Mededeling

Collapse
No announcement yet.

Emsi Emergency kit vind Trojan

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Emsi Emergency kit vind Trojan

    Emergency Kit vond trojan in map gebruikers AppData roaming thunderbird heeft deze verwijdert is Pc nu veilig

  • #2
    Dat kan ik zo niet zien natuurlijk?

    Download RSIT van de onderstaande locaties en sla deze op het bureablad op.
    Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

    RSIT Downloaden
    RSIT Uitvoeren
    • Dubbelklik op RSIT.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
    • Als u RSIT de eerste keer uitvoert zal HijackThis gedownload worden als deze niet aanwezig is, sta dit vervolgens toe.
    • Wanneer de tool gereed is worden er twee kladblok bestanden geopend genaamd "Log.txt" en "Info.txt" geopend.

    RSIT Logbestanden plaatsen
    • Voeg het logbestand met de naam "Log.txt" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in de map ""C:\rsit")
    • Het logbestand met de naam "Info.txt" wat geminimaliseerd is hoeft u niet te plaatsen. (Dit logbestand wordt enkel de eerst keer bij het uitvoeren aangemaakt).

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Hallo Juisterr, alvast bedankt dat je me wil helpen. Was een Trojan Hoog risico dus voor de veiligheid maar even laten checken je weet het maar nooit? Herbij het logje van Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 0:52:45, on 5-9-2014
      Platform: Windows 7 SP1 (WinNT 6.00.3505)
      MSIE: Internet Explorer v11.0 (11.00.9600.17239)
      Boot mode: Normal

      Running processes:
      C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
      C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
      C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
      C:\Program Files\trend micro\Douven.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.startpage.com/ned/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      F2 - REG:system.ini: UserInit=userinit.exe,
      O1 - Hosts: ::1 localhost
      O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
      O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
      O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
      O4 - HKLM\..\Run: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
      O4 - HKLM\..\Run: [EMET 4.1 Update 1 Agent] "C:\Program Files (x86)\EMET 4.1\EMET_agent.exe"
      O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
      O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-21-2434453452-862557355-310033356-1001\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (User 'Doefke')
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
      O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE3AEA~1.DLL
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: HitmanPro.Alert Service (hmpalertsvc) - SurfRight B.V. - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
      O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
      O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: Panda Free Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
      O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
      O23 - Service: panda_url_filtering Anti-Phishing Service (panda_url_filteringService) - Visicom Media Inc. - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
      O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
      O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
      O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
      O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
      O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

      --
      End of file - 7590 bytes

      ======Listing Processes======
      RSIT

      Comment


      • #4
        Ik zou graag de volledige uitslag willen zien van de RSIT tool aub. Aan de uitslag van een Hijackthis van Trend micro heb ik hoegenaamd niks.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Hallo Juisterr, Dit moet hem volgens zijn

          Logfile of random's system information tool 1.10 (written by random/random)
          Run by Douven at 2014-09-05 10:38:03
          Microsoft Windows 7 Home Premium Service Pack 1
          System drive C: has 82 GB (77%) free of 107 GB
          Total RAM: 2987 MB (65% free)

          Logfile of Trend Micro HijackThis v2.0.4
          Scan saved at 10:38:12, on 5-9-2014
          Platform: Windows 7 SP1 (WinNT 6.00.3505)
          MSIE: Internet Explorer v11.0 (11.00.9600.17239)
          Boot mode: Normal

          Running processes:
          C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
          C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
          C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
          C:\Program Files\trend micro\Douven.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.startpage.com/ned/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          F2 - REG:system.ini: UserInit=userinit.exe,
          O1 - Hosts: ::1 localhost
          O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
          O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
          O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
          O4 - HKLM\..\Run: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
          O4 - HKLM\..\Run: [EMET 4.1 Update 1 Agent] "C:\Program Files (x86)\EMET 4.1\EMET_agent.exe"
          O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
          O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
          O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
          O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
          O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
          O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE3AEA~1.DLL
          O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
          O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
          O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
          O23 - Service: HitmanPro.Alert Service (hmpalertsvc) - SurfRight B.V. - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
          O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
          O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
          O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
          O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
          O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
          O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
          O23 - Service: Panda Free Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
          O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
          O23 - Service: panda_url_filtering Anti-Phishing Service (panda_url_filteringService) - Visicom Media Inc. - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
          O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
          O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
          O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
          O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
          O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
          O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
          O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
          O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
          O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
          O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
          O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
          O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
          O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
          O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
          O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
          O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
          O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
          O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
          O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
          O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

          --
          End of file - 7450 bytes

          ======Listing Processes======



          \SystemRoot\System32\smss.exe
          %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
          wininit.exe
          %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
          winlogon.exe
          C:\Windows\system32\services.exe
          C:\Windows\system32\lsass.exe
          C:\Windows\system32\lsm.exe
          C:\Windows\system32\svchost.exe -k DcomLaunch
          "C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe" /service
          C:\Windows\system32\svchost.exe -k RPCSS
          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
          C:\Windows\system32\svchost.exe -k LocalService
          C:\Windows\system32\svchost.exe -k netsvcs

          C:\Windows\system32\svchost.exe -k GPSvcGroup
          "C:\Program Files\Sandboxie\SbieSvc.exe"
          C:\Windows\system32\svchost.exe -k NetworkService
          C:\Windows\System32\spoolsv.exe
          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
          "C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe"
          "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe" --
          "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe"
          C:\Windows\system32\svchost.exe -k imgsvc
          "C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe"
          C:\Windows\system32\viakaraokesrv.exe
          "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe"
          C:\Windows\system32\wbem\wmiprvse.exe
          "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1688bd67-18ac-47ff-b96f-58496e823430 -SystemEventPortName:HostProcess-76947952-fac9-47c9-b3fc-d02af90c0b1d -IoCancelEventPortName:HostProcess-4e683eed-0750-42ab-8b7f-1c618692a70a -NonStateChangingEventPortName:HostProcess-7a40ce7d-32f5-4e15-8d9d-dcb3c65ff8f8 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:7b8e253a-1f73-4da9-9f66-cf0acdc99533 -DeviceGroupId:WpdFsGroup
          "taskhost.exe"
          "C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe" -start
          "C:\Windows\system32\Dwm.exe"
          C:\Windows\Explorer.EXE
          "C:\Program Files\Eraser\Eraser.exe" --atRestart
          "C:\Program Files\Sandboxie\SbieCtrl.exe"
          "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
          "C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe"
          "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
          "C:\Users\Douven\Desktop\RSITx64.exe"

          ======Scheduled tasks folder======

          C:\Windows\tasks\GlaryInitialize 5.job - C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
          C:\Windows\tasks\Restore Point Creator -- Run with no UAC (Create Custom Restore Point).job - C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe -createrestorepointcustomname
          C:\Windows\tasks\Restore Point Creator -- Run with no UAC (Create Restore Point).job - C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe -createrestorepoint
          C:\Windows\tasks\Restore Point Creator -- Run with no UAC.job - C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe
          C:\Windows\tasks\{1811587C-730D-4FC1-803D-9A60D375396D}.job - C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe {1811587C-730D-4FC1-803D-9A60D375396D}

          =========Mozilla firefox=========

          ProfilePath - C:\Users\Douven\AppData\Roaming\Mozilla\Firefox\Profiles\0nnvyn76.default

          prefs.js - "browser.startup.homepage" - "https://www.startpage.com/"

          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
          "Description"=Adobe® Flash® Player 14.0.0.179 Plugin
          "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.21.2]
          "Description"=Java™ Deployment Toolkit
          "Path"=

          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
          "Description"=
          "Path"=disabled

          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
          "Description"=Ag Player Plugin
          "Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll


          [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
          "Description"=Adobe® Flash® Player 14.0.0.179 Plugin
          "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
          "Description"=Ag Player Plugin
          "Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll


          C:\Users\Douven\AppData\Roaming\Mozilla\Firefox\Profiles\0nnvyn76.default\extensions\
          [email protected]
          {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

          ======Registry dump======

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
          WOT Helper - C:\Program Files\WOT\WOT.dll [2013-09-02 1736664]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
          Adblock Plus for IE Browser Helper Object - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12 715016]

          [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
          WOT Helper - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02 1414104]

          [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
          Adblock Plus for IE Browser Helper Object - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12 606472]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
          {71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2013-09-02 1736664]

          [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
          {71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02 1414104]

          [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
          "Eraser"=C:\PROGRA~1\Eraser\Eraser.exe [2012-05-22 980920]

          [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
          "SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2014-08-26 784392]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
          C:\PROGRA~1\Eraser\Eraser.exe [2012-05-22 980920]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]
          C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [2014-09-01 37152]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
          C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2000-01-01 5299320]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
          C:\Windows\system32\hkcmd.exe [2013-11-07 399832]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
          C:\Windows\system32\igfxtray.exe [2013-11-07 171992]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
          C:\Windows\system32\igfxpers.exe [2013-11-07 442328]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhrozenSoft VirusTotal Uploader]


          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
          C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UMonit]
          C:\Windows\SysWOW64\UMonit.exe [2000-01-01 200704]

          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
          C:\Program Files\Windows Defender\MSASCui.exe [2009-07-14 961024]

          [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
          "ZALFree"=C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [2014-08-28 12724456]
          "EMET 4.1 Update 1 Agent"=C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [2014-04-29 81416]
          "PSUAMain"=C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [2014-07-24 37624]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
          "AppInit_DLLs"="C:\PROGRA~2\KEYCRY~1\KE12AD~1.DLL"

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
          C:\Windows\system32\igfxdev.dll [2013-11-07 442880]

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
          "SecurityProviders"=credssp.dll

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp.sys]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NanoServiceMain]

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSUAService]

