sweet-page

Hallo, ik ben gezegend met de sweet-page website. Kunnen jullie helpen aub ? dank bij voorbaat

Hieronder hijack logje :

Logfile of random's system information tool 1.09 (written by random/random)

Run by Bart&Chris at 2014-02-06 13:11:32

Microsoft Windows 7 Starter

System drive C: has 187 GB (83%) free of 225 GB

Total RAM: 1013 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:13:37, on 6/02/2014

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16476)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe

C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Launch Manager\LMworker.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Video Web Camera\VideoWebCamera.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

C:\Users\Bart&Chris\Downloads\RSIT (2).exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\trend micro\Bart&Chris.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sweet Page

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sweet Page

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1391602744&from=cor&uid=TOSHIBAXMK2565GSX_11RTD1QMBXX11RTD1QMB&q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1391602744&from=cor&uid=TOSHIBAXMK2565GSX_11RTD1QMBXX11RTD1QMB&q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\IPS\IPSBHO.DLL

O2 - BHO: SaveSense - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\Bart&Chris\AppData\Local\SaveSense\SaveSenseIE.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe

O4 - HKLM\..\Run: [OMEA] "C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe"

O4 - HKLM\..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\_NowIntoDT.vbs

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [PLD_FrameworkRunOnce] c:\Windows\System32\oem\_waitAndLaunch_PLD_Framework_MLP_NoWait.vbs

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Bart&Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: VideoWebCamera.exe.lnk = C:\Program Files\Video Web Camera\VideoWebCamera.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Packard Bell\Registration\GREGsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files\Online Games Manager\ogmservice.exe

O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe

O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

--

End of file - 11675 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4230029206-3916453398-640079195-1000Core.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4230029206-3916453398-640079195-1000UA.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job

C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Norton Identity Protection - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll [2013-10-06 526672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Norton Vulnerability Protection - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\IPS\IPSBHO.DLL [2013-09-29 388504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71e129ff-6c2a-4984-818c-7e2c998b8d99}]

SaveSense - C:\Users\Bart&Chris\AppData\Local\SaveSense\SaveSenseIE.dll [2014-01-07 99336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-01-17 707288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll [2013-10-06 526672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"LManager"=C:\Program Files\Launch Manager\LManager.exe [2010-08-10 975952]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-11-19 9874024]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-06-16 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-06-16 173592]

"Persistence"=C:\Windows\system32\igfxpers.exe [2010-06-16 150552]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-05 1692968]

"Acer ePower Management"=C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2010-06-11 715296]

"OMEA"=C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe [2009-06-05 184320]

"PLD_FrameworkRun"=c:\windows\system32\oem\_NowIntoDT.vbs [2009-12-30 486]

"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-05-10 49208]

""= []

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11 958576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"PLD_FrameworkRunOnce"=c:\Windows\System32\oem\_waitAndLaunch_PLD_Framework_MLP_NoWait.vbs [2009-12-30 528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]

"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2013-12-06 20203904]

"Facebook Update"=C:\Users\Bart&Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-26 138096]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

VideoWebCamera.exe.lnk - C:\Program Files\Video Web Camera\VideoWebCamera.exe

C:\Users\Bart&Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OpenOffice.org 3.3 .lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2010-04-19 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=l3codeca.acm

"vidc.cvid"=iccvid.dll

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-02-06 12:49:36 ----D---- C:\Program Files\trend micro

