Ga naar inhoud

westbeest

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    52

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door westbeest

  1. westbeest
    Hallo Hier is het adw bestand AdwCleanerS0.txt
  2. westbeest
    Hallo hier is het 2e zoek exe bestandje zoek-results 2txt.txt
  3. westbeest
    Hallo hier is het gevraagde log bestandje zoek-results.txt
  4. westbeest
    Ik heb java Inmiddels geupdate naar 8.4
  5. westbeest
    Hallo Na een kleine 2 maanden krijg ik de melding wederom. Is er een mogelijkheid of programma waar ik het kan uitzetten
  6. westbeest
    hier is het adw bestandje AdwCleanerR2.txt
  7. westbeest
    Hallo Het even geduurd maar hier is het bestandje zoek-results.txt
  8. westbeest
    sorry Nu met bestand log.txt
  9. westbeest
    Hallo Hier is het logbestandje
  10. westbeest
    Hallo Ik heb windows 8.1 en krijg af en toe in het programma marktplaats een melding dat een bepaald bestand van cloudfront niet geïnstalleerd is. Mijn vraag is of cloudfront een virus is ?
  11. westbeest
    Hartelijk dank voor uw hulp ik heb nu hitman pro tijdelijk. Het is de nieuwste versie. Bij de 1e scan haalde hij er al wat dingen uit die microsoft niet zag. Ben benieuwd hoe hij het verder doet
  12. westbeest
    Nee op dit moment niet Hebben jullie nog een advies om dit soort dingen te voorkomen ? Heb nu microsoft als virus scanner is dit goed genoeg of moeten we aan een andere denken. In iedere geval alvast bedankt
  13. westbeest
    Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Gebruiker on wo 26-03-2014 at 19:03:13,21. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Downloads\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-03-24-201227.log 35315 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Users\Gebruiker\AppData\Roaming\sweet-page deleted "C:\autoexec.bat" deleted ==== Chrome Look ====================== websave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gast\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb websave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" {006ee092-9658-4fd6-bd8e-a21a348e59f5} Bing Url="{searchTerms - Bing}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Reset Google Chrome ====================== Nothing found to reset ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=323 folders=102 19370714 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 26-03-2014 at 19:12:37,48 ======================
  14. westbeest
    Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Gebruiker on ma 24-03-2014 at 20:52:02,14. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 24-3-2014 20:53:47 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\YoutubeAdblocker deleted successfully C:\PROGRA~3\NExtCoup deleted successfully C:\PROGRA~3\SNT deleted successfully C:\PROGRA~3\webesave deleted successfully C:\PROGRA~3\WinZip deleted successfully C:\Users\Gebruiker\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3575262360-258679368-1463809348-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-3575262360-258679368-1463809348-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Optimizer Pro"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "mobilegeni daemon"=- "fst_nl_30"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\weebsave not found C:\Program Files (x86)\Optimizer Pro not found C:\Program Files (x86)\Mobogenie deleted C:\Users\Gebruiker\AppData\LocalLow\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5} deleted C:\Users\Gebruiker\AppData\LocalLow\{EB371B49-8FDE-4381-E9C6-53EEACAD830C} deleted C:\Users\Gebruiker\daemonprocess.txt deleted C:\Users\Gebruiker\.android deleted C:\PROGRA~3\weebsave deleted C:\Users\Gebruiker\AppData\Roaming\SupTab deleted C:\Users\Gebruiker\AppData\Roaming\awesomehp deleted C:\Users\Gebruiker\AppData\Roaming\DigitalSites deleted C:\Users\Gebruiker\AppData\Roaming\EZDownloader deleted C:\Users\Gebruiker\AppData\Roaming\systweak deleted C:\Users\Gebruiker\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\Registry Helper deleted C:\PROGRA~3\IePluginService deleted C:\PROGRA~3\WPM deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\RegClean deleted C:\Users\Gebruiker\AppData\Local\WebPlayer deleted C:\Users\Gebruiker\AppData\Local\Mobogenie deleted C:\Users\Gebruiker\AppData\Local\cache deleted C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software deleted C:\Windows\SysNative\roboot64.exe deleted C:\windows\SysNative\tasks\bench-sys deleted C:\Windows\tasks\bench-sys.job deleted C:\Windows\Syswow64\SearchProtect deleted C:\Users\Gebruiker\Documents\Mobogenie deleted "C:\PROGRA~3\589ed11582df0642\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}" deleted "C:\PROGRA~3\589ed11582df0642\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}" deleted "C:\PROGRA~3\589ed11582df0642\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted "C:\PROGRA~3\589ed11582df0642\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted "C:\PROGRA~3\589ed11582df0642\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted "C:\PROGRA~3\589ed11582df0642" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-03-19 14:35:53 D292652F380DFC23897CB31B1940E56C 588800 ----a-w- C:\Windows\SysWOW64\SettingSyncCore.dll 2014-03-19 14:35:53 42433CDEC449D40F508752F2D487D8E4 478208 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe 2014-03-19 14:35:50 3104FCDE0470E5D89C9991FC0EDDE57E 18643560 ----a-w- C:\Windows\SysWOW64\shell32.dll 2014-03-19 14:35:49 9929F71938D9FCE4550BEB935071F0C8 13949440 ----a-w- C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2014-03-19 14:35:47 A00970DBAD7034523CF9D2C395A944B8 103936 ----a-w- C:\Windows\SysWOW64\OEMLicense.dll 2014-03-19 14:35:47 716046CF7941B176C18AA58785899A2D 174592 ----a-w- C:\Windows\SysWOW64\WSClient.dll 2014-03-19 14:35:46 A863A4DEF854D579C36EAA9DECF21C80 336896 ----a-w- C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-03-19 14:35:45 65ACE54B8EDA937EE7706733D27F40A8 802816 ----a-w- C:\Windows\SysWOW64\MFMediaEngine.dll 2014-03-19 14:35:44 DBB6B2FA462A5E7029766B09ED9CDA73 381168 ----a-w- C:\Windows\SysWOW64\mfsvr.dll 2014-03-19 14:35:44 CF8746715C1AA00C29F789825E321C7C 770560 ----a-w- C:\Windows\SysWOW64\ReAgent.dll 2014-03-19 14:35:43 EC308077E9BEEDF523AE3D6BA042E016 630272 ----a-w- C:\Windows\SysWOW64\MsSpellCheckingFacility.dll 2014-03-19 14:35:43 986ABF43F76F5B0E3557363FB4925C78 1472048 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2014-03-19 14:35:42 E2C1E49EBFB8EFA1AFF6966533BAD12B 140800 ----a-w- C:\Windows\SysWOW64\easwrt.dll 2014-03-19 14:35:42 A7DE6E0B69826D5B6F5FF68AABCF7035 218112 ----a-w- C:\Windows\SysWOW64\sti.dll 2014-03-15 09:52:50 07B5CC5559ED3F55A3F940B3211D89C2 124416 ----a-w- C:\Windows\SysWOW64\poqexec.exe 2014-03-14 13:01:11 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-03-14 13:01:10 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-03-14 13:01:09 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-03-14 13:01:09 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-03-14 13:01:08 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-03-14 13:01:07 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-03-14 13:01:07 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-03-14 13:01:07 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-03-14 13:01:04 D34CE666D9BA3D5232609D3C15075B70 5770752 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2014-03-14 13:01:03 