          [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
          "ConsentPromptBehaviorAdmin"=5
          "ConsentPromptBehaviorUser"=3
          "EnableUIADesktopToggle"=0
          "PromptOnSecureDesktop"=0
          "dontdisplaylastusername"=1
          "legalnoticecaption"=
          "legalnoticetext"=
          "shutdownwithoutlogon"=1
          "undockwithoutlogon"=1
          "FilterAdministratorToken"=1

          [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
          "NoDriveTypeAutoRun"=221

          [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
          "NoActiveDesktop"=1
          "NoActiveDesktopChanges"=1
          "ForceActiveDesktopOn"=0

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
          "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
          "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
          "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
          "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
          "vidc.mrle"=msrle32.dll
          "vidc.msvc"=msvidc32.dll
          "msacm.imaadpcm"=imaadp32.acm
          "msacm.msg711"=msg711.acm
          "msacm.msgsm610"=msgsm32.acm
          "msacm.msadpcm"=msadp32.acm
          "midimapper"=midimap.dll
          "wavemapper"=msacm32.drv
          "vidc.uyvy"=msyuv.dll
          "vidc.yuy2"=msyuv.dll
          "vidc.yvyu"=msyuv.dll
          "vidc.iyuv"=iyuv_32.dll
          "vidc.i420"=iyuv_32.dll
          "vidc.yvu9"=tsbyuv.dll
          "msacm.l3acm"=C:\Windows\System32\l3codeca.acm
          "wave1"=wdmaud.drv
          "midi1"=wdmaud.drv
          "mixer1"=wdmaud.drv
          "aux1"=wdmaud.drv
          "wave"=wdmaud.drv
          "midi"=wdmaud.drv
          "mixer"=wdmaud.drv
          "aux"=wdmaud.drv

          ======File associations======

          .js - edit - C:\Windows\System32\Notepad.exe %1
          .js - open - C:\Windows\System32\WScript.exe "%1" %*

          ======List of files/folders created in the last 1 month======

          2014-09-05 09:22:48 ----A---- C:\Windows\system32\FNTCACHE.DAT
          2014-09-05 00:52:31 ----D---- C:\rsit
          2014-09-05 00:52:31 ----D---- C:\Program Files\trend micro
          2014-09-04 15:08:08 ----A---- C:\Windows\system32\drivers\PSKMAD.sys
          2014-09-03 13:19:13 ----D---- C:\Program Files (x86)\Restore Point Creator
          2014-09-03 13:12:33 ----A---- C:\Windows\SYSWOW64\log.txt
          2014-09-02 17:28:33 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
          2014-09-02 17:27:47 ----D---- C:\ProgramData\Mozilla
          2014-09-02 17:12:17 ----D---- C:\Program Files (x86)\Mozilla Firefox
          2014-09-01 14:22:17 ----A---- C:\Windows\system32\drivers\BootDefragDriver.sys
          2014-09-01 14:22:17 ----A---- C:\Windows\system32\BootDefrag.exe
          2014-09-01 14:15:00 ----A---- C:\Windows\system32\drivers\GUBootStartup.sys
          2014-09-01 14:14:59 ----D---- C:\Users\Douven\AppData\Roaming\GlarySoft
          2014-09-01 14:14:53 ----D---- C:\Program Files (x86)\Glary Utilities 5
          2014-08-28 16:43:34 ----A---- C:\Windows\SYSWOW64\gdi32.dll
          2014-08-28 16:43:34 ----A---- C:\Windows\system32\win32k.sys
          2014-08-28 16:43:34 ----A---- C:\Windows\system32\gdi32.dll
          2014-08-28 00:21:49 ----D---- C:\ProgramData\F-Secure
          2014-08-24 15:04:32 ----A---- C:\Windows\CUAppUsage.Dat
          2014-08-24 15:01:44 ----D---- C:\Program Files (x86)\SumatraPDF
          2014-08-24 14:51:05 ----A---- C:\Windows\SYSWOW64\msvcr71.dll
          2014-08-24 14:51:05 ----A---- C:\Windows\SYSWOW64\mfc71.dll
          2014-08-24 14:51:05 ----A---- C:\Windows\SYSWOW64\gdiplus.dll
          2014-08-22 01:09:10 ----D---- C:\Program Files (x86)\OpenOffice 4
          2014-08-21 16:40:41 ----A---- C:\Windows\system32\wups2.dll
          2014-08-21 16:40:41 ----A---- C:\Windows\system32\wucltux.dll
          2014-08-21 16:40:41 ----A---- C:\Windows\system32\wuaueng.dll
          2014-08-21 16:40:41 ----A---- C:\Windows\system32\wuauclt.exe
          2014-08-21 16:40:29 ----A---- C:\Windows\system32\wups.dll
          2014-08-21 16:40:29 ----A---- C:\Windows\system32\wudriver.dll
          2014-08-21 16:40:28 ----A---- C:\Windows\SYSWOW64\wudriver.dll
          2014-08-21 16:40:28 ----A---- C:\Windows\SYSWOW64\wuapi.dll
          2014-08-21 16:40:28 ----A---- C:\Windows\system32\wuapi.dll
          2014-08-21 16:40:27 ----A---- C:\Windows\SYSWOW64\wups.dll
          2014-08-21 16:40:06 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
          2014-08-21 16:40:06 ----A---- C:\Windows\SYSWOW64\wuapp.exe
          2014-08-21 16:40:06 ----A---- C:\Windows\system32\wuwebv.dll
          2014-08-21 16:40:06 ----A---- C:\Windows\system32\wuapp.exe
          2014-08-16 11:31:40 ----D---- C:\ProgramData\panda_url_filtering
          2014-08-16 11:31:39 ----D---- C:\ProgramData\Panda Security URL Filtering
          2014-08-14 15:03:21 ----D---- C:\Program Files\Reason
          2014-08-13 19:53:34 ----D---- C:\Users\Douven\AppData\Roaming\Adobe
          2014-08-13 16:13:07 ----AD---- C:\ProgramData\TEMP
          2014-08-12 19:24:13 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
          2014-08-12 19:24:13 ----A---- C:\Windows\SYSWOW64\icardagt.exe
          2014-08-12 19:24:13 ----A---- C:\Windows\system32\infocardapi.dll
          2014-08-12 19:24:13 ----A---- C:\Windows\system32\icardagt.exe
          2014-08-12 19:24:11 ----A---- C:\Windows\SYSWOW64\icardres.dll
          2014-08-12 19:24:11 ----A---- C:\Windows\system32\icardres.dll
          2014-08-12 19:24:00 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
          2014-08-12 19:23:59 ----A---- C:\Windows\system32\TsWpfWrp.exe
          2014-08-12 19:22:51 ----A---- C:\Windows\system32\shell32.dll
          2014-08-12 19:22:50 ----A---- C:\Windows\SYSWOW64\shell32.dll
          2014-08-12 19:22:47 ----A---- C:\Windows\SYSWOW64\tzres.dll
          2014-08-12 19:22:47 ----A---- C:\Windows\system32\tzres.dll
          2014-08-12 19:22:42 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
          2014-08-12 19:22:42 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
          2014-08-12 19:22:42 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
          2014-08-12 19:22:42 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
          2014-08-12 19:22:42 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
          2014-08-12 19:22:42 ----A---- C:\Windows\system32\KBDYAK.DLL
          2014-08-12 19:22:42 ----A---- C:\Windows\system32\KBDTAT.DLL
          2014-08-12 19:22:42 ----A---- C:\Windows\system32\KBDRU1.DLL
          2014-08-12 19:22:42 ----A---- C:\Windows\system32\KBDRU.DLL
          2014-08-12 19:22:42 ----A---- C:\Windows\system32\KBDBASH.DLL
          2014-08-12 19:22:40 ----A---- C:\Windows\SYSWOW64\msi.dll
          2014-08-12 19:22:40 ----A---- C:\Windows\SYSWOW64\authui.dll
          2014-08-12 19:22:40 ----A---- C:\Windows\system32\msi.dll
          2014-08-12 19:22:40 ----A---- C:\Windows\system32\authui.dll
          2014-08-12 19:22:39 ----A---- C:\Windows\SYSWOW64\msihnd.dll
          2014-08-12 19:22:39 ----A---- C:\Windows\system32\msihnd.dll
          2014-08-12 19:22:39 ----A---- C:\Windows\system32\consent.exe
          2014-08-12 19:22:27 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
          2014-08-12 19:22:22 ----A---- C:\Windows\SYSWOW64\urlmon.dll
          2014-08-12 19:22:22 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
          2014-08-12 19:22:22 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
          2014-08-12 19:22:22 ----A---- C:\Windows\SYSWOW64\iernonce.dll
          2014-08-12 19:22:22 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
          2014-08-12 19:22:21 ----A---- C:\Windows\SYSWOW64\mshtml.dll
          2014-08-12 19:22:21 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
          2014-08-12 19:22:21 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
          2014-08-12 19:22:21 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
          2014-08-12 19:22:21 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
          2014-08-12 19:22:21 ----A---- C:\Windows\system32\ieetwproxystub.dll
          2014-08-12 19:22:20 ----A---- C:\Windows\SYSWOW64\iesetup.dll
          2014-08-12 19:22:20 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
          2014-08-12 19:22:20 ----A---- C:\Windows\system32\iernonce.dll
          2014-08-12 19:22:20 ----A---- C:\Windows\system32\ie4uinit.exe
          2014-08-12 19:22:19 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
          2014-08-12 19:22:19 ----A---- C:\Windows\SYSWOW64\iertutil.dll
          2014-08-12 19:22:19 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
          2014-08-12 19:22:19 ----A---- C:\Windows\system32\urlmon.dll
          2014-08-12 19:22:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
          2014-08-12 19:22:19 ----A---- C:\Windows\system32\ieetwcollector.exe
          2014-08-12 19:22:19 ----A---- C:\Windows\system32\dxtmsft.dll
          2014-08-12 19:22:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
          2014-08-12 19:22:18 ----A---- C:\Windows\SYSWOW64\ieframe.dll
          2014-08-12 19:22:18 ----A---- C:\Windows\system32\msfeeds.dll
          2014-08-12 19:22:18 ----A---- C:\Windows\system32\iesetup.dll
          2014-08-12 19:22:18 ----A---- C:\Windows\system32\iedkcs32.dll
          2014-08-12 19:22:17 ----A---- C:\Windows\system32\iertutil.dll
          2014-08-12 19:22:16 ----A---- C:\Windows\SYSWOW64\wininet.dll
          2014-08-12 19:22:16 ----A---- C:\Windows\SYSWOW64\vbscript.dll
          2014-08-12 19:22:16 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
          2014-08-12 19:22:16 ----A---- C:\Windows\SYSWOW64\jscript9.dll
          2014-08-12 19:22:16 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
          2014-08-12 19:22:16 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
          2014-08-12 19:22:16 ----A---- C:\Windows\system32\jsproxy.dll
          2014-08-12 19:22:15 ----A---- C:\Windows\SYSWOW64\msrating.dll
          2014-08-12 19:22:15 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
          2014-08-12 19:22:14 ----A---- C:\Windows\system32\ieui.dll
          2014-08-12 19:22:14 ----A---- C:\Windows\system32\ieframe.dll
          2014-08-12 19:22:14 ----A---- C:\Windows\system32\dxtrans.dll
          2014-08-12 19:22:13 ----A---- C:\Windows\system32\vbscript.dll
          2014-08-12 19:22:13 ----A---- C:\Windows\system32\mshtmlmedia.dll
          2014-08-12 19:22:13 ----A---- C:\Windows\system32\mshtmled.dll
          2014-08-12 19:22:13 ----A---- C:\Windows\system32\jscript9diag.dll
          2014-08-12 19:22:13 ----A---- C:\Windows\system32\jscript9.dll
          2014-08-12 19:22:13 ----A---- C:\Windows\system32\ieUnatt.exe
          2014-08-12 19:22:13 ----A---- C:\Windows\system32\ieapfltr.dll
          2014-08-12 19:22:12 ----A---- C:\Windows\system32\wininet.dll
          2014-08-12 19:22:12 ----A---- C:\Windows\system32\msrating.dll
          2014-08-12 19:22:12 ----A---- C:\Windows\system32\MshtmlDac.dll
          2014-08-12 19:22:11 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
          2014-08-12 19:22:11 ----A---- C:\Windows\system32\mshtml.dll
          2014-08-12 19:21:58 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
          2014-08-12 19:21:58 ----A---- C:\Windows\system32\rpcrt4.dll
          2014-08-12 19:21:04 ----A---- C:\Windows\system32\aepdu.dll
          2014-08-12 19:21:04 ----A---- C:\Windows\system32\aeinv.dll
          2014-08-11 17:45:00 ----D---- C:\Program Files (x86)\EMET 4.1

