\appidcertstorecheck.exe
            2015-10-14 08:24:56 ----A---- C:\Windows\system32\drivers\appid.sys
            2015-10-13 01:29:08 ----A---- C:\Windows\system32\msvcr120_clr0400.dll

            ======List of files/folders modified in the last 3 months======

            2016-01-09 15:34:48 ----D---- C:\Windows\system32\config
            2016-01-09 15:34:45 ----D---- C:\Program Files\trend micro
            2016-01-09 15:34:21 ----D---- C:\Windows\SoftwareDistribution
            2016-01-09 15:33:12 ----D---- C:\Windows
            2016-01-09 15:31:06 ----D---- C:\Windows\system32\drivers
            2016-01-09 15:27:41 ----D---- C:\Windows\System32
            2016-01-09 13:46:30 ----D---- C:\ProgramData
            2016-01-09 13:46:27 ----RD---- C:\Program Files
            2016-01-09 13:46:26 ----D---- C:\Windows\system32\Tasks
            2016-01-09 11:01:35 ----D---- C:\Users\Sara\AppData\Roaming\WinRAR
            2016-01-09 10:36:22 ----D---- C:\Windows\inf
            2016-01-09 10:36:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
            2016-01-09 01:56:59 ----D---- C:\Windows\debug
            2016-01-07 16:28:41 ----D---- C:\Windows\Tasks
            2016-01-07 16:28:40 ----A---- C:\Windows\system32\FlashPlayerApp.exe
            2016-01-07 11:33:18 ----D---- C:\ProgramData\panda_url_filtering
            2016-01-02 18:05:58 ----D---- C:\Windows\Speech
            2016-01-02 02:13:03 ----D---- C:\Users\Sara\AppData\Roaming\Spotify
            2015-12-31 13:16:29 ----A---- C:\Windows\system.ini
            2015-12-31 13:16:03 ----D---- C:\Windows\system32\drivers\etc
            2015-12-31 13:08:16 ----D---- C:\Windows\AppPatch
            2015-12-31 13:08:12 ----D---- C:\Program Files\Common Files
            2015-12-31 10:01:21 ----D---- C:\Windows\IME
            2015-12-31 10:01:20 ----D---- C:\Windows\registration
            2015-12-25 05:47:23 ----D---- C:\Windows\Help
            2015-12-24 14:56:18 ----SHD---- C:\Windows\Installer
            2015-12-24 14:56:17 ----D---- C:\Program Files\Java
            2015-12-24 14:54:04 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
            2015-12-24 06:43:09 ----D---- C:\Windows\Microsoft.NET
            2015-12-23 22:36:27 ----RSD---- C:\Windows\assembly
            2015-12-23 22:35:44 ----D---- C:\Users\Sara\AppData\Roaming\FileZilla
            2015-12-23 08:17:22 ----D---- C:\Windows\Logs
            2015-12-22 12:54:05 ----D---- C:\ProgramData\NVIDIA Corporation
            2015-12-22 12:52:09 ----D---- C:\ProgramData\NVIDIA
            2015-12-22 12:51:54 ----D---- C:\Program Files\NVIDIA Corporation
            2015-12-22 12:51:27 ----D---- C:\Windows\system32\DriverStore
            2015-12-22 12:50:55 ----RD---- C:\Users
            2015-12-21 00:28:41 ----D---- C:\Users\Sara\AppData\Roaming\Skype
            2015-12-20 07:20:57 ----D---- C:\Windows\PLA
            2015-12-19 10:19:15 ----D---- C:\Windows\system32\LogFiles
            2015-12-18 23:10:55 ----D---- C:\Windows\winsxs
            2015-12-18 23:10:53 ----SD---- C:\Windows\system32\GWX
            2015-12-16 22:46:04 ----D---- C:\Windows\addins
            2015-12-11 13:56:03 ----D---- C:\Windows\rescache
            2015-12-11 06:35:23 ----D---- C:\Windows\system32\nl-NL
            2015-12-11 06:35:23 ----D---- C:\Windows\system32\en-US
            2015-12-11 06:35:21 ----D---- C:\Program Files\Internet Explorer
            2015-12-11 06:35:16 ----RSD---- C:\Windows\Fonts
            2015-12-11 01:13:40 ----D---- C:\Program Files\Microsoft Silverlight
            2015-12-11 01:11:16 ----D---- C:\Windows\system32\catroot2
            2015-12-11 01:10:28 ----D---- C:\Windows\system32\MRT
            2015-12-06 09:04:33 ----D---- C:\Windows\nl-NL
            2015-12-04 06:53:32 ----D---- C:\Windows\Offline Web Pages
            2015-12-03 10:05:58 ----D---- C:\Windows\SHELLNEW
            2015-12-02 13:25:18 ----N---- C:\Windows\system32\MpSigStub.exe
            2015-11-29 11:29:59 ----D---- C:\Users\Sara\AppData\Roaming\Notepad++
            2015-11-28 11:17:27 ----D---- C:\Program Files\Notepad++
            2015-11-23 19:09:54 ----A---- C:\Windows\system32\MRT.exe
            2015-11-22 09:52:17 ----D---- C:\ProgramData\Skype
            2015-11-17 10:34:14 ----D---- C:\Users\Sara\AppData\Roaming\uTorrent
            2015-11-16 12:46:06 ----D---- C:\ProgramData\Panda Security
            2015-11-16 12:46:06 ----D---- C:\Program Files\Panda Security
            2015-11-16 12:45:27 ----D---- C:\Users\Sara\AppData\Roaming\Panda Security
            2015-11-15 21:53:02 ----SHD---- C:\System Volume Information
            2015-11-15 12:50:51 ----D---- C:\Users\Sara\AppData\Roaming\Logs
            2015-11-12 03:55:53 ----D---- C:\Windows\system32\migration
            2015-11-11 11:38:35 ----D---- C:\Windows\system32\NDF
            2015-10-26 19:42:49 ----D---- C:\Windows\LiveKernelReports
            2015-10-25 09:44:16 ----D---- C:\Windows\Minidump
            2015-10-23 18:16:45 ----D---- C:\Program Files\Malwarebytes Anti-Malware
            2015-10-21 19:27:16 ----D---- C:\Program Files\SRWare Iron
            2015-10-20 20:29:28 ----D---- C:\Users\Sara\AppData\Roaming\TeamViewer
            2015-10-17 14:18:27 ----D---- C:\Program Files\FileZilla FTP Client
            2015-10-15 23:11:40 ----SD---- C:\Windows\system32\CompatTel
            2015-10-15 23:11:39 ----D---- C:\Windows\system32\appraiser
            2015-10-15 09:49:12 ----RD---- C:\Program Files\Skype
            2015-10-15 07:14:57 ----D---- C:\Windows\system32\CodeIntegrity

            ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

            R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
            R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
            R1 epp;epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [2015-10-23 102128]
            R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\system32\drivers\HWiNFO32.SYS [2015-10-24 23840]
            R1 NNSALPC;NNSAlpc; C:\Windows\system32\DRIVERS\NNSAlpc.sys [2015-07-09 87032]
            R1 NNSHTTP;NNSHttp; C:\Windows\system32\DRIVERS\NNSHttp.sys [2015-07-09 202104]
            R1 NNSHTTPS;NNSHttps; C:\Windows\system32\DRIVERS\NNSHttps.sys [2015-07-09 109688]
            R1 NNSIDS;NNSids; C:\Windows\system32\DRIVERS\NNSIds.sys [2015-07-09 121720]
            R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [2015-05-20 50992]
            R1 NNSPICC;NNSPicc; C:\Windows\system32\DRIVERS\NNSPicc.sys [2015-07-09 102264]
            R1 NNSPIHSW;NNSPihsw; C:\Windows\system32\DRIVERS\NNSPihsw.sys [2015-08-31 65272]
            R1 NNSPOP3;NNSPop3; C:\Windows\system32\DRIVERS\NNSPop3.sys [2015-07-09 120568]
            R1 NNSPROT;NNSProt; C:\Windows\system32\DRIVERS\NNSProt.sys [2015-07-09 281720]
            R1 NNSPRV;NNSPrv; C:\Windows\system32\DRIVERS\NNSPrv.sys [2015-07-09 209016]
            R1 NNSSMTP;NNSSmtp; C:\Windows\system32\DRIVERS\NNSSmtp.sys [2015-07-09 108408]
            R1 NNSSTRM;NNSStrm; C:\Windows\system32\DRIVERS\NNSStrm.sys [2015-07-09 240376]
            R1 NNSTLSC;NNSTlsc; C:\Windows\system32\DRIVERS\NNSTlsc.sys [2015-07-09 94968]
            R1 PSINKNC;PSINKnc; C:\Windows\system32\DRIVERS\psinknc.sys [2015-07-19 168696]
            R2 irda;IrDA-protocol; C:\Windows\system32\DRIVERS\irda.sys [2009-07-14 96768]
            R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
            R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
            R2 PSINAflt;PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [2015-07-19 140024]
            R2 PSINFile;PSINFile; C:\Windows\system32\DRIVERS\PSINFile.sys [2015-07-19 105208]
            R2 PSINProc;PSINProc; C:\Windows\system32\DRIVERS\PSINProc.sys [2015-07-19 113912]
            R2 PSINProt;PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [2015-07-19 124664]
            R2 PSINReg;PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [2015-07-19 100600]
            R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832]
            R3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2006-11-02 20992]
            R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-10-05 23256]
            R3 NVENETFD;NVIDIA nForce-netwerkcontroller; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
            R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-12-09 18552]
            R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2015-08-11 44840]
            R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
            R3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [2015-05-22 50832]
            R3 tap-tb-0901;TunnelBear Adapter V9; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [2015-08-10 33280]
            S1 epp32;epp32; \??\C:\EEK\bin\epp32.sys [2016-01-08 112408]
            S1 ierhpkrd;ierhpkrd; \??\C:\Windows\system32\drivers\ierhpkrd.sys
            S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
            S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
            S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
            S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
            S3 catchme;catchme; \??\C:\Users\Sara\AppData\Local\Temp\catchme.sys
            S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-10-05 51928]
            S3 MFE_RR;MFE_RR; \??\C:\Users\Sara\AppData\Local\Temp\mfe_rr.sys
            S3 panda_url_filteringd;panda_url_filteringd driver; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [2014-02-18 40024]
            S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
            S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2009-09-21 98560]
            S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2009-09-21 14848]
            S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2009-09-21 123776]
            S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
            S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
            S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
            S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
            S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

            ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

            R2 a2AntiMalware;Emsisoft Protection Service; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [2015-11-10 7101240]
            R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
            R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
            R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-12-09 922744]
            R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
            R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
            R2 NanoServiceMain;Panda Protection Service; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [2015-10-18 142072]
            R2 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-12-09 1872504]
            R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-12-09 5119096]
            R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-31 634656]
            R2 PandaAgent;Panda Devices Agent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [2015-10-28 73464]
            R2 PSUAService;Panda Product Service; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [2015-10-22 38136]
            R2 TeamViewer;TeamViewer 10; C:\Program Files\TeamViewer\TeamViewer_Service.exe [2014-11-28 5419792]
            R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-12-09 6443128]
            S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
            S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-25 107848]
            S2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
            S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
            S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
            S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-07 269504]
            S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-25 107848]
            S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-11-10 102912]
            S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-12-25 147624]
            S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
            S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2013-03-01 118520]
            S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-02-10 1343400]
            S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
            S4 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
            S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
            S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
            S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

            -----------------EOF----------------

            Comment


            • #7
              • Download AdwCleaner by Xplode naar je bureaublad.

                Sluit alle openstaande programma's.
                Rechtsklik op AdwCleaner en klik op 'Als administrator uitvoeren...'.

                Klik op Scannen.
                Na het scannen, klik op Verwijderen.
                In het venster '- AdwCleaner – Programma's sluiten -' klik op OK.

                Tijdens de opruim-actie zullen de snelkoppelingen verdwijnen, dit is normaal.
                Na het verwijderen verschijnen 2 meldingen:
                In het venster '- AdwCleaner – Informatie -' klik op OK.
                In het venster '- AdwCleaner – Herstart benodigd -' klik op OK.

                Nadat de computer herstart is, opent een logbestand.
                Sluit het logbestand.
                Post het bestand C:\AdwCleaner\AdwCleaner[C1].txt als bijlage in je volgend bericht.

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                # AdwCleaner v5.028 - Logbestand aangemaakt 11/01/2016 op 10:23:45
                # Laatste update 04/01/2016 door Xplode
                # Database : 2016-01-04.2 [Server]
                # Besturingssysteem : Windows 7 Starter Service Pack 1 (x86)
                # Gebruikersnaam : Sara - ANONYMOUS-PC
                # Gestart vanuit : C:\Users\Sara\Downloads\adwcleaner_5.028.exe
                # Optie : Verwijderen
                # Ondersteuning : http://toolslib.net/forum

                ***** [ Services ] *****


                ***** [ Mappen ] *****


                ***** [ Bestanden ] *****


                ***** [ DLLs ] *****


                ***** [ Snelkoppelingen ] *****


                ***** [ geplande taken ] *****


                ***** [ Register ] *****

                [-] Sleutel Verwijderd : HKCU\Software\undefined
                [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe

                ***** [ Internetbrowsers ] *****


                *************************

                :: "Tracing" sleutels verwijderd
                :: Winsock instellingen gereset

                ########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [904 bytes] ##########

                Comment


                • #9
                  Ik heb geprobeerd malwarebytes antimalware te heinstalleren maar het programma start nog steeds niet hoe kan dit?

                  Comment


                  • #10
                    Is dit een gekochte versie ?

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      het betreft een gratis versie

                      Comment


                      • #12
                        Wellicht is dan je tijdelijke licentie verlopen.
                        Voor een relatief klein bedrag kan je het aanschaffen en dan heb je ook wat goeds.

                        Windows 10 opstarten in Veilige Modus

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X