Ga naar inhoud

westbeest

Lid
  • Items

    52
  • Registratiedatum

  • Laatst bezocht

PC Specificaties

  • Besturingssysteem
    xp

westbeest's prestaties

  1. Hallo hier is het 2e zoek exe bestandje zoek-results 2txt.txt
  2. Hallo hier is het gevraagde log bestandje zoek-results.txt
  3. Hallo Na een kleine 2 maanden krijg ik de melding wederom. Is er een mogelijkheid of programma waar ik het kan uitzetten
  4. Hallo Het even geduurd maar hier is het bestandje zoek-results.txt
  5. Hallo Ik heb windows 8.1 en krijg af en toe in het programma marktplaats een melding dat een bepaald bestand van cloudfront niet geïnstalleerd is. Mijn vraag is of cloudfront een virus is ?
  6. Hartelijk dank voor uw hulp ik heb nu hitman pro tijdelijk. Het is de nieuwste versie. Bij de 1e scan haalde hij er al wat dingen uit die microsoft niet zag. Ben benieuwd hoe hij het verder doet
  7. Nee op dit moment niet Hebben jullie nog een advies om dit soort dingen te voorkomen ? Heb nu microsoft als virus scanner is dit goed genoeg of moeten we aan een andere denken. In iedere geval alvast bedankt
  8. Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Gebruiker on wo 26-03-2014 at 19:03:13,21. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Downloads\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-03-24-201227.log 35315 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Users\Gebruiker\AppData\Roaming\sweet-page deleted "C:\autoexec.bat" deleted ==== Chrome Look ====================== websave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gast\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" {006ee092-9658-4fd6-bd8e-a21a348e59f5} Bing Url="{searchTerms - Bing}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Reset Google Chrome ====================== Nothing found to reset ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=323 folders=102 19370714 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 26-03-2014 at 19:12:37,48 ======================
  9. Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Gebruiker on ma 24-03-2014 at 20:52:02,14. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 24-3-2014 20:53:47 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\YoutubeAdblocker deleted successfully C:\PROGRA~3\NExtCoup deleted successfully C:\PROGRA~3\SNT deleted successfully C:\PROGRA~3\webesave deleted successfully C:\PROGRA~3\WinZip deleted successfully C:\Users\Gebruiker\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3575262360-258679368-1463809348-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-3575262360-258679368-1463809348-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Optimizer Pro"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "mobilegeni daemon"=- "fst_nl_30"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\weebsave not found C:\Program Files (x86)\Optimizer Pro not found C:\Program Files (x86)\Mobogenie deleted C:\Users\Gebruiker\AppData\LocalLow\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5} deleted C:\Users\Gebruiker\AppData\LocalLow\{EB371B49-8FDE-4381-E9C6-53EEACAD830C} deleted C:\Users\Gebruiker\daemonprocess.txt deleted C:\Users\Gebruiker\.android deleted C:\PROGRA~3\weebsave deleted C:\Users\Gebruiker\AppData\Roaming\SupTab deleted C:\Users\Gebruiker\AppData\Roaming\awesomehp deleted C:\Users\Gebruiker\AppData\Roaming\DigitalSites deleted C:\Users\Gebruiker\AppData\Roaming\EZDownloader deleted C:\Users\Gebruiker\AppData\Roaming\systweak deleted C:\Users\Gebruiker\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\Registry Helper deleted C:\PROGRA~3\IePluginService deleted C:\PROGRA~3\WPM deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\RegClean deleted C:\Users\Gebruiker\AppData\Local\WebPlayer deleted C:\Users\Gebruiker\AppData\Local\Mobogenie deleted C:\Users\Gebruiker\AppData\Local\cache deleted C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software deleted C:\Windows\SysNative\roboot64.exe deleted C:\windows\SysNative\tasks\bench-sys deleted C:\Windows\tasks\bench-sys.job deleted C:\Windows\Syswow64\SearchProtect deleted C:\Users\Gebruiker\Documents\Mobogenie deleted "C:\PROGRA~3\589ed11582df0642\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}" deleted "C:\PROGRA~3\589ed11582df0642\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}" deleted "C:\PROGRA~3\589ed11582df0642\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted "C:\PROGRA~3\589ed11582df0642\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted "C:\PROGRA~3\589ed11582df0642\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted "C:\PROGRA~3\589ed11582df0642" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-03-19 14:35:53 D292652F380DFC23897CB31B1940E56C 588800 ----a-w- C:\Windows\SysWOW64\SettingSyncCore.dll 2014-03-19 14:35:53 42433CDEC449D40F508752F2D487D8E4 478208 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe 2014-03-19 14:35:50 3104FCDE0470E5D89C9991FC0EDDE57E 18643560 ----a-w- C:\Windows\SysWOW64\shell32.dll 2014-03-19 14:35:49 9929F71938D9FCE4550BEB935071F0C8 13949440 ----a-w- C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2014-03-19 14:35:47 A00970DBAD7034523CF9D2C395A944B8 103936 ----a-w- C:\Windows\SysWOW64\OEMLicense.dll 2014-03-19 14:35:47 716046CF7941B176C18AA58785899A2D 174592 ----a-w- C:\Windows\SysWOW64\WSClient.dll 2014-03-19 14:35:46 A863A4DEF854D579C36EAA9DECF21C80 336896 ----a-w- C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-03-19 14:35:45 65ACE54B8EDA937EE7706733D27F40A8 802816 ----a-w- C:\Windows\SysWOW64\MFMediaEngine.dll 2014-03-19 14:35:44 DBB6B2FA462A5E7029766B09ED9CDA73 381168 ----a-w- C:\Windows\SysWOW64\mfsvr.dll 2014-03-19 14:35:44 CF8746715C1AA00C29F789825E321C7C 770560 ----a-w- C:\Windows\SysWOW64\ReAgent.dll 2014-03-19 14:35:43 EC308077E9BEEDF523AE3D6BA042E016 630272 ----a-w- C:\Windows\SysWOW64\MsSpellCheckingFacility.dll 2014-03-19 14:35:43 986ABF43F76F5B0E3557363FB4925C78 1472048 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2014-03-19 14:35:42 E2C1E49EBFB8EFA1AFF6966533BAD12B 140800 ----a-w- C:\Windows\SysWOW64\easwrt.dll 2014-03-19 14:35:42 A7DE6E0B69826D5B6F5FF68AABCF7035 218112 ----a-w- C:\Windows\SysWOW64\sti.dll 2014-03-15 09:52:50 07B5CC5559ED3F55A3F940B3211D89C2 124416 ----a-w- C:\Windows\SysWOW64\poqexec.exe 2014-03-14 13:01:11 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-03-14 13:01:10 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-03-14 13:01:09 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-03-14 13:01:09 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-03-14 13:01:08 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-03-14 13:01:07 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-03-14 13:01:07 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-03-14 13:01:07 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-03-14 13:01:04 D34CE666D9BA3D5232609D3C15075B70 5770752 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2014-03-14 13:01:03 ECEBFCEF5799B57BFF242D24B27E4FE4 2143960 ----a-w- C:\Windows\SysWOW64\mfcore.dll 2014-03-14 13:01:03 878B3C936C3C2850A57C24C6F104EBC5 208896 ----a-w- C:\Windows\SysWOW64\rdpencom.dll 2014-03-14 13:01:03 6C8AC5035C39C818624EFA962B24AB3D 1036288 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2014-03-14 13:01:03 34823DAA381423CAE81FEE7C2EEE52F4 669352 ----a-w- C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2014-03-14 13:01:03 2A3626E0B7F5A5317902EBDAF2B4CCE0 1371824 ----a-w- C:\Windows\SysWOW64\combase.dll 2014-03-14 13:01:03 17500825FE6C7094ACC6E7DC6B578399 369280 ----a-w- C:\Windows\SysWOW64\Faultrep.dll 2014-03-14 13:01:02 FCD51A3EB7E47FBCE17382A95FD3AB35 2873344 ----a-w- C:\Windows\SysWOW64\dbgeng.dll 2014-03-14 13:01:02 F5033F3C6F8E706D78ACB9351EBF7B3E 1238016 ----a-w- C:\Windows\SysWOW64\dbghelp.dll 2014-03-14 13:01:02 D4A17A8DEB194D77AD9651F0EE0C76EB 138752 ----a-w- C:\Windows\SysWOW64\DWWIN.EXE 2014-03-14 13:01:02 D0B6EB329D696A5C2122352EAE722290 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll 2014-03-14 13:01:02 3DA5CD1E3B9BDAF79731CB6CB1029CB3 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll 2014-03-14 13:01:02 249DE8C6F690646CC8EC53D49ABC6BE9 408480 ----a-w- C:\Windows\SysWOW64\WerFault.exe 2014-03-14 13:00:53 F80E8CF9E4A051C2CC338C85088A046C 488448 ----a-w- C:\Windows\SysWOW64\qedit.