          ======List of files/folders modified in the last 1 month======

          2014-09-05 10:37:12 ----D---- C:\Windows\system32\drivers
          2014-09-05 10:36:00 ----D---- C:\Windows\system32\config
          2014-09-05 10:23:05 ----D---- C:\Windows\temp
          2014-09-05 09:26:59 ----D---- C:\Windows\System32
          2014-09-05 09:26:59 ----D---- C:\Windows\inf
          2014-09-05 09:26:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
          2014-09-05 09:22:55 ----D---- C:\Windows\system32\catroot2
          2014-09-05 09:22:52 ----D---- C:\Windows
          2014-09-05 01:52:28 ----D---- C:\Program Files (x86)\System Ninja
          2014-09-05 01:49:41 ----D---- C:\Users\Douven\AppData\Roaming\Thunderbird
          2014-09-05 00:52:31 ----RD---- C:\Program Files
          2014-09-04 13:12:23 ----D---- C:\Windows\CryptoGuard
          2014-09-04 08:13:02 ----D---- C:\Windows\Prefetch
          2014-09-04 00:35:08 ----D---- C:\Users\Douven\AppData\Roaming\Wise Disk Cleaner
          2014-09-04 00:26:02 ----D---- C:\ProgramData
          2014-09-03 13:22:39 ----D---- C:\Users\Douven\AppData\Roaming\Geek Uninstaller
          2014-09-03 13:20:39 ----SHD---- C:\System Volume Information
          2014-09-03 13:19:13 ----RD---- C:\Program Files (x86)
          2014-09-03 13:12:33 ----D---- C:\Windows\SysWOW64
          2014-09-03 13:10:23 ----D---- C:\Windows\debug
          2014-09-03 13:00:02 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
          2014-09-03 12:38:06 ----D---- C:\Windows\Tasks
          2014-09-01 23:25:57 ----D---- C:\Users\Douven\AppData\Roaming\DiskDefrag
          2014-09-01 14:15:05 ----D---- C:\Windows\system32\Tasks
          2014-08-30 13:19:00 ----D---- C:\Windows\winsxs
          2014-08-30 10:37:07 ----D---- C:\Windows\system32\catroot
          2014-08-29 15:57:50 ----D---- C:\Program Files (x86)\KeyCryptSDK
          2014-08-29 15:57:49 ----D---- C:\Program Files (x86)\Zemana AntiLogger Free
          2014-08-26 21:14:07 ----D---- C:\Program Files\CCleaner
          2014-08-24 15:02:49 ----SHD---- C:\Windows\Installer
          2014-08-23 11:42:13 ----D---- C:\Program Files (x86)\SpywareBlaster
          2014-08-22 10:55:29 ----D---- C:\Windows\rescache
          2014-08-22 09:45:25 ----D---- C:\Windows\SYSWOW64\nl-NL
          2014-08-22 09:45:25 ----D---- C:\Windows\system32\nl-NL
          2014-08-22 01:09:34 ----RSD---- C:\Windows\assembly
          2014-08-22 01:09:20 ----RSD---- C:\Windows\Fonts
          2014-08-21 01:00:21 ----D---- C:\Windows\system32\drivers\etc
          2014-08-20 10:44:27 ----D---- C:\Users\Douven\AppData\Roaming\SumatraPDF
          2014-08-17 15:24:06 ----D---- C:\Windows\Microsoft.NET
          2014-08-16 14:47:15 ----A---- C:\Windows\Sandboxie.ini
          2014-08-16 11:39:29 ----D---- C:\ProgramData\IObit
          2014-08-16 11:32:05 ----D---- C:\Windows\system32\DriverStore
          2014-08-16 11:31:07 ----D---- C:\Program Files (x86)\Panda Security
          2014-08-16 11:30:56 ----D---- C:\Users\Douven\AppData\Roaming\Panda Security
          2014-08-16 11:30:39 ----D---- C:\ProgramData\Panda Security
          2014-08-13 23:30:25 ----D---- C:\Program Files\Adblock Plus for IE
          2014-08-13 16:40:00 ----D---- C:\Users\Douven\AppData\Roaming\Mozilla
          2014-08-13 16:29:37 ----SD---- C:\Users\Douven\AppData\Roaming\Microsoft
          2014-08-12 19:52:57 ----D---- C:\Program Files\Internet Explorer
          2014-08-12 19:52:55 ----D---- C:\Windows\SYSWOW64\en-US
          2014-08-12 19:52:52 ----D---- C:\Windows\system32\en-US
          2014-08-12 19:52:52 ----D---- C:\Windows\PolicyDefinitions
          2014-08-12 19:52:49 ----D---- C:\Program Files (x86)\Internet Explorer
          2014-08-12 19:29:56 ----D---- C:\Windows\system32\MRT
          2014-08-12 19:28:38 ----A---- C:\Windows\system32\MRT.exe
          2014-08-12 19:23:27 ----SD---- C:\Windows\system32\CompatTel
          2014-08-12 17:05:22 ----D---- C:\Windows\SoftwareDistribution
          2014-08-12 17:00:43 ----D---- C:\ProgramData\Spybot - Search & Destroy
          2014-08-12 17:00:39 ----D---- C:\Windows\SYSWOW64\config
          2014-08-12 16:57:55 ----D---- C:\Users\Douven\AppData\Roaming\Epson
          2014-08-12 16:57:52 ----SD---- C:\ProgramData\Microsoft
          2014-08-12 16:57:52 ----D---- C:\ProgramData\EPSON
          2014-08-12 16:57:52 ----D---- C:\Program Files\Windows Media Player
          2014-08-12 16:57:52 ----D---- C:\Program Files (x86)\Windows Media Player
          2014-08-12 16:57:52 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
          2014-08-12 13:43:20 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
          2014-08-11 17:45:01 ----D---- C:\Windows\AppPatch
          2014-08-06 10:12:11 ----D---- C:\Program Files (x86)\IObit
          2014-08-06 10:11:28 ----D---- C:\ProgramData\ProductData

          ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

          R0 BootDefragDriver;BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [2014-09-01 17600]
          R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
          R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
          R1 GUBootStartup;GUBootStartup; \??\C:\Windows\System32\drivers\GUBootStartup.sys [2014-09-01 20672]
          R1 NNSALPC;NNSAlpc; C:\Windows\system32\DRIVERS\NNSAlpc.sys [2014-06-04 96800]
          R1 NNSHTTP;NNSHttp; C:\Windows\system32\DRIVERS\NNSHttp.sys [2014-06-18 162336]
          R1 NNSHTTPS;NNSHttps; C:\Windows\system32\DRIVERS\NNSHttps.sys [2014-06-04 112160]
          R1 NNSIDS;NNSids; C:\Windows\system32\DRIVERS\NNSIds.sys [2014-06-04 115232]
          R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [2014-01-16 46336]
          R1 NNSPICC;NNSPicc; C:\Windows\system32\DRIVERS\NNSPicc.sys [2014-06-04 95776]
          R1 NNSPIHSW;NNSPihsw; C:\Windows\system32\DRIVERS\NNSPihsw.sys [2014-06-04 70176]
          R1 NNSPOP3;NNSPop3; C:\Windows\system32\DRIVERS\NNSPop3.sys [2014-06-04 125984]
          R1 NNSPROT;NNSProt; C:\Windows\system32\DRIVERS\NNSProt.sys [2014-06-04 306720]
          R1 NNSPRV;NNSPrv; C:\Windows\system32\DRIVERS\NNSPrv.sys [2014-06-04 169504]
          R1 NNSSMTP;NNSSmtp; C:\Windows\system32\DRIVERS\NNSSmtp.sys [2014-06-04 115744]
          R1 NNSSTRM;NNSStrm; C:\Windows\system32\DRIVERS\NNSStrm.sys [2014-06-04 261152]
          R1 NNSTLSC;NNSTlsc; C:\Windows\system32\DRIVERS\NNSTlsc.sys [2014-06-04 109088]
          R1 PSINKNC;PSINKnc; C:\Windows\system32\DRIVERS\psinknc.sys [2014-07-24 195616]
          R2 hmpalert;HitmanPro.Alert Support Driver; C:\Windows\System32\drivers\hmpalert.sys [2014-08-03 93144]
          R2 PSINAflt;PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [2014-07-24 160800]
          R2 PSINFile;PSINFile; C:\Windows\system32\DRIVERS\PSINFile.sys [2014-07-24 120352]
          R2 PSINProc;PSINProc; C:\Windows\system32\DRIVERS\PSINProc.sys [2014-07-24 122400]
          R2 PSINProt;PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [2014-07-24 132128]
          R2 PSINReg;PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [2014-07-24 106016]
          R3 GeneStor;Genesys Logic Storage Driver; C:\Windows\system32\DRIVERS\GeneStor.sys [2014-01-07 58368]
          R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-11-07 5363200]
          R3 keycrypt;keycrypt; C:\Windows\system32\DRIVERS\KeyCrypt64.sys [2014-08-28 25568]
          R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
          R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-01-07 99800]
          R3 panda_url_filteringd;panda_url_filteringd driver; \??\C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [2014-03-19 51288]
          R3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [2014-03-25 60400]
          R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2014-08-26 185352]
          R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2000-01-01 2206864]
          S0 amdkmafd;AMD Audio Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmafd.sys [2013-08-04 21600]
          S3 cleanhlp;cleanhlp; \??\G:\emsi\bin\cleanhlp64.sys
          S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2013-11-06 21712]
          S3 FIXUSTOR;FIXUSTOR; C:\Windows\system32\DRIVERS\fixustor.sys [2000-01-01 13696]
          S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-03-12 342528]
          S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf_amd64.sys [2013-12-06 18456]
          S3 PSVolAcc;PSVolAcc; C:\Windows\system32\drivers\PSVolAcc.sys
          S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
          S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
          S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
          S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
          S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
          S4 IObitUnlocker;IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2014-03-04 36944]

          ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

          R2 hmpalertsvc;HitmanPro.Alert Service; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-04-09 1876816]
          R2 NanoServiceMain;Panda Free Antivirus Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2014-07-24 141560]
          R2 panda_url_filteringService;panda_url_filtering Anti-Phishing Service; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [2014-05-05 244792]
          R2 PandaAgent;Panda Devices Agent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-07-23 61688]
          R2 PSUAService;Panda Product Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2014-07-24 38136]
          R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2014-08-26 174600]
          R2 Unchecky;Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [2014-07-30 107624]
          R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2012-10-22 27768]
          S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
          S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
          S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
          S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
          S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
          S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-11-07 279000]
          S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
          S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-07-25 111616]
          S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-02 114288]
          S3 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
          S3 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
          S3 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
          S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-23 1255736]
          S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
          S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
          S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

          -----------------EOF-----------------

          Comment


          • #6
            Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
            Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
            (hier en hier) kan je lezen hoe je dat doet.

            Download Zoek.exe naar het bureaublad.
            • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
            • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken" als je zip- of rar-download hebt gebruikt.
            • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
            • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
            • Kopieer nu onderstaande code en plak die in het grote invulvenster:
            • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkwaardig probleem.
              Code:
              emptyclsid;
              {C920E44A-7F78-4E64-BDD7-A57026E7FEB7};c
              emptyfolderscheck;
              firefoxlook; 
              Chromelook; 
              CHRdefaults;
              autoclean; 
              iedefaults; 
              filesrcm;  
              startupall;
            • Klik nu op de knop "Run script".
            • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
            • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
            • Post het geopende logje in het volgende bericht als bijlage[/url].

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Hoi Juisterr, het Logje zoals gewenst

              Zoek.exe v5.0.0.0 Updated 05-September-2014
              Tool run by Douven on vr 05-09-2014 at 14:12:38,50.
              Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
              Running in: Normal Mode Internet Access Detected
              Launched: C:\Users\Douven\Desktop\zoek.exe [Scan all users] [Script inserted]

              ===== Runcheck 14:13:56,48 =====

              --- Create Environment Variables 14:13:58,32
              --- Create System Restore Point 14:14:05,95
              --- Checking Input 14:14:15,26
              --- Reset Hosts File 14:14:23,53
              --- AU AppData Check 14:14:24,37
              --- Remove From Windows Installer 14:14:29,12
              --- Empty Folders Check 14:16:14,65
              --- IE Startpage Check 14:16:30,47
              --- Program Files DB Check 14:17:10,01
              --- C:\Users\Default\AppData\Roaming DB Check 14:18:08,38

              Comment


              • #8
                Zoek.exe v5.0.0.0 Updated 05-September-2014
                Tool run by Douven on vr 05-09-2014 at 14:12:38,50.
                Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
                Running in: Normal Mode Internet Access Detected
                Launched: C:\Users\Douven\Desktop\zoek.exe [Scan all users] [Script inserted]

                ===== Runcheck 14:13:56,48 =====

                --- Create Environment Variables 14:13:58,32
                --- Create System Restore Point 14:14:05,95
                --- Checking Input 14:14:15,26
                --- Reset Hosts File 14:14:23,53
                --- AU AppData Check 14:14:24,37
                --- Remove From Windows Installer 14:14:29,12
                --- Empty Folders Check 14:16:14,65
                --- IE Startpage Check 14:16:30,47
                --- Program Files DB Check 14:17:10,01
                --- C:\Users\Default\AppData\Roaming DB Check 14:18:08,38
                --- C:\Users\Default User\AppData\Roaming DB Check 14:18:08,38
                --- C:\Users\Doefke\AppData\Roaming DB Check 14:18:08,38
                --- C:\Users\Douven\AppData\Roaming DB Check 14:18:08,38
                --- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 14:18:08,38
                --- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 14:18:08,38
                --- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 14:18:08,38
                --- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 14:18:08,38
                --- C:\Users\Douven DB Check 14:21:19,16
                --- C:\PROGRA~3 DB Check 14:21:41,35
                --- C:\Users\Default\AppData\Local DB Check 14:21:43,42
                --- C:\Users\Default User\AppData\Local DB Check 14:21:43,42
                --- C:\Users\Doefke\AppData\Local DB Check 14:21:43,42
                --- C:\Users\Douven\AppData\Local DB Check 14:21:43,42
                --- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 14:21:43,42
                --- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 14:21:43,42
                --- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 14:21:43,42
                --- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 14:21:43,42
                --- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 14:23:54,54
                --- C:\Users\Douven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 14:24:06,49
                --- Tasks DB Check 14:24:13,29
                --- Downloads DB Check 14:24:18,08
                --- C:\Users\Doefke\AppData\LocalLow DB Check 14:24:24,46
                --- C:\Users\Douven\AppData\LocalLow DB Check 14:24:24,46
                --- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 14:24:24,46

                Comment


                • #9
                  Wil je aub het total logje plaatsen. !

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Volgens mij deze was even zoeken op de PC.
                    Zoek.exe v5.0.0.0 Updated 05-September-2014
                    Tool run by Douven on vr 05-09-2014 at 14:12:38,50.
                    Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
                    Running in: Normal Mode Internet Access Detected
                    Launched: C:\Users\Douven\Desktop\zoek.exe [Scan all users] [Script inserted]

