• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

mogelijk virus

Status
Niet open voor verdere reacties.
Farbar Service Scanner Version: 05-12-2013
Ran by veronica (administrator) on 11-12-2013 at 21:36:43
Running from "C:\Users\veronica\Desktop"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-11-16 09:49] - [2013-09-14 01:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-11-16 09:49] - [2013-09-08 03:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-15 08:47] - [2013-07-09 05:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-19 19:48] - [2013-05-27 05:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

---------- Bericht toegevoegd op 21:39 ---------- Vorige bericht was op 21:37 ----------

Volgends mij heeft abraham of kingpin mij nog geholpen toen
 
Hallo,

Ik ga het even verder uitpluizen je hoort van mij :smile:

---------- Bericht toegevoegd op 10:48 ---------- Vorige bericht was op 21:51 ----------

Hallo,

Doe het volgende;

Download de volgende reg files en plaats ze op je bureaublad:
Download wscsvc.reg
Download Winmgmt.reg

Voer het daarna uit: Rechtsklik wscsvc.reg en kies voor "Samenvoegen".
Voer het daarna uit: Rechtsklik Winmgmt.reg en kies voor "Samenvoegen".

Herstart je pc.

Plaats een nieuw logje met Farbar Service Scanner.
 
Farbar Service Scanner Version: 05-12-2013
Ran by veronica (administrator) on 13-12-2013 at 08:30:51
Running from "C:\Users\veronica\Desktop"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-11-16 09:49] - [2013-09-14 01:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-11-16 09:49] - [2013-09-08 03:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-15 08:47] - [2013-07-09 05:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-19 19:48] - [2013-05-27 05:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
Hallo Leo, ik neem het even over van abbs, die momenteel internetproblemen heeft.

Stap 1
Download
51f8d03670fd5-RogueKiller_icon_Canned_def.jpg
RogueKiller 32 bit (x86) of RogueKiller 64 bit (x64)
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!

RogueKiller opstarten:
  • Sluit nu eerst alle nog openstaande programmavensters!
  • Windows 2000 en Windows XP: dubbelklik op RogueKiller.exe.
  • Windows Vista, Windows 7 en Windows 8: rechtsklik op RogueKiller.exe en dan kiezen voor Als Administrator uitvoeren.
Scannen:
  • Sluit voordat RogueKiller gaat scannen, eerst alle andere openstaande vensters!
  • Na opstarten begint RogueKiller meteen een pre-scan, dus wacht tot de scan klaar is.
  • Notabene: Wanneer RogueKiller de ZeroAccess infectie detecteert zal er een melding verschijnen en een website met informatie worden geopend, deze mag u sluiten en hoeft u verder niets mee te doen.
  • Let op - activeer de volgende opties in RogueKiller:
    • MBR Scan
    • Verifeer Drivers
    • Anti-Rootkit
  • Klik vervolgens op de knop Scan
  • Wacht tot het einde van de scan.
  • Een log wordt aangemaakt en geplaatst op het bureaublad.
Hoe nu verder:
  • Doe verder nog niks maar plaats eerst de inhoud van dat log in jouw volgende bericht en sluit RogueKiller.

Stap 2
Download
522adc2487fb5-SecurityCheck_cannednieuw.jpg
Security Check
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
SecurityCheck.exe opstarten:
  • Windows 2000 en Windows XP: dubbelklik op SecurityCheck.exe.
  • Windows Vista, Windows 7 en Windows 8 rechtsklik op SecurityCheck.exe en kies "Als Administrator uitvoeren".
  • Let op de instrukties in het zwarte venster.
  • Een Kladblok document genaamd checkup.txt dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
  • Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.
Post de inhoud van checkup.txt in jouw volgende post.
 
RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Gestart vanuit : Normale modus
Gebruiker : veronica [Administrator rechten]
Modus : Verwijder -- Datum : 12/13/2013 14:02:29
| ARK || FAK || MBR |

??? Kwaadaardige processen : 0 ???

??? Register verwijzingen : 4 ???
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> Verwijderd
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> Verwijderd
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> VERVANGEN (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> VERVANGEN (0)

??? geplande taken : 0 ???