ECEBFCEF5799B57BFF242D24B27E4FE4 2143960 ----a-w- C:\Windows\SysWOW64\mfcore.dll 2014-03-14 13:01:03 878B3C936C3C2850A57C24C6F104EBC5 208896 ----a-w- C:\Windows\SysWOW64\rdpencom.dll 2014-03-14 13:01:03 6C8AC5035C39C818624EFA962B24AB3D 1036288 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2014-03-14 13:01:03 34823DAA381423CAE81FEE7C2EEE52F4 669352 ----a-w- C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2014-03-14 13:01:03 2A3626E0B7F5A5317902EBDAF2B4CCE0 1371824 ----a-w- C:\Windows\SysWOW64\combase.dll 2014-03-14 13:01:03 17500825FE6C7094ACC6E7DC6B578399 369280 ----a-w- C:\Windows\SysWOW64\Faultrep.dll 2014-03-14 13:01:02 FCD51A3EB7E47FBCE17382A95FD3AB35 2873344 ----a-w- C:\Windows\SysWOW64\dbgeng.dll 2014-03-14 13:01:02 F5033F3C6F8E706D78ACB9351EBF7B3E 1238016 ----a-w- C:\Windows\SysWOW64\dbghelp.dll 2014-03-14 13:01:02 D4A17A8DEB194D77AD9651F0EE0C76EB 138752 ----a-w- C:\Windows\SysWOW64\DWWIN.EXE 2014-03-14 13:01:02 D0B6EB329D696A5C2122352EAE722290 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll 2014-03-14 13:01:02 3DA5CD1E3B9BDAF79731CB6CB1029CB3 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll 2014-03-14 13:01:02 249DE8C6F690646CC8EC53D49ABC6BE9 408480 ----a-w- C:\Windows\SysWOW64\WerFault.exe 2014-03-14 13:00:53 F80E8CF9E4A051C2CC338C85088A046C 488448 ----a-w- C:\Windows\SysWOW64\qedit.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-03-19 14:35:53 43D0F8E593ABD37B5BC9573EDD71EFEB 628736 ----a-w- C:\Windows\Sysnative\SettingSyncHost.exe 2014-03-19 14:35:52 968FB3BA8E7DF0933A1CF593BD503F4A 461312 ----a-w- C:\Windows\Sysnative\XpsGdiConverter.dll 2014-03-19 14:35:51 1D8F8BE07D2B06C32ADB4B08F0F2A357 749056 ----a-w- C:\Windows\Sysnative\SettingSyncCore.dll 2014-03-19 14:35:50 FF73B88BA206966BD228320F664D4D92 21199256 ----a-w- C:\Windows\Sysnative\shell32.dll 2014-03-19 14:35:48 04B5ADB034D17585D3BCFC6DE5CADFF8 18576384 ----a-w- C:\Windows\Sysnative\Windows.UI.Xaml.dll 2014-03-19 14:35:47 B88A70259DF2927787C0B766DD4CFB5C 206336 ----a-w- C:\Windows\Sysnative\WSClient.dll 2014-03-19 14:35:47 68085A085DE8E3540EE8E02CAE575B2E 138240 ----a-w- C:\Windows\Sysnative\OEMLicense.dll 2014-03-19 14:35:45 E069B63DAD920D231FA8A141DFF43A8C 960512 ----a-w- C:\Windows\Sysnative\MFMediaEngine.dll 2014-03-19 14:35:45 A95838FFFAEAA7500263D491575F7E0C 1214976 ----a-w- C:\Windows\Sysnative\schedsvc.dll 2014-03-19 14:35:44 E80700EB046D0B82B694C98CF7231C08 481944 ----a-w- C:\Windows\Sysnative\mfsvr.dll 2014-03-19 14:35:44 D03BF756457B6A1EB305B26046BB9B4D 914944 ----a-w- C:\Windows\Sysnative\ReAgent.dll 2014-03-19 14:35:44 847CFF96ACB575CE73C0E2E86C6BA993 842752 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.dll 2014-03-19 14:35:43 E287F157F7A0011D93179C64EF8ADCF2 376320 ----a-w- C:\Windows\Sysnative\pnrpsvc.dll 2014-03-19 14:35:43 C8ACFF60C553E63949A79DC370B516E4 947712 ----a-w- C:\Windows\Sysnative\reseteng.dll 2014-03-19 14:35:43 1FCA4E287F0ED13BF037A484AA2FE3B1 419160 ----a-w- C:\Windows\Sysnative\hal.dll 2014-03-19 14:35:42 A0D3749BB1BC942C7D21C4D99E79A615 131160 ----a-w- C:\Windows\Sysnative\easinvoker.exe 2014-03-19 14:35:42 66F214C9E446407D78048681394820A6 178176 ----a-w- C:\Windows\Sysnative\easwrt.dll 2014-03-19 14:35:42 3D136E8D4C0407D9C40FD8BDD649B587 1720560 ----a-w- C:\Windows\Sysnative\ntdll.dll 2014-03-19 14:35:42 0B9FBEC5714523FF76DDFEB320FE2DF2 303616 ----a-w- C:\Windows\Sysnative\sti.dll 2014-03-15 09:52:51 4A8D40E38BC2C57E5D630AD6994A85CB 139776 ----a-w- C:\Windows\Sysnative\poqexec.exe 2014-03-14 13:01:14 695C842DAA76536CE44C336C9E27B25D 1507704 ----a-w- C:\Windows\Sysnative\winload.exe 2014-03-14 13:01:14 1A1DDFD4BA6523979C76BE188984C3AC 1643584 ----a-w- C:\Windows\Sysnative\winload.efi 2014-03-14 13:01:12 4E0709D9BB951AD1C22E4FF519B90839 23133696 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-03-14 13:01:10 9C5ADB26632D46919ABB231CF7DE98B9 13051904 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-03-14 13:01:09 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-03-14 13:01:09 76862AAF77C049EC20217FDC209F7F13 2765824 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-03-14 13:01:08 DF79CE9B950C62677D232154E93A81C7 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-03-14 13:01:08 CF1C73DE1FADE3D3C44FCAF254F57DB2 5768704 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-03-14 13:01:08 BA0A21F761CE5001DF712C51BF11F953 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-03-14 13:01:07 E6ACA421DA3E50D7F0A31228F0C547B0 627200 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-03-14 13:01:07 48ED94DA88F65684B28FCD87C01288A7 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-03-14 13:01:06 C993A0B97BECD3AAF5158E3869878465 6353960 ----a-w- C:\Windows\Sysnative\sppsvc.exe 2014-03-14 13:01:05 BAAD43360A7DF630ECC414671AEFA28C 6640640 ----a-w- C:\Windows\Sysnative\mstscax.dll 2014-03-14 13:01:04 977F77CE98456F6B115E5360A1160449 2133208 ----a-w- C:\Windows\Sysnative\mfcore.dll 2014-03-14 13:01:03 CFADC50692A845BAC30940E203393219 1287064 ----a-w- C:\Windows\Sysnative\kernel32.dll 2014-03-14 13:01:03 C83AFB0B285F293EDECF5EBDEC074A94 458616 ----a-w- C:\Windows\Sysnative\WerFault.exe 2014-03-14 13:01:03 C7DFBE21051D5E44B479CBF74B968335 1486848 ----a-w- C:\Windows\Sysnative\dbghelp.dll 2014-03-14 13:01:03 C7B69F90B823182CE6BE7C5374832DE5 764864 ----a-w- C:\Windows\Sysnative\mfmpeg2srcsnk.dll 2014-03-14 13:01:03 C039246195C736A602F581D29F18A43D 1928144 ----a-w- C:\Windows\Sysnative\combase.dll 2014-03-14 13:01:03 B5D2EBAD81739185A91D210F5F01824B 407024 ----a-w- C:\Windows\Sysnative\Faultrep.dll 2014-03-14 13:01:03 819A1E0F89B6AC222E9D95CA000A40B1 4175360 ----a-w- C:\Windows\Sysnative\dbgeng.dll 2014-03-14 13:01:03 2684605E822359CBD1ED2BD2C8E76397 249856 ----a-w- C:\Windows\Sysnative\rdpencom.dll 2014-03-14 13:01:02 AFCAB4DC692CCE37E283B00E2D7B438F 447488 ----a-w- C:\Windows\Sysnative\sppcomapi.dll 2014-03-14 13:01:02 99453C649DC4B0BE6D062B701CD2917F 716288 ----a-w- C:\Windows\Sysnative\swprv.dll 2014-03-14 13:01:02 94D79382FB796B0A8C90270654A70563 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll 2014-03-14 13:01:02 735CB57F806D292FB7ABE8BDFD3B5853 233920 ----a-w- C:\Windows\Sysnative\mfps.dll 2014-03-14 13:01:02 724ADFEE7743C26C550ABFE04271DCFD 160256 ----a-w- C:\Windows\Sysnative\DWWIN.EXE 2014-03-14 13:01:02 3FFEC6927D4017829A82ECDB277BB23E 64512 ----a-w- C:\Windows\Sysnative\tsgqec.dll 2014-03-14 13:01:02 110BE5198A63D3FF3CE9C30F1DC12EC3 386722 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml 2014-03-14 13:00:53 1A69D165DDA78A4329B854D4FEDAD132 4189184 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-03-14 13:00:53 05894DFC52A78C3B1DD5EF6F30FAD28C 586240 ----a-w- C:\Windows\Sysnative\qedit.dll ====== C:\Windows\Sysnative\drivers ===== 2014-03-19 14:35:45 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2014-03-19 14:35:43 D22EB844EB57D016CC34178AC86456DF 325464 -c--a-w- C:\Windows\Sysnative\drivers\USBXHCI.SYS 2014-03-19 14:35:43 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys 2014-03-19 14:35:42 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\Windows\Sysnative\drivers\rdbss.sys 2014-03-14 13:01:03 ECC68BD5347BDE9631EE68274858A41F 2543960 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2014-03-14 13:01:02 C85C075DE5B6D0FE116043054DE8EE02 311640 -c--a-w- C:\Windows\Sysnative\drivers\volsnap.sys 2014-03-14 13:01:01 C52148456E0F6EAD9E903020A79207FC 236888 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys 2014-03-14 13:01:00 241895E8A9C158DF86E12FDD21033A32 35856 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys 2014-03-14 13:00:58 57F22324FAAF92ADF957B281E88F1743 124760 ----a-w- C:\Windows\Sysnative\drivers\WdNisDrv.