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-03-19 14:35:53 43D0F8E593ABD37B5BC9573EDD71EFEB 628736 ----a-w- C:\Windows\Sysnative\SettingSyncHost.exe 2014-03-19 14:35:52 968FB3BA8E7DF0933A1CF593BD503F4A 461312 ----a-w- C:\Windows\Sysnative\XpsGdiConverter.dll 2014-03-19 14:35:51 1D8F8BE07D2B06C32ADB4B08F0F2A357 749056 ----a-w- C:\Windows\Sysnative\SettingSyncCore.dll 2014-03-19 14:35:50 FF73B88BA206966BD228320F664D4D92 21199256 ----a-w- C:\Windows\Sysnative\shell32.dll 2014-03-19 14:35:48 04B5ADB034D17585D3BCFC6DE5CADFF8 18576384 ----a-w- C:\Windows\Sysnative\Windows.UI.Xaml.dll 2014-03-19 14:35:47 B88A70259DF2927787C0B766DD4CFB5C 206336 ----a-w- C:\Windows\Sysnative\WSClient.dll 2014-03-19 14:35:47 68085A085DE8E3540EE8E02CAE575B2E 138240 ----a-w- C:\Windows\Sysnative\OEMLicense.dll 2014-03-19 14:35:45 E069B63DAD920D231FA8A141DFF43A8C 960512 ----a-w- C:\Windows\Sysnative\MFMediaEngine.dll 2014-03-19 14:35:45 A95838FFFAEAA7500263D491575F7E0C 1214976 ----a-w- C:\Windows\Sysnative\schedsvc.dll 2014-03-19 14:35:44 E80700EB046D0B82B694C98CF7231C08 481944 ----a-w- C:\Windows\Sysnative\mfsvr.dll 2014-03-19 14:35:44 D03BF756457B6A1EB305B26046BB9B4D 914944 ----a-w- C:\Windows\Sysnative\ReAgent.dll 2014-03-19 14:35:44 847CFF96ACB575CE73C0E2E86C6BA993 842752 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.dll 2014-03-19 14:35:43 E287F157F7A0011D93179C64EF8ADCF2 376320 ----a-w- C:\Windows\Sysnative\pnrpsvc.dll 2014-03-19 14:35:43 C8ACFF60C553E63949A79DC370B516E4 947712 ----a-w- C:\Windows\Sysnative\reseteng.dll 2014-03-19 14:35:43 1FCA4E287F0ED13BF037A484AA2FE3B1 419160 ----a-w- C:\Windows\Sysnative\hal.dll 2014-03-19 14:35:42 A0D3749BB1BC942C7D21C4D99E79A615 131160 ----a-w- C:\Windows\Sysnative\easinvoker.exe 2014-03-19 14:35:42 66F214C9E446407D78048681394820A6 178176 ----a-w- C:\Windows\Sysnative\easwrt.dll 2014-03-19 14:35:42 3D136E8D4C0407D9C40FD8BDD649B587 1720560 ----a-w- C:\Windows\Sysnative\ntdll.dll 2014-03-19 14:35:42 0B9FBEC5714523FF76DDFEB320FE2DF2 303616 ----a-w- C:\Windows\Sysnative\sti.dll 2014-03-15 09:52:51 4A8D40E38BC2C57E5D630AD6994A85CB 139776 ----a-w- C:\Windows\Sysnative\poqexec.exe 2014-03-14 13:01:14 695C842DAA76536CE44C336C9E27B25D 1507704 ----a-w- C:\Windows\Sysnative\winload.exe 2014-03-14 13:01:14 1A1DDFD4BA6523979C76BE188984C3AC 1643584 ----a-w- C:\Windows\Sysnative\winload.efi 2014-03-14 13:01:12 4E0709D9BB951AD1C22E4FF519B90839 23133696 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-03-14 13:01:10 9C5ADB26632D46919ABB231CF7DE98B9 13051904 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-03-14 13:01:09 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-03-14 13:01:09 76862AAF77C049EC20217FDC209F7F13 2765824 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-03-14 13:01:08 DF79CE9B950C62677D232154E93A81C7 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-03-14 13:01:08 CF1C73DE1FADE3D3C44FCAF254F57DB2 5768704 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-03-14 13:01:08 BA0A21F761CE5001DF712C51BF11F953 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-03-14 13:01:07 E6ACA421DA3E50D7F0A31228F0C547B0 627200 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-03-14 13:01:07 48ED94DA88F65684B28FCD87C01288A7 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-03-14 13:01:06 C993A0B97BECD3AAF5158E3869878465 6353960 ----a-w- C:\Windows\Sysnative\sppsvc.exe 2014-03-14 13:01:05 BAAD43360A7DF630ECC414671AEFA28C 6640640 ----a-w- C:\Windows\Sysnative\mstscax.dll 2014-03-14 13:01:04 977F77CE98456F6B115E5360A1160449 2133208 ----a-w- C:\Windows\Sysnative\mfcore.dll 2014-03-14 13:01:03 CFADC50692A845BAC30940E203393219 1287064 ----a-w- C:\Windows\Sysnative\kernel32.dll 2014-03-14 13:01:03 C83AFB0B285F293EDECF5EBDEC074A94 458616 ----a-w- C:\Windows\Sysnative\WerFault.exe 2014-03-14 13:01:03 C7DFBE21051D5E44B479CBF74B968335 1486848 ----a-w- C:\Windows\Sysnative\dbghelp.dll 2014-03-14 13:01:03 C7B69F90B823182CE6BE7C5374832DE5 764864 ----a-w- C:\Windows\Sysnative\mfmpeg2srcsnk.dll 2014-03-14 13:01:03 C039246195C736A602F581D29F18A43D 1928144 ----a-w- C:\Windows\Sysnative\combase.dll 2014-03-14 