westbeest
-
Items
52 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door westbeest
-
-
-
-
Ik heb java Inmiddels geupdate naar 8.4
-
Hallo
Na een kleine 2 maanden krijg ik de melding wederom. Is er een mogelijkheid of programma waar ik het kan uitzetten
-
hier is het adw bestandje
-
-
-
Hallo
Hier is het logbestandje
-
Hallo
Ik heb windows 8.1 en krijg af en toe in het programma marktplaats een melding dat een bepaald bestand van cloudfront niet geïnstalleerd is. Mijn vraag is of cloudfront een virus is ?
-
Hartelijk dank voor uw hulp
ik heb nu hitman pro tijdelijk. Het is de nieuwste versie. Bij de 1e scan haalde hij er al wat dingen uit die microsoft niet zag. Ben benieuwd hoe hij het verder doet
-
Nee op dit moment niet
Hebben jullie nog een advies om dit soort dingen te voorkomen ? Heb nu microsoft als virus scanner is dit goed genoeg of moeten we aan een andere denken.
In iedere geval alvast bedankt
-
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Gebruiker on wo 26-03-2014 at 19:03:13,21.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gebruiker\Downloads\zoek.exe [scan all users] [script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-24-201227.log 35315 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
==== Deleting Files \ Folders ======================
C:\Users\Gebruiker\AppData\Roaming\sweet-page deleted
"C:\autoexec.bat" deleted
==== Chrome Look ======================
websave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
websave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
websave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
websave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Administrator\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Administrator\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
websave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
websave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
websave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
websave - Gast\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gast\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gast\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gast\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gast\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
websave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
websave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
websave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
websave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"
{006ee092-9658-4fd6-bd8e-a21a348e59f5} Bing Url="{searchTerms - Bing}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=323 folders=102 19370714 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on wo 26-03-2014 at 19:12:37,48 ======================
-
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Gebruiker on ma 24-03-2014 at 20:52:02,14.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gebruiker\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]
==== System Restore Info ======================
24-3-2014 20:53:47 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\YoutubeAdblocker deleted successfully
C:\PROGRA~3\NExtCoup deleted successfully
C:\PROGRA~3\SNT deleted successfully
C:\PROGRA~3\webesave deleted successfully
C:\PROGRA~3\WinZip deleted successfully
C:\Users\Gebruiker\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3575262360-258679368-1463809348-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-3575262360-258679368-1463809348-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"mobilegeni daemon"=-
"fst_nl_30"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
==== Deleting Files \ Folders ======================
C:\Program Files (x86)\weebsave not found
C:\Program Files (x86)\Optimizer Pro not found
C:\Program Files (x86)\Mobogenie deleted
C:\Users\Gebruiker\AppData\LocalLow\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5} deleted
C:\Users\Gebruiker\AppData\LocalLow\{EB371B49-8FDE-4381-E9C6-53EEACAD830C} deleted
C:\Users\Gebruiker\daemonprocess.txt deleted
C:\Users\Gebruiker\.android deleted
C:\PROGRA~3\weebsave deleted
C:\Users\Gebruiker\AppData\Roaming\SupTab deleted
C:\Users\Gebruiker\AppData\Roaming\awesomehp deleted
C:\Users\Gebruiker\AppData\Roaming\DigitalSites deleted
C:\Users\Gebruiker\AppData\Roaming\EZDownloader deleted
C:\Users\Gebruiker\AppData\Roaming\systweak deleted
C:\Users\Gebruiker\AppData\Roaming\OpenCandy deleted
C:\PROGRA~3\Registry Helper deleted
C:\PROGRA~3\IePluginService deleted
C:\PROGRA~3\WPM deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\RegClean deleted
C:\Users\Gebruiker\AppData\Local\WebPlayer deleted
C:\Users\Gebruiker\AppData\Local\Mobogenie deleted
C:\Users\Gebruiker\AppData\Local\cache deleted
C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\windows\SysNative\tasks\bench-sys deleted
C:\Windows\tasks\bench-sys.job deleted
C:\Windows\Syswow64\SearchProtect deleted
C:\Users\Gebruiker\Documents\Mobogenie deleted
"C:\PROGRA~3\589ed11582df0642\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}" deleted
"C:\PROGRA~3\589ed11582df0642\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}" deleted
"C:\PROGRA~3\589ed11582df0642\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~3\589ed11582df0642\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\PROGRA~3\589ed11582df0642\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted
"C:\PROGRA~3\589ed11582df0642" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\GEBRUI~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-03-19 14:35:53 D292652F380DFC23897CB31B1940E56C 588800 ----a-w- C:\Windows\SysWOW64\SettingSyncCore.dll
2014-03-19 14:35:53 42433CDEC449D40F508752F2D487D8E4 478208 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe
2014-03-19 14:35:50 3104FCDE0470E5D89C9991FC0EDDE57E 18643560 ----a-w- C:\Windows\SysWOW64\shell32.dll
2014-03-19 14:35:49 9929F71938D9FCE4550BEB935071F0C8 13949440 ----a-w- C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-03-19 14:35:47 A00970DBAD7034523CF9D2C395A944B8 103936 ----a-w- C:\Windows\SysWOW64\OEMLicense.dll
2014-03-19 14:35:47 716046CF7941B176C18AA58785899A2D 174592 ----a-w- C:\Windows\SysWOW64\WSClient.dll
2014-03-19 14:35:46 A863A4DEF854D579C36EAA9DECF21C80 336896 ----a-w- C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-19 14:35:45 65ACE54B8EDA937EE7706733D27F40A8 802816 ----a-w- C:\Windows\SysWOW64\MFMediaEngine.dll
2014-03-19 14:35:44 DBB6B2FA462A5E7029766B09ED9CDA73 381168 ----a-w- C:\Windows\SysWOW64\mfsvr.dll
2014-03-19 14:35:44 CF8746715C1AA00C29F789825E321C7C 770560 ----a-w- C:\Windows\SysWOW64\ReAgent.dll
2014-03-19 14:35:43 EC308077E9BEEDF523AE3D6BA042E016 630272 ----a-w- C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2014-03-19 14:35:43 986ABF43F76F5B0E3557363FB4925C78 1472048 ----a-w- C:\Windows\SysWOW64\ntdll.dll
2014-03-19 14:35:42 E2C1E49EBFB8EFA1AFF6966533BAD12B 140800 ----a-w- C:\Windows\SysWOW64\easwrt.dll
2014-03-19 14:35:42 A7DE6E0B69826D5B6F5FF68AABCF7035 218112 ----a-w- C:\Windows\SysWOW64\sti.dll
2014-03-15 09:52:50 07B5CC5559ED3F55A3F940B3211D89C2 124416 ----a-w- C:\Windows\SysWOW64\poqexec.exe