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-03-11 18:08:36 -------- d-----w- C:\Program Files\trend micro 2014-03-10 21:03:10 -------- d-----w- C:\Program Files\Enigma Software Group 2014-03-02 20:21:08 -------- d-----w- C:\Program Files\Reference Assemblies 2014-03-02 20:21:07 -------- d-----w- C:\Program Files\MSBuild ======= C:\PROGRA~2 ===== 2014-03-09 19:53:26 -------- d-----w- C:\PROGRA~2\MSECache 2014-03-06 08:09:25 -------- d-----w- C:\PROGRA~2\Belastingdienst 2014-03-02 20:21:20 -------- d-----w- C:\PROGRA~2\Reference Assemblies 2014-03-02 20:18:54 -------- d-----w- C:\PROGRA~2\COMMON~1\Citrix 2014-03-02 20:18:52 -------- d-----w- C:\PROGRA~2\Citrix ======= C: ===== 2014-03-10 21:03:27 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Gebruiker\AppData\Roaming ====== 2014-03-15 09:51:49 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Diagnostics 2014-03-11 21:10:57 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Microsoft Toolkit 2014-03-10 20:30:50 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{8E1D1F50-34F2-83FD-0A2F-572B2862BD4C} 2014-03-10 20:27:27 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{8B05C297-2CD7-69A9-F03E-A8CCE139D05F} 2014-03-10 20:25:44 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{05BDA67E-D6E5-F322-EC4C-F13B93CC9343} 2014-03-10 20:24:34 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\sweet-page 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Torch 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Google 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Comodo 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData\Local\Torch 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData\Local\Google 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData\Local\Comodo 2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData\Local\Torch 2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData\Local\Google 2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo 2014-03-09 19:30:04 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\BitTorrent 2014-03-09 12:53:15 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E} 2014-03-09 12:43:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Programs 2014-03-06 08:10:31 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Belastingdienst 2014-02-28 20:28:20 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\uTorrent 2014-02-25 15:27:27 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\ICAClient ====== C:\Users\Gebruiker ====== 2014-03-10 20:23:34 -------- d-----w- C:\ProgramData\HostIt 2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData 2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData 2014-03-10 20:06:43 -------- d-----w- C:\ProgramData\Real 2014-03-06 08:09:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst 2014-03-02 20:19:04 -------- d-----w- C:\ProgramData\Citrix ====== C: exe-files == 2014-03-19 14:35:53 43D0F8E593ABD37B5BC9573EDD71EFEB 628736 ----a-w- C:\Windows\System32\SettingSyncHost.exe 2014-03-19 14:35:53 42433CDEC449D40F508752F2D487D8E4 478208 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe 2014-03-19 14:35:42 A0D3749BB1BC942C7D21C4D99E79A615 131160 ----a-w- C:\Windows\System32\easinvoker.exe === C: other files == 2014-03-19 14:35:45 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-03-19 14:35:43 D22EB844EB57D016CC34178AC86456DF 325464 -c--a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2014-03-19 14:35:43 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2014-03-19 14:35:42 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\Windows\System32\drivers\rdbss.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3575262360-258679368-1463809348-1001\Software\Microsoft\Windows\CurrentVersion\Run] "SpeedUpMyComputer"="C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss" "FixMyRegistry"="C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpeedUpMyComputer"="C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss" "FixMyRegistry"="C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-03-2014 16:53] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B468EAE2-5939-457C-B301-38FACB2803D2}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chrome Look ====================== websave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Administrator\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Administrator\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Administrator\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gast\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gast\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gast\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gast\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gast\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gast\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj websave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb Pic Enhance - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc webesave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp SNT - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf NExtCoup - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb YoutubeAdblocker - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj ==== Chrome Fix ====================== C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully C:\Users\Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" "Search Page"="{searchTerms - Bing}" "Search Bar"="{searchTerms - Bing}" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=NL&userid=dc88b85a-80dd-a186-5069-82032f3a2df7&searchtype=ds&q={searchTerms}&installDate=09/03/2014" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=NL&userid=dc88b85a-80dd-a186-5069-82032f3a2df7&searchtype=ds&q={searchTerms}&installDate=09/03/2014" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="{searchTerms - Bing}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="{searchTerms - Bing}" "SearchAssistant"="{searchTerms - Bing}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="Bing" "Search Bar"="Bing" "Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="Bing" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" {006ee092-9658-4fd6-bd8e-a21a348e59f5} Bing Url="{searchTerms - Bing}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=322 folders=100 19370568 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 24-03-2014 at 21:12:27,47 ======================
  15. westbeest