13:01:03 B5D2EBAD81739185A91D210F5F01824B 407024 ----a-w- C:\Windows\Sysnative\Faultrep.dll 2014-03-14 13:01:03 819A1E0F89B6AC222E9D95CA000A40B1 4175360 ----a-w- C:\Windows\Sysnative\dbgeng.dll 2014-03-14 13:01:03 2684605E822359CBD1ED2BD2C8E76397 249856 ----a-w- C:\Windows\Sysnative\rdpencom.dll 2014-03-14 13:01:02 AFCAB4DC692CCE37E283B00E2D7B438F 447488 ----a-w- C:\Windows\Sysnative\sppcomapi.dll 2014-03-14 13:01:02 99453C649DC4B0BE6D062B701CD2917F 716288 ----a-w- C:\Windows\Sysnative\swprv.dll 2014-03-14 13:01:02 94D79382FB796B0A8C90270654A70563 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll 2014-03-14 13:01:02 735CB57F806D292FB7ABE8BDFD3B5853 233920 ----a-w- C:\Windows\Sysnative\mfps.dll 2014-03-14 13:01:02 724ADFEE7743C26C550ABFE04271DCFD 160256 ----a-w- C:\Windows\Sysnative\DWWIN.EXE 2014-03-14 13:01:02 3FFEC6927D4017829A82ECDB277BB23E 64512 ----a-w- C:\Windows\Sysnative\tsgqec.dll 2014-03-14 13:01:02 110BE5198A63D3FF3CE9C30F1DC12EC3 386722 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml 2014-03-14 13:00:53 1A69D165DDA78A4329B854D4FEDAD132 4189184 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-03-14 13:00:53 05894DFC52A78C3B1DD5EF6F30FAD28C 586240 ----a-w- C:\Windows\Sysnative\qedit.dll ====== C:\Windows\Sysnative\drivers ===== 2014-03-19 14:35:45 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2014-03-19 14:35:43 D22EB844EB57D016CC34178AC86456DF 325464 -c--a-w- C:\Windows\Sysnative\drivers\USBXHCI.SYS 2014-03-19 14:35:43 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys 2014-03-19 14:35:42 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\Windows\Sysnative\drivers\rdbss.sys 2014-03-14 13:01:03 ECC68BD5347BDE9631EE68274858A41F 2543960 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2014-03-14 13:01:02 C85C075DE5B6D0FE116043054DE8EE02 311640 -c--a-w- C:\Windows\Sysnative\drivers\volsnap.sys 2014-03-14 13:01:01 C52148456E0F6EAD9E903020A79207FC 236888 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys 2014-03-14 13:01:00 241895E8A9C158DF86E12FDD21033A32 35856 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys 2014-03-14 13:00:58 57F22324FAAF92ADF957B281E88F1743 124760 ----a-w- C:\Windows\Sysnative\drivers\WdNisDrv.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-03-11 18:08:36 -------- d-----w- C:\Program Files\trend micro 2014-03-10 21:03:10 -------- d-----w- C:\Program Files\Enigma Software Group 2014-03-02 20:21:08 -------- d-----w- C:\Program Files\Reference Assemblies 2014-03-02 20:21:07 -------- d-----w- C:\Program Files\MSBuild ======= C:\PROGRA~2 ===== 2014-03-09 19:53:26 -------- d-----w- C:\PROGRA~2\MSECache 2014-03-06 08:09:25 -------- d-----w- C:\PROGRA~2\Belastingdienst 2014-03-02 20:21:20 -------- d-----w- C:\PROGRA~2\Reference Assemblies 2014-03-02 20:18:54 -------- d-----w- C:\PROGRA~2\COMMON~1\Citrix 2014-03-02 20:18:52 -------- d-----w- C:\PROGRA~2\Citrix ======= C: ===== 2014-03-10 21:03:27 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Gebruiker\AppData\Roaming ====== 2014-03-15 09:51:49 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Diagnostics 2014-03-11 21:10:57 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Microsoft Toolkit 2014-03-10 20:30:50 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{8E1D1F50-34F2-83FD-0A2F-572B2862BD4C} 2014-03-10 20:27:27 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{8B05C297-2CD7-69A9-F03E-A8CCE139D05F} 2014-03-10 20:25:44 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{05BDA67E-D6E5-F322-EC4C-F13B93CC9343} 2014-03-10 20:24:34 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\sweet-page 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Torch 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Google 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Comodo 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData\Local\Torch 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData\Local\Google 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData\Local\Comodo 2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData\Local\Torch 2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData\Local\Google 