2014-03-14 13:01:11 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-03-14 13:01:10 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-03-14 13:01:09 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-03-14 13:01:09 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-03-14 13:01:08 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-03-14 13:01:07 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 13:01:07 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 13:01:07 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-03-14 13:01:04 D34CE666D9BA3D5232609D3C15075B70 5770752 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2014-03-14 13:01:03 ECEBFCEF5799B57BFF242D24B27E4FE4 2143960 ----a-w- C:\Windows\SysWOW64\mfcore.dll
2014-03-14 13:01:03 878B3C936C3C2850A57C24C6F104EBC5 208896 ----a-w- C:\Windows\SysWOW64\rdpencom.dll
2014-03-14 13:01:03 6C8AC5035C39C818624EFA962B24AB3D 1036288 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2014-03-14 13:01:03 34823DAA381423CAE81FEE7C2EEE52F4 669352 ----a-w- C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-14 13:01:03 2A3626E0B7F5A5317902EBDAF2B4CCE0 1371824 ----a-w- C:\Windows\SysWOW64\combase.dll
2014-03-14 13:01:03 17500825FE6C7094ACC6E7DC6B578399 369280 ----a-w- C:\Windows\SysWOW64\Faultrep.dll
2014-03-14 13:01:02 FCD51A3EB7E47FBCE17382A95FD3AB35 2873344 ----a-w- C:\Windows\SysWOW64\dbgeng.dll
2014-03-14 13:01:02 F5033F3C6F8E706D78ACB9351EBF7B3E 1238016 ----a-w- C:\Windows\SysWOW64\dbghelp.dll
2014-03-14 13:01:02 D4A17A8DEB194D77AD9651F0EE0C76EB 138752 ----a-w- C:\Windows\SysWOW64\DWWIN.EXE
2014-03-14 13:01:02 D0B6EB329D696A5C2122352EAE722290 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-14 13:01:02 3DA5CD1E3B9BDAF79731CB6CB1029CB3 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2014-03-14 13:01:02 249DE8C6F690646CC8EC53D49ABC6BE9 408480 ----a-w- C:\Windows\SysWOW64\WerFault.exe
2014-03-14 13:00:53 F80E8CF9E4A051C2CC338C85088A046C 488448 ----a-w- C:\Windows\SysWOW64\qedit.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-03-19 14:35:53 43D0F8E593ABD37B5BC9573EDD71EFEB 628736 ----a-w- C:\Windows\Sysnative\SettingSyncHost.exe
2014-03-19 14:35:52 968FB3BA8E7DF0933A1CF593BD503F4A 461312 ----a-w- C:\Windows\Sysnative\XpsGdiConverter.dll
2014-03-19 14:35:51 1D8F8BE07D2B06C32ADB4B08F0F2A357 749056 ----a-w- C:\Windows\Sysnative\SettingSyncCore.dll
2014-03-19 14:35:50 FF73B88BA206966BD228320F664D4D92 21199256 ----a-w- C:\Windows\Sysnative\shell32.dll
2014-03-19 14:35:48 04B5ADB034D17585D3BCFC6DE5CADFF8 18576384 ----a-w- C:\Windows\Sysnative\Windows.UI.Xaml.dll
2014-03-19 14:35:47 B88A70259DF2927787C0B766DD4CFB5C 206336 ----a-w- C:\Windows\Sysnative\WSClient.dll
2014-03-19 14:35:47 68085A085DE8E3540EE8E02CAE575B2E 138240 ----a-w- C:\Windows\Sysnative\OEMLicense.dll
2014-03-19 14:35:45 E069B63DAD920D231FA8A141DFF43A8C 960512 ----a-w- C:\Windows\Sysnative\MFMediaEngine.dll
2014-03-19 14:35:45 A95838FFFAEAA7500263D491575F7E0C 1214976 ----a-w- C:\Windows\Sysnative\schedsvc.dll
2014-03-19 14:35:44 E80700EB046D0B82B694C98CF7231C08 481944 ----a-w- C:\Windows\Sysnative\mfsvr.dll
2014-03-19 14:35:44 D03BF756457B6A1EB305B26046BB9B4D 914944 ----a-w- C:\Windows\Sysnative\ReAgent.dll
2014-03-19 14:35:44 847CFF96ACB575CE73C0E2E86C6BA993 842752 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.dll
2014-03-19 14:35:43 E287F157F7A0011D93179C64EF8ADCF2 376320 ----a-w- C:\Windows\Sysnative\pnrpsvc.dll
2014-03-19 14:35:43 C8ACFF60C553E63949A79DC370B516E4 947712 ----a-w- C:\Windows\Sysnative\reseteng.dll
2014-03-19 14:35:43 1FCA4E287F0ED13BF037A484AA2FE3B1 419160 ----a-w- C:\Windows\Sysnative\hal.dll
2014-03-19 14:35:42 A0D3749BB1BC942C7D21C4D99E79A615 131160 ----a-w- C:\Windows\Sysnative\easinvoker.exe
2014-03-19 14:35:42 66F214C9E446407D78048681394820A6 178176 ----a-w- C:\Windows\Sysnative\easwrt.dll
2014-03-19 14:35:42 3D136E8D4C0407D9C40FD8BDD649B587 1720560 ----a-w- C:\Windows\Sysnative\ntdll.dll
2014-03-19 14:35:42 0B9FBEC5714523FF76DDFEB320FE2DF2 303616 ----a-w- C:\Windows\Sysnative\sti.dll
2014-03-15 09:52:51 4A8D40E38BC2C57E5D630AD6994A85CB 139776 ----a-w- C:\Windows\Sysnative\poqexec.exe
2014-03-14 13:01:14 695C842DAA76536CE44C336C9E27B25D 1507704 ----a-w- C:\Windows\Sysnative\winload.exe
2014-03-14 13:01:14 1A1DDFD4BA6523979C76BE188984C3AC 1643584 ----a-w- C:\Windows\Sysnative\winload.efi
2014-03-14 13:01:12 4E0709D9BB951AD1C22E4FF519B90839 23133696 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-03-14 13:01:10 9C5ADB26632D46919ABB231CF7DE98B9 13051904 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-03-14 13:01:09 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-03-14 13:01:09 76862AAF77C049EC20217FDC209F7F13 2765824 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-03-14 13:01:08 DF79CE9B950C62677D232154E93A81C7 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-03-14 13:01:08 CF1C73DE1FADE3D3C44FCAF254F57DB2 5768704 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-03-14 13:01:08 BA0A21F761CE5001DF712C51BF11F953 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-03-14 13:01:07 E6ACA421DA3E50D7F0A31228F0C547B0 627200 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-03-14 13:01:07 48ED94DA88F65684B28FCD87C01288A7 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-03-14 13:01:06 C993A0B97BECD3AAF5158E3869878465 6353960 ----a-w- C:\Windows\Sysnative\sppsvc.exe
2014-03-14 13:01:05 BAAD43360A7DF630ECC414671AEFA28C 6640640 ----a-w- C:\Windows\Sysnative\mstscax.dll
2014-03-14 13:01:04 977F77CE98456F6B115E5360A1160449 2133208 ----a-w- C:\Windows\Sysnative\mfcore.dll
2014-03-14 13:01:03 CFADC50692A845BAC30940E203393219 1287064 ----a-w- C:\Windows\Sysnative\kernel32.dll
2014-03-14 13:01:03 C83AFB0B285F293EDECF5EBDEC074A94 458616 ----a-w- C:\Windows\Sysnative\WerFault.exe
2014-03-14 13:01:03 C7DFBE21051D5E44B479CBF74B968335 1486848 ----a-w- C:\Windows\Sysnative\dbghelp.dll
2014-03-14 13:01:03 C7B69F90B823182CE6BE7C5374832DE5 764864 ----a-w- C:\Windows\Sysnative\mfmpeg2srcsnk.dll
2014-03-14 13:01:03 C039246195C736A602F581D29F18A43D 1928144 ----a-w- C:\Windows\Sysnative\combase.dll
2014-03-14 13:01:03 B5D2EBAD81739185A91D210F5F01824B 407024 ----a-w- C:\Windows\Sysnative\Faultrep.dll
2014-03-14 13:01:03 819A1E0F89B6AC222E9D95CA000A40B1 4175360 ----a-w- C:\Windows\Sysnative\dbgeng.dll
2014-03-14 13:01:03 2684605E822359CBD1ED2BD2C8E76397 249856 ----a-w- C:\Windows\Sysnative\rdpencom.dll
2014-03-14 13:01:02 AFCAB4DC692CCE37E283B00E2D7B438F 447488 ----a-w- C:\Windows\Sysnative\sppcomapi.dll
2014-03-14 13:01:02 99453C649DC4B0BE6D062B701CD2917F 716288 ----a-w- C:\Windows\Sysnative\swprv.dll
2014-03-14 13:01:02 94D79382FB796B0A8C90270654A70563 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll
2014-03-14 13:01:02 735CB57F806D292FB7ABE8BDFD3B5853 233920 ----a-w- C:\Windows\Sysnative\mfps.dll
2014-03-14 13:01:02 724ADFEE7743C26C550ABFE04271DCFD 160256 ----a-w- C:\Windows\Sysnative\DWWIN.EXE
2014-03-14 13:01:02 3FFEC6927D4017829A82ECDB277BB23E 64512 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2014-03-14 13:01:02 110BE5198A63D3FF3CE9C30F1DC12EC3 386722 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml
2014-03-14 13:00:53 1A69D165DDA78A4329B854D4FEDAD132 4189184 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-03-14 13:00:53 05894DFC52A78C3B1DD5EF6F30FAD28C 586240 ----a-w- C:\Windows\Sysnative\qedit.dll
====== C:\Windows\Sysnative\drivers =====