    Logfile of random's system information tool 1.09 (written by random/random) Run by Gebruiker at 2014-03-11 19:23:11 Microsoft Windows 8.1 System drive C: has 1729 GB (91%) free of 1892 GB Total RAM: 8070 MB (77% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:23:12, on 11-3-2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.16518) Boot mode: Normal Running processes: C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files\trend micro\Gebruiker.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sweet Page R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = {searchTerms - Bing} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = {searchTerms - Bing} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sweet Page R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = {searchTerms - Yahoo Search Results} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = {searchTerms - Yahoo Search Results} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = {searchTerms - Bing} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = {searchTerms - Bing} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: weebsave - {B62C4C7B-461D-D0B8-9B21-732CECCAFAF5} - C:\Program Files (x86)\weebsave\ANzvk.dll (file missing) O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe O4 - HKCU\..\Run: [speedUpMyComputer] C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss O4 - HKCU\..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe O4 - HKCU\..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7807 bytes ======Listing Processes====== wininit.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Windows\system32\svchost.exe -k imgsvc dashost.exe {820dcb34-611c-4309-b1096332bef69035} C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dc2b7690-9a6c-4466-9ef6-1d11f13abce9 -SystemEventPortName:HostProcess-566ca92b-a1e3-4f06-9f93-b5df65fcccf6 -IoCancelEventPortName:HostProcess-0a0eece6-4d03-4360-b9a4-a80744425f85 -NonStateChangingEventPortName:HostProcess-920b56a2-e89e-4974-b83a-79ed6ab51c32 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:34e4fb7e-4ce7-4e95-abdd-4678a0be309a -DeviceGroupId:WpdFsGroup C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" winlogon.exe "dwm.exe" taskhostex.exe C:\Windows\Explorer.EXE "C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s "C:\Windows\System32\igfxtray.exe" "C:\Windows\system32\igfxsrvc.exe" -Embedding "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" "C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding "C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store C:\Windows\System32\RuntimeBroker.exe -Embedding "C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding "C:\Program Files\Internet Explorer\iexplore.exe" -ServerName:DefaultBrowserServer "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:267778 /prefetch:1 "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe34_ Global\UsGthrCtrlFltPipeMssGthrPipe34 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:4068916 /prefetch:1 "C:\Windows\system32\SearchFilterHost.exe" 0 584 588 596 65536 592 "C:\Users\Gebruiker\Downloads\RSITx64 (1).exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\bench-sys.job C:\Windows\tasks\Digital Sites.job - - - Updated - - - ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}] weebsave - C:\Program Files (x86)\weebsave\ANzvk.x64.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}] weebsave - C:\Program Files (x86)\weebsave\ANzvk.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {ae07101b-46d4-4a98-af68-0333ea26e113} [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {ae07101b-46d4-4a98-af68-0333ea26e113} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-12-21 391128] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-12-21 771544] "Persistence"=C:\Windows\system32\igfxpers.exe [2013-12-21 770520] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpeedUpMyComputer"=C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss [] "FixMyRegistry"=C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss [] "ChicaPasswordManager"=C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe /autorunned [] "Optimizer Pro"=C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [] "LiveSupport"=C:\Program Files (x86)\LiveSupport\LiveSupport.exe /noshow /log [] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] "mobilegeni daemon"=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [] "fst_nl_30"= [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2013-12-21 624640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicDisplay.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicRender.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BrokerInfrastructure] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DeviceInstall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dxgkrnl.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FsDepends.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LSM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmartcardSimulator] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SystemEventsBroker] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VirtualSmartcardReader] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wcmsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "EnableUIADesktopToggle"=0 "EnableCursorSuppression"=1 "ConsentPromptBehaviorUser"=3 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktopChanges"=1 "NoActiveDesktop"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.yuy2"=msyuv.dll "vidc.i420"=iyuv_32.dll "msacm.msgsm610"=msgsm32.acm "msacm.msg711"=msg711.acm "vidc.yvyu"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "wavemapper"=msacm32.drv "midimapper"=midimap.dll "vidc.uyvy"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "vidc.msvc"=msvidc32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv - - - Updated - - - Logfile of random's system information tool 1.09 (written by random/random) Run by Gebruiker at 2014-03-11 19:23:11 Microsoft Windows 8.1 System drive C: has 1729 GB (91%) free of 1892 GB Total RAM: 8070 MB (77% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:23:12, on 11-3-2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.16518) Boot mode: Normal Running processes: C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files\trend micro\Gebruiker.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX&q={searchTerms} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.exitingsearch.info/?pid=2145&r=2014/03/10&hid=12559607067462301666&lg=EN&cc=NL&unqvl=50 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: weebsave - {B62C4C7B-461D-D0B8-9B21-732CECCAFAF5} - C:\Program Files (x86)\weebsave\ANzvk.dll (file missing) O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe O4 - HKCU\..\Run: [speedUpMyComputer] C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss O4 - HKCU\..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe O4 - HKCU\..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7807 bytes ======Listing Processes====== wininit.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Windows\system32\svchost.exe -k imgsvc dashost.exe {820dcb34-611c-4309-b1096332bef69035} C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dc2b7690-9a6c-4466-9ef6-1d11f13abce9 -SystemEventPortName:HostProcess-566ca92b-a1e3-4f06-9f93-b5df65fcccf6 -IoCancelEventPortName:HostProcess-0a0eece6-4d03-4360-b9a4-a80744425f85 -NonStateChangingEventPortName:HostProcess-920b56a2-e89e-4974-b83a-79ed6ab51c32 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:34e4fb7e-4ce7-4e95-abdd-4678a0be309a -DeviceGroupId:WpdFsGroup C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" winlogon.exe "dwm.exe" taskhostex.exe C:\Windows\Explorer.EXE "C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s "C:\Windows\System32\igfxtray.exe" "C:\Windows\system32\igfxsrvc.exe" -Embedding "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" "C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding "C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store C:\Windows\System32\RuntimeBroker.exe -Embedding "C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding "C:\Program Files\Internet Explorer\iexplore.exe" -ServerName:DefaultBrowserServer "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:267778 /prefetch:1 "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe34_ Global\UsGthrCtrlFltPipeMssGthrPipe34 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:4068916 /prefetch:1 "C:\Windows\system32\SearchFilterHost.exe" 0 584 588 596 65536 592 "C:\Users\Gebruiker\Downloads\RSITx64 (1).exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\bench-sys.job C:\Windows\tasks\Digital Sites.job