2014-02-06 12:49:11 ----D---- C:\rsit

2014-02-05 13:43:26 ----D---- C:\Program Files\SaveSenseLive

2014-02-05 13:43:23 ----D---- C:\ProgramData\SaveSenseLive

2014-02-05 13:43:02 ----D---- C:\Users\Bart&Chris\AppData\Roaming\SaveSense

2014-02-05 13:31:30 ----D---- C:\Users\Bart&Chris\AppData\Roaming\DivX

2014-02-05 13:26:15 ----D---- C:\Program Files\RightSurf

2014-02-05 13:24:14 ----D---- C:\ProgramData\IePluginService

2014-02-05 13:24:01 ----D---- C:\Program Files\SupTab

2014-02-05 13:23:40 ----D---- C:\ProgramData\WPM

2014-02-05 13:21:53 ----D---- C:\Users\Bart&Chris\AppData\Roaming\LavFilters

2014-02-05 13:21:53 ----D---- C:\Users\Bart&Chris\AppData\Roaming\CDXReader

2014-02-05 13:21:07 ----D---- C:\Program Files\DSP-worx

2014-02-05 13:20:53 ----D---- C:\ProgramData\DivX

2014-02-05 13:19:22 ----A---- C:\Windows\system32\roboot.exe

2014-02-05 13:19:10 ----D---- C:\Users\Bart&Chris\AppData\Roaming\systweak

2014-02-05 13:18:38 ----D---- C:\Users\Bart&Chris\AppData\Roaming\DigitalSites

2014-01-29 05:48:12 ----D---- C:\Windows\system32\SPReview

======List of files/folders modified in the last 1 month======

2014-02-06 13:11:37 ----D---- C:\Windows\Temp

2014-02-06 12:49:36 ----D---- C:\Program Files

2014-02-06 12:32:11 ----D---- C:\Windows

2014-02-06 11:55:13 ----D---- C:\Windows\system32\config

2014-02-06 11:54:24 ----D---- C:\Program Files\Common Files

2014-02-06 11:48:05 ----D---- C:\Windows\inf

2014-02-06 11:48:02 ----D---- C:\Windows\Minidump

2014-02-06 11:48:02 ----D---- C:\Windows\debug

2014-02-06 09:54:21 ----SHD---- C:\System Volume Information

2014-02-06 09:53:19 ----D---- C:\ProgramData\boost_interprocess

2014-02-06 09:52:28 ----SHD---- C:\Windows\Installer

2014-02-06 09:51:35 ----D---- C:\Windows\system32\OEM

2014-02-05 15:02:59 ----D---- C:\Windows\Microsoft.NET

2014-02-05 15:01:16 ----RSD---- C:\Windows\assembly

2014-02-05 14:54:46 ----HD---- C:\Config.Msi

2014-02-05 14:54:45 ----D---- C:\ProgramData\regid.1991-06.com.microsoft

2014-02-05 14:50:26 ----D---- C:\Program Files\Microsoft Office 15

2014-02-05 14:19:28 ----D---- C:\Windows\System32

2014-02-05 13:57:11 ----D---- C:\Windows\system32\Tasks

2014-02-05 13:57:07 ----D---- C:\Windows\Tasks

2014-02-05 13:47:25 ----HD---- C:\ProgramData

2014-02-05 13:40:14 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2014-02-05 13:35:43 ----D---- C:\Windows\Prefetch

2014-02-05 13:35:20 ----RSD---- C:\Windows\Fonts

2014-02-01 05:58:04 ----D---- C:\Program Files\Windows Sidebar

2014-01-24 06:17:39 ----D---- C:\Program Files\Launch Manager

2014-01-22 08:16:42 ----D---- C:\Program Files\Internet Explorer

2014-01-16 07:19:05 ----D---- C:\Windows\system32\MRT

2014-01-16 07:03:02 ----A---- C:\Windows\system32\MRT.exe

2014-01-15 06:55:00 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-06-08 435736]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-06-16 44944]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-06-19 173440]

R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360\1501000.012\SYMDS.SYS [2013-09-10 367704]

R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360\1501000.012\SYMEFA.SYS [2013-09-27 935512]

R1 BHDrvx86;BHDrvx86; \??\C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [2013-12-18 1098968]

R1 ccSet_N360;N360 Settings Manager; C:\Windows\system32\drivers\N360\1501000.012\ccSetx86.sys [2013-09-26 127064]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2013-12-04 376920]

R1 IDSVix86;IDSVix86; \??\C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20140205.002\IDSvix86.sys [2014-01-21 394456]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\1501000.012\SRTSPX.SYS [2013-09-10 32344]

R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360\1501000.012\Ironx86.SYS [2013-09-27 206936]

R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\N360\1501000.012\SYMNETS.SYS [2013-09-26 446552]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2010-07-15 1906024]

R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]

R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]

R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-25 108120]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-04-19 4806144]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-11-19 3248168]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]

R3 NAVENG;NAVENG; \??\C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140205.033\NAVENG.SYS [2014-01-28 93272]

R3 NAVEX15;NAVEX15; \??\C:\Program Files\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140205.033\NAVEX15.SYS [2014-01-28 1612376]

R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\1501000.012\SRTSP.SYS [2013-09-27 651352]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2013-11-20 142936]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-02-05 242992]

R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]

S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]

S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

S3 EUCR;EUCR; C:\Windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]

S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]

S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]

S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 15872]

S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]

R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2010-08-10 321104]

R2 ePowerSvc;Acer ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 735776]

R2 GREGService;GREGService; C:\Program Files\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]

R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 N360;Norton 360; C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe [2013-10-08 264360]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 NOBU;Norton Online Backup; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2013-11-11 3483488]

R2 OfficeSvc;Microsoft Office-service; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-10-31 1320120]

R2 ogmservice;Online Games Manager; C:\Program Files\Online Games Manager\ogmservice.exe [2013-08-08 559552]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 Updater Service;Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-29 243232]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-05 136176]