2014-03-19 14:35:45 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
2014-03-19 14:35:43 D22EB844EB57D016CC34178AC86456DF 325464 -c--a-w- C:\Windows\Sysnative\drivers\USBXHCI.SYS
2014-03-19 14:35:43 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys
2014-03-19 14:35:42 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\Windows\Sysnative\drivers\rdbss.sys
2014-03-14 13:01:03 ECC68BD5347BDE9631EE68274858A41F 2543960 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2014-03-14 13:01:02 C85C075DE5B6D0FE116043054DE8EE02 311640 -c--a-w- C:\Windows\Sysnative\drivers\volsnap.sys
2014-03-14 13:01:01 C52148456E0F6EAD9E903020A79207FC 236888 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys
2014-03-14 13:01:00 241895E8A9C158DF86E12FDD21033A32 35856 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys
2014-03-14 13:00:58 57F22324FAAF92ADF957B281E88F1743 124760 ----a-w- C:\Windows\Sysnative\drivers\WdNisDrv.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-03-11 18:08:36 -------- d-----w- C:\Program Files\trend micro
2014-03-10 21:03:10 -------- d-----w- C:\Program Files\Enigma Software Group
2014-03-02 20:21:08 -------- d-----w- C:\Program Files\Reference Assemblies
2014-03-02 20:21:07 -------- d-----w- C:\Program Files\MSBuild
======= C:\PROGRA~2 =====
2014-03-09 19:53:26 -------- d-----w- C:\PROGRA~2\MSECache
2014-03-06 08:09:25 -------- d-----w- C:\PROGRA~2\Belastingdienst
2014-03-02 20:21:20 -------- d-----w- C:\PROGRA~2\Reference Assemblies
2014-03-02 20:18:54 -------- d-----w- C:\PROGRA~2\COMMON~1\Citrix
2014-03-02 20:18:52 -------- d-----w- C:\PROGRA~2\Citrix
======= C: =====
2014-03-10 21:03:27 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
====== C:\Users\Gebruiker\AppData\Roaming ======
2014-03-15 09:51:49 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Diagnostics
2014-03-11 21:10:57 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Microsoft Toolkit
2014-03-10 20:30:50 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{8E1D1F50-34F2-83FD-0A2F-572B2862BD4C}
2014-03-10 20:27:27 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{8B05C297-2CD7-69A9-F03E-A8CCE139D05F}
2014-03-10 20:25:44 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{05BDA67E-D6E5-F322-EC4C-F13B93CC9343}
2014-03-10 20:24:34 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\sweet-page
2014-03-10 20:22:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Torch
2014-03-10 20:22:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Google
2014-03-10 20:22:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Comodo
2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData\Local\Torch
2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData\Local\Google
2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData\Local\Comodo
2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData\Local\Torch
2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo
2014-03-09 19:30:04 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\BitTorrent
2014-03-09 12:53:15 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}
2014-03-09 12:43:55 -------- d-----w- C:\Users\Gebruiker\AppData\Local\Programs
2014-03-06 08:10:31 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Belastingdienst
2014-02-28 20:28:20 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\uTorrent
2014-02-25 15:27:27 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\ICAClient
====== C:\Users\Gebruiker ======
2014-03-10 20:23:34 -------- d-----w- C:\ProgramData\HostIt
2014-03-10 20:22:55 -------- d-----w- C:\Users\Gast\AppData
2014-03-10 20:22:55 -------- d-----w- C:\Users\Administrator\AppData
2014-03-10 20:06:43 -------- d-----w- C:\ProgramData\Real
2014-03-06 08:09:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst
2014-03-02 20:19:04 -------- d-----w- C:\ProgramData\Citrix
====== C: exe-files ==
2014-03-19 14:35:53 43D0F8E593ABD37B5BC9573EDD71EFEB 628736 ----a-w- C:\Windows\System32\SettingSyncHost.exe
2014-03-19 14:35:53 42433CDEC449D40F508752F2D487D8E4 478208 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe
2014-03-19 14:35:42 A0D3749BB1BC942C7D21C4D99E79A615 131160 ----a-w- C:\Windows\System32\easinvoker.exe
=== C: other files ==
2014-03-19 14:35:45 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-03-19 14:35:43 D22EB844EB57D016CC34178AC86456DF 325464 -c--a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2014-03-19 14:35:43 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-03-19 14:35:42 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\Windows\System32\drivers\rdbss.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-3575262360-258679368-1463809348-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedUpMyComputer"="C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss"
"FixMyRegistry"="C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedUpMyComputer"="C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss"
"FixMyRegistry"="C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-03-2014 16:53]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B468EAE2-5939-457C-B301-38FACB2803D2}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Chrome Look ======================
websave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj
websave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj
websave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj
websave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Administrator\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Administrator\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
YoutubeAdblocker - Administrator\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj
websave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
YoutubeAdblocker - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj
websave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
YoutubeAdblocker - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj
websave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
YoutubeAdblocker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj
websave - Gast\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gast\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gast\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gast\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gast\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
YoutubeAdblocker - Gast\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj
websave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
YoutubeAdblocker - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj
websave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
YoutubeAdblocker - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj
websave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
YoutubeAdblocker - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj
websave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\imnjnocaihkigpmhfekaacdhnhipnfeb
Pic Enhance - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
webesave - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\mfkjhknojnlgfhogedjieilfelggcfbp
SNT - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\nijjnbgnakknjmdclbbnechjadoiiaaf
NExtCoup - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\ohoehicnojkieihmpeojkikkjjaddieb