??? Startup Entries : 0 ???

??? webbrowsers : 0 ???

??? Speciale Files / Folders: ???

??? Driver : [Geladen] ???

??? Externe Hives: ???

??? Infectie : ???

??? HOSTS Bestand: ???
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


??? MBR Controle: ???

+++++ PhysicalDrive0: ( @ ) +++++
--- User ---
[MBR] bf9b561663261c24a7a9fca30c05607a
[BSP] bf22d287f7c5028cb6abaeb512695e7d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78164 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Gereed : << RKreport[0]_D_12132013_140229.txt >>
RKreport[0]_S_12132013_140053.txt



ik heb volgends mij wat verkeerd gedaan .

---------- Bericht toegevoegd op 14:22 ---------- Vorige bericht was op 14:07 ----------

geen txt bestand aanwezig van security check
 
Had jij de startbalk nog bekeken of daar een tekstdocument was opengegaan?
Want dat opent nadat het zwarte venster "done" aangeeft.

Probeer dus SecurityCheck nogmaals en wel opstarten met administratorrechten.
 
Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 45
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

---------- Bericht toegevoegd op 19:11 ---------- Vorige bericht was op 18:57 ----------

de windows security center service , kan niet worden gestart .
Ik heb inderdaad al een tijdje een kruis bij dat vlaggetje .
ik heb geprobeerd hem te starten .maar niks

---------- Bericht toegevoegd op 19:17 ---------- Vorige bericht was op 19:11 ----------

Ik heb ook gekeken in win. taakbeheer bij services ,naar wmiapsrv .
Ik heb niks gedaan alleen gekeken , hij is niet te starten .
 
Hallo,

Zijn die Reg bestanden nog gelukt?


Doe dan nog eens:
Ga naar Start en typ in de zoekregel cmd - bovenaan in het startmenu zie je nu de betreffende snelkoppeling.
Klik deze snelkoppeling met rechts aan en kies voor Als administrator uitvoeren.

In het zwarte venster typ je nu sfc /scannow gevolgd door indrukken van de Entertoets.
Denk wel aan de spatie na 'sfc'.
In het zwarte venster zie je vervolgens de voortgang van de scan.

Is de scan klaar, typ je Exit gevolgd door indrukken van de Entertoets.

Vertel hoe het hierna gaat.
 
52ab506571c31-Naamloos.jpg


Misschien overbodig ,maar toch , het kan geen kwaat.
 
Hallo,


Zijn die reg bestanden nog gelukt?


Krijg je daar de volgende servies aangezet?
wscsvc
Winmgmt
 
52ab5c7c0b37a-naamloos_1.jpg


Misschien overbodig ,maar toch , het kan geen kwaat.

---------- Bericht toegevoegd op 20:21 ---------- Vorige bericht was op 20:16 ----------

geen is in te schakelen , ik weet niet wat er aan de hand is .

---------- Bericht toegevoegd op 20:26 ---------- Vorige bericht was op 20:21 ----------

Ik zit het te vergelijken met mijn laptop met win 7 , echter daar staan ze ook uitgeschakeld .
 
Hallo,

Download
51a5d669693dd-icon_OTL.png
OTL naar het bureaublad.

OTL uitvoeren
  • Dubbelklik op "OTL.exe" om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Wanneer er een melding verschijnt van het gebruikersaccountbeheer klik dan op "Ja / Yes".
  • Vink bovenin OTL de optie "Scan all users" aan.
  • Klik nu op de knop "Run Scan"
    511b6947e8e98-runscan.png
    .
  • Wanneer OTL gereed is zullen er twee log bestanden worden geopend met de naam (OTL.txt) en (Extras.txt).
  • Voeg OTL.txt bestand nu toe aan het volgende bericht.
 