2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo 2014-03-09 19:30:04 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\BitTorrent 2014-03-09 12:53:15 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E} 2014-03-09 12:43:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Programs 2014-03-06 08:10:31 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Belastingdienst 2014-02-28 20:28:20 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\uTorrent 2014-02-25 15:27:27 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\ICAClient ====== C:\Users\Gebruiker ====== 2014-03-10 20:23:34 -------- d-----w- C:\ProgramData\HostIt 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData 2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData 2014-03-10 20:06:43 -------- d-----w- C:\ProgramData\Real 2014-03-06 08:09:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst 2014-03-02 20:19:04 -------- d-----w- C:\ProgramData\Citrix ====== C: exe-files == 2014-03-19 14:35:53 43D0F8E593ABD37B5BC9573EDD71EFEB 628736 ----a-w- C:\Windows\System32\SettingSyncHost.exe 2014-03-19 14:35:53 42433CDEC449D40F508752F2D487D8E4 478208 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe 2014-03-19 14:35:42 A0D3749BB1BC942C7D21C4D99E79A615 131160 ----a-w- C:\Windows\System32\easinvoker.exe === C: other files == 2014-03-19 14:35:45 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-03-19 14:35:43 D22EB844EB57D016CC34178AC86456DF 325464 -c--a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2014-03-19 14:35:43 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2014-03-19 14:35:42 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\Windows\System32\drivers\rdbss.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3575262360-258679368-1463809348-1001\Software\Microsoft\Windows\CurrentVersion\Run] "SpeedUpMyComputer"="C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss" "FixMyRegistry"="C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpeedUpMyComputer"="C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss" "FixMyRegistry"="C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-03-2014 16:53] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B468EAE2-5939-457C-B301-38FACB2803D2}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chrome Look ====================== websave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Administrator\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gast\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gast\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj ==== Chrome Fix ====================== C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" "Search Page"="{searchTerms - Bing}" "Search Bar"="{searchTerms - Bing}" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=NL&userid=dc88b85a-80dd-a186-5069-82032f3a2df7&searchtype=ds&q={searchTerms}&installDate=09/03/2014" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=NL&userid=dc88b85a-80dd-a186-5069-82032f3a2df7&searchtype=ds&q={searchTerms}&installDate=09/03/2014" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="{searchTerms - Bing}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="{searchTerms - Bing}" "SearchAssistant"="{searchTerms - Bing}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="Bing" "Search Bar"="Bing" "Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="Bing" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" {006ee092-9658-4fd6-bd8e-a21a348e59f5} Bing Url="{searchTerms - Bing}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=322 folders=100 19370568 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 24-03-2014 at 21:12:27,47 ======================