YoutubeAdblocker - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj
==== Chrome Fix ======================
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully
C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully
C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully
C:\Users\Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully
C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully
C:\Users\Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully
C:\Users\Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\phkcgeahpmbldgkiopbiccnfecedflcj deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
"Search Page"="{searchTerms - Bing}"
"Search Bar"="{searchTerms - Bing}"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="{searchTerms - Bing}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="{searchTerms - Bing}"
"SearchAssistant"="{searchTerms - Bing}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="Bing"
"Search Bar"="Bing"
"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="%s - Bing"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="%s - Bing"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="%s - Bing"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="Bing"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"
{006ee092-9658-4fd6-bd8e-a21a348e59f5} Bing Url="{searchTerms - Bing}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=322 folders=100 19370568 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ma 24-03-2014 at 21:12:27,47 ======================
-
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gebruiker at 2014-03-11 19:23:11
Microsoft Windows 8.1
System drive C: has 1729 GB (91%) free of 1892 GB
Total RAM: 8070 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:23:12, on 11-3-2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\trend micro\Gebruiker.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sweet Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = {searchTerms - Bing}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = {searchTerms - Bing}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Sweet Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = {searchTerms - Yahoo Search Results}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = {searchTerms - Yahoo Search Results}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = {searchTerms - Bing}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = {searchTerms - Bing}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: weebsave - {B62C4C7B-461D-D0B8-9B21-732CECCAFAF5} - C:\Program Files (x86)\weebsave\ANzvk.dll (file missing)
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [speedUpMyComputer] C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss
O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss
O4 - HKCU\..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7807 bytes
======Listing Processes======
wininit.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
dashost.exe {820dcb34-611c-4309-b1096332bef69035}
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dc2b7690-9a6c-4466-9ef6-1d11f13abce9 -SystemEventPortName:HostProcess-566ca92b-a1e3-4f06-9f93-b5df65fcccf6 -IoCancelEventPortName:HostProcess-0a0eece6-4d03-4360-b9a4-a80744425f85 -NonStateChangingEventPortName:HostProcess-920b56a2-e89e-4974-b83a-79ed6ab51c32 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:34e4fb7e-4ce7-4e95-abdd-4678a0be309a -DeviceGroupId:WpdFsGroup
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
winlogon.exe
"dwm.exe"
taskhostex.exe
C:\Windows\Explorer.EXE
"C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\system32\igfxsrvc.exe" -Embedding
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding
"C:\Program Files\Internet Explorer\iexplore.exe" -ServerName:DefaultBrowserServer
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:267778 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe34_ Global\UsGthrCtrlFltPipeMssGthrPipe34 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:4068916 /prefetch:1
"C:\Windows\system32\SearchFilterHost.exe" 0 584 588 596 65536 592
"C:\Users\Gebruiker\Downloads\RSITx64 (1).exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\bench-sys.job
C:\Windows\tasks\Digital Sites.job
- - - Updated - - -
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}]
weebsave - C:\Program Files (x86)\weebsave\ANzvk.x64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B62C4C7B-461D-D0B8-9B21-732CECCAFAF5}]
weebsave - C:\Program Files (x86)\weebsave\ANzvk.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ae07101b-46d4-4a98-af68-0333ea26e113}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{ae07101b-46d4-4a98-af68-0333ea26e113}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-12-21 391128]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-12-21 771544]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-12-21 770520]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedUpMyComputer"=C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss []
"FixMyRegistry"=C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss []
"ChicaPasswordManager"=C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe /autorunned []
"Optimizer Pro"=C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe []
"LiveSupport"=C:\Program Files (x86)\LiveSupport\LiveSupport.exe /noshow /log []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"mobilegeni daemon"=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe []
"fst_nl_30"= []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-12-21 624640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicDisplay.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicRender.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BrokerInfrastructure]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DeviceInstall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dxgkrnl.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FsDepends.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LSM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmartcardSimulator]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SystemEventsBroker]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VirtualSmartcardReader]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wcmsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"EnableUIADesktopToggle"=0
"EnableCursorSuppression"=1
"ConsentPromptBehaviorUser"=3
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=1
"NoActiveDesktop"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
- - - Updated - - -
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gebruiker at 2014-03-11 19:23:11
Microsoft Windows 8.1
System drive C: has 1729 GB (91%) free of 1892 GB
Total RAM: 8070 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:23:12, on 11-3-2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\trend micro\Gebruiker.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1394483073&from=wpc&uid=TOSHIBAXDT01ACA200_Y37LNHEGSXXY37LNHEGSX&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.exitingsearch.info/?pid=2145&r=2014/03/10&hid=12559607067462301666&lg=EN&cc=NL&unqvl=50
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: weebsave - {B62C4C7B-461D-D0B8-9B21-732CECCAFAF5} - C:\Program Files (x86)\weebsave\ANzvk.dll (file missing)