  16. westbeest
    kan log file niet plaatsen krijg dan de volgende melding Fatal error: Maximum execution time of 30 seconds exceeded in /home/pchelpfor/domains/pc-helpforum.be/public_html/includes/functions.php on line 2351
  17. westbeest
    Hallo Kan ik geholpen worden om het sweet page programma te verwijderen. Mijn zoon zat op de computer en nu is dit ineens mijn startpagina geweorden
  18. westbeest
    Zoek.exe Version 4.0.0.4 Updated 14-September-2013 Tool run by Peter on za 14-09-2013 at 12:18:22,57. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: H:\Documents and Settings\Peter\Bureaublad\zoek\zoek.com [Checkboxes used] ==== System Restore Info ====================== 14-9-2013 12:22:35 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1004336348-299502267-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc deleted successfully ==== FireFox Fix ====================== Deleted from H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\prefs.js: user_pref("browser.startup.homepage", "http://websearch.good-results.info/"); user_pref("browser.search.defaulturl", "http://websearch.good-results.info/?l=1&q="); user_pref("browser.search.defaultenginename", "WebSearch"); user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.selectedEngine", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); user_pref("browser.search.order.1", "WebSearch"); user_pref("browser.search.order.1,S", "WebSearch"); user_pref("keyword.URL", "http://websearch.good-results.info/?l=1&q="); Added to H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\prefs.js: user_pref("browser.startup.homepage", "Google"); user_pref("browser.search.defaulturl", "Google="); user_pref("browser.newtab.url", "Google"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "Google="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2 ---- Lines 510440d6e06fd@510440d6e0736.com removed from prefs.js ---- ---- Lines 510440d6e06fd@510440d6e0736.com modified from prefs.js ---- ---- Lines 510440d6e06fd@510440d6e0736.com removed from user.js ---- ---- Lines WebSearch removed from prefs.js ---- ---- Lines WebSearch modified from prefs.js ---- ---- Lines WebSearch removed from user.js ---- ---- Lines Torntv removed from prefs.js ---- ---- Lines Torntv modified from prefs.js ---- ---- Lines Torntv removed from user.js ---- ---- Lines results.info removed from prefs.js ---- ---- Lines results.info modified from prefs.js ---- ---- Lines results.info removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user_14-09-2013_1225_.backup prefs_14-09-2013_1225_.backup ==== Deleting Files \ Folders ====================== "H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\searchplugins\WebSearch.xml" deleted "H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\extensions\torntv@torntv.com.xpi" deleted "H:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk" deleted "H:\Documents and Settings\Peter\Menu Start\Programma's\iLivid.lnk" deleted "H:\WINDOWS\SET3.tmp" deleted "H:\WINDOWS\SET4.tmp" deleted "H:\WINDOWS\SET8.tmp" deleted "H:\WINDOWS\system32\roboot.exe" deleted "H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\searchplugins\WebSearch.xml" deleted "H:\Documents and Settings\Peter\Bureaublad\Ongebruikte bureaubladpictogrammen\iLivid.lnk" deleted "H:\Documents and Settings\Peter\Bureaublad\Ongebruikte bureaubladpictogrammen\iLividSetup-r418-n-bi.exe" deleted "H:\Program Files\TornTV.com" deleted "H:\Documents and Settings\All Users.WINDOWS\Application Data\Search-NewTab" deleted "H:\Program Files\GoforFiles" deleted "H:\Program Files\WebSearch" deleted "H:\Program Files\SearchProtect" deleted "H:\Documents and Settings\Peter\Application Data\GoforFiles" deleted "H:\Documents and Settings\Peter\Application Data\Systweak" deleted "H:\Documents and Settings\All Users.WINDOWS\Application Data\ClickIT" deleted "H:\Documents and Settings\All Users.WINDOWS\Application Data\Search-NewTab" deleted "H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid" deleted "H:\Documents and Settings\Peter\Local Settings\Application Data\CRE" deleted "H:\Documents and Settings\Peter\Local Settings\Application Data\Systweak" deleted ==== Firefox Extensions ====================== ProfilePath: H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2 - Wajam - %ProfilePath%\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi ==== Firefox Plugins ====================== ==== Deleting Files \ Folders ====================== "H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jbpkiefagocgkmemidfngdkamloieekf - H:\Program Files\TornTV.com\torn11.crx[] ==== Chrome Fix ====================== H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage deleted successfully H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage-journal deleted successfully H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl" "Search Page"="Google" "Search Bar"="Upgrade to Google Chrome" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="%s - Google Search" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="Upgrade to Google Chrome" "Default_Search_URL"="Upgrade to Google Chrome" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="Bing" "Search Bar"="Bing" "Start Page"="Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="Bing" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Conduit Search Url="{searchTerms - Bing}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" {D7C06B0E-AAD8-451E-8582-8AE6F7E9076D} Google Url="{searchTerms} - Google Search" ==== Reset Google Chrome ====================== H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSC] "H:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [iLivid] "H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.blokker.nl/ips-opdata/layout/aspadmin/objects/canvasx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361634819609 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353515556453 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - H:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: KMService - Unknown owner - H:\WINDOWS\system32\srvany.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe ==== Empty IE Cache ====================== H:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully H:\Documents and Settings\Default User.WINDOWS\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully H:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully H:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully H:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully H:\Documents and Settings\Peter\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully H:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot H:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== H:\WINDOWS\Temp successfully emptied H:\DOCUME~1\Peter\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== H:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "H:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "H:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on za 14-09-2013 at 12:28:57,56 ======================