OTL logfile created on: 13-12-2013 20:33:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\veronica\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1023,55 Mb Total Physical Memory | 355,10 Mb Available Physical Memory | 34,69% Memory free
2,00 Gb Paging File | 1,08 Gb Available in Paging File | 54,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,33 Gb Total Space | 13,62 Gb Free Space | 17,85% Space Free | Partition Type: NTFS

Computer Name: VERONICA-PC | User Name: veronica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-12-13 20:31:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\veronica\Desktop\OTL.exe
PRC - [2013-09-23 01:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013-09-23 01:17:30 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013-09-05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-09-04 08:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2013-07-23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013-07-10 00:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013-07-04 14:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013-07-04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013-03-18 01:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 22:29:26 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
PRC - [2009-02-10 16:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008-11-09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2003-03-26 17:19:10 | 000,045,056 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
PRC - [2003-01-17 01:02:38 | 000,045,056 | ---- | M] ( ) -- C:\Windows\System32\slserv.exe


========== Modules (No Company Name) ==========

MOD - [2007-09-20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003-03-26 17:19:10 | 000,045,056 | ---- | M] () -- C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe


========== Services (SafeList) ==========

SRV - [2013-12-11 19:50:04 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-11-26 09:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013-09-05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-09-04 08:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013-07-23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013-07-22 20:42:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013-07-04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-05-27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-02-10 16:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008-11-09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003-01-17 01:02:38 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\veronica\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013-09-10 00:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013-09-05 00:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013-07-20 00:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013-07-20 00:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013-07-20 00:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013-07-20 00:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013-07-19 16:33:50 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013-07-01 00:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013-03-21 02:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012-09-04 09:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2012-08-23 15:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012-08-23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012-08-23 15:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012-08-23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010-11-20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010-11-20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010-11-20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009-07-13 23:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005-08-03 22:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003-03-22 09:30:58 | 000,219,024 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\STAC97.sys -- (STAC97)
DRV - [2003-02-16 16:33:46 | 001,293,192 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003-02-16 15:12:46 | 000,085,520 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003-02-16 15:11:56 | 000,516,616 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003-02-16 15:08:18 | 000,210,128 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003-02-05 16:25:56 | 000,162,136 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003-01-17 00:19:32 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\slwdmsup.sys -- (SlWdmSup)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-999374491-2198632272-2187689358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
IE - HKU\S-1-5-21-999374491-2198632272-2187689358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-999374491-2198632272-2187689358-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-999374491-2198632272-2187689358-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-999374491-2198632272-2187689358-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-999374491-2198632272-2187689358-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-999374491-2198632272-2187689358-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013-07-19 12:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013-12-07 22:35:05 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-999374491-2198632272-2187689358-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-999374491-2198632272-2187689358-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-999374491-2198632272-2187689358-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C600CF3-70CB-411A-9054-D06EF28E848B}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\Windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-12-13 20:31:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\veronica\Desktop\OTL.exe
[2013-12-13 09:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013-12-13 09:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013-12-12 08:48:12 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2013-12-12 00:12:25 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-12-12 00:12:24 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-12-12 00:12:22 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-12-12 00:12:21 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-12-12 00:12:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013-12-12 00:12:20 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-12-12 00:12:19 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013-12-12 00:12:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-12-12 00:12:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-12-12 00:12:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-12-12 00:12:18 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013-12-12 00:12:17 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013-12-12 00:12:12 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-12-12 00:12:06 | 004,243,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-12-12 00:01:30 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013-12-12 00:00:15 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013-12-12 00:00:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013-12-11 23:58:58 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013-12-11 23:58:56 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013-12-11 23:57:57 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013-12-11 23:57:56 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013-12-07 23:38:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2013-12-07 23:31:03 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013-12-07 23:21:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013-12-07 22:18:32 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2013-12-07 21:28:51 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013-12-07 21:21:25 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013-12-07 19:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013-12-06 23:22:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013-12-06 23:17:54 | 000,000,000 | ---D | C] -- C:\Users\veronica\AppData\Local\temp
[2013-12-06 22:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013-12-06 22:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013-12-06 22:51:36 | 000,000,000 | ---D | C] -- C:\Users\veronica\AppData\Roaming\Yahoo!
[2013-12-06 22:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2013-12-06 22:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2013-12-06 21:54:16 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2013-12-04 16:26:14 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-12-04 16:25:49 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-12-04 16:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013-12-04 16:25:46 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-12-04 16:25:40 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-11-19 16:05:03 | 000,322,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC30.DLL
[2013-11-17 10:48:49 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013-11-17 10:48:49 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013-11-17 10:48:47 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013-11-17 10:48:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-11-17 10:48:44 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013-11-17 10:48:42 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013-11-17 10:48:41 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013-11-17 10:48:38 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-11-17 10:48:38 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-11-17 10:48:38 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-11-17 10:48:36 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-11-17 10:48:32 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013-11-17 10:48:32 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-11-17 10:48:31 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-11-17 10:48:29 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013-11-17 10:48:29 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013-11-17 10:48:27 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013-11-17 10:48:27 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013-11-17 10:48:25 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-11-17 10:48:12 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-11-17 10:48:08 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013-11-17 10:48:07 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013-11-17 10:48:06 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013-11-17 10:48:04 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013-11-17 10:48:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013-11-17 10:48:02 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013-11-17 10:47:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013-11-17 10:47:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-11-17 10:47:57 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-11-17 10:17:37 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013-11-17 10:17:37 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013-11-16 09:50:02 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013-11-16 09:50:01 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013-11-16 09:49:53 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013-11-16 09:49:52 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013-11-16 09:49:52 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2013-11-16 09:49:48 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013-11-16 09:49:42 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013-11-16 09:49:41 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013-11-16 09:49:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013-11-16 09:49:28 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013-11-16 09:49:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013-11-16 09:49:23 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013-11-16 09:49:20 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013-11-16 09:49:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013-11-16 09:49:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013-11-16 09:49:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013-11-16 09:49:13 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