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [speedUpMyComputer] C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss
O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss
O4 - HKCU\..\Run: [ChicaPasswordManager] "C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" /autorunned
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7807 bytes
======Listing Processes======
wininit.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
dashost.exe {820dcb34-611c-4309-b1096332bef69035}
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-dc2b7690-9a6c-4466-9ef6-1d11f13abce9 -SystemEventPortName:HostProcess-566ca92b-a1e3-4f06-9f93-b5df65fcccf6 -IoCancelEventPortName:HostProcess-0a0eece6-4d03-4360-b9a4-a80744425f85 -NonStateChangingEventPortName:HostProcess-920b56a2-e89e-4974-b83a-79ed6ab51c32 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:34e4fb7e-4ce7-4e95-abdd-4678a0be309a -DeviceGroupId:WpdFsGroup
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
winlogon.exe
"dwm.exe"
taskhostex.exe
C:\Windows\Explorer.EXE
"C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\system32\igfxsrvc.exe" -Embedding
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding
"C:\Program Files\Internet Explorer\iexplore.exe" -ServerName:DefaultBrowserServer
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:267778 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe34_ Global\UsGthrCtrlFltPipeMssGthrPipe34 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4740 CREDAT:4068916 /prefetch:1
"C:\Windows\system32\SearchFilterHost.exe" 0 584 588 596 65536 592
"C:\Users\Gebruiker\Downloads\RSITx64 (1).exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\bench-sys.job
C:\Windows\tasks\Digital Sites.job
-
kan log file niet plaatsen krijg dan de volgende melding
Fatal error: Maximum execution time of 30 seconds exceeded in /home/pchelpfor/domains/pc-helpforum.be/public_html/includes/functions.php on line 2351
-
Hallo
Kan ik geholpen worden om het sweet page programma te verwijderen. Mijn zoon zat op de computer en nu is dit ineens mijn startpagina geweorden
-
Zoek.exe Version 4.0.0.4 Updated 14-September-2013
Tool run by Peter on za 14-09-2013 at 12:18:22,57.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: H:\Documents and Settings\Peter\Bureaublad\zoek\zoek.com [Checkboxes used]
==== System Restore Info ======================
14-9-2013 12:22:35 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1004336348-299502267-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc deleted successfully
==== FireFox Fix ======================
Deleted from H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\prefs.js:
user_pref("browser.startup.homepage", "http://websearch.good-results.info/");
user_pref("browser.search.defaulturl", "http://websearch.good-results.info/?l=1&q=");
user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("keyword.URL", "http://websearch.good-results.info/?l=1&q=");
Added to H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\prefs.js:
user_pref("browser.startup.homepage", "Google");
user_pref("browser.search.defaulturl", "Google=");
user_pref("browser.newtab.url", "Google");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "Google=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2
---- Lines 510440d6e06fd@510440d6e0736.com removed from prefs.js ----
---- Lines 510440d6e06fd@510440d6e0736.com modified from prefs.js ----
---- Lines 510440d6e06fd@510440d6e0736.com removed from user.js ----
---- Lines WebSearch removed from prefs.js ----
---- Lines WebSearch modified from prefs.js ----
---- Lines WebSearch removed from user.js ----
---- Lines Torntv removed from prefs.js ----
---- Lines Torntv modified from prefs.js ----
---- Lines Torntv removed from user.js ----
---- Lines results.info removed from prefs.js ----
---- Lines results.info modified from prefs.js ----
---- Lines results.info removed from user.js ----
---- FireFox user.js and prefs.js backups ----
user_14-09-2013_1225_.backup
prefs_14-09-2013_1225_.backup
==== Deleting Files \ Folders ======================
"H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\searchplugins\WebSearch.xml" deleted
"H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\extensions\torntv@torntv.com.xpi" deleted
"H:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk" deleted
"H:\Documents and Settings\Peter\Menu Start\Programma's\iLivid.lnk" deleted
"H:\WINDOWS\SET3.tmp" deleted
"H:\WINDOWS\SET4.tmp" deleted
"H:\WINDOWS\SET8.tmp" deleted
"H:\WINDOWS\system32\roboot.exe" deleted
"H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\searchplugins\WebSearch.xml" deleted
"H:\Documents and Settings\Peter\Bureaublad\Ongebruikte bureaubladpictogrammen\iLivid.lnk" deleted
"H:\Documents and Settings\Peter\Bureaublad\Ongebruikte bureaubladpictogrammen\iLividSetup-r418-n-bi.exe" deleted
"H:\Program Files\TornTV.com" deleted
"H:\Documents and Settings\All Users.WINDOWS\Application Data\Search-NewTab" deleted
"H:\Program Files\GoforFiles" deleted
"H:\Program Files\WebSearch" deleted
"H:\Program Files\SearchProtect" deleted
"H:\Documents and Settings\Peter\Application Data\GoforFiles" deleted
"H:\Documents and Settings\Peter\Application Data\Systweak" deleted
"H:\Documents and Settings\All Users.WINDOWS\Application Data\ClickIT" deleted
"H:\Documents and Settings\All Users.WINDOWS\Application Data\Search-NewTab" deleted
"H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid" deleted
"H:\Documents and Settings\Peter\Local Settings\Application Data\CRE" deleted
"H:\Documents and Settings\Peter\Local Settings\Application Data\Systweak" deleted
==== Firefox Extensions ======================
ProfilePath: H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2
- Wajam - %ProfilePath%\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
==== Firefox Plugins ======================
==== Deleting Files \ Folders ======================
"H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jbpkiefagocgkmemidfngdkamloieekf - H:\Program Files\TornTV.com\torn11.crx[]
==== Chrome Fix ======================
H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully
H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully
H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage deleted successfully
H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage-journal deleted successfully
H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully
H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully
H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully
H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl"
"Search Page"="Google"
"Search Bar"="Upgrade to Google Chrome"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="Upgrade to Google Chrome"
"Default_Search_URL"="Upgrade to Google Chrome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="Bing"
"Search Bar"="Bing"
"Start Page"="Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="%s - Bing"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="Bing"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Conduit Search Url="{searchTerms - Bing}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
{D7C06B0E-AAD8-451E-8582-8AE6F7E9076D} Google Url="{searchTerms} - Google Search"