  19. westbeest
    Logfile of random's system information tool 1.09 (written by random/random) Run by Peter at 2013-09-14 11:09:08 Microsoft Windows XP Home Edition Service Pack 3 System drive H: has 97 GB (74%) free of 131 GB Total RAM: 3519 MB (56% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:09:11, on 14-9-2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\nvsvc32.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Microsoft Security Client\MsMpEng.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\RTHDCPL.EXE H:\WINDOWS\system32\RUNDLL32.EXE H:\Program Files\HP\HP Software Update\HPWuSchd2.exe H:\Program Files\Microsoft Security Client\msseces.exe H:\Program Files\Common Files\Java\Java Update\jusched.exe H:\Program Files\Microsoft ActiveSync\Wcescomm.exe H:\WINDOWS\system32\ctfmon.exe H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe H:\PROGRA~1\MI3AA1~1\rapimgr.exe H:\Program Files\Windows Desktop Search\WindowsSearch.exe H:\Program Files\Java\jre7\bin\jqs.exe H:\WINDOWS\system32\srvany.exe H:\WINDOWS\system32\HPZipm12.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\KMService.exe H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE H:\WINDOWS\system32\SearchIndexer.exe H:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe H:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe H:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe H:\Program Files\Internet Explorer\iexplore.exe H:\Program Files\Internet Explorer\iexplore.exe H:\Program Files\Internet Explorer\iexplore.exe H:\Program Files\Internet Explorer\iexplore.exe H:\WINDOWS\system32\wuauclt.exe H:\WINDOWS\system32\SearchProtocolHost.exe H:\Documents and Settings\Peter\Bureaublad\Ongebruikte bureaubladpictogrammen\RSIT.exe H:\Program Files\trend micro\Peter.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSC] "H:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [iLivid] "H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.blokker.nl/ips-opdata/layout/aspadmin/objects/canvasx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361634819609 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353515556453 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - H:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - H:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: KMService - Unknown owner - H:\WINDOWS\system32\srvany.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe -- End of file - 9054 bytes ======Scheduled tasks folder====== H:\WINDOWS\tasks\Adobe Flash Player Updater.job H:\WINDOWS\tasks\Go for FilesUpdate.job H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job H:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job H:\WINDOWS\tasks\User_Feed_Synchronization-{9D2962DE-6A53-485F-AC1B-45DC2BAF381D}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - H:\Program Files\Java\jre7\bin\ssv.dll [2013-06-22 463272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-24 192592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - H:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [2013-06-24 1000984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - H:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-22 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-24 192592] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-10-28 17331200] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=H:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016] "NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464] "HP Software Update"=H:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-05-10 49208] "Adobe ARM"=H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "QuickTime Task"=H:\Program Files\QuickTime\qttask.exe [2011-12-11 421888] "MSC"=H:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20 995176] "SunJavaUpdateSched"=H:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"=H:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000] "ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360] "uTorrent"=H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe [2013-09-13 1130576] "iLivid"=H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe [2013-09-09 6827008] H:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten Windows Search.lnk - H:\Program Files\Windows Desktop Search\WindowsSearch.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=H:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "H:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "H:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="H:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "H:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "H:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="H:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "H:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="H:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "H:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="H:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "H:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "H:\WINDOWS\system32\usmt\migwiz.exe"="H:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Wizard Bestanden en instellingen overzetten" "H:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="H:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace" "H:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="H:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote" "H:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "H:\Program Files\Microsoft ActiveSync\rapimgr.exe"="H:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "H:\Program Files\Microsoft ActiveSync\wcescomm.exe"="H:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "H:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="H:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "H:\WINDOWS\system32\msiexec.exe"="H:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup" "H:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe"="H:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager" "H:\Program Files\GoforFiles\goforfilesdl.exe"="H:\Program Files\GoforFiles\goforfilesdl.exe:*:Enabled:Go for Files" "H:\Program Files\GoforFiles\GoforFiles.exe"="H:\Program Files\GoforFiles\GoforFiles.exe:*:Enabled:Go for Files" "H:\Program Files\FrostWire 5\FrostWire.exe"="H:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire" "H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe"="H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe:*:Enabled:iLivid" "H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe"="H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "H:\Program Files\Microsoft ActiveSync\rapimgr.exe"="H:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "H:\Program Files\Microsoft ActiveSync\wcescomm.exe"="H:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "H:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="H:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe"="H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe:*:Enabled:iLivid" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=H:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=H:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "vidc.LEAD"=LCODCCMP.DLL ======List of files/folders created in the last 1 month====== 2013-09-14 11:09:08 ----D---- H:\rsit 2013-09-13 15:16:01 ----D---- H:\Program Files\SearchProtect 2013-09-11 