S2 savesenselive;SaveSenseLive Service (savesenselive); C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-05 146920]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 257928]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-05-31 867080]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-05 136176]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-10-17 150600]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2013-10-17 4846168]

S3 savesenselivem;SaveSenseLive Service (savesenselivem); C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-05 146920]

-----------------EOF-----------------

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  {71e129ff-6c2a-4984-818c-7e2c998b8d99};c
 C:\Users\Bart&Chris\AppData\Local\SaveSense;fs
 Savesenselive;s
 Savesenselivem;s
 C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job;f
 C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job;f
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71e129ff-6c2a-4984-818c-7e2c998b8d99}];r
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
 ""=-;r
 C:\Program Files\SaveSenseLive;fs
 C:\ProgramData\SaveSenseLive;fs
 C:\Users\Bart&Chris\AppData\Roaming\SaveSense;fs
 C:\Program Files\RightSurf;fs
 C:\ProgramData\IePluginService;fs
 C:\Program Files\SupTab;fs
 C:\Windows\system32\roboot.exe;f
 C:\Users\Bart&Chris\AppData\Roaming\systweak;fs
 C:\Users\Bart&Chris\AppData\Roaming\DigitalSites;fs
  emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

Hoi,

met chrome lukte het langs geen kanten, kreeg steeds de melding dat ik niet voldoende rechten had. Met IE lukte het uiteindelijk wel :

Zoek.exe v5.0.0.0 Updated 31-January-2014

Microsoft Windows 7 Starter 6.1.7600 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Bart&Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RH5J14A\zoek.exe [scan all users] [script inserted] [Checkboxes used]

===== Runcheck 10:32:05,66 =====

--- Create Environment Variables 10:32:08,25

--- Create System Restore Point 10:32:36,55

--- Checking Input 10:33:40,88

--- AU AppData Check 10:33:53,18

--- Remove From Windows Installer 10:34:07,42

--- Empty Folders Check 10:38:29,03

--- StartMenuInternet Check 10:38:32,15

--- IE Startpage Check 10:40:20,45

--- Program Files DB Check 10:43:07,59

--- C:\ProgramData DB Check 10:46:21,85

--- C:\Users\Bart&Chris\AppData\Local DB Check 10:46:24,41

--- C:\Users\Default\AppData\Local DB Check 10:46:24,41

--- C:\Users\Default User\AppData\Local DB Check 10:46:24,41

--- C:\Windows\system32\config\systemprofile\AppData\Local DB Check 10:46:24,41

--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 10:46:24,41

--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 10:46:24,41

--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 10:50:30,99

--- Tasks DB Check 10:51:04,35

--- Downloads DB Check 10:51:13,01

--- C:\Users\Bart&Chris\AppData\LocalLow DB Check 10:51:31,92

--- C:\Windows\system32\config\systemprofile\AppData\LocalLow DB Check 10:51:31,92

--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 10:51:31,92

--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 10:51:31,92

--- Tasks2 DB Check 10:54:22,83

--- Documents DB Check 10:55:32,95

--- C:\Users\Public\Desktop DB Check 10:55:44,36

Dit is het logje met de taken die zoek.exe heeft uitgevoerd, niet echt het logje met de resultaten. Kijk eens in je C-partitie of je daar het bestand zoek-results.log kan vinden ? Zo ja, hang dit in een volgende bericht ter controle.

Ben nu al sinds zoek.exe aan het draaien en het wil maar niet lukken. Het eindigt steeds bij één van deze drie taken :

--- Tasks2 DB Check 10:54:22,83

--- Documents DB Check 10:55:32,95

--- C:\Users\Public\Desktop DB Check 10:55:44,36

Daar eindigt het inderdaad mee ... maar is er dan geen logje in je C-partitie te vinden (zie bericht 4) ?

Zoek.exe v5.0.0.0 Updated 07-February-2014

Microsoft Windows 7 Starter 6.1.7600 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Bart&Chris\Downloads\zoek (3).exe [scan all users] [script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-02-07-093829.log 746 bytes

C:\zoek-results2014-02-07-144351.log 334 bytes

C:\zoek-results2014-02-07-161536.log 386 bytes

Dat is het enige wat ik vind

Dan zal je de scan volledig opnieuw moeten laten runnen, maar wél helemaal wachten tot het einde van de zoektocht van zoek.exe. En dan dat logje zoek-results.log in een volgende bericht hangen. Enig geduld kan nodig zijn, want in sommige gevallen (afhankelijk ook van de inhoud van de PC), kan zoek zoek.exe behoorlijk lang duren.

Heb PC eens een ganse nacht laten zoeken....niks, nada, noppes.

Spyhunter aangeschaft en 't was direct opgelost.

Bedankt voor de moeite Kape en sorry voor mijn late reactie.