==== Reset Google Chrome ======================
H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully
H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully
==== HijackThis Entries ======================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "H:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [iLivid] "H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.blokker.nl/ips-opdata/layout/aspadmin/objects/canvasx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361634819609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353515556453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - H:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: KMService - Unknown owner - H:\WINDOWS\system32\srvany.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
==== Empty IE Cache ======================
H:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
H:\Documents and Settings\Default User.WINDOWS\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
H:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully
H:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
H:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
H:\Documents and Settings\Peter\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully
H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
H:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
H:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
H:\WINDOWS\Temp successfully emptied
H:\DOCUME~1\Peter\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
H:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"H:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"H:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on za 14-09-2013 at 12:28:57,56 ======================
-
Logfile of random's system information tool 1.09 (written by random/random)
Run by Peter at 2013-09-14 11:09:08
Microsoft Windows XP Home Edition Service Pack 3
System drive H: has 97 GB (74%) free of 131 GB
Total RAM: 3519 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:09:11, on 14-9-2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Microsoft Security Client\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\Microsoft Security Client\msseces.exe
H:\Program Files\Common Files\Java\Java Update\jusched.exe
H:\Program Files\Microsoft ActiveSync\Wcescomm.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe
H:\PROGRA~1\MI3AA1~1\rapimgr.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Java\jre7\bin\jqs.exe
H:\WINDOWS\system32\srvany.exe
H:\WINDOWS\system32\HPZipm12.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\KMService.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
H:\WINDOWS\system32\SearchIndexer.exe
H:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
H:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
H:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\Documents and Settings\Peter\Bureaublad\Ongebruikte bureaubladpictogrammen\RSIT.exe
H:\Program Files\trend micro\Peter.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "H:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [iLivid] "H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.blokker.nl/ips-opdata/layout/aspadmin/objects/canvasx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361634819609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353515556453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - H:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - H:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: KMService - Unknown owner - H:\WINDOWS\system32\srvany.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
--
End of file - 9054 bytes
======Scheduled tasks folder======
H:\WINDOWS\tasks\Adobe Flash Player Updater.job
H:\WINDOWS\tasks\Go for FilesUpdate.job
H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
H:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
H:\WINDOWS\tasks\User_Feed_Synchronization-{9D2962DE-6A53-485F-AC1B-45DC2BAF381D}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java Plug-In SSV Helper - H:\Program Files\Java\jre7\bin\ssv.dll [2013-06-22 463272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-24 192592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - H:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [2013-06-24 1000984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - H:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-22 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-24 192592]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-10-28 17331200]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=H:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"HP Software Update"=H:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-05-10 49208]
"Adobe ARM"=H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"QuickTime Task"=H:\Program Files\QuickTime\qttask.exe [2011-12-11 421888]
"MSC"=H:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20 995176]
"SunJavaUpdateSched"=H:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=H:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"uTorrent"=H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe [2013-09-13 1130576]
"iLivid"=H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe [2013-09-09 6827008]
H:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten
Windows Search.lnk - H:\Program Files\Windows Desktop Search\WindowsSearch.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=H:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"H:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="H:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="H:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"H:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="H:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"H:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="H:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"H:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"H:\WINDOWS\system32\usmt\migwiz.exe"="H:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Wizard Bestanden en instellingen overzetten"
"H:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="H:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"H:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="H:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"H:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"H:\Program Files\Microsoft ActiveSync\rapimgr.exe"="H:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"H:\Program Files\Microsoft ActiveSync\wcescomm.exe"="H:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"H:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="H:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"H:\WINDOWS\system32\msiexec.exe"="H:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"H:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe"="H:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager"
"H:\Program Files\GoforFiles\goforfilesdl.exe"="H:\Program Files\GoforFiles\goforfilesdl.exe:*:Enabled:Go for Files"
"H:\Program Files\GoforFiles\GoforFiles.exe"="H:\Program Files\GoforFiles\GoforFiles.exe:*:Enabled:Go for Files"
"H:\Program Files\FrostWire 5\FrostWire.exe"="H:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire"
"H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe"="H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe:*:Enabled:iLivid"
"H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe"="H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Microsoft ActiveSync\rapimgr.exe"="H:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"H:\Program Files\Microsoft ActiveSync\wcescomm.exe"="H:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"H:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="H:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe"="H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe:*:Enabled:iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=H:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=H:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.LEAD"=LCODCCMP.DLL
======List of files/folders created in the last 1 month======
2013-09-14 11:09:08 ----D---- H:\rsit
2013-09-13 15:16:01 ----D---- H:\Program Files\SearchProtect
2013-09-11 21:58:47 ----HDC---- H:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 21:57:55 ----HDC---- H:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 21:57:50 ----HDC---- H:\WINDOWS\$NtUninstallKB2864063$
2013-08-28 22:06:10 ----HDC---- H:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-16 10:12:54 ----D---- H:\WINDOWS\system32\MRT
2013-08-16 10:12:39 ----HDC---- H:\WINDOWS\$NtUninstallKB2850869$
2013-08-16 10:12:32 ----HDC---- H:\WINDOWS\$NtUninstallKB2859537$
2013-08-16 10:12:28 ----HDC---- H:\WINDOWS\$NtUninstallKB2863058$
2013-08-16 10:12:22 ----HDC---- H:\WINDOWS\$NtUninstallKB2849470$
======List of files/folders modified in the last 1 month======
2013-09-14 11:09:11 ----D---- H:\Program Files\Trend Micro
2013-09-14 11:07:46 ----D---- H:\WINDOWS\Prefetch
2013-09-14 11:07:42 ----D---- H:\Documents and Settings\Peter\Application Data\uTorrent
2013-09-14 09:29:34 ----D---- H:\WINDOWS\temp
2013-09-14 09:28:12 ----D---- H:\WINDOWS\system32\CatRoot2
2013-09-14 09:27:19 ----SD---- H:\WINDOWS\Tasks
2013-09-13 23:59:49 ----A---- H:\WINDOWS\SchedLgU.Txt
2013-09-13 15:30:34 ----D---- H:\WINDOWS\system32
2013-09-13 15:30:34 ----A---- H:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-13 15:16:33 ----D---- H:\Documents and Settings\Peter\Application Data\vlc
2013-09-13 15:16:01 ----RD---- H:\Program Files
2013-09-13 15:15:36 ----D---- H:\Program Files\uTorrent
2013-09-13 15:14:25 ----D---- H:\WINDOWS
2013-09-11 22:04:51 ----HD---- H:\WINDOWS\inf
2013-09-11 22:04:50 ----RSHDC---- H:\WINDOWS\system32\dllcache
2013-09-11 22:04:47 ----D---- H:\Program Files\Internet Explorer
2013-09-11 22:04:39 ----D---- H:\WINDOWS\ie8updates
2013-09-11 22:04:32 ----SHD---- H:\WINDOWS\Installer
2013-09-11 22:04:31 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2013-09-11 22:04:31 ----D---- H:\Config.Msi
2013-09-11 21:58:50 ----A---- H:\WINDOWS\imsins.BAK
2013-09-11 21:51:28 ----A---- H:\WINDOWS\system32\MRT.exe
2013-09-08 10:53:11 ----D---- H:\WINDOWS\Network Diagnostic
2013-09-01 19:10:02 ----D---- H:\WINDOWS\system32\Macromed
2013-08-18 12:11:38 ----D---- H:\Program Files\Microsoft Security Client
2013-08-18 12:11:25 ----D---- H:\WINDOWS\system32\drivers
2013-08-17 09:18:55 ----D---- H:\WINDOWS\Microsoft.NET
2013-08-17 09:18:53 ----RSD---- H:\WINDOWS\assembly
2013-08-16 10:11:39 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2013-08-16 10:11:23 ----D---- H:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; H:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]
R0 PxHelp20;PxHelp20; H:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-08-19 46080]
R0 sptd;sptd; H:\WINDOWS\System32\Drivers\sptd.sys [2011-11-13 428088]
R1 intelppm;Intel GV3-processorstuurprogramma; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40448]
R1 kbdhid;Stuurprogramma voor toetsenbord-HID; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-15 14720]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; H:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-15 12032]
R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 hidusb;Microsoft HID Class-stuurprogramma; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; H:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; H:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; H:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 mouhid;Stuurprogramma voor muis-HID; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12288]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-23 141568]
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128]
R3 usbprint;Microsoft USB PRINTER Class; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;Stuurprogramma voor USB-scanner; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbstor;Stuurprogramma voor USB-massaopslag; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 obqpnfei;obqpnfei; \??\H:\WINDOWS\system32\drivers\obqpnfei.sys []
S3 catchme;catchme; \??\H:\DOCUME~1\Peter\LOCALS~1\Temp\catchme.sys []
S3 libusb0;LibUsb-Win32 - Kernel Driver 09/17/2010, 1.2.1.0; H:\WINDOWS\system32\DRIVERS\libusb0.sys [2010-11-06 35008]
S3 RimUsb;BlackBerry Device; H:\WINDOWS\System32\Drivers\RimUsb.sys [2006-07-04 22528]
S3 usb_rndisx;USB RNDIS-adapter; H:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928]
S3 wceusbsh;Windows CE USB Serial Host Driver; H:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CltMngSvc;Search Protect by Conduit Service; H:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [2013-09-01 1736024]
R2 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre7\bin\jqs.exe [2013-06-22 182184]
R2 KMService;KMService; H:\WINDOWS\system32\srvany.exe [2013-03-10 8192]
R2 MsMpSvc;Microsoft Antimalware Service; H:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 22208]
R2 nvsvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 Pml Driver HPZ12;Pml Driver HPZ12; H:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 wlidsvc;Windows Live ID Sign-in Assistant; H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WSearch;Windows Search; H:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 osppsvc;Office Software Protection Platform; H:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 gupdate;Google Update-service (gupdate); H:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-24 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13 257416]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Google Update-service (gupdatem); H:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-24 136176]
S3 gusvc;Google Software Updater; H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-12-24 194032]
S3 HP Port Resolver;HP Port Resolver; H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 idsvc;Windows CardSpace; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; H:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 ose;Office Source Engine; H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; H:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
Hallo
Mijn vraag is of conduit search een virus is . Ik heb nu enekel malen mij start pagina van internet moeten aanpassen. Het is gekomen na een upadate van windows en na het instaleren van het programma ilivid (video van youtube copieren naar harde schijf)
-
nog niet
Kijk het morgenochtend nog aan en bij geen problemen markeer ik het morgel als opgelost