                    ===== Runcheck 14:13:56,48 =====

                    --- Create Environment Variables 14:13:58,32
                    --- Create System Restore Point 14:14:05,95
                    --- Checking Input 14:14:15,26
                    --- Reset Hosts File 14:14:23,53
                    --- AU AppData Check 14:14:24,37
                    --- Remove From Windows Installer 14:14:29,12
                    --- Empty Folders Check 14:16:14,65
                    --- IE Startpage Check 14:16:30,47
                    --- Program Files DB Check 14:17:10,01
                    --- C:\Users\Default\AppData\Roaming DB Check 14:18:08,38
                    --- C:\Users\Default User\AppData\Roaming DB Check 14:18:08,38
                    --- C:\Users\Doefke\AppData\Roaming DB Check 14:18:08,38
                    --- C:\Users\Douven\AppData\Roaming DB Check 14:18:08,38
                    --- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 14:18:08,38
                    --- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 14:18:08,38
                    --- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 14:18:08,38
                    --- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 14:18:08,38
                    --- C:\Users\Douven DB Check 14:21:19,16
                    --- C:\PROGRA~3 DB Check 14:21:41,35
                    --- C:\Users\Default\AppData\Local DB Check 14:21:43,42
                    --- C:\Users\Default User\AppData\Local DB Check 14:21:43,42
                    --- C:\Users\Doefke\AppData\Local DB Check 14:21:43,42
                    --- C:\Users\Douven\AppData\Local DB Check 14:21:43,42
                    --- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 14:21:43,42
                    --- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 14:21:43,42
                    --- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 14:21:43,42
                    --- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 14:21:43,42
                    --- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 14:23:54,54
                    --- C:\Users\Douven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 14:24:06,49
                    --- Tasks DB Check 14:24:13,29
                    --- Downloads DB Check 14:24:18,08
                    --- C:\Users\Doefke\AppData\LocalLow DB Check 14:24:24,46
                    --- C:\Users\Douven\AppData\LocalLow DB Check 14:24:24,46
                    --- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 14:24:24,46
                    --- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 14:24:24,46
                    --- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 14:24:24,46
                    --- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 14:24:24,46
                    --- Tasks2 DB Check 14:26:02,03
                    --- Documents DB Check 14:26:37,18
                    --- C:\Users\Doefke\AppData\Roaming\Mozilla\Firefox\Profiles\akkz5069.default DB Check 14:26:47,33
                    --- C:\Users\Doefke\AppData\Roaming\Thunderbird\Profiles\vpv90hm6.default DB Check 14:26:47,33
                    --- C:\Users\Douven\AppData\Roaming\Mozilla\Firefox\Profiles\0nnvyn76.default DB Check 14:26:47,33
                    --- C:\Users\Douven\AppData\Roaming\Thunderbird\Profiles\u7buvx36.default DB Check 14:26:47,33
                    --- C:\Users\Doefke\AppData\Roaming\Thunderbird\Profiles\r4bj19t7.default DB Check 14:26:47,33
                    --- C:\Users\Douven\AppData\Roaming\Thunderbird\Profiles\xc1vwsdr.default DB Check 14:26:47,33
                    --- C:\Users\Public\Desktop DB Check 14:27:10,84
                    --- C:\Users\Douven\Desktop DB Check 14:27:15,86
                    --- Services DB Check 14:27:29,73
                    --- FF prefs.js DB Check 14:28:32,50

                    Comment


                    • #11
                      Je hebt deze code niet gebruikt in het invulveld zeker ?
                      Code:
                      emptyclsid;
                      {C920E44A-7F78-4E64-BDD7-A57026E7FEB7};c
                      emptyfolderscheck;
                      firefoxlook; 
                      Chromelook; 
                      CHRdefaults;
                      autoclean; 
                      iedefaults; 
                      filesrcm;  
                      startupall;
                      vul de code in aub en klik dan op run.

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        Hoi Juisterr, heeft even geduurd totdat Zoek exe klaar was, nog Malware gevonden? hopelijk niet iets ernstigs.
                        Zoek.exe v5.0.0.0 Updated 05-September-2014
                        Tool run by Douven on vr 05-09-2014 at 15:47:53,17.
                        Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
                        Running in: Normal Mode Internet Access Detected
                        Launched: C:\Users\Douven\Desktop\zoek.exe [Scan all users] [Script inserted]

                        ==== System Restore Info ======================

                        5-9-2014 15:49:26 Zoek.exe System Restore Point Created Succesfully.

                        ==== Reset Hosts File ======================

                        # Copyright (c) 1993-2006 Microsoft Corp.
                        #
                        # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
                        #
                        # This file contains the mappings of IP addresses to host names. Each
                        # entry should be kept on an individual line. The IP address should
                        # be placed in the first column followed by the corresponding host name.
                        # The IP address and the host name should be separated by at least one
                        # space.
                        #
                        # Additionally, comments (such as these) may be inserted on individual
                        # lines or following the machine name denoted by a '#' symbol.
                        #
                        # For example:
                        #
                        # 102.54.94.97 rhino.acme.com # source server
                        # 38.25.63.10 x.acme.com # x client host

                        # localhost name resolution is handle within DNS itself.
                        127.0.0.1 localhost
                        ::1 localhost

                        ==== Empty Folders Check ======================

                        C:\Program Files\HitmanPro
                        C:\PROGRA~3\Mozilla
                        C:\Users\Doefke\AppData\Roaming\GlarySoft
                        C:\Users\Doefke\AppData\Local\AntiLogger Free
                        C:\Users\Douven\AppData\Local\AntiLogger Free
                        C:\Users\Douven\AppData\Local\VirtualStore

                        ==== Deleting CLSID Registry Keys ======================

                        HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully
                        HKEY_USERS\S-1-5-21-2434453452-862557355-310033356-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully
                        HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully
                        HKEY_USERS\S-1-5-21-2434453452-862557355-310033356-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully
                        HKEY_USERS\S-1-5-21-2434453452-862557355-310033356-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
                        HKEY_CLASSES_ROOT\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully
                        HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully
                        HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully
                        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully
                        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully
                        HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully

                        ==== Deleting CLSID Registry Values ======================

                        HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully

                        ==== Deleting Services ======================


                        ==== FireFox Fix ======================

                        ProfilePath: C:\Users\Doefke\AppData\Roaming\Mozilla\Firefox\Profiles\akkz5069.default

                        user.js not found
                        ---- Lines isearch removed from prefs.js ----
                        user_pref("weboftrust.search.avg.url", "^http(s)?\\:\\/\\/isearch\\.avg\\.com\\/search\\?");
                        ---- Lines ask.com removed from prefs.js ----
                        user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
                        ---- FireFox user.js and prefs.js backups ----

                        prefs_05-09-2014_1609_.backup

                        ProfilePath: C:\Users\Doefke\AppData\Roaming\Thunderbird\Profiles\vpv90hm6.default

                        user.js not found
                        ---- FireFox user.js and prefs.js backups ----

                        prefs_05-09-2014_1609_.backup

                        ProfilePath: C:\Users\Douven\AppData\Roaming\Mozilla\Firefox\Profiles\0nnvyn76.default

                        user.js not found
                        ---- Lines guardi removed from prefs.js ----
                        user_pref("extensions.https_everywhere.Guardian Project", true);
                        user_pref("extensions.https_everywhere.The Guardian (partial)", true);
                        ---- Lines Search removed from prefs.js ----
                        user_pref("extensions.https_everywhere.eDigitalResearch (partial)", true);
                        user_pref("extensions.https_everywhere.French National Centre for Scientific Research (partial)", false);
                        user_pref("extensions.https_everywhere.HostSearch (partial)", true);
                        user_pref("extensions.https_everywhere.National Research Council Canada", true);
                        user_pref("extensions.https_everywhere.Natural Environment Research Council (partial)", true);
                        user_pref("extensions.https_everywhere.Search www.google.com", false);
                        user_pref("extensions.https_everywhere.Southwest Research Institute (partial)", false);
                        user_pref("extensions.https_everywhere.Web Hosting Search (partial)", true);
                        ---- Lines isearch removed from prefs.js ----
                        user_pref("weboftrust.search.avg.url", "^http(s)?\\:\\/\\/isearch\\.avg\\.com\\/search\\?");
                        ---- Lines delta removed from prefs.js ----
                        user_pref("extensions.https_everywhere.Delta.no", true);
                        ---- Lines ask.com removed from prefs.js ----
                        user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
                        ---- Lines blekko removed from prefs.js ----
                        user_pref("extensions.https_everywhere.Blekko", true);
                        ---- FireFox user.js and prefs.js backups ----

                        prefs_05-09-2014_1609_.backup

                        ProfilePath: C:\Users\Douven\AppData\Roaming\Thunderbird\Profiles\u7buvx36.default

                        user.js not found
                        ---- FireFox user.js and prefs.js backups ----

                        prefs_05-09-2014_1609_.backup

                        ProfilePath: C:\Users\Doefke\AppData\Roaming\Thunderbird\Profiles\r4bj19t7.default

                        prefs.js not found
                        user.js not found
                        ---- FireFox user.js and prefs.js backups ----


                        ProfilePath: C:\Users\Douven\AppData\Roaming\Thunderbird\Profiles\xc1vwsdr.default

                        prefs.js not found
                        user.js not found
                        ---- FireFox user.js and prefs.js backups ----


                        ==== Deleting Files \ Folders ======================

                        C:\PROGRA~2\Wise\Wise Registry Cleaner deleted
                        C:\PROGRA~3\ProductData deleted
                        C:\PROGRA~3\Package Cache deleted
                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 deleted
                        C:\Windows\wininit.ini deleted
                        C:\Windows\SysNative\config\systemprofile\Searches deleted
                        C:\Users\Doefke\AppData\Roaming\Mozilla\Firefox\Profiles\akkz5069.default\extensions\[email protected] y.com.xpi deleted
                        C:\Users\Doefke\AppData\Roaming\Mozilla\Firefox\Profiles\akkz5069.default\Invalidprefs.js deleted
                        C:\Users\Doefke\AppData\Roaming\Mozilla\Firefox\Profiles\akkz5069.default\jetpack deleted
                        C:\Users\Douven\AppData\Roaming\Mozilla\Firefox\Profiles\0nnvyn76.default\extensions\[email protected] y.com.xpi deleted
                        C:\Users\Douven\AppData\Roaming\Mozilla\Firefox\Profiles\0nnvyn76.default\jetpack deleted