  10. Logfile of random's system information tool 1.09 (written by random/random) Run by Gebruiker at 2014-03-11 19:23:11 Microsoft Windows 8.1 System drive C: has 1729 GB (91%) free of 1892 GB Total RAM: 8070 MB (77% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:23:12, on 11-3-2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.16518) Boot mode: Normal Running processes: C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files\trend micro\Gebruiker.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sweet Page R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = {searchTerms - Bing} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = {searchTerms - Bing} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sweet Page R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = {searchTerms - Yahoo Search Results} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = {searchTerms - Yahoo Search Results} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = {searchTerms - Bing} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = {searchTerms - Bing} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: weebsave - {B62C4C7B-461D-D0B8-9B21-732CECCAFAF5} - C:\Program Files (x86)\weebsave\ANzvk.dll (file missing) O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe O4 - HKCU\..\Run: [speedUpMyComputer] C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss O4 - HKCU\..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe O4 - HKCU\..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7807 bytes ======Listing Processes====== wininit.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Windows\system32\svchost.exe -k imgsvc dashost.exe {820dcb34-611c-4309-b1096332bef69035} C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dc2b7690-9a6c-4466-9ef6-1d11f13abce9 -SystemEventPortName:HostProcess-566ca92b-a1e3-4f06-9f93-b5df65fcccf6 -IoCancelEventPortName:HostProcess-0a0eece6-4d03-4360-b9a4-a80744425f85 -NonStateChangingEventPortName:HostProcess-920b56a2-e89e-4974-b83a-79ed6ab51c32 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:34e4fb7e-4ce7-4e95-abdd-4678a0be309a -DeviceGroupId:WpdFsGroup C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" winlogon.exe "dwm.exe" taskhostex.exe C:\Windows\Explorer.EXE "C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s "C:\Windows\System32\igfxtray.exe" "C:\Windows\system32\igfxsrvc.exe" -Embedding "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" "C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding "C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store C:\Windows\System32\RuntimeBroker.exe -Embedding "C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding "C:\Program Files\Internet Explorer\iexplore.exe" -ServerName:DefaultBrowserServer "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:267778 /prefetch:1 "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe34_ Global\UsGthrCtrlFltPipeMssGthrPipe34 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:4068916 /prefetch:1 "C:\Windows\system32\SearchFilterHost.exe" 0 584 588 596 65536 592 "C:\Users\Gebruiker\Downloads\RSITx64 (1).exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\bench-sys.job C:\Windows\tasks\Digital Sites.job - - - Updated - - - ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}] weebsave - C:\Program Files (x86)\weebsave\ANzvk.x64.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}] weebsave - C:\Program Files (x86)\weebsave\ANzvk.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {ae07101b-46d4-4a98-af68-0333ea26e113} [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {ae07101b-46d4-4a98-af68-0333ea26e113} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-12-21 391128] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-12-21 771544] "Persistence"=C:\Windows\system32\igfxpers.exe [2013-12-21 770520] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpeedUpMyComputer"=C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss [] "FixMyRegistry"=C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss [] "ChicaPasswordManager"=C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe /autorunned [] "Optimizer Pro"=C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [] "LiveSupport"=C:\Program Files (x86)\LiveSupport\LiveSupport.exe /noshow /log [] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] "mobilegeni daemon"=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [] "fst_nl_30"= [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2013-12-21 624640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicDisplay.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicRender.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BrokerInfrastructure] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DeviceInstall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dxgkrnl.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FsDepends.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LSM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmartcardSimulator] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SystemEventsBroker] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VirtualSmartcardReader] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wcmsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "EnableUIADesktopToggle"=0 "EnableCursorSuppression"=1 "ConsentPromptBehaviorUser"=3 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktopChanges"=1 "NoActiveDesktop"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.yuy2"=msyuv.dll "vidc.i420"=iyuv_32.dll "msacm.msgsm610"=msgsm32.acm "msacm.msg711"=msg711.acm "vidc.yvyu"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "wavemapper"=msacm32.drv "midimapper"=midimap.dll "vidc.uyvy"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "vidc.msvc"=msvidc32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv - - - Updated - - - Logfile of random's system information tool 1.09 (written by random/random) Run by Gebruiker at 2014-03-11 19:23:11 Microsoft Windows 8.1 System drive C: has 1729 GB (91%) free of 1892 GB Total RAM: 8070 MB (77% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:23:12, on 11-3-2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.16518) Boot mode: Normal Running processes: C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files\trend micro\Gebruiker.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX&q={searchTerms} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.exitingsearch.info/?pid=2145&r=2014/03/10&hid=12559607067462301666&lg=EN&cc=NL&unqvl=50 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: weebsave - {B62C4C7B-461D-D0B8-9B21-732CECCAFAF5} - C:\Program Files (x86)\weebsave\ANzvk.dll (file missing) O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe O4 - HKCU\..\Run: [speedUpMyComputer] C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss O4 - HKCU\..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe O4 - HKCU\..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7807 bytes ======Listing Processes====== wininit.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Windows\system32\svchost.exe -k imgsvc dashost.exe {820dcb34-611c-4309-b1096332bef69035} C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dc2b7690-9a6c-4466-9ef6-1d11f13abce9 -SystemEventPortName:HostProcess-566ca92b-a1e3-4f06-9f93-b5df65fcccf6 -IoCancelEventPortName:HostProcess-0a0eece6-4d03-4360-b9a4-a80744425f85 -NonStateChangingEventPortName:HostProcess-920b56a2-e89e-4974-b83a-79ed6ab51c32 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:34e4fb7e-4ce7-4e95-abdd-4678a0be309a -DeviceGroupId:WpdFsGroup C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" winlogon.exe "dwm.exe" taskhostex.exe C:\Windows\Explorer.EXE "C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s "C:\Windows\System32\igfxtray.exe" "C:\Windows\system32\igfxsrvc.exe" -Embedding "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" "C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding "C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store C:\Windows\System32\RuntimeBroker.exe -Embedding "C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding "C:\Program Files\Internet Explorer\iexplore.exe" -ServerName:DefaultBrowserServer "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:267778 /prefetch:1 "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe34_ Global\UsGthrCtrlFltPipeMssGthrPipe34 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:4068916 /prefetch:1 "C:\Windows\system32\SearchFilterHost.exe" 0 584 588 596 65536 592 "C:\Users\Gebruiker\Downloads\RSITx64 (1).exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\bench-sys.job C:\Windows\tasks\Digital Sites.job
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.