-
# AdwCleaner v2.109 - Verslag gemaakt op 30/01/2013 om 22:00:17
# Geactualiseerd op 26/01/2013 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruiker : Peter - PETER-42ADA93BE
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : H:\Documents and Settings\Peter\Bureaublad\adwcleaner.exe
# Optie [Verwijderen]
***** [Diensten] *****
***** [Files / Mappen] *****
File Verwijdert : H:\DOCUME~1\Peter\LOCALS~1\Temp\Uninstall.exe
File Verwijdert : H:\END
File Verwijdert : H:\user.js
Map Verwijdert : H:\DOCUME~1\Peter\LOCALS~1\Temp\AskSearch
Map Verwijdert : H:\DOCUME~1\Peter\LOCALS~1\Temp\BabylonToolbar
Map Verwijdert : H:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
Map Verwijdert : H:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
Map Verwijdert : H:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
Map Verwijdert : H:\Documents and Settings\All Users.WINDOWS\Application Data\SaveAs
Map Verwijdert : H:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
Map Verwijdert : H:\Documents and Settings\Peter\Application Data\Babylon
Map Verwijdert : H:\Documents and Settings\Peter\Application Data\PriceGong
Map Verwijdert : H:\Documents and Settings\Peter\Application Data\SwvUpdater
Map Verwijdert : H:\Documents and Settings\Peter\Local Settings\Application Data\Conduit
Map Verwijdert : H:\Documents and Settings\Peter\Local Settings\Application Data\Wajam
Map Verwijdert : H:\Program Files\Conduit
Map Verwijdert : H:\Program Files\v-Grabber
Verwijdert bij het opstarten : H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
Verwijdert bij het opstarten : H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn
***** [Register] *****
Sleutel Verwijdert : HKCU\Software\1ClickDownload
Sleutel Verwijdert : HKCU\Software\APN PIP
Sleutel Verwijdert : HKCU\Software\AppDataLow\SProtector
Sleutel Verwijdert : HKCU\Software\Babylon
Sleutel Verwijdert : HKCU\Software\Conduit
Sleutel Verwijdert : HKCU\Software\ConduitSearchScopes
Sleutel Verwijdert : HKCU\Software\Cr_Installer
Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn
Sleutel Verwijdert : HKCU\Software\InstallCore
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Sleutel Verwijdert : HKCU\Software\SmartBar
Sleutel Verwijdert : HKCU\Software\Softonic
Sleutel Verwijdert : HKLM\Software\Babylon
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabyDict
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabyGloss
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BabyOptFile
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2849859
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT3272810
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Sleutel Verwijdert : HKLM\Software\Conduit
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn
Sleutel Verwijdert : HKLM\Software\Iminent
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Sleutel Verwijdert : HKLM\Software\PIP
Sleutel Verwijdert : HKLM\Software\SProtector
Sleutel Verwijdert : HKLM\Software\Tarma Installer
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
***** [browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109868&tt=060612_8_&babsrc=NT_ss&mntrId=7081e6a4000000000000001966e65d91 --> hxxp://www.google.com
-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]
File : H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Verwijdert [l.878] : homepage = "hxxp://websearch.good-results.info/",
*************************
AdwCleaner[s1].txt - [11175 octets] - [30/01/2013 22:00:17]
########## EOF - H:\AdwCleaner[s1].txt - [11236 octets] ##########
-
mbam logje en hijackthis bestand
Malwarebytes Anti-Malware 1.70.0.1100
Databaseversie: v2012.12.14.11
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Peter :: PETER-42ADA93BE [administrator]
30-1-2013 19:20:28
mbam-log-2013-01-30 (19-20-28).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 309886
Verstreken tijd: 7 minuut/minuten, 59 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 1
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 7fee864dc2c01660cd446616f9a0ec6d -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:48:32, on 30-1-2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Microsoft Security Client\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\Microsoft Security Client\msseces.exe
H:\Program Files\Common Files\Java\Java Update\jusched.exe
H:\Program Files\Microsoft ActiveSync\Wcescomm.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\PROGRA~1\MI3AA1~1\rapimgr.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Java\jre7\bin\jqs.exe
H:\WINDOWS\system32\HPZipm12.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
H:\WINDOWS\system32\SearchIndexer.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
H:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "H:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://H:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.blokker.nl/ips-opdata/layout/aspadmin/objects/canvasx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353515556453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - H:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: KMService - Unknown owner - H:\WINDOWS\system32\srvany.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
-
Hallo
wederom is mijn systeem besmet met babylon. Hoe kan dit in de toekomst voorkomen worden nadat hgij eerst verwijders is. Graag hulp hierbij
- - - Updated - - -
In andere forums onderwerpen over babylon wordt er gemeld dat jullie onderstaande log nodig hebben
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:33:44, on 30-1-2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Microsoft Security Client\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\Microsoft Security Client\msseces.exe
H:\Program Files\Common Files\Java\Java Update\jusched.exe
H:\Program Files\Microsoft ActiveSync\Wcescomm.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\PROGRA~1\MI3AA1~1\rapimgr.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Java\jre7\bin\jqs.exe
H:\WINDOWS\system32\HPZipm12.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
H:\WINDOWS\system32\SearchIndexer.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
H:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SaveAs - {9F8A30E0-B436-3D79-14BD-38F03E4B08F1} - H:\Documents and Settings\All Users.WINDOWS\Application Data\SaveAs\51044082607d9.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - H:\Program Files\Yontoo\YontooIEClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "H:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://H:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.blokker.nl/ips-opdata/layout/aspadmin/objects/canvasx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353515556453
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - H:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: KMService - Unknown owner - H:\WINDOWS\system32\srvany.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
-
Ik heb in het verleden een back up gemaakt voor mijn outlook . Nu wil ik het importeren maar er staat een wachtwoord op. En deze is niet bekend. Weet iemand hoe ik de E-mails wel kan importeren.
Cloudfront virus of niet
in Archief Bestrijding malware & virussen
Geplaatst:
Hallo
Hier is het adw bestand
AdwCleanerS0.txt