                        ==== Files Recently Created / Modified ======================

                        ====== C:\Windows ====
                        2014-08-24 13:04:32 36769324359E482A7DC4A790959C5B75 12 ----a-w- C:\Windows\CUAppUsage.Dat
                        ====== C:\Users\Douven\AppData\Local\Temp ====
                        ====== Java Cache =====
                        ====== C:\Windows\SysWOW64 =====
                        2014-08-28 14:43:34 980305AC3AF53C1964A11190451ABB32 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll
                        2014-08-24 12:51:05 D0AAAE16BA162DD89D646887F1539855 1700352 ----a-w- C:\Windows\SysWOW64\gdiplus.dll
                        2014-08-24 12:51:05 CA2F560921B7B8BE1CF555A5A18D54C3 348160 ----a-w- C:\Windows\SysWOW64\msvcr71.dll
                        2014-08-24 12:51:05 1FD3F9722119BDF7B8CFF0ECD1E84EA6 1060864 ----a-w- C:\Windows\SysWOW64\mfc71.dll
                        ====== C:\Windows\SysWOW64\drivers =====
                        ====== C:\Windows\Sysnative =====
                        2014-09-01 12:22:17 BA89AFD40CF22AA7DD028FCE214C478E 118048 ----a-w- C:\Windows\Sysnative\BootDefrag.exe
                        2014-08-28 14:43:34 A347EF56B7CD8360B3EF7772FEA597B9 3163648 ----a-w- C:\Windows\Sysnative\win32k.sys
                        2014-08-28 14:43:34 860528C9E50AB84935843B23A80E665E 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll
                        ====== C:\Windows\Sysnative\drivers =====
                        2014-09-04 13:08:08 105ACC469DF34C8BD0D5E68A70C774E5 60400 ----a-w- C:\Windows\Sysnative\drivers\PSKMAD.sys
                        2014-09-01 12:22:17 369D7E0E01117A1A4A23C9C6A04EED06 17600 ----a-w- C:\Windows\Sysnative\drivers\BootDefragDriver.sys
                        2014-09-01 12:15:00 918997DCB25355E3541EF62FA0C2A368 20672 ----a-w- C:\Windows\Sysnative\drivers\GUBootStartup.sys
                        2014-08-12 17:22:27 87CE5C8965E101CCCED1F4675557E868 985536 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
                        ====== C:\Windows\Tasks ======
                        2014-09-01 12:15:05 DC32EEC8D7A9180BEDF3C6D506FA11FE 2978 ----a-w- C:\Windows\Sysnative\Tasks\GU5SkipUAC
                        2014-09-01 12:15:04 E6FB60087EB6B786003D429CF18749DD 2636 ----a-w- C:\Windows\Sysnative\Tasks\GlaryInitialize 5
                        2014-09-01 12:15:03 1267ABFC395039D3D79BA01FA4E32D48 334 ----a-w- C:\Windows\Tasks\GlaryInitialize 5.job
                        2014-08-16 09:32:09 99FD97A9443C8C8FCE3ED1C4F25A0E2B 3108 ----a-w- C:\Windows\Sysnative\Tasks\{1811587C-730D-4FC1-803D-9A60D375396D}
                        2014-08-16 09:32:08 D71EBBC90388AB28B05CD3C17CC7C6D7 394 ---ha-w- C:\Windows\Tasks\{1811587C-730D-4FC1-803D-9A60D375396D}.job
                        2014-08-11 15:26:23 F58C68ABEB8C414CDC383280D7240351 2888 ----a-w- C:\Windows\Sysnative\Tasks\Uninstaller_SkipUac_Douven
                        ====== C:\Windows\Temp ======
                        ======= C:\Program Files =====
                        2014-09-05 12:04:26 -------- d-----w- C:\Program Files\HitmanPro
                        2014-09-04 22:52:31 -------- d-----w- C:\Program Files\trend micro
                        2014-08-14 13:03:21 -------- d-----w- C:\Program Files\Reason
                        ======= C:\PROGRA~2 =====
                        2014-09-03 11:19:13 -------- d-----w- C:\PROGRA~2\Restore Point Creator
                        2014-09-02 15:28:33 -------- d-----w- C:\PROGRA~2\Mozilla Thunderbird
                        2014-09-01 12:14:53 -------- d-----w- C:\PROGRA~2\Glary Utilities 5
                        2014-08-24 13:01:44 -------- d-----w- C:\PROGRA~2\SumatraPDF
                        2014-08-21 23:09:10 -------- d-----w- C:\PROGRA~2\OpenOffice 4
                        2014-08-11 15:45:00 -------- d-----w- C:\PROGRA~2\EMET 4.1
                        ======= C: =====
                        ====== C:\Users\Douven\AppData\Roaming ======
                        2014-09-05 12:55:44 6A3AAD244688FE7D08BFCBEA0F937C20 64496 ----a-w- C:\Users\Doefke\AppData\Local\GDIPFONTCACHEV1.DAT
                        2014-09-05 12:49:52 00C06654CD39D8B9FD0E79D9E5C6F71C 64496 ----a-w- C:\Users\Douven\AppData\Local\GDIPFONTCACHEV1.DAT
                        2014-09-03 11:19:48 -------- d-----w- C:\Users\Douven\AppData\Local\Restore_Point_Creator
                        2014-09-01 12:14:59 -------- d-----w- C:\Users\Douven\AppData\Roaming\GlarySoft
                        2014-08-15 09:53:40 -------- d-----w- C:\Users\Doefke\AppData\Roaming\Wise Disk Cleaner
                        2014-08-13 21:30:37 -------- d-sh--w- C:\Users\Doefke\AppData\Locallow\EmieUserList
                        2014-08-13 21:30:37 -------- d-sh--w- C:\Users\Doefke\AppData\Locallow\EmieSiteList
                        2014-08-13 21:30:36 -------- d-----w- C:\Users\Doefke\AppData\Roaming\Adobe
                        2014-08-13 17:53:34 -------- d-----w- C:\Users\Douven\AppData\Roaming\Adobe
                        2014-08-13 14:40:42 -------- d-----w- C:\Users\Douven\AppData\Local\VirtualStore
                        2014-08-11 17:11:43 -------- d-sh--w- C:\Users\Doefke\AppData\Local\EmieUserList
                        2014-08-11 17:11:43 -------- d-sh--w- C:\Users\Doefke\AppData\Local\EmieSiteList
                        2014-08-11 15:48:42 -------- d-sh--w- C:\Users\Douven\AppData\Locallow\EmieUserList
                        2014-08-11 15:48:42 -------- d-sh--w- C:\Users\Douven\AppData\Locallow\EmieSiteList
                        2014-08-11 15:47:25 -------- d-sh--w- C:\Users\Douven\AppData\Local\EmieUserList
                        2014-08-11 15:47:25 -------- d-sh--w- C:\Users\Douven\AppData\Local\EmieSiteList
                        ====== C:\Users\Douven ======
                        2014-09-03 11:19:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restore Point Creator
                        2014-09-02 15:27:47 -------- d-----w- C:\ProgramData\Mozilla
                        2014-09-01 12:15:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
                        2014-08-29 13:58:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
                        2014-08-27 22:21:49 -------- d-----w- C:\ProgramData\F-Secure
                        2014-08-21 23:09:30 -------- d-s---w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
                        2014-08-16 09:31:40 -------- d-----w- C:\ProgramData\panda_url_filtering
                        2014-08-16 09:30:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
                        2014-08-13 14:13:07 -------- d---a-w- C:\ProgramData\TEMP
                        2014-08-11 15:45:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit

                        ====== C: exe-files ==
                        2014-09-04 22:52:33 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Douven.exe
                        2014-09-03 11:19:14 F55955DEA7CDA559659CDEE49A56C5F3 539136 ----a-w- C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe
                        2014-09-03 11:19:13 2176E096E73F4F207BE708FA568BB368 719521 ----a-w- C:\Program Files (x86)\Restore Point Creator\unins000.exe
                        2014-09-02 15:28:34 8518F08CCF44D3CEB7731FB73B8A1D0E 119408 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice.exe
                        2014-09-02 15:28:34 6E04812FAC21D5B2DF7FCC01CF794FB1 277616 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\updater.exe
                        2014-09-02 15:28:34 5BA18AE8604EE142840B2DC26A539FBE 194176 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe
                        2014-09-02 15:28:34 37DF9BFF17FBD13440A52ACF515FACE7 22640 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\WSEnable.exe
                        2014-09-02 15:28:34 3013252539F5EAC75B7B0629828DF5CB 389744 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
                        2014-09-02 15:28:34 0B164CA8C4019D2327660F56E6E7B5FB 18544 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\plugin-container.exe
                        2014-09-02 15:28:34 09D9B4815D1A2C62E1458D960761A9ED 901232 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
                        2014-09-02 15:28:33 DF64AC8DB231445483660F7FDAF49551 117360 ----a-w- C:\Program Files (x86)\Mozilla Thunderbird\crashreporter.exe
                        2014-09-01 12:22:17 BA89AFD40CF22AA7DD028FCE214C478E 118048 ----a-w- C:\Windows\System32\BootDefrag.exe
                        2014-09-01 12:15:07 87579B607275F1378076476426C0216E 173817 ----a-w- C:\Program Files (x86)\Glary Utilities 5\uninst.exe
                        2014-09-01 06:14:20 D5CACCF534AB05F4E89B0866D5927E85 22816 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wxp_x86\RegBootDefrag.exe
                        2014-09-01 06:14:18 4C3D7E222BA28CEAE4C82147BA459BBC 101664 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wxp_x86\BootDefrag.exe
                        2014-09-01 06:14:16 B122A72EBB8CF15A318333280BAEEBCE 28960 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wxp_x64\RegBootDefrag.exe
                        2014-09-01 06:14:14 EC98E87699A35A3D8F696DA585E887CA 101664 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wnet_x86\BootDefrag.exe
                        2014-09-01 06:14:14 C05545EC4D9B46DA3774D3D1185B4C0D 118048 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wxp_x64\BootDefrag.exe
                        2014-09-01 06:14:12 7333503296B27E73311AFBA23EDC538F 118048 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wnet_x64\BootDefrag.exe
                        2014-09-01 06:14:10 698277EBCAAFB244C48FD2DAA073B4F6 118048 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wlh_x64\BootDefrag.exe
                        2014-09-01 06:14:10 44944914B748FCB01229A3DD891920CE 101664 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wlh_x86\BootDefrag.exe
                        2014-09-01 06:14:08 AAEB4E54238214772CB5BB2E733E2F1B 101664 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\win7_x86\BootDefrag.exe
                        2014-09-01 06:14:06 BA89AFD40CF22AA7DD028FCE214C478E 118048 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\win7_x64\BootDefrag.exe
                        2014-09-01 06:14:06 18E7D698A3D2D4359D909EB54309AFC7 135968 ----a-w- C:\Program Files (x86)\Glary Utilities 5\x64\Win64ShellLink.exe
                        2014-09-01 06:14:04 B6BC2BD4B68517E69B61F2950064D65E 63776 ----a-w- C:\Program Files (x86)\Glary Utilities 5\upgrade.exe
                        2014-09-01 06:14:02 D2459693A49910F7785F258B517190B6 334624 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Uninstaller.exe
                        2014-09-01 06:14:00 7F140036DD516E78CCB505384EEF72CE 410400 ----a-w- C:\Program Files (x86)\Glary Utilities 5\SoftwareUpdate.exe
                        2014-09-01 06:13:54 0627902F8230EAF430D1C469BEE8FA38 36640 ----a-w- C:\Program Files (x86)\Glary Utilities 5\TracksEraser.exe
                        2014-09-01 06:13:52 62DA6CE6759EC385E70E9639BF2F55B5 516896 ----a-w- C:\Program Files (x86)\Glary Utilities 5\sysinfo.exe
                        2014-09-01 06:13:50 7EEBFC12A04CA1DF603A92BE3D1F49E4 37152 ----a-w- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
                        2014-09-01 06:13:48 73BA02471AAD1E36EE6C0B5520845134 36640 ----a-w- C:\Program Files (x86)\Glary Utilities 5\SpyRemover.exe
                        2014-09-01 06:13:44 1AC9B185AB5AD395D86442DE6CF3E252 138528 ----a-w- C:\Program Files (x86)\Glary Utilities 5\shredder.exe
                        2014-09-01 06:13:38 A9CFE0CD0870B631896EBFCC7D28C475 37152 ----a-w- C:\Program Files (x86)\Glary Utilities 5\RestoreCenter.exe
                        2014-09-01 06:13:34 04E818A603ADE0A9B1138B40D02EBB8F 37152 ----a-w- C:\Program Files (x86)\Glary Utilities 5\RegistryCleaner.exe
                        2014-09-01 06:13:30 73B5FC990AC29D3DFFA01B2E2303E549 95008 ----a-w- C:\Program Files (x86)\Glary Utilities 5\regdefrag.exe
                        2014-09-01 06:13:28 978197B4E4BD52A8BE3FF0023E37333A 293152 ----a-w- C:\Program Files (x86)\Glary Utilities 5\procmgr.exe
                        2014-09-01 06:13:28 673D5422AF6AE073E0B1DF8ED037C12A 306464 ----a-w- C:\Program Files (x86)\Glary Utilities 5\QuickSearch.exe
                        2014-09-01 06:13:26 0FA3D13F08FA2FB6D5CC0384827F6580 135968 ----a-w- C:\Program Files (x86)\Glary Utilities 5\PortableMaker.exe
                        2014-09-01 06:13:24 8D6EE8FB49D44D0C576443BDE540F35E 227616 ----a-w- C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe
                        2014-09-01 06:13:22 C6A883C02E59036FA015CC5E39508CE8 402720 ----a-w- C:\Program Files (x86)\Glary Utilities 5\MemfilesService.exe
                        2014-09-01 06:13:18 1AE5D0F2BEA6C38C03FBF436DF5BFD61 122656 ----a-w- C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe
                        2014-09-01 06:13:10 A62C102F7DC4BB7EAF5831A4CB255D94 64288 ----a-w- C:\Program Files (x86)\Glary Utilities 5\joinExe.exe
                        2014-09-01 06:13:06 B8706DBD01FAA7D386E9BF4EF622C630 793376 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
                        2014-09-01 06:13:06 5618B05E01C2D4C9AADA3C4DFAFA6CC8 377120 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Integrator_Portable.exe
                        2014-09-01 06:13:02 D549AEF2DDEFD053F054ABF80E100F2E 104224 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
                        2014-09-01 06:13:00 4FCA049B49DC9CB988A87922C28B6A92 63776 ----a-w- C:\Program Files (x86)\Glary Utilities 5\gsd.exe
                        2014-09-01 06:13:00 12F0C860B025A14CF558F97C4F301680 777504 ----a-w- C:\Program Files (x86)\Glary Utilities 5\iehelper.exe
                        2014-09-01 06:12:56 EB1C9383C8728C8A5B59894F33BD214F 1469216 ----a-w- C:\Program Files (x86)\Glary Utilities 5\FileUndelete.exe
                        2014-09-01 06:12:56 DF0903C69E0FE525A133CB803552B467 103200 ----a-w- C:\Program Files (x86)\Glary Utilities 5\filesplitter.exe
                        2014-09-01 06:12:52 B7656FE19E39A75AD6E346BF6646BB96 147232 ----a-w- C:\Program Files (x86)\Glary Utilities 5\fileencrypt.exe
                        2014-09-01 06:12:52 91585D75EFAE607AA53FCD1E8E721DE4 373024 ----a-w- C:\Program Files (x86)\Glary Utilities 5\EncryptExe.exe
                        2014-09-01 06:12:50 FD8949CCDF2681D719D5700E624B55A9 218912 ----a-w- C:\Program Files (x86)\Glary Utilities 5\EmptyFolderFinder.exe
                        2014-09-01 06:12:48 7FE2696F1C1DBFBB697E8D8664034A03 367392 ----a-w- C:\Program Files (x86)\Glary Utilities 5\dupefinder.exe
                        2014-09-01 06:12:46 F09E753F08E1A3483C7CD83FE5F0BCB5 400672 ----a-w- C:\Program Files (x86)\Glary Utilities 5\DiskDefrag.exe
                        2014-09-01 06:12:46 6AB11374F019C9B4852E64B8AB7F0394 148256 ----a-w- C:\Program Files (x86)\Glary Utilities 5\DriverBackup.exe
                        2014-09-01 06:12:44 72EB0F462D51983279B60091474818A8 36640 ----a-w- C:\Program Files (x86)\Glary Utilities 5\DiskCleaner.exe
                        2014-09-01 06:12:42 7A6E6DFA3D0706581331BD35095E8AB9 348960 ----a-w- C:\Program Files (x86)\Glary Utilities 5\DiskAnalysis.exe
                        2014-09-01 06:12:38 41D2AE8C35F28C8B73DC8F75381016A9 958752 ----a-w- C:\Program Files (x86)\Glary Utilities 5\CrashReport.exe
                        2014-09-01 06:12:30 D10709867BFCFF7AD593B7D105509D19 137504 ----a-w- C:\Program Files (x86)\Glary Utilities 5\cmm.exe
                        2014-09-01 06:12:28 E867F11EAB93B35166FDFA6380A195A6 36640 ----a-w- C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe
                        2014-09-01 06:12:24 987329608B7FA840C52E4DE291EE58AF 68384 ----a-w- C:\Program Files (x86)\Glary Utilities 5\CheckDiskProgress.exe
                        2014-09-01 06:12:24 5DDE0C40CA67FB1D1EB9EBBA0DF6B0A5 36640 ----a-w- C:\Program Files (x86)\Glary Utilities 5\CheckDisk.exe
                        2014-09-01 06:12:16 2575C5A372BC43B300491766984CD1FE 498464 ----a-w- C:\Program Files (x86)\Glary Utilities 5\AutoUpdate.exe
                        2014-09-01 06:10:48 C3AC43B2018114A617E946AA8FDF3CAC 930272 ----a-w- C:\Program Files (x86)\Glary Utilities 5\DPInst64.exe
                        2014-09-01 06:10:48 3F442906B29B552F1C9FEC1E221D90B7 795104 ----a-w- C:\Program Files (x86)\Glary Utilities 5\DPInst32.exe
                        === C: other files ==
                        2014-09-04 13:08:08 105ACC469DF34C8BD0D5E68A70C774E5 60400 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
                        2014-09-01 12:22:17 369D7E0E01117A1A4A23C9C6A04EED06 17600 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys
                        2014-09-01 12:15:00 918997DCB25355E3541EF62FA0C2A368 20672 ----a-w- C:\Windows\System32\drivers\GUBootStartup.sys
                        2014-09-01 06:10:54 F8ADE2053957E8E5F2ED2A1203C79589 16064 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\win7_x86\BootDefragDriver.sys
                        2014-09-01 06:10:54 D59C80D299743D3FC2FB35E96214E36E 17600 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wxp_x64\BootDefragDriver.sys
                        2014-09-01 06:10:54 C4B439F8332B540FD10399920320888B 16064 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wnet_x86\BootDefragDriver.sys
                        2014-09-01 06:10:54 BC7761423CA17275941580B4D388EC9B 17600 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wnet_x64\BootDefragDriver.sys
                        2014-09-01 06:10:54 9F3935A68A7F73FC56413D298B219544 16064 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wlh_x86\BootDefragDriver.sys
                        2014-09-01 06:10:54 3B77514728BA0BFE4143FC3A2780B289 14784 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wxp_x86\BootDefragDriver.sys
                        2014-09-01 06:10:54 369D7E0E01117A1A4A23C9C6A04EED06 17600 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\win7_x64\BootDefragDriver.sys
                        2014-09-01 06:10:54 0A7F269E6D58A8814105150B4F7F5021 17600 ----a-w- C:\Program Files (x86)\Glary Utilities 5\Native\wlh_x64\BootDefragDriver.sys

                        ==== Startup Registry Enabled ======================

                        [HKEY_USERS\S-1-5-21-2434453452-862557355-310033356-1000\Software\Microsoft\Windows\CurrentVersion\Run]
                        "SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe"

                        [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
                        "mctadmin"="C:\Windows\System32\mctadmin.exe"