========== Files - Modified Within 30 Days ==========

[2013-12-13 20:31:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\veronica\Desktop\OTL.exe
[2013-12-13 14:09:23 | 000,891,200 | ---- | M] () -- C:\Users\veronica\Desktop\SecurityCheck.exe
[2013-12-13 13:56:41 | 000,026,576 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-12-13 13:56:41 | 000,026,576 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-12-13 09:30:43 | 000,001,135 | ---- | M] () -- C:\Users\veronica\Desktop\Auslogics DiskDefrag.lnk
[2013-12-13 09:21:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-12-13 09:21:27 | 804,954,112 | -HS- | M] () -- C:\hiberfil.sys
[2013-12-12 21:35:50 | 000,001,222 | ---- | M] () -- C:\Users\veronica\Documents\draaiboek.rtf
[2013-12-12 21:02:02 | 000,001,781 | ---- | M] () -- C:\Users\veronica\Documents\Document.rtf
[2013-12-12 19:54:26 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013-12-12 08:49:39 | 000,002,161 | ---- | M] () -- C:\Windows\diagerr.xml
[2013-12-12 08:45:06 | 000,002,544 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013-12-12 00:38:01 | 004,234,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-12-11 19:50:03 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-12-11 19:50:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-12-08 22:17:49 | 000,606,228 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2013-12-08 22:17:49 | 000,117,552 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2013-12-08 22:17:48 | 000,687,338 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013-12-08 22:17:48 | 000,612,034 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-12-08 22:17:48 | 000,129,010 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013-12-08 22:17:48 | 000,102,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-12-08 12:23:46 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-12-08 12:23:46 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-12-07 23:04:23 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013-12-07 22:35:05 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013-12-07 21:22:50 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-VERONICA-PC--(32-bit).dat
[2013-12-06 23:21:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_294
[2013-12-06 21:54:14 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2013-12-04 16:25:10 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-12-04 16:25:08 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-12-04 16:25:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-12-04 16:25:08 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-11-26 10:23:02 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-11-26 10:22:11 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013-11-26 09:53:56 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-11-26 09:52:26 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013-11-26 09:38:07 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-11-26 09:36:52 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-11-26 09:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-11-26 09:29:55 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-11-26 09:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013-11-26 09:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013-11-26 09:16:12 | 004,243,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-11-26 09:13:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-11-26 08:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-11-26 07:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-11-23 19:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013-11-19 16:06:39 | 000,081,920 | ---- | M] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2013-11-17 10:48:49 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013-11-17 10:48:49 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013-11-17 10:48:47 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013-11-17 10:48:45 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-11-17 10:48:44 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013-11-17 10:48:42 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013-11-17 10:48:41 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013-11-17 10:48:38 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-11-17 10:48:38 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-11-17 10:48:38 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-11-17 10:48:36 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-11-17 10:48:33 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013-11-17 10:48:32 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013-11-17 10:48:32 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-11-17 10:48:31 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-11-17 10:48:29 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013-11-17 10:48:29 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013-11-17 10:48:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013-11-17 10:48:27 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013-11-17 10:48:26 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-11-17 10:48:12 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-11-17 10:48:08 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013-11-17 10:48:07 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013-11-17 10:48:06 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013-11-17 10:48:04 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013-11-17 10:48:04 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013-11-17 10:48:02 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013-11-17 10:47:59 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013-11-17 10:47:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-11-17 10:47:57 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