21:58:47 ----HDC---- H:\WINDOWS\$NtUninstallKB2876315$ 2013-09-11 21:57:55 ----HDC---- H:\WINDOWS\$NtUninstallKB2876217$ 2013-09-11 21:57:50 ----HDC---- H:\WINDOWS\$NtUninstallKB2864063$ 2013-08-28 22:06:10 ----HDC---- H:\WINDOWS\$NtUninstallKB2834904-v2_WM11$ 2013-08-16 10:12:54 ----D---- H:\WINDOWS\system32\MRT 2013-08-16 10:12:39 ----HDC---- H:\WINDOWS\$NtUninstallKB2850869$ 2013-08-16 10:12:32 ----HDC---- H:\WINDOWS\$NtUninstallKB2859537$ 2013-08-16 10:12:28 ----HDC---- H:\WINDOWS\$NtUninstallKB2863058$ 2013-08-16 10:12:22 ----HDC---- H:\WINDOWS\$NtUninstallKB2849470$ ======List of files/folders modified in the last 1 month====== 2013-09-14 11:09:11 ----D---- H:\Program Files\Trend Micro 2013-09-14 11:07:46 ----D---- H:\WINDOWS\Prefetch 2013-09-14 11:07:42 ----D---- H:\Documents and Settings\Peter\Application Data\uTorrent 2013-09-14 09:29:34 ----D---- H:\WINDOWS\temp 2013-09-14 09:28:12 ----D---- H:\WINDOWS\system32\CatRoot2 2013-09-14 09:27:19 ----SD---- H:\WINDOWS\Tasks 2013-09-13 23:59:49 ----A---- H:\WINDOWS\SchedLgU.Txt 2013-09-13 15:30:34 ----D---- H:\WINDOWS\system32 2013-09-13 15:30:34 ----A---- H:\WINDOWS\system32\FlashPlayerApp.exe 2013-09-13 15:16:33 ----D---- H:\Documents and Settings\Peter\Application Data\vlc 2013-09-13 15:16:01 ----RD---- H:\Program Files 2013-09-13 15:15:36 ----D---- H:\Program Files\uTorrent 2013-09-13 15:14:25 ----D---- H:\WINDOWS 2013-09-11 22:04:51 ----HD---- H:\WINDOWS\inf 2013-09-11 22:04:50 ----RSHDC---- H:\WINDOWS\system32\dllcache 2013-09-11 22:04:47 ----D---- H:\Program Files\Internet Explorer 2013-09-11 22:04:39 ----D---- H:\WINDOWS\ie8updates 2013-09-11 22:04:32 ----SHD---- H:\WINDOWS\Installer 2013-09-11 22:04:31 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2013-09-11 22:04:31 ----D---- H:\Config.Msi 2013-09-11 21:58:50 ----A---- H:\WINDOWS\imsins.BAK 2013-09-11 21:51:28 ----A---- H:\WINDOWS\system32\MRT.exe 2013-09-08 10:53:11 ----D---- H:\WINDOWS\Network Diagnostic 2013-09-01 19:10:02 ----D---- H:\WINDOWS\system32\Macromed 2013-08-18 12:11:38 ----D---- H:\Program Files\Microsoft Security Client 2013-08-18 12:11:25 ----D---- H:\WINDOWS\system32\drivers 2013-08-17 09:18:55 ----D---- H:\WINDOWS\Microsoft.NET 2013-08-17 09:18:53 ----RSD---- H:\WINDOWS\assembly 2013-08-16 10:11:39 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI 2013-08-16 10:11:23 ----D---- H:\WINDOWS\WinSxS ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; H:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560] R0 PxHelp20;PxHelp20; H:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-08-19 46080] R0 sptd;sptd; H:\WINDOWS\System32\Drivers\sptd.sys [2011-11-13 428088] R1 intelppm;Intel GV3-processorstuurprogramma; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40448] R1 kbdhid;Stuurprogramma voor toetsenbord-HID; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-15 14720] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; H:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-15 12032] R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384] R3 hidusb;Microsoft HID Class-stuurprogramma; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368] R3 HPZid412;IEEE-1284.4 Driver HPZid412; H:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; H:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; H:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-31 4942336] R3 mouhid;Stuurprogramma voor muis-HID; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12288] R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-23 141568] R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128] R3 usbprint;Microsoft USB PRINTER Class; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] R3 usbscan;Stuurprogramma voor USB-scanner; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] R3 usbstor;Stuurprogramma voor USB-massaopslag; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S1 obqpnfei;obqpnfei; \??\H:\WINDOWS\system32\drivers\obqpnfei.sys [] S3 catchme;catchme; \??\H:\DOCUME~1\Peter\LOCALS~1\Temp\catchme.sys [] S3 libusb0;LibUsb-Win32 - Kernel Driver 09/17/2010, 1.2.1.0; H:\WINDOWS\system32\DRIVERS\libusb0.sys [2010-11-06 35008] S3 RimUsb;BlackBerry Device; H:\WINDOWS\System32\Drivers\RimUsb.sys [2006-07-04 22528] S3 usb_rndisx;USB RNDIS-adapter; H:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928] S3 wceusbsh;Windows CE USB Serial Host Driver; H:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 CltMngSvc;Search Protect by Conduit Service; H:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [2013-09-01 1736024] R2 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre7\bin\jqs.exe [2013-06-22 182184] R2 KMService;KMService; H:\WINDOWS\system32\srvany.exe [2013-03-10 8192] R2 MsMpSvc;Microsoft Antimalware Service; H:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 22208] R2 nvsvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004] R2 Pml Driver HPZ12;Pml Driver HPZ12; H:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] R2 wlidsvc;Windows Live ID Sign-in Assistant; H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728] R2 WSearch;Windows Search; H:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R3 osppsvc;Office Software Protection Platform; H:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S2 gupdate;Google Update-service (gupdate); H:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-24 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13 257416] S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gupdatem;Google Update-service (gupdatem); H:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-24 136176] S3 gusvc;Google Software Updater; H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-12-24 194032] S3 HP Port Resolver;HP Port Resolver; H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920] S3 HP Status Server;HP Status Server; H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728] S3 idsvc;Windows CardSpace; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; H:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672] S3 ose;Office Source Engine; H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; H:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-15 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
  20. westbeest
    Hallo Mijn vraag is of conduit search een virus is . Ik heb nu enekel malen mij start pagina van internet moeten aanpassen. Het is gekomen na een upadate van windows en na het instaleren van het programma ilivid (video van youtube copieren naar harde schijf)
  21. westbeest
    nog niet Kijk het morgenochtend nog aan en bij geen problemen markeer ik het morgel als opgelost
  22. westbeest