                        [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
                        "mctadmin"="C:\Windows\System32\mctadmin.exe"

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "ZALFree"="C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe /MINIMIZED"
                        "EMET 4.1 Update 1 Agent"="C:\Program Files (x86)\EMET 4.1\EMET_agent.exe"
                        "PSUAMain"="C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe /LaunchSysTray"

                        [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
                        "SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe"

                        [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
                        "AppInit_DLLs"="C:\\PROGRA~2\\KEYCRY~1\\KE3AEA~1.DLL"

                        ==== Startup Registry Enabled x64 ======================

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                        "Eraser"="C:\PROGRA~1\Eraser\Eraser.exe --atRestart"

                        [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
                        "AppInit_DLLs"="C:\\PROGRA~2\\KEYCRY~1\\KE12AD~1.DLL"

                        ==== Startup Registry Disabled x64 ======================

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Eraser]
                        "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                        "item"="Eraser"
                        "hkey"="HKLM"
                        "command"="\"C:\\PROGRA~1\\Eraser\\Eraser.exe\" --atRestart"

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GUDelayStartup]
                        "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                        "item"="GUDelayStartup"
                        "hkey"="HKCU"
                        "command"="\"C:\\Program Files (x86)\\Glary Utilities 5\\StartupManager.exe\" -delayrun"

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HDAudDeck]
                        "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                        "item"="HDAudDeck"
                        "hkey"="HKLM"
                        "command"="C:\\Program Files (x86)\\VIA\\VIAudioi\\VDeck\\VDeck.exe -r"

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
                        "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                        "item"="HotKeysCmds"
                        "hkey"="HKLM"
                        "command"="\"C:\\Windows\\system32\\hkcmd.exe\""

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
                        "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                        "item"="IgfxTray"
                        "hkey"="HKLM"
                        "command"="\"C:\\Windows\\system32\\igfxtray.exe\""

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
                        "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                        "item"="Persistence"
                        "hkey"="HKLM"
                        "command"="\"C:\\Windows\\system32\\igfxpers.exe\""

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PhrozenSoft VirusTotal Uploader]
                        "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                        "item"="PhrozenSoft VirusTotal Uploader"
                        "hkey"="HKCU"
                        "command"=""

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
                        "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                        "item"="SDTray"
                        "hkey"="HKLM"
                        "command"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\""

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UMonit]
                        "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                        "item"="UMonit"
                        "hkey"="HKLM"
                        "command"="C:\\Windows\\SysWOW64\\UMonit.exe"

                        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender]
                        "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                        "item"="Windows Defender"
                        "hkey"="HKLM"
                        "command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide"


                        ==== Task Scheduler Jobs ======================

                        C:\Windows\tasks\GlaryInitialize 5.job --a------ C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [01-09-2014 08:13]
                        C:\Windows\tasks\Restore Point Creator -- Run with no UAC (Create Custom Restore Point).job --a------ C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe [16-08-2014 18:22]
                        C:\Windows\tasks\Restore Point Creator -- Run with no UAC (Create Restore Point).job --a------ [Undetermined Task]
                        C:\Windows\tasks\Restore Point Creator -- Run with no UAC.job --a------ C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe [16-08-2014 18:22]
                        C:\Windows\tasks\{1811587C-730D-4FC1-803D-9A60D375396D}.job --ah----- [Undetermined Task]

                        ==== Other Scheduled Tasks ======================

                        "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
                        "C:\Windows\SysNative\tasks\GlaryInitialize 5" [C:\Program Files (x86)\Glary Utilities 5\Initialize.exe]
                        "C:\Windows\SysNative\tasks\GU5SkipUAC" [C:\Program Files (x86)\Glary Utilities 5\Integrator.exe]
                        "C:\Windows\SysNative\tasks\Restore Point Creator -- Run with no UAC" ["C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe"]
                        "C:\Windows\SysNative\tasks\Restore Point Creator -- Run with no UAC (Create Custom Restore Point)" ["C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe"]
                        "C:\Windows\SysNative\tasks\Restore Point Creator -- Run with no UAC (Create Restore Point)" ["C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe"]
                        "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
                        "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Doefke" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
                        "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Douven" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
                        "C:\Windows\SysNative\tasks\{1811587C-730D-4FC1-803D-9A60D375396D}" [C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe]
                        "C:\Windows\SysNative\tasks\Restore Point Creator\Restore Point Creator -- Run with no UAC (Create Custom Restore Point) (For User Douven)" ["C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe"]
                        "C:\Windows\SysNative\tasks\Restore Point Creator\Restore Point Creator -- Run with no UAC (Create Restore Point) (For User Douven)" ["C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe"]
                        "C:\Windows\SysNative\tasks\Restore Point Creator\Restore Point Creator -- Run with no UAC (For User Douven)" ["C:\Program Files (x86)\Restore Point Creator\Restore Point Creator.exe"]

                        ==== Firefox Extensions ======================

                        ProfilePath: C:\Users\Doefke\AppData\Roaming\Mozilla\Firefox\Profiles\akkz5069.default
                        - HTTPS-Everywhere - %ProfilePath%\extensions\[email protected]
                        - McAfee SiteAdvisor - %ProfilePath%\extensions\{1650a312-02bc-40ee-977e-83f158701739}(2)
                        - WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
                        - Classic Theme Restorer Customize Australis - %ProfilePath%\extensions\ClassicThe[email protected]
                        - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
                        - eCleaner - %ProfilePath%\extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi
                        - BetterPrivacy - %ProfilePath%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
                        - Adblock Edge - %ProfilePath%\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

                        ProfilePath: C:\Users\Doefke\AppData\Roaming\Thunderbird\Profiles\vpv90hm6.default
                        - Deutsches Wrterbuch - %ProfilePath%\extensions\[email protected]
                        - British English Dictionary - %ProfilePath%\extensions\[email protected]
                        - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

                        ProfilePath: C:\Users\Douven\AppData\Roaming\Mozilla\Firefox\Profiles\0nnvyn76.default
                        - HTTPS-Everywhere - %ProfilePath%\extensions\[email protected]
                        - WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
                        - Classic Theme Restorer Customize Australis - %ProfilePath%\extensions\[email protected]
                        - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
                        - eCleaner - %ProfilePath%\extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi
                        - BetterPrivacy - %ProfilePath%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
                        - Adblock Edge - %ProfilePath%\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

                        ProfilePath: C:\Users\Douven\AppData\Roaming\Thunderbird\Profiles\u7buvx36.default
                        - Deutsches Wrterbuch - %ProfilePath%\extensions\[email protected]
                        - British English Dictionary - %ProfilePath%\extensions\[email protected]
                        - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

                        ProfilePath: C:\Users\Doefke\AppData\Roaming\Thunderbird\Profiles\r4bj19t7.default
                        - Instrument Test - %ProfilePath%\extensions\[email protected]

                        ProfilePath: C:\Users\Douven\AppData\Roaming\Thunderbird\Profiles\xc1vwsdr.default
                        - Instrument Test - %ProfilePath%\extensions\[email protected]

                        AppDir: C:\Program Files (x86)\Mozilla Firefox
                        - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

                        ==== Firefox Plugins ======================

                        Profilepath: C:\Users\Douven\AppData\Roaming\Mozilla\Firefox\Profiles\0nnvyn76.default
                        9EE20E6E2E3F94714D44F739B9A228F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave Flash


                        ==== Set IE to Default ======================

                        Old Values:
                        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
                        "Start Page"="https://www.startpage.com/ned/"

                        New Values:
                        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
                        "Start Page"="https://www.startpage.com/ned/"

                        ==== All HKCU SearchScopes ======================

                        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
                        "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
                        {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
                        {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

                        ==== Reset Google Chrome ======================

                        Nothing found to reset

                        ==== Deleting Registry Keys ======================

                        HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
                        HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
                        HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully

                        ==== Empty IE Cache ======================

                        C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                        C:\Users\Doefke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                        C:\Users\Doefke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
                        C:\Users\Douven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                        C:\Users\Douven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
                        C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                        C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                        C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

                        ==== Empty FireFox Cache ======================

                        No FireFox Cache found

                        ==== Empty Chrome Cache ======================

                        No Chrome User Data found

                        ==== Empty All Flash Cache ======================

                        No Flash Cache Found

                        ==== Empty All Java Cache ======================

                        No Java Cache Found

                        ==== C:\zoek_backup content ======================

                        C:\zoek_backup (files=81 folders=16 14560077 bytes)

                        ==== Empty Temp Folders ======================

                        C:\Users\Default\AppData\Local\Temp emptied successfully
                        C:\Users\Default User\AppData\Local\Temp emptied successfully
                        C:\Users\Doefke\AppData\Local\Temp emptied successfully
                        C:\Users\Douven\AppData\Local\Temp will be emptied at reboot
                        C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
                        C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
                        C:\Windows\Temp will be emptied at reboot

                        ==== After Reboot ======================

                        ==== Empty Temp Folders ======================

                        C:\Windows\Temp successfully emptied
                        C:\Users\Douven\AppData\Local\Temp successfully emptied

                        ==== Empty Recycle Bin ======================

                        C:\$RECYCLE.BIN successfully emptied

                        ==== EOF on vr 05-09-2014 at 16:27:18,24 ======================

                        Comment


                        • #13
                          Hoi Juisterr, Kan ik RKILl en Zoek. exe weer verwijderen ?

                          Comment


                          • #14
                            Dat hangt er van af, hoe gaat het nu ?

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              Hoi Juisterr, alles werkt prima de vraag was dan ook of er nog Malware op de PC aanwezig was zodoende aanvraag naar omdat Emsi emergency Kit een trojan had gevonden vond ik het raadzaam om dit even te checken je weet maar nooit!! ( Nog iets gevonden in de logjes?)

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X