========== Files Created - No Company Name ==========

[2013-12-13 14:09:23 | 000,891,200 | ---- | C] () -- C:\Users\veronica\Desktop\SecurityCheck.exe
[2013-12-13 09:30:43 | 000,001,135 | ---- | C] () -- C:\Users\veronica\Desktop\Auslogics DiskDefrag.lnk
[2013-12-12 21:35:49 | 000,001,222 | ---- | C] () -- C:\Users\veronica\Documents\draaiboek.rtf
[2013-12-12 19:22:45 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013-12-12 19:22:24 | 000,001,781 | ---- | C] () -- C:\Users\veronica\Documents\Document.rtf
[2013-12-12 08:44:59 | 000,002,544 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013-12-12 08:44:59 | 000,002,161 | ---- | C] () -- C:\Windows\diagerr.xml
[2013-12-07 21:22:50 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-VERONICA-PC--(32-bit).dat
[2013-12-06 22:24:30 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2013-11-19 16:06:41 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2013-11-17 10:48:33 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013-08-28 18:23:21 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013-08-28 18:23:21 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2013-08-28 18:23:12 | 000,000,005 | ---- | C] () -- C:\Windows\System32\wrnreg5.sys
[2013-08-28 18:22:50 | 000,414,208 | ---- | C] () -- C:\Windows\System32\wgatray.exe.bak
[2013-08-28 18:22:50 | 000,414,208 | ---- | C] () -- C:\Windows\System32\WgaTray.exe
[2013-08-28 18:22:50 | 000,190,976 | ---- | C] () -- C:\Windows\System32\wgalogon.dll.bak
[2013-08-28 18:22:50 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll
[2013-08-28 18:22:49 | 000,101,376 | ---- | C] () -- C:\Windows\System32\WELSOF32.DLL
[2013-08-28 18:22:46 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2013-08-28 18:22:46 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2013-08-28 18:22:45 | 000,013,601 | ---- | C] () -- C:\Windows\System32\vctest.ini
[2013-08-28 18:22:36 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013-08-28 18:22:26 | 000,106,605 | ---- | C] () -- C:\Windows\System32\structuredqueryschema.bin
[2013-08-28 18:22:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\structuredqueryschematrivial.bin
[2013-08-28 18:22:13 | 000,004,569 | ---- | C] () -- C:\Windows\System32\secupd.dat
[2013-08-28 18:22:00 | 000,007,920 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2013-08-28 18:21:59 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2013-08-28 18:21:48 | 000,421,888 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2013-08-28 18:21:46 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll.bak
[2013-08-28 18:21:46 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2013-08-28 18:21:46 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2013-08-28 18:21:46 | 000,057,567 | ---- | C] () -- C:\Windows\System32\oggds.dll.zip
[2013-08-28 18:21:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2013-08-28 18:21:46 | 000,004,463 | ---- | C] () -- C:\Windows\System32\oembios.dat
[2013-08-28 18:21:45 | 013,107,200 | ---- | C] () -- C:\Windows\System32\oembios.bin
[2013-08-28 18:21:29 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2013-08-28 18:21:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[2013-08-28 18:21:12 | 000,061,440 | ---- | C] () -- C:\Windows\System32\mplapx.dll
[2013-08-28 18:21:07 | 000,046,258 | ---- | C] () -- C:\Windows\System32\mib.bin
[2013-08-28 18:20:59 | 000,006,656 | ---- | C] () -- C:\Windows\System32\lpcio.dll