    # AdwCleaner v2.109 - Verslag gemaakt op 30/01/2013 om 22:00:17 # Geactualiseerd op 26/01/2013 door Xplode # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits) # Gebruiker : Peter - PETER-42ADA93BE # Opstarten Modus : Normale modus # Gelanceerd vanaf : H:\Documents and Settings\Peter\Bureaublad\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijdert : H:\DOCUME~1\Peter\LOCALS~1\Temp\Uninstall.exe File Verwijdert : H:\END File Verwijdert : H:\user.js Map Verwijdert : H:\DOCUME~1\Peter\LOCALS~1\Temp\AskSearch Map Verwijdert : H:\DOCUME~1\Peter\LOCALS~1\Temp\BabylonToolbar Map Verwijdert : H:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon Map Verwijdert : H:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess Map Verwijdert : H:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate Map Verwijdert : H:\Documents and Settings\All Users.WINDOWS\Application Data\SaveAs Map Verwijdert : H:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer Map Verwijdert : H:\Documents and Settings\Peter\Application Data\Babylon Map Verwijdert : H:\Documents and Settings\Peter\Application Data\PriceGong Map Verwijdert : H:\Documents and Settings\Peter\Application Data\SwvUpdater Map Verwijdert : H:\Documents and Settings\Peter\Local Settings\Application Data\Conduit Map Verwijdert : H:\Documents and Settings\Peter\Local Settings\Application Data\Wajam Map Verwijdert : H:\Program Files\Conduit Map Verwijdert : H:\Program Files\v-Grabber Verwijdert bij het opstarten : H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb Verwijdert bij het opstarten : H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\1ClickDownload Sleutel Verwijdert : HKCU\Software\APN PIP Sleutel Verwijdert : HKCU\Software\AppDataLow\SProtector Sleutel Verwijdert : HKCU\Software\Babylon Sleutel Verwijdert : HKCU\Software\Conduit Sleutel Verwijdert : HKCU\Software\ConduitSearchScopes Sleutel Verwijdert : HKCU\Software\Cr_Installer Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn Sleutel Verwijdert : HKCU\Software\InstallCore Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Sleutel Verwijdert : HKCU\Software\SmartBar Sleutel Verwijdert : HKCU\Software\Softonic Sleutel Verwijdert : HKLM\Software\Babylon Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escort.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabyDict Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabyGloss Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabyOptFile Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2849859 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2865317 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT3272810 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5} Sleutel Verwijdert : HKLM\Software\Conduit Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn Sleutel Verwijdert : HKLM\Software\Iminent Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179} Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Sleutel Verwijdert : HKLM\Software\PIP Sleutel Verwijdert : HKLM\Software\SProtector Sleutel Verwijdert : HKLM\Software\Tarma Installer Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] ***** [browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109868&tt=060612_8_&babsrc=NT_ss&mntrId=7081e6a4000000000000001966e65d91 --> hxxp://www.google.com -\\ Google Chrome v [Onmogelijk de versie te verkrijgen] File : H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Verwijdert [l.878] : homepage = "hxxp://websearch.good-results.info/", ************************* AdwCleaner[s1].txt - [11175 octets] - [30/01/2013 22:00:17] ########## EOF - H:\AdwCleaner[s1].txt - [11236 octets] ##########
  23. westbeest
    mbam logje en hijackthis bestand Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Databaseversie: v2012.12.14.11 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Peter :: PETER-42ADA93BE [administrator] 30-1-2013 19:20:28 mbam-log-2013-01-30 (19-20-28).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 309886 Verstreken tijd: 7 minuut/minuten, 59 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 1 HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 1 HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 7fee864dc2c01660cd446616f9a0ec6d -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:48:32, on 30-1-2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\nvsvc32.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Microsoft Security Client\MsMpEng.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\RTHDCPL.EXE H:\WINDOWS\system32\RUNDLL32.EXE H:\Program Files\HP\HP Software Update\HPWuSchd2.exe H:\Program Files\Microsoft Security Client\msseces.exe H:\Program Files\Common Files\Java\Java Update\jusched.exe H:\Program Files\Microsoft ActiveSync\Wcescomm.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\uTorrent\uTorrent.exe H:\PROGRA~1\MI3AA1~1\rapimgr.exe H:\Program Files\Windows Desktop Search\WindowsSearch.exe H:\Program Files\Java\jre7\bin\jqs.exe H:\WINDOWS\system32\HPZipm12.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE H:\WINDOWS\system32\SearchIndexer.exe H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe H:\Program Files\Internet Explorer\iexplore.exe H:\Program Files\Internet Explorer\iexplore.exe H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe H:\WINDOWS\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSC] "H:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://H:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.blokker.nl/ips-opdata/layout/aspadmin/objects/canvasx.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353515556453 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - H:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: KMService - Unknown owner - H:\WINDOWS\system32\srvany.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
  24. westbeest
    Hallo wederom is mijn systeem besmet met babylon. Hoe kan dit in de toekomst voorkomen worden nadat hgij eerst verwijders is. Graag hulp hierbij - - - Updated - - - In andere forums onderwerpen over babylon wordt er gemeld dat jullie onderstaande log nodig hebben Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:33:44, on 30-1-2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\nvsvc32.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Microsoft Security Client\MsMpEng.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\RTHDCPL.EXE H:\WINDOWS\system32\RUNDLL32.EXE H:\Program Files\HP\HP Software Update\HPWuSchd2.exe H:\Program Files\Microsoft Security Client\msseces.exe H:\Program Files\Common Files\Java\Java Update\jusched.exe H:\Program Files\Microsoft ActiveSync\Wcescomm.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\uTorrent\uTorrent.exe H:\PROGRA~1\MI3AA1~1\rapimgr.exe H:\Program Files\Windows Desktop Search\WindowsSearch.exe H:\Program Files\Java\jre7\bin\jqs.exe H:\WINDOWS\system32\HPZipm12.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE H:\WINDOWS\system32\SearchIndexer.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe H:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Program Files\Internet Explorer\IEXPLORE.EXE H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe H:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SaveAs - {9F8A30E0-B436-3D79-14BD-38F03E4B08F1} - H:\Documents and Settings\All Users.WINDOWS\Application Data\SaveAs\51044082607d9.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - H:\Program Files\Yontoo\YontooIEClient.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSC] "H:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://H:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.blokker.nl/ips-opdata/layout/aspadmin/objects/canvasx.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353515556453 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - H:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: KMService - Unknown owner - H:\WINDOWS\system32\srvany.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
  25. westbeest
    Ik heb in het verleden een back up gemaakt voor mijn outlook . Nu wil ik het importeren maar er staat een wachtwoord op. En deze is niet bekend. Weet iemand hoe ik de E-mails wel kan importeren.
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.