[2013-08-28 18:20:57 | 000,061,440 | ---- | C] () -- C:\Windows\System32\libfaac.dll
[2013-08-28 18:20:54 | 001,481,728 | ---- | C] () -- C:\Windows\System32\legitcheckcontrol.dll.bak
[2013-08-28 18:20:54 | 001,481,728 | ---- | C] () -- C:\Windows\System32\LegitCheckControl.dll
[2013-08-28 18:20:43 | 000,065,024 | ---- | C] () -- C:\Windows\System32\JPEGACC.DLL
[2013-08-28 18:20:41 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2013-08-28 18:20:36 | 000,017,921 | ---- | C] () -- C:\Windows\System32\infoctrs.ini
[2013-08-28 18:20:32 | 000,068,096 | ---- | C] () -- C:\Windows\System32\IGFPX32P.DLL
[2013-08-28 18:20:29 | 000,020,698 | ---- | C] () -- C:\Windows\System32\idxcntrs.ini
[2013-08-28 18:20:27 | 000,003,072 | ---- | C] () -- C:\Windows\System32\iacenc.dll
[2013-08-28 18:20:24 | 000,031,698 | ---- | C] () -- C:\Windows\System32\gthrctr.ini
[2013-08-28 18:20:24 | 000,030,628 | ---- | C] () -- C:\Windows\System32\gsrvctr.ini
[2013-08-28 18:20:21 | 000,790,528 | ---- | C] () -- C:\Windows\System32\FreeImageX.dll
[2013-08-28 18:20:21 | 000,269,312 | ---- | C] () -- C:\Windows\System32\FPXIG.DLL
[2013-08-28 18:20:18 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013-08-28 18:20:14 | 000,021,748 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2013-08-28 18:19:54 | 000,001,804 | ---- | C] () -- C:\Windows\System32\dcache.bin
[2013-08-28 18:19:52 | 000,000,664 | ---- | C] () -- C:\Windows\System32\d3d9caps.dat
[2013-08-28 18:19:51 | 000,000,768 | ---- | C] () -- C:\Windows\System32\d3d8caps.dat
[2013-08-28 18:19:49 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2013-08-28 18:19:33 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2013-08-28 18:19:33 | 000,014,997 | ---- | C] () -- C:\Windows\System32\axperf.ini
[2013-08-28 18:19:27 | 000,066,560 | ---- | C] () -- C:\Windows\System32\atiyuv12.dll
[2013-08-28 18:19:24 | 000,520,192 | ---- | C] () -- C:\Windows\System32\ati2sgag.exe
[2013-08-28 18:19:21 | 000,106,496 | ---- | C] () -- C:\Windows\System32\APmpg4v1.dll
[2013-07-27 19:12:05 | 000,000,036 | ---- | C] () -- C:\Windows\avgui.INI
[2013-07-25 08:04:32 | 000,285,034 | ---- | C] () -- C:\Windows\System32\perfi01F.dat
[2013-07-25 08:04:30 | 000,606,228 | ---- | C] () -- C:\Windows\System32\perfh01F.dat
[2013-07-25 08:04:30 | 000,117,552 | ---- | C] () -- C:\Windows\System32\perfc01F.dat
[2013-07-25 08:04:30 | 000,037,160 | ---- | C] () -- C:\Windows\System32\perfd01F.dat
[2013-07-24 14:06:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-07-24 14:06:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-07-24 14:06:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-07-24 14:06:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-07-24 14:06:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-07-22 20:55:08 | 000,007,603 | ---- | C] () -- C:\Users\veronica\AppData\Local\Resmon.ResmonCfg
[2013-07-19 13:50:03 | 000,000,005 | ---- | C] () -- C:\Users\veronica\AppData\Roaming\WBPU-TTL.DAT

========== ZeroAccess Check ==========

[2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\System32\wbem\fastprox.dll -- [2010-11-20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\System32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

---------- Bericht toegevoegd op 21:09 ---------- Vorige bericht was op 20:50 ----------

Kan ik de scanner sluiten of moet ik hem nog laten fixen .
 
Hallo,

Je kan hem sluiten.

---------- Bericht toegevoegd op 21:21 ---------- Vorige bericht was op 21:17 ----------

Hallo,

Ik ga even in overleg om te kijken of er nog een oplossing is.
 
wat heb je nu uit de scan opgemaakt dan ?
 
leootje zei:
wat heb je nu uit de scan opgemaakt dan ?
Klik om te vergroten...

Niks raars daarom, maar ik wil weten of het nog vanaf je oude infectie is dat je service zijn aangetast.
 
Als ik mij goed herinner , werkte alles weer gewoon .
Ccleaner kon ik gewoon gebruiken en ik kon info ophalen bij systeeminfo , maar ik had het over dat witte kruis bij dat vlaggetje rechts onder in de werkbalk
Die staat er denk ik al vanaf het moment dat ik over ben gegaan van xp pro naar win 7 . Misschien helpt deze info .
 
Hallo,

Maar je Windows Security Center-service doet het toch niet?
Voer daar het volgende eens voor uit: http://malwareinfo.nl/windows-security-center-service-kan-niet-worden-gestart-oplossing/

Lukt dat niet doe het volgende;


Download SystemLook.exe voor 32-bit Windows of SystemLook.exe voor 64-bit Windows
  • Download het bestand naar het Bureaublad.

SystemLook.exe opstarten:
  • Windows 2000 en Windows XP: start SystemLook.exe middels dubbelklik op de snelkoppeling.
  • Windows Vista en Windows 7: start SystemLook.exe middels rechtsklik op de snelkoppeling en dan kiezen voor "Als Administrator uitvoeren".
In het venster dat opent kopieer je onderstaande code:
Code: 
:filefind
Wscsvc.dll
Winmgmt.dll
  • Klik op de knop "Look" om de scan te activeren.
  • Als de scan klaar is opent een tekstbestand (SystemLook.txt).
  • Post de inhoud van dit logbestand.
 
Laatst bewerkt door een moderator:
SystemLook 30.07.11 by jpshortstuff
Log created at 14:33 on 14/12/2013 by veronica
Administrator - Elevation successful

========== filefind ==========

Searching for "Wscsvc.dll"
C:\Windows\System32\wscsvc.dll --a---- 73728 bytes [23:31 13/07/2009] [01:16 14/07/2009] 6F5D49EFE0E7164E03AE773A3FE25340
C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll --a---- 73728 bytes [23:31 13/07/2009] [01:16 14/07/2009] 6F5D49EFE0E7164E03AE773A3FE25340
C:\Windows.old\Windows\ServicePackFiles\i386\wscsvc.dll --a--c- 80896 bytes [16:39 19/06/2006] [17:02 14/04/2008] 843F7FA8EA38E6A4262976DCC994C81A
C:\Windows.old\Windows\system32\wscsvc.dll --a---- 80896 bytes [16:42 19/06/2006] [17:02 14/04/2008] 843F7FA8EA38E6A4262976DCC994C81A

Searching for "Winmgmt.dll"
No files found.

-= EOF =-

---------- Bericht toegevoegd op 17:53 ---------- Vorige bericht was op 17:48 ----------

De sleutels en waarden had ik op het advies van abraham toegevoegd , ik kreeg geen foutmelding daarna .
Vreemd dat hij ze nu niet kan vinden .

---------- Bericht toegevoegd op 17:58 ---------- Vorige bericht was op 17:53 ----------

Sorry , het was jou advies .
 
Hallo,

Doe het volgende verwijder de oude Winmgmt.reg van je bureaublad.

Download de volgende reg file en plaats ze op je bureaublad:

Download http://download.bleepingcomputer.com/win-services/7/Winmgmt.reg

Voer het daarna uit: Rechtsklik Winmgmt.reg en kies voor "Samenvoegen".

Herstart je pc.

Plaats daarna een nieuw logje van Farbar Service Scanner .
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan